Privacy Policy


IMPORTANT
PLEASE READ THIS CAREFULLY
BEFORE ACCESSING AND USING THE TRANS SPED SERVICES

Cititi in Limba Romana

Processing activities

Trans Sped is a Qualified Trust Service Provider according to EU eIDAS Regulation (No.910/2014), registered as a private company under Romanian legislation.

For the provisioning of its services, Trans Sped needs to process personal data as below:

1. Management of required services (including online and store online services) and relevant finance, bookkeeping, invoicing, payment and credit monitoring activities and provisioning of support and updating services;

  • Trans Sped is data controller of these processing activities because it determines the purposes and means of the processing of personal data, as described in this document;
  • legal ground for the processing is the performance of a contract and the compliance with a legal obligation (bookkeeping and fiscal);
  • data are retained for 10 years after the last invoice (for the relevant bookkeeping regulations) or the end of relevant legal actions; data may be retained for an additional year, because in the backup lifecycle;

2. Management of quality and customer satisfaction;

  • Trans Sped is data controller of these processing activities because it determines the purposes and means of the processing of personal data, as described in this document;
  • legal ground for the processing are the legitimate interests pursued by the controller, i.e. quality assurance;
  • data of each survey are retained for 5 years or in the project or service documentation for 10 years (this is because these documents are linked to the invoicing); data may be retained for an additional year, because in the backup lifecycle;

3. Trust Service users identification;

  • Trans Sped is data controller of these processing activities because it determines the purposes and means of the processing of personal data, as described in this document;
  • legal ground for the processing is the performance of a contract and the compliance with legal obligations (trust service providers relevant ones);
  • data are retained for 10 years and 6 months after the expiration of digital certificate identification mechanisms, according to the trusted service provider applicable regulations);

4. Management of users’ documents (e.g. for signature), according to the required services;

  • Trans Sped is data processor of these processing activities because the customer determines the purposes and means of the processing of personal data;
  • data are not retained after the service provisioning; logs are retained for 10 years, according to the trusted service applicable regulations;

5. Management of assistance, contact or CV requests sent through web site;

  • Trans Sped is data controller of these processing activities because it determines the purposes and means of the processing of personal data, as described in this document;
  • legal ground for the processing is the provisioning of required services and the legitimate interests pursued by the controller, i.e. quality assurance;
  • data are retained for one year after the service provisioning in order to perform quality controls; data may be retained for an additional year, because in the backup lifecycle;

6. Web site management, using cookies (see below);

  • Trans Sped is data controller of these processing activities because it determines the purposes and means of the processing of personal data, as described in this document;
  • legal ground for the processing is the legitimate interest pursued by the controller, i.e. quality assurance;
  • data is retained in cookies on the user’s pc and their lifespan is set one year.

Privacy contact point

For any question regarding this Privacy Policy you can contact us at office@transsped.ro or our DPO – Elvirica Neasca Elvirica.neacsa@transsped.ro

Transfer of personal data

For the above purposes, Trans Sped may transfer personal data to external legal entities or people. Examples are entities for bookkeeping and accountability purposes; quality and security assurance of trusted services; legal, administrative and tax consultants; couriers for the transportation of documents and assets; banks; mail services.

External providers and suppliers agreed, with written contracts, to process data only for the stated purposes and adopt suitable security measures and processing controls. Data controllers, where Trans Sped is data processor, always authorize the change, by Trans Sped, of these subjects.

All external subjects ensure their assistance for the fulfilment of the obligations to respond to requests for exercising the data subject's rights and audit right.

Transfers to third Countries

Data are not transferred in extra-EEA Countries.

Security measures

Trans Sped adopts security measures for protecting data. Among them:

  • all people authorized to access and process data is aware of behaviors to enforce (e.g. for IT devices, email, passwords) and is committed to confidentiality;
  • a process is established for the provisioning, change, deletion and review of access authorizations to data; the process implements need-to-know and need-to-use principles;
  • measures are established in order to reduces as much as possible the authorizations of privileged users of IT systems (i.e. systems administrators) and to log their activities (e.g. giving them only personal user-ids and activating log systems);
  • a process is established for the deletion of data and memory devices so that unauthorized persons cannot retrieve data anymore;
  • physical security controls are enforced for blocking access to information on hardcopy support to unauthorized persons;
  • IT security measures are implemented according to the level of risk (e.g. activation and regular update of antimalware systems, data backups, activity logging and log retention, regular patching and fixing, network and Internet traffic filtering, portable device encryption);
  • a process is established for the change management (for IT base systems, network and applications, processes, physical security controls); this process include the evaluation of the effectiveness of security measures;
  • suppliers ensure in contracts they enforce information security according to the given level of risk and instructions;
  • a process is established for the incident (data breach) management that includes prevention and impact control and, in some cases, communication to the Data protection authority and data subjects;
  • a process is established for the evaluation of the effective implementation of security measures; this process includes audits to relevant data processors.

Trans Sped has a quality and information security management systems certified under the accreditation scheme controlled by the European regulations.

Additional measures

Trans Sped ensures its support to the customer if necessary:

  • for the fulfilment of the obligations to respond to requests for exercising the data subject's rights and audit right;
  • in case of personal data breach and information security incidents;
  • for carrying on privacy risk assessment and privacy impact assessment;
  • for deleting or destroying personal data at the end of the contractual obligations;
  • for answering to the relevant data protection authorities.

Trans Sped gives to its customers the right of audit, provided that audits will only analyse relevant processing activities, confidentiality is ensured and they are announced at least 30 days earlier.

Data subject rights

Data subjects have specific rights. Among them:

  • the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, their rectification and erasure, the restriction of their processing, data portability (i.e. receiving them in a structure accessible with the most common tool); requests will not have any impacts on the provided services;
  • the right to revoke the consent, if not against applicable laws or regulations;
  • the right to send a complaint to Trans Sped or to the Data protection authority (in Romania is Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal, http://www.dataprotection.ro/). Requests and complaints can be sent to Elvirica.neacsa@transsped.ro.

Cookies privacy notice

Cookies are files archived on your browser and set by the visited websites. Trans Sped sites only use “technical cookies”, needed to improve the quality of the look & feel of our pages. This does not require the consent of the visitors. Trans Sped installs other cookies (by Trans Sped itself or by other entities), needed to have statistical and anonymous data about the use of the pages of the website. They are “analytics cookies” and they don’t need your consent for working:

All users can stop the use of all or some cookies following some configuration steps for the browser:

Information specific for mobile apps

Our mobile apps have the same purposes described above:

  • management of required services;
  • identification of users of services;
  • processing of documents of users.

Apps require some authorizations for properly working. They include:

Authorization Reason
Write External Storage
Read External Storage
When a signature is approved, the document can (locally or on an external devices) be downloaded so it can be viewed. In other cases, the user can required to process some documents (for upload, download, encryption, and signature) and this requires the use of the storage.
Read Phone State Some apps use an API that needs this authorization for creating an identification code of the device
Camera Some apps require the use of the camera for scanning QR codes on user’s request. If the app is used for the identification of the user, then the app can need to record a video or to shot photos.
Microphone If the app is used for the identification of the user, then the app can need to record a video (with audio)
Gallery If the app is used for the identification of the user, then the app can need to shot photos and then to have them sent
Location This is needed by anti-bribery tools
GetAccounts
Read Contacts
This is used only by apps linked to other services (Dropbox, Google Drive, Box, etc) and if the user required to manage all their account.

QUESTIONS AND ANSWERS

Tran Sped is pleased to receive questions, comments and requests for more information/clarification on how it is managed the privacy of its Users. For this purpose, please contact us by mail or e-mail at the following addresses:

Trans Sped S.R.L. - Office - 38th Despot Voda Street - 2nd District, Bucharest - Romania

E-mail: office@transsped.ro

COMPLAINTS

For any complaints regarding this privacy policy and its implementation, please contact us by mail or e-mail at the following addresses:

Trans Sped S.R.L. - Office - 38th Despot Voda Street - 2nd District, Bucharest - Romania

E-mail: office@transsped.ro