Back To top
+4.0761.217.771 | office@freewaysintl.com
LOG IN
Log In

 

SECURITY POLICY OF PERSONAL DATA

  

Data protection regulation (EU) 2016/679 (RGPD) applies directly in the Member States after 25 May 2018.

This document has been drafted in order to define the personal data security policy of the Freeways Global S.R.L. and to ensure compliance of the data retention and use with the provisions of Regulation (EU) No. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation)

According to the above-mentioned document (Chapter Definitions, item 12), "personal data breach" is defined as a security breach that accidentally or unlawfully leads to the unauthorized destruction, loss, modification, or disclosure of data personal data transmitted, stored or otherwise processed, or unauthorized access to them.

Given that Freeways Global S.R.L. performs processes that Regulation 679/2016 defines as "large-scale" in order to provide data to its clients and employees with a high level of personal data security, Freeways Global SRL has established procedures for data retention with personal character.

In this regard:

  • We have accurately determined what data we process, processing modes and compartments that use personal data
  • We have ensured that the processed data are not subject to excessive collection given the purpose of the processing
  • We have identified all the recipients of personal data and have clearly established how they come into contact with the processed data
  • We considered the possible risks to data security and we evaluated the impact on data protection.
  • We have established procedures for situations related to data security
  • We have prepared, in order to easily control the way the data are processed, the data processing record, which contains the following elements:
  • The purposes for which they were collected;
  • Categories of people concerned;
  • Personal data categories;
  • Categories of recipients;
  • Transfers to a third country or an international organization;
  • Deadline for deletion;
  • General description of technical and organizational security measures.
  • We have established the conditions for access to and use of IT programs (firewall, individual and powerful passwords for access, authorizations) that manages personal databases
  • We have taken organizational measures to ensure that there is no risk of unauthorized, illegal, accidental or unlawful destruction or destruction, and we have insured against any accidental or unlawful damages.
  • We have established the people who are responsible for checking the security of data storage systems and discovering possible security breaches
  • I have trained personnel (accounting, human resources, expeditions, etc.) and collaborators for the application of internal standards and personal data retention procedures
  • We have established specific tasks for the personnel who are in contact with the personal data in order to limit the collection of the data to those that are absolutely necessary in the fulfillment of the service tasks

In case of breach or security incidents, Freeways Global S.R.L. is instructed to stop processing operations until the causes of the security incident, the affected compartments, the limits of the incident, its consequences, and the recovery of the data in order to return to the previous situation.

Security breaches may have different causes: from malfunctioning or malfunctioning of computer systems to human errors. A survey of security breach personal data security authorities shows that most security incidents are due to human errors: situations where documents or files containing personal data are forgotten or lost.

If we have a reasonable degree of certainty that a personal data processing breach has occurred, we analyze to what extent the security incident can affect personal data and whether the damage is significant, we report the security incident to our company manager, the data protection officer, and , if applicable, to the data protection supervisor and to the persons targeted by the incident (by e-mail, sms, verbal, written, etc.). Not every security breach should be notified to the supervisory authority, but only the one that, following the case analysis, generates major risks for the rights and freedoms of the data subjects.

In cases where the notification of the authority is mandatory, it must be made "without delay", in principle no later than 72 hours from the date when the operator became aware of the breach.

In a short time, we proceeded to discover and remedy the underlying causes of the incident and limit the occurrence of undesirable consequences.

We interrupt the operation of personal data and if a person raises an objection to them.

For preventive purposes, we have identified the possible consequences of the security incident:

- accidental or unlawful destruction of personal data,

- accidental or unlawful loss of control of personal data,

- accidental or unlawful loss of access to personal data,

- accidental or unlawful alteration of personal data,

- unauthorized disclosure of personal data,

- unauthorized access to personal data.

For preventive purposes, we have identified the possible consequences of the security incident:

- accidental or unlawful destruction of personal data,

- accidental or unlawful loss of control of personal data,

- accidental or unlawful loss of access to personal data,

- accidental or unlawful alteration of personal data,

- unauthorized disclosure of personal data,

- unauthorized access to personal data.

Basically, access to our products and services and their sale is made on the basis of opening an account and is protected by passwords. We recommend that you do not disclose the password to anyone and de-login you when you no longer use your account. We also advise you to close the browser window you worked at the end of your navigation on the sites or services provided by Freeways Global S.R.L.

Unfortunately, no data transmission through the Internet can be guaranteed as 100% secure. Consequently, despite our efforts to protect your personal information, Freeways Global S.R.L. can not secure or guarantee the security of the information you transmit to us, to and from our online services or our products. We therefore warn you that any information sent to us will be at your own risk.

When we receive the information you provide, we guarantee that we will make every effort to ensure their security in our systems, according to the security standards imposed by the Romanian legislation in force and the contracts or cooperation agreements that we conclude with which processes the data in our interest. Our Employees, even if they process data for us, have a legal obligation to process them under conditions of complete security.

The physical data protection is achieved by: limiting the access to the spaces, the computers where the databases are located; limit access to archives and documents containing personal data; installation of alerting or monitoring systems in the databases.

We set individual access codes for people authorized to use data and to prevent unauthorized people from accessing data processing areas.

In order to prevent unauthorized reading, copying, modification or removal of data support, we have established the persons who can access the databases; we have removed obsolete access permissions; we have set strong passwords that we regularly change; I provided encryption for laptops and storage devices (USB keys, CDs, DVDs, etc.); I set up regular repositories and stored the backup materials in one place.

We control the storage of data through the access of only those specifically designated to store them, based on the assignment of an individual user identity and a confidential access code to these people; no other person can enter data into the system.

In order to allow the rights of the data subjects to be exercised ("the right to be forgotten", the right of access to information, the right to be informed, etc.), we have ensured that the personnel assigned to the data management services know the physical location of each server manages the databases in question. This is necessary because electronic documents are harder to find than physical documents, the first being able to be transferred through backup systems, archives or to third parties / entities (eg, Dropbox).

For the same purpose (i.e., the exercise of rights by the data subjects), we will require reviewing the backup and storage protocols used by the data management service providers we work with in the field of data security.

Determining the exact location of the servers is also useful in determining the law applicable to the different operations.

We do not allow data entry, reading, or transfer of data other than those designated by law in this respect, and only if there is a legal obligation to do so. If data transmission is required, we only allow it to use proper encryption techniques that provide data control.

We are always monitoring the effectiveness of the above-mentioned security measures and taking necessary organizational measures regarding internal monitoring to ensure compliance with the Regulation.

All our collaborators are required by agreement to take these measures.

Performing unauthorized operations on the data we own and attempting to do so, including: abusive use, fraudulent use, unauthorized access, modification, copying of information for marketing, access blocking, and the like, will be punished according to laws.

This security policy is complemented by the specific provisions of Regulation 679/2016, as well as the internal procedures that we have developed for situations related to data security.