1. General information

Starting with May 25, 2018, the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) also known as GDPR (General Data Protection Regulation), enters into force and applies directly in all member states of the European Union.

Regulation (EU) 679/2016, in accordance with the provisions of art. 2 para. (1) thereof, applies to the processing of personal data, carried out in whole or in part by automated means, as well as to the processing by means other than automated of personal data that are part of a data record system or that are intended to be part of a data record system.

In its capacity as a personal data operator, COMOTI INCD Turbomotoare complies with the legal provisions regarding the protection of personal data and implements technical and organizational measures to protect all operations that directly or indirectly concern personal data and which prevent unauthorized or illegal processing, as well as accidental or illegal loss or destruction of personal data.

Legislation – GDPR Reference Documents

• Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Law no. 190 of 18th of July 2018 on implementing measures of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
• Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent law enforcement authorities.
• Law no. 102 of 3rd of May on the set up, organisation and functioning of the National Supervisory Authority for Personal Data Processing, with further amendments and completions – Republished
• Law no. 363 of the 28th of December 2018 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data
• Law no. 129/2018 for the modification and completion of Law no. 102/2005 on the set up, organisation and functioning of the National Supervisory Authority for Personal Data Processing, and repealing Law no. 677/2001 on the protection of individuals with regard to personal data processing and free movement of these data.;
• ANSPDCP Organization and Operation Regulation of November 11, 2005, with subsequent amendments and additions;
• Decision no. 99 of May 18, 2018 - ANSPDCP - regarding the termination of the applicability of some regulatory acts of an administrative nature issued in application of Law no. 677/2001 for the protection of individuals regarding the processing of personal data and the free movement of such data;
• Decision no. 128 of June 22, 2018 - ANSPDCP - on the approval of the standardized form of the personal data security breach notification in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of of these data and repealing Directive 95/46/EC (General Data Protection Regulation);
• Decision no. 133 of July 3, 2018 - ANSPDCP - regarding the approval of the Procedure for receiving and resolving complaints;
• Decision no. 174 of October 18, 2018 - ANSPDCP - regarding the list of operations for which the assessment of the impact on the protection of personal data is mandatory;
• Guidelines on Consent under Regulation (EU) 679/2016 (17/RO/WP259);
• Guidelines on Data Protection Officers (DPO) – (16/RO/WP 243 rev.01, revised and adopted on April 5, 2017);
• Guidelines on Data Protection Impact Assessment (DPIA) and determining whether a work is "likely to generate a high risk" within the meaning of Regulation 2016/679 (17/RO WP 248 rev.01) revised and adopted on October 4, 2017 ;
• Notice no. 2/2017 regarding the processing of data at the workplace (Article 29 – Working group for data protection 17/RO GL 249), adopted on June 8, 2017.
2. Definitions

In accordance with the provisions of the Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal data, are defined:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the 4.5.2016 EN Official Journal of the European Union L 119/33 framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
3. Categories of processed personal data

In order to fulfill the legal duties, at the level of the central apparatus of COMOTI INCD Turbomotoare there are structures that process personal data. The personal data of the persons concerned are processed in a legal, fair and transparent manner, for specific, explicit and legitimate purposes, limited to what is necessary in relation to the legal provisions in force. COMOTI INCD Turbomotoare, through the legally authorized structures, processes the following categories of personal data:
• data provided by the institution's staff, framed according to the legal provisions in force, composed of contractual staff, regarding, but not limited to, one or more specific elements of identity such as a name, surname, an identification number, data location, marital status data, professional activity data.
• data provided by personnel outside the institution, regarding the specific elements of their own identity such as name, surname, an identification number, location data, data regarding professional activity, circumscribed by the positions of the holders in relations with the structures within COMOTI INCD Turbomotoare.
• video data or other type of data related to visitors to the institution's premises. Financial data or other payment details.

4. Purposes and grounds of processing

The processing of personal data is done exclusively in order to fulfill the institution's legal obligations, for:
• recruitment and employment;
• payment of salaries and other rights;
• ensuring health and safety at work;
• evidence of the issuance of invention patents, certificates and attestation diplomas in the field of Turbomotors, of the internal public audit;
• resolving petitions, letters, interpellations in litigious situations, or in other situations, formulated by natural person petitioners;
• analysis and verification of the beneficiaries of a state aid scheme regarding natural persons;

COMOTI INCD Turbomotoare guarantees the fact that it processes personal data under legitimate conditions, at the same time implementing appropriate technical and organizational measures to ensure data integrity and confidentiality according to art. 25 and 32 of Regulation (UE) 2016/679 on the protection of natural persons.

Personal data can be communicated by COMOTI INCD Turbomotoare in accordance with the legal provisions and to other public authorities/institutions (e.g. MCID, ANSPDCP, ANFP, ITM), empowered by law to process personal data, in compliance with the provisions Regulation (UE) 2016/679 on the protection of natural persons.

The structures within COMOTI INCD Turbomotoare that process personal data do not transfer this category of data to third countries or international organizations.

Personal data are stored in accordance with the legal provisions in force regarding the storage and archiving of documents.

5. Information regarding the website www.comoti.ro
The COMOTI INCD Turbomotoare website is a public website that contains public information specific to the institution's activity, according to legal provisions. On the www.comoti.ro website, public information may be displayed, within reasonable limits, that include personal data belonging to persons with management positions or data regarding the results of recruitment-employment within the activities of organizing and developing the career of employees.

The website may contain links to other platforms or applications that are not managed by COMOTI INCD Turbomotores, in which context the institution is not responsible for the content or privacy policies of the sites and applications in question.

6. The rights of the data subject in accordance with the provisions of Regulation (UE) 2016/679 on the protection of natural persons

a) the data subject's right of access (art. 15 of the Regulation);
b) the right to rectification (art. 16 of the Regulation);
c) the right to delete data ("the right to be forgotten") (art. 17 of the Regulation);
d) the right to restrict processing (art. 18 of the Regulation);
e) the notification obligation regarding the rectification or erasure of personal data or the restriction of processing (art. 19 of the Regulation. "The controller shall communicate to each recipient to whom personal data has been disclosed any rectification or erasure of personal data or restriction of the processing carried out in accordance with Article 16, Article 17(1) and Article 18, unless this proves impossible or involves disproportionate efforts. The controller shall inform the data subject about those recipients if the data subject requests it.”;
f) the right to data portability (art. 20 of the Regulation);
g) the right to object (art. 21 of the Regulation);
h) the concerned person has the right, according to art. 22 of the Regulation: "not to be the subject of a decision based exclusively on automatic processing, including the creation of profiles, which produces legal effects concerning the data subject)".

7. Duration of data processing
As a principle, the administrator of www.comoti.ro will process your personal data for as long as it is necessary to achieve the processing purposes mentioned above.

8. Contact
In exercising the rights provided by Regulation (UE) 2016/679 on the protection of natural persons, the persons concerned can contact the National Supervisory Authority for the Processing of Personal Data (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336 Bucharest, Romania, Phone +40.318.059.211, +40.318.059.212, e-mail e-mail: anspdcp@dataprotection.ro. Any request regarding the protection of personal data addressed to COMOTI INCD Turbomotoare must be made in writing, dated and signed. This can be submitted to the Registry of COMOTI INCD Turbomotoare or sent to the e-mail address dpo@comoti.ro.
Cerere pentru exercitare dreptului la opozitie
Cerere pentru exercitare dreptului la portabilitatea datelor
Cerere pentru exercitare dreptului la rectificare
Cerere pentru exercitare dreptului la restrictionarea prelucrarii
Cerere pentru exercitarea dreptului de acces
Cerere pentru exercitarea dreptului la stergerea datelor