Same Day Dispatch
100% Authenticity Guarantee
Minimum Order 99 €

English

Information on the Processing of Personal Data in the Context of Developing B2B Commercial Relationships

Română

Informarea privind prelucrarea datelor cu caracter personal in contextul dezvoltarii de relatii comerciale B2B

I. Purpose of the Information Notice

In the context of initiating and developing commercial relationships between professionals (B2B), CORPORATE SUPPLY S.R.L., having its registered office in Bucharest Municipality, District 4, 1 Dimitrie Cantemir Boulevard, registered with the Trade Register under no. J2013003712407, sole registration code 3139769, legally represented by Mr. Stoicescu Florin-Silviu (hereinafter referred to as “Symphonya” or the “Controller”), may process personal data belonging to legal representatives, contact persons, or other relevant individuals within potential partner companies.

The purpose of this notice is to inform you of all relevant aspects expressly regulated by the provisions of Article 14 of Regulation (EU) no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in the context where your data are processed by Symphonya by virtue of your capacity as legal representative, contact person, or other relevant individual within a potential partner company.

For any questions, requests, or clarifications regarding the processing of personal data for marketing purposes, as well as for exercising the rights conferred by the applicable legislation, data subjects may contact Symphonya using the following contact details:

e-mail: hello@symphonya.eu;

postal address: Bucharest Municipality, District 4, 1 Dimitrie Cantemir Boulevard. Block B2, entry 2-3, floor 4, ap. 409

II. Definitions

The terms used within this Information Notice have a specific meaning. Below we define and explain their meaning from the perspective of Regulation (EU) no. 679/2016:

  • marketing (B2B / lead generation) – the set of activities and tools used by Symphonya for the purpose of identifying potential business partners, initiating professional contact, and promoting its services or products to develop B2B commercial relationships;
  • B2B commercial relationship – any professional interaction initiated or carried out between Symphonya and other companies for the purpose of exploring, negotiating, or performing contractual collaborations;
  • controller – Symphonya, considering that it carries out personal data processing activities in the context of initiating and developing commercial relationships between professionals (B2B);
  • data subject – any natural person whose personal data are processed by Symphonya, namely legal representatives, contact persons, or other relevant individuals within potential partner companies;
  • legal representative – the natural person authorized, pursuant to the law or the constitutive documents, to represent and, as the case may be, legally bind a company in its relations with third parties, including with Symphonya;
  • contact person – the person designated within a company whose professional contact details are made public to be used for contact purposes and for developing commercial relationships with third parties, including with Symphonya;
  • personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
  • processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Data Protection Legislation – Regulation (EU) no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, Law no. 190/2018 on measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, any law transposing the GDPR or governing matters related to personal data protection in Romania, as well as any decisions, regulations, orders or other acts issued by the National Supervisory Authority for Personal Data Processing (ANSPDCP) or by any other competent authority/ institution/ body in this field.

III. Purpose for which personal data are processed and the legal basis for the processing

Personal data are processed by Symphonya in a limited, adequate, and relevant manner, exclusively for the following specific and legitimate purposes falling within the concept of marketing (B2B / lead generation):

  • initiating professional contact through commercial communications – to approach potential business partners, Symphonya initiates professional contact by sending initial commercial communications to the legal representatives or contact persons within the identified companies, aimed at promoting its services and/or products;
  • management of interactions – recording and centralizing commercial communications carried out with data subjects, analyzing the responses received in order to assess the level of interest in Symphonya’s services or products, as well as maintaining an internal record of such communications, including their archiving within internal systems;
  • development and management of B2B commercial relationships – continuing the professional dialogue with data subjects in order to further explore the expressed interest, providing additional tailored information, negotiating the terms of collaboration, as well as assessing partnership opportunities based on prior interactions, for the purpose of initiating or consolidating a contractual relationship between Symphonya and the company to which the data subject belongs.

The processing of personal data is carried out on the basis of art. 6 para. (1) letter f) of Regulation (EU) 2016/679, namely the legitimate interest of the Controller to initiate and develop commercial relationships in the B2B environment, with a view to expanding its client portfolio. In assessing this interest, Symphonya has taken into account the following aspects:

the processing concerns exclusively limited personal data, which are not of a sensitive nature within the meaning of Data Protection Legislation;

the data are collected from publicly accessible sources or commercially available sources, commonly used in the B2B environment, made available in the context of professional activity, either voluntarily by the data subject, by the organisation to which the data subject belongs and/or by third parties specialised in aggregating and providing data, in accordance with the law, which is why data subjects may reasonably expect such communications in connection with their professional role;

there are no less intrusive alternatives for achieving this purpose, and the impact on the private life of data subjects is minimal;

this processing is carried out with due diligence, ensuring that data subjects are informed from the very first interaction and are provided, within each commercial communication, with an effective and easy means to exercise their right to object to the processing of their data for marketing purposes.

IV. Categories of personal data subject to processing

In the context of activities related to the initiation and development of B2B commercial relationships, the Controller may process the following categories of personal data relating to the data subject, obtained through publicly accessible sources or commercially available sources commonly used in the B2B environment:

  • identification data – first name and last name;
  • contact data – e-mail address and telephone number;
  • data regarding professional position and affiliation – the position held within the company, as well as its name;
  • data associated with professional activity – online professional or social media profile, presence on online or social media platforms, including marketplaces, information regarding the country of origin, as well as the place where the professional activity is carried out;
  • data resulting from interactions – personal data/information voluntarily provided as a result of communications with the data subject (e.g., responses, expression of interest in Symphonya’s services, expression of objection to the continued processing of personal data etc.);

any other relevant information voluntarily made public by the data subject or by the company to which the data subject belongs, through official websites, professional platforms, including social networking platforms, or other similar channels.

V. Source of collection of personal data subject to processing

The personal data processed by the Controller are not collected directly from the data subject, but originate from publicly accessible sources or commercially available sources commonly used in the B2B environment. These data have been made available in the context of professional activity, voluntarily by the data subject, by the organisation to which the data subject belongs and/or by third parties specialised in aggregating and providing data, in accordance with the law. The Controller does not use obscure sources, unlawfully acquired databases or any other means that could infringe the fundamental rights and freedoms of data subjects.

Thus, the personal data indicated in Section IV of this Information Notice may be collected from the following types of sources:

official websites of companies (e.g., sections such as “Contact”, “Team”, “About us”);

professional platforms and business networks, as well as any other channels where contact details are voluntarily published, either for the purpose of developing B2B commercial relationships or in the context of commercial activities aimed at end consumers;

social networking/ social media platforms (e.g., LinkedIn);

public registers or publicly accessible databases;

business directories, catalogues or other aggregators of commercial information.

Personal data published in such environments are reasonably intended to facilitate interactions within the business environment. Consequently, such data are considered to be made available to the public, including for the purpose of initiating B2B commercial communications.

Symphonya collects such data within this professional context, in compliance with the principles of lawfulness, proportionality and transparency, while ensuring the possibility for the data subject to object at any time to such processing. Symphonya does not intentionally process categories of data other than those mentioned in Section IV of this Information Notice. To the extent that such data are transmitted inadvertently, they will be deleted without delay by the Controller, except where there is a separate legal basis justifying their retention.

VI. Description of the flow of collection, use and management of personal data

Symphonya follows a structured internal operational process, documented and subject to technical and organisational compliance measures, for the collection, use and management of personal data of data subjects for marketing purposes (B2B/ lead generation), as follows:

  • identification of potential business partners – Symphonya continuously analyses the relevant market by consulting and browsing the sources indicated in Section V of this Information Notice, using objective criteria such as the field of activity, company profile, company size, geographical area or compatibility of services offered, in order to identify potential partners who may have a legitimate interest in developing B2B business relationships;
  • identification of relevant data subjects within such companies – subsequently, Symphonya identifies those natural persons who, by virtue of their professional role and responsibilities (e.g., legal representatives, directors, heads of departments relevant to the business environment), are reasonably involved in the decision-making process for initiating B2B commercial relationships;
  • verification of the relevance of the personal data of the identified data subjects – the personal data of these individuals are collected exclusively from legally accessible sources, without the use of intrusive methods, non-compliant scraping techniques or databases acquired from unauthorised sources. Symphonya verifies the legitimacy of the source in which such data have been published;

Symphonya may process personal data that are not collected directly from the data subject, but are obtained from third parties specialised in aggregating and providing data commonly used in the B2B environment. The Controller undertakes reasonable efforts to select only data providers that offer sufficient guarantees regarding compliance with the applicable Data Protection Legislation, including by assessing their reputation, as well as their declared policies and mechanisms for collecting personal data. However, the Controller does not directly control the manner in which such data were initially collected by third parties and relies, to a reasonable extent, on the information and assurances provided by them regarding the lawfulness of the collection and disclosure of the data. In this context, the Controller cannot absolutely guarantee the initial compliance of each data collection operation carried out by third parties, but adopts its own reasonable technical and organisational measures in order to process exclusively those data that are relevant for the purposes stated in this Information Notice.

  • collection and internal organisation of personal data of the identified data subjects – the identified personal data are entered into secure internal systems (CRM), being centralised in a manner that allows filtering, tracking of interaction history, avoidance of unjustified repeated contact and compliance with the preferences expressed by data subjects;
  • use of personal data for initiating commercial communications – the data are used to send an initial commercial communication in which Symphonya identifies itself, states the purpose of the contact and provides relevant information about its services and/or products. Within this first commercial communication, the data subject is informed about the processing of their personal data and their rights, including the right to object, in accordance with article 14 of Regulation (EU) no. 679/2016;
  • subsequent management of interactions with data subjects – depending on the response received or the behaviour of the data subject regarding the processing of their personal data for marketing purposes, Symphonya may (i) continue the commercial dialogue, including by providing additional information or organising further commercial discussions, (ii) adapt the commercial communication based on the interest expressed by the data subject and/or (iii) limit or completely cease commercial communications where the data subject exercises their right to object. The Controller has implemented internal mechanisms to ensure that any request from the data subject (in particular, objection to direct marketing) is handled promptly and effectively. Once the data subject has expressed their objection, their personal data are no longer processed for marketing purposes, being appropriately flagged to prevent further use or erased from the database, unless another legal basis for storage exists.

Through this process, Symphonya aims to ensure a balance between its legitimate commercial interests and the fundamental rights and freedoms of data subjects in relation to processing activities carried out for marketing purposes, in compliance with the requirements of Regulation (EU) no. 679/2016.

VII. Recipients of personal data subject to processing

The personal data processed by Symphonya for marketing purposes (B2B/ lead generation) are not subject to any disclosure, transfer or making available to third parties, being managed exclusively at an internal level. The data are accessible only to authorised personnel within the Controller, strictly to the extent that such access is necessary for the fulfilment of the legitimate purposes described in this Information Notice, based on the “need-to-know” principle. In this regard, the data are stored and managed within secure internal systems, subject to appropriate technical and organisational measures designed to ensure an adequate level of protection, including with regard to their confidentiality, integrity and availability, as well as to prevent any unauthorised access, improper use or unlawful disclosure.

By way of exception, where the involvement of Symphonya’s partners is necessary (for example, IT service providers ensuring the maintenance of technical systems), such parties will have access to the data exclusively in their capacity as processors acting on behalf of the Controller, on the basis of contractual arrangements imposing strict obligations of confidentiality, security and limitation of processing, without the right to use the data for their own purposes. Furthermore, personal data may be disclosed by Symphonya to the extent that such disclosure is required or justified by an express legal obligation, a legitimate request from competent public authorities, or the need to protect the legitimate interests of the Controller, including for the establishment, exercise or defence of legal claims, in compliance with the applicable legal provisions.

VIII. Duration of storage of processed personal data

The personal data processed by Symphonya for marketing purposes (B2B/ lead generation) are stored for a limited period, determined in relation to the purposes for which they were collected, as well as the need to comply with applicable legal obligations. The Controller periodically reviews its database and implements appropriate measures to ensure that such data are not retained for longer than necessary.

Specifically, the data of the data subject will be stored by Symphonya for the period necessary to initiate and carry out professional interactions, namely for as long as there is a legitimate interest in developing a B2B commercial relationship, including throughout the exchange of communications and the assessment of potential collaboration opportunities. Where the data subject exercises their right to object to the processing of their data for direct marketing purposes, the Controller will cease such processing without undue delay.

IX. Frequency of processing for marketing purposes

Symphonya sends marketing communications (B2B / lead generation) in a limited, balanced and professionally adapted manner, so as not to create unjustified discomfort for data subjects. In this regard, the frequency of commercial communications is determined based on the following principles:

  • reasonable and proportionate interaction with the data subject – commercial communications are sent at appropriate intervals, depending on the nature of the services offered and their relevance to the professional activity of the data subject;
  • limitation of the number of interactions with the data subject – each commercial communication is intended to have justified and relevant content from the perspective of a potential B2B collaboration. “Cold outreach” approaches are generally carried out with a limited number of follow-ups, without becoming intrusive commercial communication;
  • adaptation based on interaction with the data subject – the frequency of commercial communications may vary depending on the responses received or the level of interest expressed by the data subject. Where there is low interest, communications will be limited;
  • respect for the data subject’s preferences – where the data subject exercises their right to object, the Controller will cease sending commercial communications without delay.

X. Rights of the data subject in relation to the processing

In accordance with the provisions of Regulation (EU) 2016/679, data subjects benefit from a series of rights in relation to the processing of their personal data for marketing purposes (B2B / lead generation), which they may exercise at any time, under the conditions provided by law and this Information Notice:

  • the right to be informed – through this Information Notice, Symphonya provides you with all necessary information regarding the processing of personal data, in accordance with article 14 of Regulation (EU) 2016/679;
  • the right of access to data – you have the right to request in writing confirmation as to whether your personal data are being processed by Symphonya, and, where that is the case, you may be provided with an access report concerning such data, in accordance with article 15 of Regulation (EU) 2016/679, as well as additional information regarding their processing;
  • the right to rectification – you have the right to request the rectification of your personal data where they are inaccurate, incomplete or have been modified;
  • the right to erasure (“the right to be forgotten”) – you have the right to request the deletion of your personal data. Symphonya is not obliged to comply with such request where the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. There may also be other circumstances in which Symphonya is not obliged to comply with the erasure request, however these are the most likely situations in which such a request may be refused;
  • the right to restriction of processing – you have the right to request the restriction of processing in the cases expressly provided by law, namely where: (a) the data subject contests the accuracy of the data, for a period enabling the controller to verify the accuracy of the data, (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, (c) the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims or (d) the data subject has objected to processing pursuant to article 21 paragraph (1) of Regulation (EU) 2016/679, for the period during which it is verified whether the legitimate grounds of the controller override those of the data subject;
  • the right to data portability – you have the right to request the transfer of your personal data to another controller, but only where the processing is based on explicit consent and is carried out by automated means;
  • the right not to be subject to a decision based solely on automated processing, including profiling – you have the right to object, at any time, to a decision based solely on automated processing, including profiling, but only where such decision produces legal effects concerning you or similarly significantly affects you;
  • the right to lodge a complaint – you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing in Romania (Bucharest, 28-30 G-ral Gheorghe Magheru Boulevard, District 1, telephone +40.318.059.211 / +40.318.059.212) or with the competent supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, where you consider that the processing of personal data by Symphonya infringes the applicable legal provisions. You also have the right to address the competent courts at any time if you consider that the processing of personal data infringes the applicable legal provisions;
  • the right to object – in particular, in the context of processing for direct marketing purposes, you have the right to object to the processing of your personal data if you consider that your fundamental rights and freedoms prevail over the legitimate interest of the Controller, without the need to provide any justification.

Where the right to object is exercised, the Controller will cease the processing of personal data for this purpose without undue delay. The right to object may be exercised either by accessing the dedicated link included in the content of the commercial messages sent or in writing, or by submitting a request to the contact details indicated in Section I of this Information Notice. The Controller will respond to the request within the time limits and under the conditions provided by Data Protection Legislation.

Symphonya places particular importance on respecting the rights of data subjects and ensuring transparency in the processing of personal data. In this regard, we express our willingness to examine and resolve promptly any request, clarification or potential dispute amicably, through an open and constructive dialogue. We encourage you to contact us directly, using the contact details indicated in Section I of this Information Notice, before resorting to other actions, so that we may identify together an appropriate and efficient solution.

XI. Final provisions

As a controller of personal data, Symphonya reserves the right to amend the content of this Information Notice at any time, with any such updates to be duly communicated to data subjects by appropriate means, in accordance with the applicable legislation.

This Information Notice shall be supplemented, as appropriate, by the relevant personal data protection policies available for consultation on the website operated by Symphonya, accessible at the following link: https://www.symphonya.eu/.

I. Scopul Informarii

In contextul initierii si dezvoltarii relatiilor comerciale intre profesionisti (B2B), CORPORATE SUPPLY S.R.L., cu sediul social in Municipiul Bucuresti, Sector 4, Bd. Dimitrie Cantemir nr. 1, inregistrata la Registrul Comertului sub nr. J2013003712407, cod unic de inregistrare 3139769, reprezentata legal de dl. Stoicescu Florin-Silviu (denumita in continuare, „Symphonya” sau „Operatorul”), poate prelucra date cu caracter personal apartinand reprezentantilor legali, persoanelor de contact sau altor persoane relevante din cadrul unor societati comerciale potential partenere.

Scopul prezentei este de a te informa cu privire la toate aspectele relevante reglementate in mod expres de prevederile art. 14 din Regulamentul (UE) nr. 679/2016 privind protectia persoanelor fizice in ceea ce priveste prelucrarea datelor cu caracter personal si privind libera circulatie a acestor date si de abrogare a Directivei 95/46/CE, in contextul in care datele tale sunt prelucrate de catre Symphonya, prin prisma calitatii de reprezentant legal, persoana de contact sau alta persoana relevanta din cadrul unei societati comerciale potential partenere.

Pentru orice intrebari, solicitari sau clarificari referitoare la prelucrarea datelor cu caracter personal in scop de marketing, precum si pentru exercitarea drepturilor conferite de legislatia aplicabila, persoanele vizate pot contacta Symphonya utilizand urmatoarele date de contact:

e-mail: hello@symphonya.eu;

adresa postala: Municipiul Bucuresti, Sector 4, Bd. Dimitrie Cantemir nr. 1, bl. B2, sc 2-3, et. 4, ap. 409

II. Definitii

Termenii utilizati in prezenta Informare au un sens specific. Mai jos le definim si explicam ce inseamna acestea din perspectiva Regulamentului (UE) nr. 679/2016:

  • marketing (B2B/ lead generation) – ansamblul activitatilor si instrumentelor utilizate de Symphonya in scopul identificarii potentialilor parteneri comerciali, initierii contactului profesional si promovarii serviciilor sau produselor sale pentru dezvoltarea de relatii comerciale B2B;
  • relatie comerciala B2B – orice interactiune profesionala initiata sau desfasurata intre Symphonya si alte societati comerciale, in scopul explorarii, negocierii sau derularii unor colaborari contractuale;
  • operator – Symphonya, avand in vedere ca desfasoara activitati de prelucrare a datelor cu caracter personal, in contextul initierii si dezvoltarii relatiilor comerciale intre profesionisti (B2B);
  • persoana vizata – orice persoana fizica ale carei date cu caracter personal sunt prelucrate de catre Symphonya, respectiv reprezentanti legali, persoane de contact sau alte persoane relevante din cadrul unor societati comerciale potential partenere;
  • reprezentant legal – persoana fizica imputernicita, potrivit legii sau actelor constitutive, sa reprezinte si, dupa caz, sa angajeze juridic o societate comerciala in raporturile cu tertii, inclusiv cu Symphonya;
  • persoana de contact – persoana desemnata in cadrul unei societati comerciale, ale carei date profesionale sunt facute publice, pentru a fi utilizate in scopuri de contactare si dezvoltare de relatii comerciale cu tertii, inclusiv cu Symphonya;
  • date cu caracter personal – orice informatii privind o persoana fizica identificata sau identificabila („persoana vizata”); o persoana fizica identificabila este o persoana care poate fi identificata, direct sau indirect, in special prin referire la un element de identificare, cum ar fi un nume, un numar de identificare, date de localizare, un identificator online, sau la unul sau mai multe elemente specifice, proprii identitatii sale fizice, fiziologice, genetice, psihice, economice, culturale sau sociale;
  • prelucrare – orice operatiune sau set de operatiuni efectuate asupra datelor cu caracter personal sau asupra seturilor de date cu caracter personal, cu sau fara utilizarea de mijloace automatizate, cum ar fi colectarea, inregistrarea, organizarea, structurarea, stocarea, adaptarea sau modificarea, extragerea, consultarea, utilizarea, divulgarea prin transmitere, diseminarea sau punerea la dispozitie in orice alt mod, alinierea sau combinarea, restrictionarea, stergerea sau distrugerea;
  • Legea in materia protectiei datelor cu caracter personal – Regulamentul (UE) nr. 679/2016 privind protectia persoanelor fizice in ceea ce priveste prelucrarea datelor cu caracter personal si privind libera circulatie a acestor date si de abrogare a Directivei 95/46/CE, Legea nr. 190/2018 privind masuri de punere in aplicare a Regulamentului (UE) 2016/679 al Parlamentului European si al Consiliului din 27 aprilie 2016 privind protectia persoanelor fizice in ceea ce priveste prelucrarea datelor cu caracter personal si privind libera circulatie a acestor date si de abrogare a Directivei 95/46/CE, orice lege care transpune RGPD sau care reglementeaza aspecte ce tin de domeniul protectiei datelor cu caracter personal in Romania, precum si orice decizii, regulamente, ordine sau reglementari ale Autoritatii Nationale de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP) ori ale oricarei autoritati/ institutii/ entitati competente in materie.

III. Scopul in care sunt prelucrate datele cu caracter personal si temeiul juridic al prelucrarii

Datele cu caracter personal sunt prelucrate de catre Symphonya in mod limitat, adecvat si relevant, exclusiv pentru urmatoarele scopuri determinate si legitime incadrate in conceptul de marketing (B2B/ lead generation):

  • initierea contactului profesional, prin comunicari comerciale – in vederea abordarii unor potentiali parteneri comerciali, Symphonya procedeaza la initierea contactului profesional, prin transmiterea de comunicari comerciale initiale catre reprezentantii legali sau persoanele de contact din cadrul societatilor comerciale identificate, care vizeaza promovarea serviciilor si/sau produselor;
  • gestionarea interactiunilor – inregistrarea si centralizarea comunicarilor comerciale purtate cu persoanele vizate, analizarea raspunsurilor primite in vederea evaluarii interesului pentru serviciile sau produsele Symphonya, precum si pastrarea unei evidente interne a acestor comunicari, inclusiv arhivarea lor in sisteme interne;
  • dezvoltarea si gestionarea relatiilor comerciale B2B – continuarea dialogului profesional cu persoanele vizate in vederea aprofundarii interesului exprimat, transmiterea de informatii suplimentare personalizate, negocierea conditiilor de colaborare, precum si evaluarea oportunitatilor de parteneriat pe baza interactiunilor avute, in scopul initierii sau consolidarii unei relatii contractuale intre Symphonya si societatea din care face parte persoana vizata.

Prelucrarea datelor cu caracter personal se realizeaza in temeiul art. 6 alin. (1) lit. f) din Regulamentul (UE) 2016/679, respectiv interesul legitim al Operatorului de a initia si dezvolta relatii comerciale in mediul B2B, in vederea extinderii portofoliului de clienti. In evaluarea acestui interes, Symphonya a avut in vedere urmatoarele aspecte:

prelucrarea vizeaza exclusiv date cu caracter personal limitate, care nu au o natura sensibila din punctul de vedere al Legii in materia protectiei datelor cu caracter personal;

datele sunt colectate din surse accesibile publicului larg sau surse accesibile comercial, utilizate in mod uzual in mediul B2B, facute disponibile in contextul activitatii profesionale, in mod voluntar de catre persoana vizata, de catre organizatia din care aceasta face parte sau/si de catre terti specializati in agregarea si furnizarea de date, in conditiile legii, motiv pentru care persoanele vizate se pot astepta in mod rezonabil la astfel de comunicari in legatura cu rolul lor profesional;

nu exista alternative mai putin intruzive pentru atingerea acestui scop, iar impactul asupra vietii private a persoanelor vizate este redus;

abordeaza aceasta prelucrare cu diligenta, asigurand informarea persoanelor vizate inca de la prima interactiune si oferind, in cadrul fiecarei comunicari comerciale, posibilitatea efectiva si facila de exercitare a dreptului de opozitie fata de prelucrarea datelor in scop de marketing.

IV. Categoriile de date cu caracter personal vizate de prelucrare

In contextul activitatilor de initiere si dezvoltare a relatiilor comerciale B2B, Operatorul poate prelucra urmatoarele categorii de date cu caracter personal ale persoanei vizate, prin intermediul unor surse accesibile publicului larg sau surse accesibile comercial, utilizate in mod uzual in mediul B2B:

  • date de identificare – nume si prenume;
  • date de contact – adresa de e-mail si numar de telefon;
  • date privind functia si afilierea profesionala – functia ocupata in cadrul societatii comerciale, precum si denumirea acesteia;
  • date asociate activitatii profesionale – profilul profesional online sau de social media, prezenta pe platforme online sau de social media, inclusiv marketplace-uri, informatii privind statul de provenienta, respectiv de desfasurare a activitatii profesionale;
  • date rezultate din interactiuni – date cu caracter personal/ informatii oferite in mod voluntar, ca urmare a comunicarilor cu persoana vizata (de ex., raspunsuri, manifestarea interesului pentru serviciile Symphonya, exprimarea opozitiei de a continua prelucrarea datelor cu caracter personal etc.);

orice alte informatii relevante facute publice in mod voluntar de catre persoana vizata sau de catre societatea comerciala din care aceasta face parte, prin intermediul website-urilor oficiale, platformelor profesionale, inclusiv de tip retea sociala, sau al altor canale similare.

V. Sursa colectarii datelor cu caracter personal vizate de prelucrare

Datele cu caracter personal prelucrate de catre Operator nu sunt colectate direct de la persoana vizata, ci provin din surse accesibile publicului larg sau surse accesibile comercial, utilizate in mod uzual in mediul B2B. Aceste date au fost facute disponibile in contextul activitatii profesionale, in mod voluntar de catre persoana vizata, de catre organizatia din care aceasta face parte sau/si de catre terti specializati in agregarea si furnizarea de date, in conditiile legii. Operatorul nu utilizeaza surse obscure, baze de date achizitionate in mod neconform sau orice alte mijloace care ar putea aduce atingere drepturilor si libertatilor fundamentale ale persoanelor vizate.

Astfel, datele cu caracter personal indicate in sectiunea a IV-a din prezenta Informare pot fi colectate din urmatoarele tipuri de surse:

website-uri oficiale ale societatilor comerciale (de ex., sectiuni de tip „Contact”, „Echipa”, „Despre noi”);

platforme profesionale si retele de business, precum si orice alte canale in care datele de contact sunt publicate in mod voluntar, fie in vederea dezvoltarii de relatii comerciale B2B, fie in cadrul activitatilor comerciale destinate consumatorilor finali;

platforme de tip retea social/ social media (de ex., LinkedIn);

registre publice sau baze de date accesibile publicului;

directoare de afaceri, cataloage sau alte agregatoare de informatii de natura comerciala.

Datele cu caracter personal publicate in astfel de medii sunt, in mod rezonabil, destinate facilitarii interactiunilor in mediul de afaceri. In consecinta, se considera ca aceste date sunt puse la dispozitia publicului inclusiv in scopul initierii unor comunicari comerciale de tip B2B.

Symphonya colecteaza astfel de date in acest context profesional, cu respectarea principiilor de legalitate, proportionalitate si transparenta, precum si cu asigurarea posibilitatii persoanei vizate de a se opune in orice moment unei astfel de prelucrari. Symphonya nu prelucreaza in mod intentionat alte categorii de date decat cele mentionate in sectiunea a IV-a din prezenta Informare. In masura in care astfel de date sunt transmise in mod accidental, acestea vor fi eliminate fara intarziere de catre Operator, cu exceptia situatiilor in care exista un temei juridic distinct care justifica pastrarea acestora.

VI. Descrierea fluxului de colectare, utilizare si gestionare a datelor cu caracter personal

Symphonya urmeaza un proces intern operational structurat, documentat si supus unor masuri tehnice si organizatorice de conformitate pentru colectarea, utilizarea si gestionarea datelor cu caracter personal ale persoanelor vizate in scop de marketing (B2B/ lead generation), dupa cum urmeaza:

  • identificarea potentialilor parteneri comerciali – Symphonya analizeaza in mod constant piata relevanta, prin consultarea si navigarea surselor indicate in sectiunea a V-a din prezenta Informare, utilizand criterii obiective precum domeniul de activitate, profilul, dimensiunea societatii comerciale, aria geografica sau compatibilitatea serviciilor oferite, in scopul identificarii unor potentiali parteneri, care ar putea prezenta un interes legitim pentru dezvoltarea unor relatii de afaceri B2B cu aceasta;
  • identificarea persoanelor vizate relevante din cadrul acestor societati comerciale – ulterior, Symphonya identifica acele persoane fizice care, prin rolul si atributiile lor profesionale (de ex., reprezentanti legali, directori, responsabili de departamente relevante pentru mediul de afaceri), sunt in mod rezonabil implicate in procesul decizional de initiere a relatiilor comerciale B2B;
  • verificarea relevantei datelor cu caracter personal ale persoanelor vizate identificate – datele cu caracter personal ale acestor persoane sunt colectate exclusiv din surse accesibile in mod legal, fara utilizarea unor metode intruzive, a unor tehnici de scraping neconforme sau a unor baze de date achizitionate din surse neautorizate. Symphonya verifica caracterul legitim al sursei in care astfel de date au fost publicate;

Symphonya poate prelucra date cu caracter personal care nu sunt colectate direct de la persoana vizata, ci sunt obtinute de la terti specializati in agregarea si furnizarea de date utilizate in mod uzual in mediul B2B. Operatorul depune diligente rezonabile pentru a selecta doar furnizori de date care ofera garantii suficiente privind respectarea Legislatiei aplicabile in materie de protectie a datelor, inclusiv prin evaluarea reputatiei acestora, precum si a politicilor si mecanismelor declarate de colectare a datelor cu caracter personal. Cu toate acestea, Operatorul nu controleaza in mod direct modul in care aceste date au fost colectate initial de catre terti si se bazeaza, intr-o masura rezonabila, pe informatiile si asigurarile furnizate de acestia cu privire la legalitatea colectarii si a punerii la dispozitie a datelor. In acest context, Operatorul nu poate garanta in mod absolut conformitatea initiala a fiecarei operatiuni de colectare realizate de terti, insa adopta masuri tehnice si organizatorice proprii si rezonabile, in vederea prelucrarii exclusiv a acelor date care sunt relevante pentru scopul declarat in prezenta Informare.

  • colectarea si organizarea interna a datelor cu caracter personal apartinand persoanelor vizate identificate – datele cu caracter personal identificate sunt introduse in sisteme interne securizate (CRM), fiind centralizate intr-un mod care permite filtrarea, urmarirea istoricului interactiunilor, evitarea contactarii repetate nejustificate si respectarea optiunilor exprimate de persoanele vizate;
  • utilizarea datelor cu caracter personal apartinand persoanelor vizate identificate pentru initierea comunicarilor comerciale – datele sunt utilizate pentru transmiterea unei comunicari initiale cu caracter comercial, in care Symphonya se identifica, indica scopul contactarii si furnizeaza informatii relevante despre serviciile sau produsele sale. In cadrul acestei prime comunicari comerciale, persoana vizata este informata cu privire la prelucrarea datelor sale cu caracter personal si la drepturile de care beneficiaza, inclusiv dreptul de opozitie, in conformitate cu art. 14 din Regulamentul (UE) nr. 679/2016;
  • gestionarea ulterioara a interactiunilor cu persoanele vizate identificate – in functie de raspunsul primit sau de comportamentul persoanei vizate in ceea ce priveste activitatile de prelucrare a datelor sale cu caracter personal in scop de marketing, Symphonya poate (i) continua dialogul comercial, inclusiv prin transmiterea de informatii suplimentare sau organizarea de discutii comerciale ulterioare, (ii) adapta comunicarea comerciala, in functie de interesul exprimat de persoana vizata si/sau (iii) limita sau inceta complet comunicarile comerciale, in cazul exercitarii dreptului de opozitie de catre persoana vizata. Operatorul a implementat mecanisme interne prin care se asigura ca orice solicitare a persoanei vizate (in special, opozitia la marketing direct) este gestionata prompt si eficient. Odata exprimata opozitia de persoana vizata, datele sale cu caracter personal nu mai sunt prelucrate in scopuri de marketing, fiind marcate corespunzator pentru a preveni utilizari ulterioare, respectiv sterse din baza de date, cu exceptia cazului in care exista un alt temei juridic pentru stocare.

Prin acest flux, Symphonya urmareste sa asigure un echilibru intre interesele sale comerciale legitime si drepturile si libertatile fundamentale ale persoanelor vizate de activitatile de prelucrare in scop de marketing, in conformitate cu cerintele Regulamentului (UE) nr. 679/2016.

VII. Destinatarii datelor cu caracter personal vizate de prelucrare

Datele cu caracter personal prelucrate de catre Symphonya in scop de marketing (B2B/ lead generation) nu fac obiectul niciunei divulgari, transfer sau puneri la dispozitia unor terti, fiind gestionate exclusiv la nivel intern. Acestea sunt accesibile doar personalului autorizat din cadrul Operatorului, strict in masura in care acest acces este necesar pentru realizarea scopurilor legitime descrise in prezenta Informare, in baza principiului „need-to-know”. In acest sens, datele sunt stocate si administrate in sisteme interne securizate, supuse unor masuri tehnice si organizatorice adecvate, menite sa asigure un nivel corespunzator de protectie, inclusiv in ceea ce priveste confidentialitatea, integritatea si disponibilitatea acestora, precum si prevenirea oricaror accesari neautorizate, utilizari neconforme sau divulgari nepermise.

In mod exceptional, in situatia in care este necesara implicarea unor parteneri ai Symphonya (de exemplu, furnizori de servicii IT care asigura mentenanta sistemelor tehnice), acestia vor avea acces la date exclusiv in calitate de persoane imputernicite de Operator, in baza unor acorduri contractuale care impun obligatii stricte de confidentialitate, securitate si limitare a prelucrarii, fara dreptul de a utiliza datele in scopuri proprii. De asemenea, datele cu caracter personal pot fi divulgate de catre Symphonya in masura in care o astfel de divulgare este impusa sau justificata de o obligatie legala expresa, de o solicitare legitima formulata de autoritati publice competente ori de necesitatea protejarii intereselor legitime ale Operatorului, inclusiv pentru constatarea, exercitarea sau apararea unui drept in justitie, cu respectarea prevederilor legale aplicabile.

VIII. Durata stocarii datelor cu caracter personal prelucrate

Datele cu caracter personal prelucrate de catre Symphonya in scop de marketing (B2B/ lead generation) sunt stocate pentru o perioada limitata, determinata in functie de scopurile pentru care au fost colectate, precum si de necesitatea respectarii obligatiilor legale aplicabile. Operatorul revizuieste periodic baza se date si implementeaza masuri adecvate pentru a se asigura ca acestea nu sunt pastrate mai mult decat este necesar.

In mod concret, datele persoanei vizate vor fi stocate de Symphonya pe durata necesara initierii si derularii interactiunilor profesionale, respectiv pe perioada in care exista un interes legitim in dezvoltarea unei relatii comerciale B2B, inclusiv pe durata schimbului de comunicari si a evaluarilor privind oportunitatea unei colaborari. In cazul in care persoana vizata isi exercita dreptul de a se opune prelucrarii datelor in scop de marketing direct, Operatorul va inceta prelucrarea in acest scop fara intarziere.

IX. Frecventa prelucrarilor in scop de marketing

Symphonya transmite comunicari in scop de marketing (B2B/ lead generation) intr-o maniera limitata, echilibrata si adaptata contextului profesional, astfel incat sa nu genereze un disconfort nejustificat persoanelor vizate. In acest sens, frecventa comunicarilor comerciale este stabilita avand in vedere urmatoarele principii:

  • caracterul rezonabil si proportional al interactiunii cu persoana vizata – comunicarile comerciale sunt transmise la intervale adecvate, in functie de natura serviciilor oferite si de relevanta acestora pentru activitatea profesionala a persoanei vizate;
  • limitarea numarului de interactiuni cu persoana vizata – se urmareste ca fiecare comunicare comerciala sa aiba un continut justificat si relevant din perspectiva unei potentiale colaborari B2B. Abordarile de tip „cold outreach” sunt realizate, de regula, intr-un numar limitat de reveniri, fara a se transforma intr-o comunicare comerciala intruziva;
  • adaptarea in functie de interactiunea cu persoana vizata – frecventa comunicarilor comerciale poate varia in functie de raspunsurile primite sau de interesul manifestat de persoana vizata. In cazul unui interes scazut, comunicarile comerciale vor fi limitate;
  • respectarea optiunilor persoanei vizate – in cazul in care persoana vizata isi exercita dreptul de opozitie, Operatorul va inceta transmiterea comunicarilor comerciale fara intarziere.

X. Drepturile persoanei vizate in raport cu prelucrarea

In conformitate cu prevederile Regulamentului (UE) 2016/679, persoanele vizate beneficiaza de o serie de drepturi in legatura cu prelucrarea datelor lor cu caracter personal in scop de marketing (B2B/ lead generation), pe care le pot exercita in orice moment, in conditiile legii si ale prezentei Informari:

  • dreptul de a fi informat – prin intermediul prezentei Informari, Symphonya iti furnizeaza toate informatiile necesare privind prelucrarea datelor cu caracter personal, in conformitate cu art. 14 din Regulamentul (UE) 2016/679;
  • dreptul de acces la date – ai dreptul de a solicita in scris o confirmare a faptului ca datele tale cu caracter personal sunt prelucrate de Symphonya, iar, in cazul in care sunt prelucrate, ti se va putea pune la dispozitie un raport privind accesul la aceste date, in conformitate cu art. 15 din Regulamentul (UE) 2016/679, precum si informatii suplimentare despre prelucrarea acestora;
  • dreptul de rectificare – ai dreptul de a solicita rectificarea datelor cu caracter personal in situatia in care acestea sunt inexacte, incomplete sau au fost modificate;
  • dreptul de stergere („dreptul de a fi uitat”) – ai dreptul de a solicita stergerea datelor cu caracter personal. Symphonya nu este obligata sa dea curs solicitarii de stergere a datelor in cazul in care prelucrarea acestora este necesara pentru respectarea unei obligatii legale sau pentru constatarea, exercitarea ori apararea unui drept in instanta. De asemenea, pot exista si alte circumstante in care Symphonya nu este obligata sa respecte solicitarea de stergere a datelor, insa acestea doua sunt cele mai probabile situatii in care cererea ar putea fi refuzata;
  • dreptul la restrictionarea prelucrarii – ai dreptul de a solicita restrictionarea prelucrarii in cazurile prevazute expres de lege, respectiv - (a) persoana vizata contesta exactitatea datelor, pentru o perioada care ii permite operatorului sa verifice exactitatea datelor, (b) prelucrarea este ilegala, iar persoana vizata se opune stergerii datelor cu caracter personal, solicitand in schimb restrictionarea utilizarii lor, (c) operatorul nu mai are nevoie de datele cu caracter personal in scopul prelucrarii, dar persoana vizata i le solicita pentru constatarea, exercitarea sau apararea unui drept in instanta sau (d) persoana vizata s-a opus prelucrarii in conformitate cu articolul 21 alineatul (1) din Regulamentul (UE) 2016/679, pentru intervalul de timp in care se verifica daca drepturile legitime ale operatorului prevaleaza asupra celor ale persoanei vizate;
  • dreptul la portabilitatea datelor – ai dreptul de a solicita portarea datelor cu caracter personal catre un alt operator, insa doar in cazul in care prelucrarea se bazeaza pe consimtamantul expres si este realizata prin mijloace automatizate;
  • dreptul de a nu face obiectul unei decizii bazate exclusiv pe prelucrarea automata, inclusiv crearea de profiluri – ai dreptul de a te opune, in orice moment, unei decizii bazate exclusiv pe prelucrarea automatizata, inclusiv crearea de profiluri, insa doar in cazul in care aceasta decizie produce efecte juridice asupra ta sau te afecteaza intr-o masura semnificativa;
  • dreptul de a formula plangere – ai dreptul de a depune o plangere la Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal din Romania (Mun. Bucuresti, Bd. G-ral Gh. Magheru nr. 28-30, Sector 1, telefon +40.318.059.211 / +40.318.059.212) sau la autoritatea de supraveghere competenta din statul in care ai resedinta obisnuita, locul de munca sau locul presupusei incalcari, in cazul in care consideri ca prelucrarea datelor cu caracter personal de catre Symphonya incalca prevederile legale. De asemenea, ai dreptul de a te adresa instantelor de judecata competente, in orice moment, daca consideri ca prelucrarea datelor cu caracter personal incalca prevederile legale;
  • dreptul la opozitie – in mod special, in contextul prelucrarii datelor in scop de marketing direct, ai dreptul de a te opune prelucrarii datelor cu caracter personal, daca consideri ca drepturile si libertatile tale fundamentale prevaleaza asupra interesului legitim al Operatorului, fara a fi necesara o justificare;

In cazul exercitarii dreptului de opozitie, Operatorul va inceta fara intarziere prelucrarea datelor in acest scop. Exercitarea dreptului la opozitie se poate realiza fie prin accesarea link-ului dedicat inclus in continutul mesajelor comerciale transmise, fie in scris, prin transmiterea unei solicitari la adresa de contact indicata in sectiunea I din prezenta Informare. Operatorul va raspunde solicitarii in termenele si conditiile prevazute de Legea in materia protectiei datelor cu caracter personal.

Symphonya acorda o importanta deosebita respectarii drepturilor persoanelor vizate si transparentei in prelucrarea datelor cu caracter personal. In acest sens, ne exprimam disponibilitatea de a analiza si solutiona cu celeritate orice solicitare, nelamurire sau potential diferend pe cale amiabila, printr-un dialog deschis si constructiv. Te incurajam sa ne contactezi in mod direct, utilizand datele de contact indicate in sectiunea I din prezenta Informare, inainte de a apela la alte demersuri, pentru a putea identifica impreuna o solutie adecvata in mod eficient.

XI. Prevederi finale

In calitate de operator de date cu caracter personal, Symphonya isi rezerva dreptul de a modifica, in orice moment, continutul prezentei Informari, urmand ca orice astfel de actualizari sa fie aduse la cunostinta persoanelor vizate in mod corespunzator, prin mijloacele prevazute de legislatia aplicabila.

Prezenta Informare se completeaza in mod corespunzator cu politicile relevante in materie de protectie a datelor cu caracter personal, disponibile pentru consultare pe website-ul administrat de Symphonya, prin accesarea urmatorului link: https://www.symphonya.eu/.