Thank you for your visit on our website and for your interest in our companies and their activities.
In the context of the European legislation changes, regarding the protection of individuals and the processing of their personal data and on the free movement of such data, all companies from RAP Group (RAPTRONIC SRL, RAP Instal SRL, RAP Term SRL, RAP Systems SRL, RAP Confectionery RAP Development SRL, RAPTRONIC Process Engineering SRL, RAP Invest SRL, A & A Equipment SRL) are aligned with the new regulations regarding their collection, processing and storage in accordance with the Regulation (EU) 2016/679 of 27 April 2016 and repealing Directive 95/46 / EC (General Regulation on the protection of personal data).
RAP Group companies assume all the obligations and responsibilities arising from the content of the Regulation, both as personal data controllers and as processors, and guarantee that the respective personal data will be used exclusively for the purpose for which they were put at the disposal of the Group and will provide appropriate Data protection by design and by default.
The current Personal Data Protection Compliance Policy
Right implementation and application of this personal data protection compliance policy shall be strictly monitored by rap group .
Willful, negligent or accidental noncompliance with this personal data protection compliance policy may result in significant financial losses and reputational damage for the group and it’s companies and possibly in disciplinary actions against liable employees of the company.
Rap Group generally uses the collected information for several purposes, including:
Disclosure of Information
We may share or otherwise disclose the information we collect with the following categories of recipients:
Authorized third-party vendors and service providers. We share your information with third-party vendors and service-providers that help us with specialized services, including email deployment, business analytics, marketing, and data processing.
Principles relating to processing of personal data
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
Responsibility of the controller
Processor
(a) processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b) ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) takes all measures required pursuant to Article 32;
(d) respects the conditions referred to in paragraphs 2 and 4 for engaging another processor;
(e) taking into account the nature of the processing, assists the controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III;
(f) assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor;
(g) at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
(h) makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
With regard to point (h) of the first subparagraph, the processor shall immediately inform the controller if, in its opinion, an instruction infringes this Regulation or other Union or Member State data protection provisions.
Data protection by design and by default
Flows of personal data to and from countries outside the Union and international organizations
Flows of personal data to and from countries outside the Union and international organizations are necessary for the expansion of international contracts. When personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organizations, the level of protection of natural persons ensured in the Union by the GDPR should not be undermined, including in cases of onward transfers of personal data from the third country or international organization to controllers, processors in the same or another third country or international organization. In any event, transfers to third countries and international organizations may only be carried out in full compliance with this Regulation. A transfer could take place only if, subject to the other provisions of this Regulation, the conditions laid down in the provisions of this Regulation relating to the transfer of personal data to third countries or international organizations are complied with by the controller or processor.
This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organizations, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects.
For complete version of the GDPR Regulation, please follow the link below:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EL
For any additional information, please contact us directly over the following e-mail address:
or, over our GDPR consultant, Mr. Atilla Albu at phone No. : +4072 650 00 56
We are #TeamRAP
+40 725 516 507
rpe.office@rap-group.ro
Follow us
About