EASY HR MANAGEMENT S.R.L. guarantees the security and confidentiality of the data hosted and transmitted through its information system. This information may be used by EASY HR MANAGEMENT S.R.L. to send the user the confirmation of orders, various special offers, promotions, etc. only on the basis of the consent of the data subject.

The provision of personal data to EASY HR MANAGEMENT S.R.L. does not imply mandatory on the part of users, and they may refuse to provide these data in any circumstances and may request free of charge their deletion from the database

EASY HR MANAGEMENT S.R.L., owner of the online platform, does not intervene directly or indirectly on the databases where customer information is stored.

In order to make possible the billing, dispatch and delivery of placed orders, the user must agree that EASY HR MANAGEMENT S.R.L. to collect and process the registered data, according to the requirements of EU Regulation no. 679/2016 (GDPR).

According to the requirements of EU Regulation no. 679/2016 (GDPR) for the protection of individuals with regard to the processing of personal data, and the protection of privacy in the electronic communications sector, EASY HR MANAGEMENT S.R.L. has the obligation to manage safely and only for the specified purposes, the personal data provided.

In this regard, EASY HR MANAGEMENT S.R.L. has developed a series of technical and organizational measures to prevent risks that may occur in the processing of personal data.

The processing of personal data within the organization is conditioned by a series of technical and organizational measures in order to secure them.

These measures have the role of protecting information at the organization level against security incidents.

 

At the level of the organization, the following security measures have been undertaken to reduce the risks:

 

Technical measures:

 

– SSL certificate – has the role of securing the exchange of information through the Internet. It encrypts the information, before it circulates through the Internet. Encrypted information can only be decrypted by the server to which it is addressed. This guarantees that the information sent to a website / online platform will not be stolen, intercepted, processed.

 

Information about bank cards, passwords and in general any information that is intended to remain private is secured by this certificate.

 

  • The SSL certificate of the online platform EASY HR MANAGEMENT S.R.L. is also used to secure e-mail correspondence, in such a way that the personal data of the clients circulate in a secure environment and regulated by a series of security measures that ensure the confidentiality of the information.

 

  • Automatic back-up – set to a time interval to guarantee information and for all clients to be sure that the information and preferences provided by them do not disappear and are not destroyed, lost or incorrect in case of a server error.

 

  • Anti- spam and antivirus filters that prevent the infiltration of malicious content or viruses that can process data in unauthorized way or that can transmit them to other entities or persons who have not obtained the consent of the data subject.

 

  • Protecting the content of the client profile by introducing a more complex password generation rule. The client is asked, when creating the account, a password that meets a higher complexity criterion (alphanumeric + special characters);

 

  • Securing modules and scripts that communicate inside the platform. The functioning of the elements involved in the client-server, server-client interaction is constantly checked.

 

  • Checking and optimizing modules in order to maintain them up-to-data to prevent vulnerabilities. This measure prevents the identification of vulnerabilities at a global level in the platforms used, 0-day vulnerabilities that can intercept the exchange of data and implicitly personal data in the interactions of the client with the platform or of the process manager with the client and the platform.

 

  • Classification of access types by the process manager – management groups, the possibility to add or delete certain rights on a user with full access – personalizing access as needed.

 

  • Password protection of the device from which, the person responsible for the process performs the data processing, in order to prevent unauthorized intervention.

 

  • Firewall – software program and hardware component installed in the location of the servers of the company that offers online platform hosting, are intended to protect the server and network equipment, against computer attacks, unauthorized penetration attempt, installation of malicious software applications that can endanger the personal data of the platform users. The firewall blocks the access of unauthorized persons to the information stored on the

equipment connected to the Internet.

 

  • Access to the data processing systems in which the personal data are processed is possible only after the authorized person has been successfully identified and authenticated (e.g. with username and password or card with chip / PIN), with the use of the most advanced security measures. In case of lack of authorization, access is denied.

 

  • All access attempts, both successful and rejected, are recorded (user ID, computer, IP address used) and archived in a format according to the audit rules for 3 months. In order to detect improper use, the server performs repeated, random checks;

 

  • Access is blocked after repeated incorrect authentication attempts.

 

  • Constant verification of platform vulnerabilities , which could allow the extraction of information and personal data. Hosting has security measures and solutions that recurrently scan the processed files and the data flow circulating inside the platform;

 

  • Combating the risks of security breaches by taking precautionary measures from a technical and organizational point of view by securing the platform and constantly updating it with stable versions of it.

 

  • Securing with the password of the equipment that has direct access to the order table and to the delivery / billing data of the customers in order to prevent unauthorized access and implicitly unauthorized processing by uninformed persons.

 

Organizational measures:

 

  • Destruction of documents that are no longer needed (notes, erroneous invoices, etc.) using a document destroyer at the disposal of the process manager;

 

  • Eliminating the risk generated by the human factor by prohibiting the processing of information outside the secured platform, except for the preparation of transport notes in the courier company’s platform, which is also a secure environment;

 

  • Adopting security measures without differentiating between types of customers (new / existing / potential);

 

  • Adopting an internal policy for checking the processes and processing when putting the product on delivery or taking over the information regarding an order or possible offer;

 

  • Avoiding differentiation between clients through mechanisms that can positively or negatively profile the target person. For this reason, we do not request personal data sexual orientation, sexual interests, sex, religion, belonging to movements or groups, etc. Customers are free to order and choose what they want. By this measure, we consider that we respect the integrity of the person and avoid any trace of analysis / profiling based on these criteria.

 

  • Updating the privacy policy and the Terms and conditions of EASY HR MANAGEMENT S.R.L.

 

  • Informing customers about the procedure of delivery, return and processing of orders;

 

  • Training the process manager on the risks of processing personal data outside the online platform.

 

  • Training the process manager on the need for notification in case of a major security incident.

 

  • Training of the process manager on the management of situations that may occur when processing data inside the platform (errors, errors of use).

 

  • Training the process manager on the use of the information they process and being aware of the character of the personal information;

 

  • Prohibiting data processing outside the platform by managing orders directly in the platform’s user interface, without the need to process data in other unsecured and vulnerable environments.

 

  • The process manager is regularly trained on:

 

  • Principles of data protection, including technical and organizational measures
  • The requirement to maintain data secrecy and confidentiality regarding the organization’s secrets and trade secret, including the transactions made;
  • Correct, careful use of data, data media and other documents;
  • The secret of telecommunications;
  • Other specific obligations regarding confidentiality, where necessary;

 

From the point of view of processing, within EASY HR MANAGEMENT S.R.L., personal data are processed only for the purposes for which the consent of the data subjects was obtained, including for parallel purposes and for the conclusion of a contract or the delivery of a product to the customer, requested by him.

 

Given that this organization operates mostly in the online environment, the processing of personal data of customers is transmitted online through applications and the platform on which orders and requests for offer are requested. The data collected are minimized and are directly related to the purpose for which consent was obtained and are necessary to contact the customer in case of an offer request or to deliver and make available the product / service ordered according to the requirements or its return.

 

EASY HR MANAGEMENT S.R.L. the legal person registered with the Trade Register (J03/960/2022, CUI 45995495) is a direct operator. The purpose of personal data processing is the provision of products and services through the online platform as well as the parallel purposes of this activity: returning products, processing the information necessary for delivery, improving the experience for the user by retaining certain settings or preferences, after obtaining his consent, price changes, characteristics of products / services, stock changes, promotions, billing.

The categories of data subjects are: current / potential clients or visitors to the website.

 

The ways in which the data subjects are informed about their rights are:

 

  • Privacy Policy;
  • Terms and conditions of using the platform / online store;
  • On the web page in a dedicated section;
  • By email following the registration in the platform, as well as if the client requests additional information, requests for offer;
  • In the contact form on the website (the document will be attached);

 

The exercise of the rights provided by law 679 / 2016 (GDPR) belongs entirely to the operator who has the legal obligation and to designate a person responsible for the processing of personal data within the organization. This person will elaborate a set of technical and organizational measures to secure the data processing and has the obligation to inform the operator about the nature of the processing processes, the types of information and the way in which these processes take place within the organization. The operator has the responsibility and obligation to ensure that these measures are implemented, that there is no risk of security breaches or leaks, as well as compliance with the legislation in force regarding data processing and the rights of the data subjects.

 

Through the online platform, the following personal data are processed:

  • name and surname
  • enamel
  • phone/ Fax
  • address

 

EASY HR MANAGEMENT S.R.L. does not process categories of special data.

EASY HR MANAGEMENT S.R.L. does not transfer data abroad or to third parties

 

The processing of personal data is not related to other record-keeping systems. The actual activity of the company is to take over the orders initiated by the customers through the online platform, to store and process them in order to invoice, send and supply the ordered products.

 

The processing of the information entered by the client in the platform is processed and stored strictly in accordance with the purposes for which his consent was offered:

  • Invoicing;
  • Delivery;
  • Withdrawal from a concluded contract (withdrawal can be made according to the law, taking into account the conditions under which this contract was initially concluded and the legal provisions initially agreed);

 

               The purpose of data collection is to invoice orders, send correspondence and fulfill orders. Your refusal to provide the data, determines the impossibility of placing your order on this site. and its processing, according to the requirements, as well as the impossibility of fulfilling the purpose.

According to EU Regulation no. 679/2016 (GDPR), the user benefits from the right of access, the right to be forgotten, the right to port information and personal data, the right to intervene on the data, the right not to be subject to an individual decision and the right to appeal to justice. At the same time, it has the right to oppose the processing of personal data and may request the deletion of data. In order to exercise these rights, the user can address with a written request, dated and signed to the e-mail address office@hrup.ro. Also, if some of the user data is incorrect, we ask that we be notified this, in order to make the necessary corrections.