Privacy Policy

POLICY ON THE PROCESSING OF PERSONAL DATA

GENERAL PROVISIONS

The processing of personal data by SMARTOWN INVESTMENTS SRL (“the Company“) is carried out in accordance with the provisions of this policy.

In order to carry out its activities, the Company uses personal data of certain categories of individuals. These may include personal data of visitors to this website, tenants, employees, and contractors/business partners of the Company.

The purpose of this policy is to explain what data we process, why we process it, and what we do with it when you enter into a legal relationship with the Company (for example, when you rent property from us or when you visit this website).

We constantly strive to ensure the highest level of protection for your personal data and, to this end, we have taken appropriate technical and organizational security measures. We are constantly working to improve our security measures.

These security measures include: adopting dedicated procedures, limiting processing activities, restricting access to personal data, testing and auditing our systems, back-up, training our employees, and introducing provisions in our contracts with suppliers that oblige them to ensure a high level of protection for the personal data to which we grant them access.

PURPOSES, BASIS, AND CATEGORIES OF PERSONAL DATA

In compliance with the provisions of the General Data Protection Regulation 2016/679 (“GDPR“), personal data processed by the Company may be used for purposes such as:

  1. Taking the necessary steps to conclude and execute contracts and fulfill legal obligations, as well as pursuing the legitimate interests of the Company, which include operations such as processing payments and preparing financial and accounting documents;
  2. Carrying out due diligence/verification and risk assessment processes;
  3. Administering and maintaining this website, which involves the use of essential cookies. The data processed through these cookies does not require the user’s consent, but is processed based on the Company’s legitimate interest in the proper functioning of this website;
  4. Protecting the Company’s property, persons, and premises through the use of video surveillance devices;
  5. Conducting staff recruitment operations;
  6. Conducting employment relationships, which involve data processing for the execution of employment contracts, the fulfillment of the Company’s legal obligations in connection with these contracts and/or the fulfillment of the Company’s legitimate interests arising from the employment relationships;
  7. Resolving your requests, questions, or complaints;
  8. Communicating with our contractors and partners.

The personal data of minors will not be processed by the Company without the prior consent of their parents/legal representatives.

In the event that the Company intends to use your data for a purpose other than that for which it was collected, the Company will inform you in advance of the secondary purpose and provide you with any other information requested, in accordance with the GDPR.

METHODS OF PROCESSING AND TRANSFER OF PERSONAL DATA

The Company processes your personal data for the period of time necessary to execute the contracts, comply with our legal obligations, achieve the legitimate interest pursued or in accordance with the applicable limitation periods or to comply with the archiving obligations imposed by the applicable legislation (for example, those specific to the tax and financial-accounting field or the field of labor relations).

After the storage period has expired, personal data is destroyed or deleted from IT systems or converted into anonymous data, to the extent that it is necessary to use it for scientific or statistical research purposes.

Personal data is mainly processed by the Company’s staff who are responsible for processing such data. There are situations in which your data may be transferred to our external service providers, which may be:

  1. contractual partners (e.g., contractors, builders, accounting firms, audit firms, IT service providers);
  2. third-party subcontractors (e.g., companies performing repair work, postal and courier service providers);
  3. authorities and institutions competent to fulfill our legal obligations;
  4. mandatories/proxies for the purpose of achieving the legitimate interests of the Company (e.g., law firms, notaries, auditors, executors, service providers, and real estate brokerage agencies, security companies, etc.);

banks and financial institutions;

third parties in the event of assignment/transfer of contractual rights.

When we use subcontractors, we ensure that all GDPR requirements are met and that your data is processed securely.

Your personal data will not be transferred to a third country that does not ensure an adequate level of protection. When consent is the basis for the processing of personal data, the Company will provide detailed information on how personal data will be processed before consent is given.

RIGHTS OF DATA SUBJECTS

In accordance with the GDPR, you have the following rights regarding the processing of personal data:

  1. right to information – the right to receive a minimum amount of information about the processing activities carried out by the Company in accordance with the GDPR;
  2. right of access to data – the right to obtain from the Company, upon request and under the conditions set out in the GDPR, confirmation that it is processing your personal data, as well as information on the specifics of the processing;
  3. right to rectification – the right to obtain from the Company, without undue delay, the rectification/completion of inaccurate personal data concerning you;
  4. right to erasure – you may exercise your right to have your data erased from the Company’s records, in accordance with the applicable legal provisions on personal data protection;
  5. right to restriction of processing – may be exercised when one of the following applies: you contest the accuracy of the data or the lawfulness of the processing, you object to the erasure of the data, when the Company no longer needs the personal data for the purposes of processing, but you request them for the establishment, exercise, or defense of your rights in court, or when you object to the processing, for the period of time during which it is verified whether the legitimate interests of the Company prevail over yours;
  6. right to data portability – consists of the possibility to request the Company to transmit the personal data you have provided in a structured, commonly used and machine-readable format; the data may be transmitted directly to another controller only where this is feasible from a technical point of view, taking into account the existing technical capabilities of the Company;
  7. right to object – the right to object at any time, on legitimate grounds relating to your particular situation, to the processing of data concerning you, except where there are legal provisions to the contrary. This right may be exercised under the following conditions: a request shall be addressed to the Company, stating the data to which the objection relates and the legitimate reason related to your particular situation;
  8. the right not to be subject to an individual decision – this is your right to request that the Company not make a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. With regard to the adoption of a decision based solely on automated processing, you have the opportunity to express your point of view, request the intervention of a human operator, and challenge such a decision by the means described in this policy;
  9. the right to contact the supervisory authority, namely the National Supervisory Authority for Personal Data Processing (ANSPDCP).

The rights listed above are not absolute. There are exceptions, so each request received will be reviewed to determine whether it is justified or not. If the request is justified, we will facilitate the exercise of your rights. If the request is unjustified, we will reject it, but we will inform you of the reasons for the refusal and of your right to lodge a complaint with the supervisory authority.

WHO CAN YOU CONTACT?

To exercise your rights, you can send a written request to Str. Dionisie Lupu nr. 70-72, corp A, et. 1, camera 6, sector 1, Bucharest, Romania or by email to dataprotection@smartown.ro

Please specify in your request whether you would like the requested information to be sent to a specific address (including email) or via a courier service that ensures personal delivery.

We will try to respond to your request within 30 days. However, this period may be extended in accordance with the provisions of the GDPR, depending on the complexity of the request, the large number of requests received during that period, or the inability to identify you within a reasonable time.

If we make every effort and are unable to identify you, and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with your request.