Information on the Processing of Personal Data in the Context of Developing B2B Commercial Relationships

I. Purpose of the Information Notice

In the context of initiating and developing commercial relationships between professionals (B2B), CORPORATE SUPPLY S.R.L., having its registered office in Bucharest Municipality, District 4, 1 Dimitrie Cantemir Boulevard, registered with the Trade Register under no. J2013003712407, sole registration code 3139769, legally represented by Mr. Stoicescu Florin-Silviu (hereinafter referred to as “Symphonya” or the “Controller”), may process personal data belonging to legal representatives, contact persons, or other relevant individuals within potential partner companies.

The purpose of this notice is to inform you of all relevant aspects expressly regulated by the provisions of Article 14 of Regulation (EU) no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in the context where your data are processed by Symphonya by virtue of your capacity as legal representative, contact person, or other relevant individual within a potential partner company.

For any questions, requests, or clarifications regarding the processing of personal data for marketing purposes, as well as for exercising the rights conferred by the applicable legislation, data subjects may contact Symphonya using the following contact details:

e-mail: hello@symphonya.eu;

postal address: Bucharest Municipality, District 4, 1 Dimitrie Cantemir Boulevard. Block B2, entry 2-3, floor 4, ap. 409

II. Definitions

The terms used within this Information Notice have a specific meaning. Below we define and explain their meaning from the perspective of Regulation (EU) no. 679/2016:

marketing (B2B / lead generation) – the set of activities and tools used by Symphonya for the purpose of identifying potential business partners, initiating professional contact, and promoting its services or products to develop B2B commercial relationships;
B2B commercial relationship – any professional interaction initiated or carried out between Symphonya and other companies for the purpose of exploring, negotiating, or performing contractual collaborations;
controller – Symphonya, considering that it carries out personal data processing activities in the context of initiating and developing commercial relationships between professionals (B2B);
data subject – any natural person whose personal data are processed by Symphonya, namely legal representatives, contact persons, or other relevant individuals within potential partner companies;
legal representative – the natural person authorized, pursuant to the law or the constitutive documents, to represent and, as the case may be, legally bind a company in its relations with third parties, including with Symphonya;
contact person – the person designated within a company whose professional contact details are made public to be used for contact purposes and for developing commercial relationships with third parties, including with Symphonya;
personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Protection Legislation – Regulation (EU) no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, Law no. 190/2018 on measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, any law transposing the GDPR or governing matters related to personal data protection in Romania, as well as any decisions, regulations, orders or other acts issued by the National Supervisory Authority for Personal Data Processing (ANSPDCP) or by any other competent authority/ institution/ body in this field.

III. Purpose for which personal data are processed and the legal basis for the processing

Personal data are processed by Symphonya in a limited, adequate, and relevant manner, exclusively for the following specific and legitimate purposes falling within the concept of marketing (B2B / lead generation):

initiating professional contact through commercial communications – to approach potential business partners, Symphonya initiates professional contact by sending initial commercial communications to the legal representatives or contact persons within the identified companies, aimed at promoting its services and/or products;
management of interactions – recording and centralizing commercial communications carried out with data subjects, analyzing the responses received in order to assess the level of interest in Symphonya’s services or products, as well as maintaining an internal record of such communications, including their archiving within internal systems;
development and management of B2B commercial relationships – continuing the professional dialogue with data subjects in order to further explore the expressed interest, providing additional tailored information, negotiating the terms of collaboration, as well as assessing partnership opportunities based on prior interactions, for the purpose of initiating or consolidating a contractual relationship between Symphonya and the company to which the data subject belongs.

The processing of personal data is carried out on the basis of art. 6 para. (1) letter f) of Regulation (EU) 2016/679, namely the legitimate interest of the Controller to initiate and develop commercial relationships in the B2B environment, with a view to expanding its client portfolio. In assessing this interest, Symphonya has taken into account the following aspects:

the processing concerns exclusively limited personal data, which are not of a sensitive nature within the meaning of Data Protection Legislation;

the data are collected from publicly accessible sources or commercially available sources, commonly used in the B2B environment, made available in the context of professional activity, either voluntarily by the data subject, by the organisation to which the data subject belongs and/or by third parties specialised in aggregating and providing data, in accordance with the law, which is why data subjects may reasonably expect such communications in connection with their professional role;

there are no less intrusive alternatives for achieving this purpose, and the impact on the private life of data subjects is minimal;

this processing is carried out with due diligence, ensuring that data subjects are informed from the very first interaction and are provided, within each commercial communication, with an effective and easy means to exercise their right to object to the processing of their data for marketing purposes.

IV. Categories of personal data subject to processing

In the context of activities related to the initiation and development of B2B commercial relationships, the Controller may process the following categories of personal data relating to the data subject, obtained through publicly accessible sources or commercially available sources commonly used in the B2B environment:

identification data – first name and last name;
contact data – e-mail address and telephone number;
data regarding professional position and affiliation – the position held within the company, as well as its name;
data associated with professional activity – online professional or social media profile, presence on online or social media platforms, including marketplaces, information regarding the country of origin, as well as the place where the professional activity is carried out;
data resulting from interactions – personal data/information voluntarily provided as a result of communications with the data subject (e.g., responses, expression of interest in Symphonya’s services, expression of objection to the continued processing of personal data etc.);

any other relevant information voluntarily made public by the data subject or by the company to which the data subject belongs, through official websites, professional platforms, including social networking platforms, or other similar channels.

V. Source of collection of personal data subject to processing

The personal data processed by the Controller are not collected directly from the data subject, but originate from publicly accessible sources or commercially available sources commonly used in the B2B environment. These data have been made available in the context of professional activity, voluntarily by the data subject, by the organisation to which the data subject belongs and/or by third parties specialised in aggregating and providing data, in accordance with the law. The Controller does not use obscure sources, unlawfully acquired databases or any other means that could infringe the fundamental rights and freedoms of data subjects.

Thus, the personal data indicated in Section IV of this Information Notice may be collected from the following types of sources:

official websites of companies (e.g., sections such as “Contact”, “Team”, “About us”);

professional platforms and business networks, as well as any other channels where contact details are voluntarily published, either for the purpose of developing B2B commercial relationships or in the context of commercial activities aimed at end consumers;

social networking/ social media platforms (e.g., LinkedIn);

public registers or publicly accessible databases;

business directories, catalogues or other aggregators of commercial information.

Personal data published in such environments are reasonably intended to facilitate interactions within the business environment. Consequently, such data are considered to be made available to the public, including for the purpose of initiating B2B commercial communications.

Symphonya collects such data within this professional context, in compliance with the principles of lawfulness, proportionality and transparency, while ensuring the possibility for the data subject to object at any time to such processing. Symphonya does not intentionally process categories of data other than those mentioned in Section IV of this Information Notice. To the extent that such data are transmitted inadvertently, they will be deleted without delay by the Controller, except where there is a separate legal basis justifying their retention.

VI. Description of the flow of collection, use and management of personal data

Symphonya follows a structured internal operational process, documented and subject to technical and organisational compliance measures, for the collection, use and management of personal data of data subjects for marketing purposes (B2B/ lead generation), as follows:

identification of potential business partners – Symphonya continuously analyses the relevant market by consulting and browsing the sources indicated in Section V of this Information Notice, using objective criteria such as the field of activity, company profile, company size, geographical area or compatibility of services offered, in order to identify potential partners who may have a legitimate interest in developing B2B business relationships;
identification of relevant data subjects within such companies – subsequently, Symphonya identifies those natural persons who, by virtue of their professional role and responsibilities (e.g., legal representatives, directors, heads of departments relevant to the business environment), are reasonably involved in the decision-making process for initiating B2B commercial relationships;
verification of the relevance of the personal data of the identified data subjects – the personal data of these individuals are collected exclusively from legally accessible sources, without the use of intrusive methods, non-compliant scraping techniques or databases acquired from unauthorised sources. Symphonya verifies the legitimacy of the source in which such data have been published;

Symphonya may process personal data that are not collected directly from the data subject, but are obtained from third parties specialised in aggregating and providing data commonly used in the B2B environment. The Controller undertakes reasonable efforts to select only data providers that offer sufficient guarantees regarding compliance with the applicable Data Protection Legislation, including by assessing their reputation, as well as their declared policies and mechanisms for collecting personal data. However, the Controller does not directly control the manner in which such data were initially collected by third parties and relies, to a reasonable extent, on the information and assurances provided by them regarding the lawfulness of the collection and disclosure of the data. In this context, the Controller cannot absolutely guarantee the initial compliance of each data collection operation carried out by third parties, but adopts its own reasonable technical and organisational measures in order to process exclusively those data that are relevant for the purposes stated in this Information Notice.

collection and internal organisation of personal data of the identified data subjects – the identified personal data are entered into secure internal systems (CRM), being centralised in a manner that allows filtering, tracking of interaction history, avoidance of unjustified repeated contact and compliance with the preferences expressed by data subjects;
use of personal data for initiating commercial communications – the data are used to send an initial commercial communication in which Symphonya identifies itself, states the purpose of the contact and provides relevant information about its services and/or products. Within this first commercial communication, the data subject is informed about the processing of their personal data and their rights, including the right to object, in accordance with article 14 of Regulation (EU) no. 679/2016;
subsequent management of interactions with data subjects – depending on the response received or the behaviour of the data subject regarding the processing of their personal data for marketing purposes, Symphonya may (i) continue the commercial dialogue, including by providing additional information or organising further commercial discussions, (ii) adapt the commercial communication based on the interest expressed by the data subject and/or (iii) limit or completely cease commercial communications where the data subject exercises their right to object. The Controller has implemented internal mechanisms to ensure that any request from the data subject (in particular, objection to direct marketing) is handled promptly and effectively. Once the data subject has expressed their objection, their personal data are no longer processed for marketing purposes, being appropriately flagged to prevent further use or erased from the database, unless another legal basis for storage exists.

Through this process, Symphonya aims to ensure a balance between its legitimate commercial interests and the fundamental rights and freedoms of data subjects in relation to processing activities carried out for marketing purposes, in compliance with the requirements of Regulation (EU) no. 679/2016.

VII. Recipients of personal data subject to processing

The personal data processed by Symphonya for marketing purposes (B2B/ lead generation) are not subject to any disclosure, transfer or making available to third parties, being managed exclusively at an internal level. The data are accessible only to authorised personnel within the Controller, strictly to the extent that such access is necessary for the fulfilment of the legitimate purposes described in this Information Notice, based on the “need-to-know” principle. In this regard, the data are stored and managed within secure internal systems, subject to appropriate technical and organisational measures designed to ensure an adequate level of protection, including with regard to their confidentiality, integrity and availability, as well as to prevent any unauthorised access, improper use or unlawful disclosure.

By way of exception, where the involvement of Symphonya’s partners is necessary (for example, IT service providers ensuring the maintenance of technical systems), such parties will have access to the data exclusively in their capacity as processors acting on behalf of the Controller, on the basis of contractual arrangements imposing strict obligations of confidentiality, security and limitation of processing, without the right to use the data for their own purposes. Furthermore, personal data may be disclosed by Symphonya to the extent that such disclosure is required or justified by an express legal obligation, a legitimate request from competent public authorities, or the need to protect the legitimate interests of the Controller, including for the establishment, exercise or defence of legal claims, in compliance with the applicable legal provisions.

VIII. Duration of storage of processed personal data

The personal data processed by Symphonya for marketing purposes (B2B/ lead generation) are stored for a limited period, determined in relation to the purposes for which they were collected, as well as the need to comply with applicable legal obligations. The Controller periodically reviews its database and implements appropriate measures to ensure that such data are not retained for longer than necessary.

Specifically, the data of the data subject will be stored by Symphonya for the period necessary to initiate and carry out professional interactions, namely for as long as there is a legitimate interest in developing a B2B commercial relationship, including throughout the exchange of communications and the assessment of potential collaboration opportunities. Where the data subject exercises their right to object to the processing of their data for direct marketing purposes, the Controller will cease such processing without undue delay.

IX. Frequency of processing for marketing purposes

Symphonya sends marketing communications (B2B / lead generation) in a limited, balanced and professionally adapted manner, so as not to create unjustified discomfort for data subjects. In this regard, the frequency of commercial communications is determined based on the following principles:

reasonable and proportionate interaction with the data subject – commercial communications are sent at appropriate intervals, depending on the nature of the services offered and their relevance to the professional activity of the data subject;
limitation of the number of interactions with the data subject – each commercial communication is intended to have justified and relevant content from the perspective of a potential B2B collaboration. “Cold outreach” approaches are generally carried out with a limited number of follow-ups, without becoming intrusive commercial communication;
adaptation based on interaction with the data subject – the frequency of commercial communications may vary depending on the responses received or the level of interest expressed by the data subject. Where there is low interest, communications will be limited;
respect for the data subject’s preferences – where the data subject exercises their right to object, the Controller will cease sending commercial communications without delay.

X. Rights of the data subject in relation to the processing

In accordance with the provisions of Regulation (EU) 2016/679, data subjects benefit from a series of rights in relation to the processing of their personal data for marketing purposes (B2B / lead generation), which they may exercise at any time, under the conditions provided by law and this Information Notice:

the right to be informed – through this Information Notice, Symphonya provides you with all necessary information regarding the processing of personal data, in accordance with article 14 of Regulation (EU) 2016/679;
the right of access to data – you have the right to request in writing confirmation as to whether your personal data are being processed by Symphonya, and, where that is the case, you may be provided with an access report concerning such data, in accordance with article 15 of Regulation (EU) 2016/679, as well as additional information regarding their processing;
the right to rectification – you have the right to request the rectification of your personal data where they are inaccurate, incomplete or have been modified;
the right to erasure (“the right to be forgotten”) – you have the right to request the deletion of your personal data. Symphonya is not obliged to comply with such request where the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. There may also be other circumstances in which Symphonya is not obliged to comply with the erasure request, however these are the most likely situations in which such a request may be refused;
the right to restriction of processing – you have the right to request the restriction of processing in the cases expressly provided by law, namely where: (a) the data subject contests the accuracy of the data, for a period enabling the controller to verify the accuracy of the data, (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, (c) the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims or (d) the data subject has objected to processing pursuant to article 21 paragraph (1) of Regulation (EU) 2016/679, for the period during which it is verified whether the legitimate grounds of the controller override those of the data subject;
the right to data portability – you have the right to request the transfer of your personal data to another controller, but only where the processing is based on explicit consent and is carried out by automated means;
the right not to be subject to a decision based solely on automated processing, including profiling – you have the right to object, at any time, to a decision based solely on automated processing, including profiling, but only where such decision produces legal effects concerning you or similarly significantly affects you;
the right to lodge a complaint – you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing in Romania (Bucharest, 28-30 G-ral Gheorghe Magheru Boulevard, District 1, telephone +40.318.059.211 / +40.318.059.212) or with the competent supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, where you consider that the processing of personal data by Symphonya infringes the applicable legal provisions. You also have the right to address the competent courts at any time if you consider that the processing of personal data infringes the applicable legal provisions;
the right to object – in particular, in the context of processing for direct marketing purposes, you have the right to object to the processing of your personal data if you consider that your fundamental rights and freedoms prevail over the legitimate interest of the Controller, without the need to provide any justification.

Where the right to object is exercised, the Controller will cease the processing of personal data for this purpose without undue delay. The right to object may be exercised either by accessing the dedicated link included in the content of the commercial messages sent or in writing, or by submitting a request to the contact details indicated in Section I of this Information Notice. The Controller will respond to the request within the time limits and under the conditions provided by Data Protection Legislation.

Symphonya places particular importance on respecting the rights of data subjects and ensuring transparency in the processing of personal data. In this regard, we express our willingness to examine and resolve promptly any request, clarification or potential dispute amicably, through an open and constructive dialogue. We encourage you to contact us directly, using the contact details indicated in Section I of this Information Notice, before resorting to other actions, so that we may identify together an appropriate and efficient solution.

XI. Final provisions

As a controller of personal data, Symphonya reserves the right to amend the content of this Information Notice at any time, with any such updates to be duly communicated to data subjects by appropriate means, in accordance with the applicable legislation.

This Information Notice shall be supplemented, as appropriate, by the relevant personal data protection policies available for consultation on the website operated by Symphonya, accessible at the following link: https://www.symphonya.eu/.

Active products 30,922 +0.1%

Yesterday 30,904 +0.8% 2 days ago 30,660 +0.8% 3 days ago 30,411 −0.5% 4 days ago 30,562 −0.5% 5 days ago 30,722 −0.1% 6 days ago 30,749 −1.3% 7 days ago 31,151 −0.1% 8 days ago 31,187 +0.7% 9 days ago 30,976 +0.2% 10 days ago 30,915 +0.1% 11 days ago 30,875 −0.7% 12 days ago 31,107 +0.0% 13 days ago 31,094 +0.1% 14 days ago 31,069 +7.3% 15 days ago 28,951 +0.3% 16 days ago 28,875 +0.7% 17 days ago 28,677 +7.3% 18 days ago 26,729 +0.1% 19 days ago 26,702 −0.2% 20 days ago 26,745 −0.2% 21 days ago 26,788 +0.1% 22 days ago 26,766 +0.1% 23 days ago 26,745 −0.1% 24 days ago 26,771 −0.1% 25 days ago 26,810 −0.1% 26 days ago 26,836 +0.2% 27 days ago 26,794 +0.1% 28 days ago 26,767 −0.1% 29 days ago 26,795 +0.1% 30 days ago 26,775

Jun 12, 08:10

Automate your B2B sourcing with Symphonya.

Get Free API Access

Our company

About us
CTPark Bucharest West
Bucharest, Romania
hello@symphonya.eu

Resources

Payment

Bank Transfer – BRD GROUPE SOCIETE GENERAL
Swift: BRDEROBUXXX
IBAN: RO82BRDE410SV4956517----

Important note: Our bank account must be credited with the proper amount before shipping the order.