DATA PROTECTION NOTICE FOR THE USE

OF OUR SOCIAL MEDIA PAGE

LinkedIn – @QNORM ROMANIA

1.  Who processes your personal data?

For the activity of QNORM S.R.L. (hereinafter referred to as “the Controller”), the confidentiality of your personal data is the key element. To this end, we have drawn up this commitment by which we undertake to respect the confidentiality of your personal data and by means of which we explain to you what categories of personal data the Controller collects, how such data are used and the purpose for which they are subject to processing operations.

Note: This Data Protection Notice relates only to your personal data that we process as a result of your interaction with our LinkedIn page @QNORM ROMANIA.

We would like to inform you that we have taken all necessary measures to ensure the confidentiality of your data, which will be processed only by QNORM S.R.L. staff trained on the processing of personal data and authorized for this purpose.

To get to know us virtually, we provide you with our identification data.

The Controller that processes your personal data when you browse / interact with the LinkedIn page @QNORM ROMANIA is QNORM S.R.L., with headquarters in Giurgiu County, Stejaru Village, Singureni Commune, Cazanelor Street no. 1478, Room 1, registered at the Trade Register under no. J52/509/2009, having unique identifier 26036636.

For any questions/ queries regarding the protection of personal data, you are invited to send a request to the postal address mentioned above or to the e-mail address: office@qnorm.com.ro, having written on the envelope, respectively in the subject of the e-mail, mentions such as “Personal data protection” “Personal data” or “GDPR”.

As administrators of the LinkedIn page @QNORM ROMANIA, we process different categories of personal data that belong to you, as a result of your interaction with our page. This data processing is carried out together with LinkedIn Coporation, based in 605 W Maude Ave, Sunnyvale, California, U.S., as a provider of the LinkedIn social network.

Regarding the collection and processing of your data by LinkedIn, over which we have no control or responsibility, we invite you to consult the LinkedIn information, available by accessing the link https://ro.linkedin.com/legal/user-agreement and related references.

We draw your attention to the fact that this Data Protection Notice does not cover the situation of data processing in relation to accessing links posted on our LinkedIn page (links referring to the website www.qnorm.com.ro). When you access such a link, it will direct you to the website, where you will be able to consult the information related to the processing of your personal data in the sections “Privacy Policy”, “Cookie Policy”, respectively “Terms and Conditions”.

Finally, we want you to know that our LinkedIn page respects the data policy of the LinkedIn social network, which you will be able to consult by accessing the link: https://ro.linkedin.com/legal/privacy-policy.

2. Definitions

► “Personal data”: any information relating to an identified or identifiable natural person (”data subject”). An identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier, such as: name, ID number, image, location data etc.

! For clarity, personal data refers, for the purposes of this document, to information about the user interacting with the @QNORM ROMANIA LinkedIn page.

► “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

► “Controller”: a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

! With regard to the processing processes described in this notice, QNORM S.R.L. is the data controller.

► “Recipient”: any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not.

► “Consent”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. What categories of personal data do we collect and for what purposes?

The purposes for which personal data are processed and the data that QNORM S.R.L. may process as a result of your navigation on the @QNORM ROMANIA LinkedIn page are the following:

In order to respond to your requests for information/ queries/ complaints and to be able to provide the information requested in this context, QNORM S.R.L.. may process the following personal data, depending on the data that you voluntarily provide us with:

• name and surname;
• nick-name/username related to your LinkedIn profile (in case it is not public and cannot be viewed by any user of the social network);
• telephone number;
• e-mail address;
• data contained in the attachments that you can send us through LinkedIn Messages.

This data may be requested in case you wish to be contacted to obtain a point of view offered by telephone/written, emailed by Controller staff.

Note: Any personal data submitted by users for the purpose of being contacted for the resolution of requests received will be used only for the resolution of requests and not for commercial or marketing purposes.

Note: User data which are not requested by the Controller and which may be in the form of text, photographs, audio-video recordings or included in documents/identity/marital status documents etc. and which are made available to the Controller at the initiative of the users, without a prior request being submitted in this regard, will be automatically deleted from the databases of QNORM S.R.L., the Controller complying with the provisions on the processing of personal data and ensuring that it collects only those data which are necessary to fulfil the purposes for which they are processed.

4. What is the legal basis for processing personal data through LinkedIn?

The Controller processes the personal data of visitors to its LinkedIn page on the basis of its legitimate interest as provided for in Article 6, let. (f) of the GDPR – the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overriden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The legitimate interests of the controller refer to its ability to be able to respond to requests received from users holding LinkedIn accounts, providing them with relevant information on the services presented on the website www.qnorm.com.ro, as well as the possibility to resolve any complaints received through this communication channel.

Furthermore, the Controller may also process personal data through the social network in the event that you wish to be provided with services in its area of expertise, in which context the provisions of Article 6, let. (b) of the GDPR become applicable, for the purpose of concluding the distance selling contract.

5. Who are the recipients of your data?

QNORM S.R.L. will not disclose your personal data except for the purposes and to the third parties described below. In the context that your data may be processed by third parties, we want to assure you that we have taken all appropriate and relevant measures to ensure that they are subject to processing in accordance with the rules in force on the protection of personal data.

Regarding the sharing of your data by LinkedIn, we invite you to read the policy of this platform, which can be accessed by clicking on the link above.

1. a) Disclosure of data to third parties

Your personal data may be transmitted to the following third party entities:

1. LinkedIn Corporation, which is an independent data controller of your personal data and provider of the LinkedIn social network;
2. public authorities and institutions, at their justified request;

• service providers of QNORM S.R.L. (marketing providers, legal partners etc.), as appropriate.

We may also disclose your personal data in the following situations and to the following recipients:

1. if you ask us to transfer them to another controller and you give your consent to this (portability);
2. to persons who can demonstrate that they have the legal authority to act on your behalf;

• if our LinkedIn page is transferred to the administration of another entity;

1. if we are obliged to disclose your personal data in order to comply with a legal obligation or at the request of public authorities and authorised bodies, for reasons of public interest in the field of health, etc., as specified in the General Data Protection Regulation;
2. for the establishment, exercise or defence of legal claims.

The Controller has taken all necessary measures to ensure that the recipients of these data also carry out data processing in accordance with the legal provisions on personal data.

Your data transmitted to recipients will not be transferred outside the European Union (except for social networks).

1. b) Restrictions on the use of personal data by recipients

The third parties to whom we make your personal data available, in accordance with the above, are restricted (by law and by agreements concluded by QNORM S.R.L. with them/other similar organisational measures) as to how they may use your personal information.

We will always take all necessary steps to ensure that any third parties with whom we choose to share your personal data are subject to confidentiality and security obligations in accordance with this notice and applicable data protection legislation.

6. Personal data storage period

The Controller keeps the personal data of visitors to its LinkedIn page for as long as necessary for the purpose for which it was processed and in accordance with legal requirements and thereafter, i.e. upon expiry of the legal archiving obligations, the data will be deleted/removed from the company’s records.

The Controller guarantees data subjects that it carries out regular checks so that personal data are not stored for an excessive period of time on the social network.

Data not requested by the Controller and which are not necessary for the fulfilment of the processing purposes will be deleted from the company’s records without delay.

7. Source of personal data

The personal data that QNORM S.R.L. processes through the social network LinkedIn are provided by the persons who interact with the LinkedIn page @QNORM ROMANIA directly, by providing them voluntarily, by submitting them through LinkedIn Messages or by creating posts on the Controller’s LinkedIn page, or by reviewing the Controller activity, in case the posts or reviews are approved by the social network page administrator.

8. Data transfers outside the European Union

As a general rule, your personal data will not be transferred to recipients outside the European Union/EEA. However, if this happens, we will take all appropriate measures to ensure that the recipient protects your information and will enter into processing agreements with the recipient describing the conditions under which the recipient may process your data.

However, LinkedIn may transfer your data outside the European Union, on which matter please refer to the LinkedIn policy.

9. Your rights as a data subject

As a data subject, you have certain specific rights related to the personal data we collect in the context of your interaction with our LinkedIn page. During the administration of the account by QNORM S.R.L., it will ensure the respect of your rights and will follow up the requests received in a reasonable time, according to the law.

Although we are data controllers, there is no real joint processing of data between us and LinkedIn, so we can only handle your requests made in connection with the processing of your data by us. If you wish to exercise your rights vis-à-vis LinkedIn, we invite you to contact LinkedIn as indicated in its policy.

In accordance with EU Regulation 679/2016 (GDPR) and Law no. 190/2018, as a data subject you can exercise the following rights in relation to the Controller:

► RIGHT TO BE INFORMED, as provided for by Articles 13 – 14 of EU Regulation 679/2016: This notification provides all necessary information regarding the processing of your personal data by QNORM S.R.L., in the context of accessing our LinkedIn page @QNORM ROMANIA.

► RIGHT OF ACCESS TO DATA: According to Article 15 of Regulation 679/2016, you may request in writing a confirmation that your personal data are processed by QNORM S.R.L., and if they are processed, you will be provided with a copy of these data, as well as additional information about their processing.

► RIGHT TO RECTIFICATION: You may request the rectification of inaccurate, incomplete or amended personal data (e.g. change of e-mail address/name, etc.), under Article 16 of the Regulation.

► RIGHT TO ERASURE (”right to be forgotten”): According to art. 17 of Regulation 679/2016, you have the right to request the erasure of personal data processed by the Controller only in certain situations and in compliance with the legal provisions (e.g. the data are no longer necessary in relation to the purposes for which they were collected). QNORM S.R.L. is not obliged to comply with the request for deletion of data, in which case the refusal will be reasoned.

► RIGHT TO RESTRICTION OF PROCESSING: Article 18 of the Regulation gives you the right to request restriction of the processing of your personal data in the following cases: the accuracy of the data is contested, the processing is unlawful and the data subject opposes the erasure of the personal data, the data is no longer necessary for the purpose for which it was processed, the data subject has exercised his or her right to object to the processing, and verification of the grounds is pending.

► RIGHT TO DATA PORTABILITY: You may request that your personal data be transferred to another controller, but only if the processing is based on your express consent and if the processing is carried out by automated means. The right to data portability is provided for in Article 20 of the Regulation.

► RIGHT TO OBJECT: According to Article 21 of Regulation 679/2016, you may object to the processing of personal data only in the case of processing carried out in the legitimate interest of the Controller.

►AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING: You may object at any time to a decision based exclusively on automated processing, including profiling, but only where that decision produces legal effects concerning you or affects you to a significant extent.

To exercise these rights and for further information, the data subject may contact the Controller by sending a request by e-mail to the following e-mail address: office@qnorm.com.ro or by post to the following address: Giurgiu County, Village Stejaru, Commune Singureni, Cazanelor Street, no. 1478.

► RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY: According to Art. 77 of the Regulation, without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (Bucharest, Blvd. G-ral Gh. Magheru no. 28-30, district 1) at any time, if you consider that the processing of your personal data violates the provisions of the Regulation.

10. Modification of the information notice

We reserve the right to modify, when we deem appropriate, our data protection practices and to update and amend this Data Protection Notice at any time.

For this reason, we encourage you to periodically check the Information Notice posted on our LinkedIn page @QNORM ROMANIA