The purpose of this policy?

When you interact with us, you need to be able to trust us with your personal data.
This privacy statement explains what personal data we collect from you and how we use that data.
The policy may be updated/amended to ensure it always reflects how we process your personal data and/or other regulatory requirements. Where possible, we will notify you by email of any material changes. However, by frequently consulting our website, you can ensure that you are aware of DWF's data processing activities.

The DWF website may include links to other websites, which are managed by other entities and for which DWF bears no responsibility. If you access these websites through our site, you should consult their privacy policies to understand how they collect, use and share your data.
We process personal data under conditions that ensure security, confidentiality and respect for the rights of the persons concerned in compliance with the following principles:

• legality, equity and transparency;
• determined, explicit and legitimate purpose;
• data minimization (adequate, relevant and limited data) accuracy, timeliness;
• limited storage;
• integrity and confidentiality;
• responsibility.

What type of data do we collect?

Depending on the interactions we have, the categories of personal data we collect may be:
identification information (eg: data from the identity card); information about professional qualification; job information; holographic or electronic signature; email address, phone number.
When we process personal data, we communicate to the data subject what data we collect, the purpose of collection, the recipients or categories of recipients of personal data, the duration of data storage, their deletion at the end of the storage period. If we subsequently process personal data for a purpose other than that for which it was collected, we will provide the data subject, prior to such further processing, with information regarding that secondary purpose and any additional relevant information.
Data processing is done only by DWF staff, authorized for this purpose.
Who are the persons concerned? The personal data we process belong to the following categories of persons: contractual partners natural persons, contact persons appointed by the beneficiaries of DWF services legal persons, their legal or conventional representatives, collaborators, employees and/or other categories of natural persons of whose data is disclosed to DWF.
Personal data are transmitted to DWF at the initiation of contractual relations or during their development, through various means of communication, such as: means of remote communication (eg: e-mail) or through communications printed on material support.
For what purpose do we process the data? We collect personal data to be able to respond successfully to your requests and process them as an operator, in accordance with the provisions of the General Data Protection Regulation no. 679/2016 (GDPR).
Depending on the activity carried out, data processing is necessary:
for the purpose of fulfilling the legitimate interest of our company, in terms of the provision of services, both at the initiation of the contractual relationship and at the negotiation, conclusion and development of contracts. If you contact us on your own behalf, it is necessary for us to process your personal data in order to fulfill our pre-contractual/contractual obligations.
If you contact us as a representative of a company, it is in our legitimate interest to process your personal data in order to be able to respond to the request of the company you represent.
in order to fulfill legitimate interests, for the following purposes: to improve the services provided, recruitment purposes and human resources in relation to DWF candidates and employees, to handle complaints. As part of the recruitment process, we process your personal data to assess the suitability of the position for which you have applied within our company. If we use your personal data in the employment/collaboration process, it is to comply with your request to conclude a collaboration.
for the fulfillment of DWF's legal obligations in the context of the performance of contractual relations, according to Article 6 (1) (c) of the GDPR, such as: obligations to prepare and keep financial-accounting documents; keeping personal data during the entire period of development of contractual relations and archiving of documents; the transmission of information that represents personal data at the request of the competent state authorities; ensuring the security of systems and databases (including by making backup copies), in order to fulfill legal obligations regarding the prevention of money laundering activities and combating the financing of terrorism. There are certain processing purposes for which DWF is required by law to obtain your consent. The consent provided can be withdrawn at any time and DWF will take your option into account. The purposes for which DWF is most likely to obtain your consent are the following: processing your personal numeric code, marketing or transmitting any other relevant information regarding DWF services.
If, in the course of the activities, we act as an agent of an operator or appoint agents for data processing, we will conclude an agreement on data processing with them, through which we will ensure that the rights of the data subjects are respected.
In certain situations, we may appoint independent personal data controllers (for example, but not limited to: lawyers, recruitment agencies or other third party experts), complying with legal and regulatory obligations regarding personal data.
We and the independent data controllers with whom we work set out our mutual rights and obligations in a "Personal Data Processing Agreement between Independent Data Controllers" that adequately reflects our roles and relationships as independent data controllers to data subjects .
Regardless of the terms of the agreement between the independent operators, the data subject may exercise his rights under the GDPR with respect to and in relation to each of the operators.
What happens if I refuse the communication of data? The refusal to provide personal data may lead to the impossibility of: providing SEO services, to the impossibility of concluding a collaboration.
If you tell us that you no longer wish to receive information about our services, we will no longer process your data for this purpose.
How long do we keep the data? We will store personal data electronically or archive on paper for the period necessary to achieve the purposes for which they were collected and to satisfy any legal, accounting or reporting requirements.
To determine the appropriate retention period for the personal data we process, we consider the nature, scope, context and purposes of the processing, risks of varying degrees of likelihood and severity to your rights and freedoms, legal, accounting or reporting requirements applicable, as well as if we can achieve the purposes of the processing by other means.
We constantly analyze the need to keep your personal data and when the retention periods are reached, we destroy the personal data in a way in which it can no longer be recovered or reconstructed. If it reasonably appears that the data is no longer needed, we may destroy it immediately without notice or liability. Who do we share your data with? Your personal data may be disclosed: to public authorities and institutions based on public law obligations, to lawyers to represent us in the event of any litigation or for consultancy, bailiffs for contractual communications or the enforcement of possible court decisions, law firms debt recovery, DWF's contractual partners (courier companies/postal providers, subcontractors, consultants, payment processors, service providers, etc.) for the conclusion and execution of contracts and in any other justified situations with your prior notice, but only in order to fulfilling the purposes mentioned above and aiming to protect the rights as a priority.
Transfer of your data outside the European Union DWF does not transfer personal data outside the European Union.In any case, before we transfer personal data to another jurisdiction, we will ensure that there is a decision on the adequacy of the level of protection or that the controller or person authorized by the controller in that jurisdiction provides adequate guarantees.
What rights do I have? The rights you benefit from as a data subject, in accordance with the provisions of EU Regulation 2016/679, are:The right of access; With a simple request, you can obtain information on the processing of your data and a copy of your personal data processed by us. The right to rectification; Whenever you consider that your data is incomplete/incorrect, you can ask us to change it accordingly. The right to erasure; You can request the deletion of your data to the extent permitted by law. In accordance with the GDPR, we may not comply with a request to delete personal data to the extent that the processing is necessary for the establishment, exercise or defense of our rights conferred by law or we have a legal obligation to process the data. The right to restrict data processing; You can ask us to stop processing your personal data in certain circumstances, such as if you dispute its accuracy. The right to object: You have the absolute right to object to the processing of your data, depending on the specific situation created, and we will comply with your request if there are no legitimate reasons justifying the processing. The right to data portability: When permitted by law or technically feasible, you have the right to request the return of the data you have provided to us or request its transfer to third parties. The right to address the supervisory authority (ANSPDCP); To defend any rights guaranteed by the applicable legislation in the field of personal data protection, you can contact the competent supervisory authority (https://www.dataprotection.ro).
If you wish to request any of the aforementioned rights or obtain information regarding the use of your data, please send an e-mail to: mihai@dwf.ro.
If you make a request regarding the exercise of your rights regarding the protection of personal data, you will receive an answer in the shortest possible time, but not exceeding 30 days, under the conditions provided by the GDPR.
How do we keep data safe? We work very seriously to protect personal data against any unauthorized access or unauthorized processing, modification, disclosure or destruction. We are constantly developing new solutions to ensure the security and confidentiality of personal data.
We limit access to personal data to authorized recipients on a need-to-know basis.
All our partners, employees, consultants, operators and authorized persons are obliged to respect the confidentiality of personal data.
We have implemented the information security management system, certified ISO 27001.
Obtaining and maintaining ISO 27001 certification involves periodic assessment of IT and information security and at the same time:
drawing up and maintaining records of data processing activities. DWF maintains the Personal Data Processing Record Register. The register contains at least the information required by the GDPR. staff training in order to comply with GDPR provisions as well as regarding the risks involved in the processing of personal data. Employees who have access to personal data are informed about the special nature of this data and have become aware of the rules that apply to them. Definitions and abbreviationsConsent of the data subject means any manifestation of the data subject's free, specific, informed and unambiguous will by which he accepts, through a statement or an unequivocal action, that the personal data concerning him be processed;
Personal data means any information relating to an identified or identifiable natural person ("data subject") directly or indirectly, in particular by reference to an identification element such as a name, an identification number, location data, a online identifier or to one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;
GDPR means REGULATION no. 679 of April 27, 2016 regarding the protection of natural persons regarding the processing of personal data and regarding the free movement of such data;
Operator means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law;
Authorized by the operator means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator;
Data subject means the natural person whose personal data is processed;
Processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.