Agreement on Customer Data Processing, according to GDPR
updated on April 3, 2019
This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation (“GDPR”), which entered into force on 25 May 2018. CRYSTAL SYSTEM S.R.L. Products and Services. offered within the European Union comply with the GDPR, and this ODA provides you with the necessary documentation on this compliance.
This Data Processing Agreement is an addendum to the Terms of Service between CRYSTAL SYSTEM S.R.L. and Customer. The Customer enters into this Customer Data Processing Agreement on its own behalf and to the extent required by the Data Protection Laws.
Scope and applicability of this Agreement on Customer Data Processing
This Customer Data Processing Agreement applies only if and to the extent that CRYSTAL SYSTEM S.R.L. processes Personal Data on behalf of the Customer, during the provision of the Services and these Personal Data are subject to the Data Protection Laws of the European Union, the European Economic Area and / or their Member States, Switzerland and / or the United Kingdom. The Parties agree to abide by the terms and conditions of this DPA in relation to such Personal Data.
Personal data we process
We collect the following types of personal data from you:
Name and surname
Year of birth
Competent and professional skills
Why we need them
We need your personal information to provide you with the following services:
IP address - filtering and detecting internet attacks
The service providers we collaborate with to carry out our activity are:
Google Analytics - provider of website traffic analysis
As long as we keep your personal data
For orders from CRYSTAL SYSTEM S.R.L. your personal data, from those that are included in the financial-accounting documents or in documents that are annexed to the financial-accounting documents, will be kept for 10 years according to the provisions of art. 38 of Annex 1 to Order no. 2634/2015 on financial-accounting documents, issued by the Ministry of Public Finance and will not be accessed for any purpose other than the legal purpose for which they are archived. After 10 years these data will be destroyed.
Security measures. CRYSTAL SYSTEM S.R.L. will implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to maintain the security and confidentiality of Personal Data, in accordance with the security standards of CRYSTAL SYSTEM S.R.L.
Confidentiality of processing. CRYSTAL SYSTEM S.R.L. will ensure that any person who is authorized by CRYSTAL SYSTEM S.R.L. to process Personal Data (including its employees, agents or subcontractors) will have to comply with the appropriate confidentiality obligation (whether it is a contractual or statutory burden).
Response to a security incident.
When it becomes aware of a Security Incident, CRYSTAL SYSTEM S.R.L. will inform the Customer, without any undue delay, and will provide him with timely information regarding the respective Security Incident, as soon as it is brought to the Client's notice or according to his reasonable requirements.
What are your rights?
If you have reason to believe that any personal data we hold about you is incorrect or incomplete, you have the right to request to see this information, to rectify it or to have it deleted, to request restriction of processing or to object to the processing and you also have the right to data portability. To exercise these rights, please contact us at firstname.lastname@example.org
If you wish to submit a complaint about how we have processed your personal data, please contact your data protection officer at the following email address email@example.com. The Data Protection Officer will contact you to resolve the issue.
You can also contact the National Authority for the Supervision of Personal Data Processing at www.dataprotection.ro and you can file a complaint with them.