Privacy Policy

We, Pfeifer & Langen GmbH & Co. KG, operate this website to inform you about our products and services. The protection of your personal data is important to us. Our company only ever collects and processes your personal data in compliance with data protection requirements. This privacy policy informs you about how we collect and process your personal data pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (EU GDPR).

The entity responsible for data processing (“controller”) is

Pfeifer & Langen GmbH & Co. KG
Aachener Straße 1042 a
50858 Köln
Germany
Tel.: +49 (0)221 4980-0
Fax : +49 (0)221 4980-371
E-Mail: info@pfeifer-langen.de

Our data protection officer is:

Dr. Jan-Peter Ohrtmann (PwC)
External Data Protection Officer
jan-peter.ohrtmann@de.pwc.com

When you visit this website and use the website functions and services we process your personal data. The following sections explain in detail how and why we process it.

o operate the website and its various functions and services we collaborate with external service providers. All of them are meticulously selected and have concluded data processing agreements with us pursuant to Article 28 EU GDPR.

Server log files

Each time you access our website your browser transfers log files to our server which we process to maintain system security and analyze user statistics. The information that we receive in the server log files includes, in particular, time of access, referrer URL, subpages accessed, name of requested file, your IP address, volume of data transmitted, your browser type and version, and your provider. This data is necessary to maintain system security, e.g. if our website is attacked by a hacker it enables us to identify the hacker and block the attack. In processing this data our legitimate interest therefore prevails (Article 6 (1) f) EU GDPR).

Server log file data also allows us to perform a statistical analysis (scope of use and user behavior, e.g. total number of impressions or total page-specific impressions in any one month) which we use to optimize the website design. Our legitimate interest also prevails in this instance (Article 6 (1) f) EU GDPR).

We delete or anonymize the data records as soon as possible.

Cookies

We use session cookies that are saved on your computer until you close all browser windows whenever you visit our website. These session cookies are necessary to process any enquiries that you send us via our website and to direct you to the various subpages. It is in our legitimate interest to use session cookies because we could not otherwise provide our website service (Article 6 (1) f) EU GDPR). If you do not want cookies to be saved on your computer you can change your browser settings to block them. Although you can still visit our website if you block cookies, you may not be able to use all the website functions to their full extent.

Contact: e-mail form

We offer you the opportunity to contact us directly by e-mail. When you click on the e-mail address that is provided on our website your e-mail program opens with a pre-entered e-mail address so that you can send us an e-mail. We have no influence over your e-mail provider’s data processing practices; we merely provide a link to the e-mail program.

The information that you provide to us in e-mails is only used for the purpose of responding to your enquiry; we delete the data as soon as we finish corresponding with you unless legal obligations require us to save it. It is in our legitimate interest to process the information you provide to us (Article 6 (1) f) GDPR).

Data security

To ensure the best-possible protection of your personal data we implement technical and organizational security measures with SSL encryption (https standard) which are risk-appropriate and adapted when necessary to reflect the state of the art.

Data subject rights

You are accorded various rights by data protection legislation when we process personal data concerning you as a natural person. Under section 34 of the Federal Data Protection Act (BDSG) and Article 15 EU GDPR you have the right to obtain information about the personal data concerning you which is stored, the source of that personal data, the recipients or categories of recipients to whom the data is transferred and the purpose for which the data is stored.

Under section 35 BDSG and Articles 16 to 18 EU GDPR you have the right to rectification, erasure, and restriction of processing your personal data. You also have the right to request the transmission of your personal data to another controller pursuant to Article 20 EU GDPR.

You can object to the processing of your personal data if we process it for the purpose of a legitimate interest (Article 6 (1) f) EU GDPR. If we do not process your personal data for direct marketing purposes, you can object on grounds relating to your personal situation. As of the date on which you exercise this right to object we will stop processing your personal data until your objection has been reviewed. If the review reveals that your objection is justified, we will delete the data (section 36 BDSG, Article 21 EU GDPR).

You can withdraw your consent to the processing of your personal data (Article 6 (1) a) EU GDPR) at any time; in such case we will no longer process your personal data unless we are permitted by law to continue processing it.

Your objection or withdrawal of consent does not affect the lawfulness of processing up to the time of the objection or withdrawal of consent.

We comply with your rights without delay and without charge. Please contact us or our data protection officer to exercise your rights; our contact details are provided at the beginning of this privacy policy.

Under Article 77 EU GDPR you have the right to lodge a complaint with a supervisory authority.

Data protection information relating to the processing of job applicant data

If you send job application documents to us and provide other data in the course of the application process which can be used to identify you personally, these constitute personal data which are protected according to Article 4 (1) of the EU General Data Protection Regulation (GDPR). The information provided below explains how your applicant data is processed pursuant to Article 13 GDPR.

Our company only processes your personal data in accordance with data protection regulations, particularly the GDPR and the Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG]. We only collect, store, transfer or use your personal data in accordance with effective data protection regulations (data processing, Article 4 (2) GDPR), if we are explicitly permitted or required to process it by law or if you have effectively consented to the processing of your data (Article 6 (1) a) in conjunction with Article 7 GDPR). The processing of your personal data is permitted, in particular, if this is necessary to any decision giving rise to an employment relationship or, once the employment relationship has been established, to execute or terminate the relationship (section 26, sub-section 1 BDSG, Article 6 (1) b) GDPR). The same applies if the data is processed by the controller for a purpose other than the employment relationship provided that a legitimate interest is pursued and there are no grounds for the assumption that such interest is overridden by your fundamental rights and freedoms as data subject to prevent the processing or use of your personal data (Article 6 (1) f) GDPR).

Controller and contact details

The controller (Article 4 (7) GDPR) responsible for the processing of your personal data in the employment relationship is: Pfeifer & Langen GmbH & Co. KG, Aachener Str. 1042 a, 50858 Köln, Germany. Please address any data protection-related enquiries to Marcel Hirt, HR Recruiting, e-mail: marcel.hirt@pfeifer-langen.com or contact our data protection officer directly: Dr. Jan-Peter Ohrtmann, PricewaterhouseCoopers, Moskauer Straße 19, 40227 Düsseldorf, Germany, phone: +49 (0)211 981-2572, E-mail: jan-peter.ohrtmann@de.pwc.com.

Personal data and purposes of processing

Application for a published job posting

If you wish us to include you in an application process for a specific position we require you to send us the customary application documents informing us of your personal profile and qualifications. We only use your application documents for the decision on filling the vacant position which you have explicitly applied for. The application documents are reviewed in the HR department and passed on to the potential future superior. Our senior management is additionally involved in decisions to fill management positions, so if you are applying for a management position they will also receive your application documents. We process your application documents electronically in our e-mail system and, if necessary, we additionally use printouts and copies (on paper). During the application process we may collect additional personal data from you, from generally accessible sources, or from former employers and trainers, for these information purposes. The legal bases for the processing of your personal data are Article 6 (1) b) GDPR and section 26, sub-section 1 BDSG. If you are not recruited at the end of the application process we will delete and destroy your application data six months after you have conclusively rejected our job offer or we have conclusively rejected your application.

If you are recruited at the end of the application process we will place your application documents in a personnel file since it contains information about your personal profile and qualifications which may be necessary for the purpose of executing the employment relationship. The legal bases are Article 6 (1) b) GDPR and section 26, sub-section 1 BDSG. In this case your application documents will be deleted and destroyed three years after the end of the year in which your employment relationship is terminated.

Unsolicited applications

If you send us an unsolicited application which makes no reference to a specific position we may use your application documents in recruitment decisions for all potentially suitable job vacancies. To make this possible we will send your application documents to the HR department for review and then involve colleagues in other departments where there may be a suitable job opening for you in the future by forwarding your documents to them. We process your application documents electronically in our e-mail system and, if necessary, we additionally use printouts and copies (on paper). As soon as your application documents are included in a recruitment process we may collect additional personal data from you, from generally accessible sources, or from former employers and trainers to obtain more detailed picture of your personal profile and qualifications. Your application data will be regularly deleted and destroyed one year after receipt if all recruitment processes involving your application documents have concluded. If you have conclusively rejected our job offer or we have conclusively rejected your application your data will be deleted and destroyed after six months.

If you are recruited at the end of the application process we may place your application documents in a personnel file since it contains information about your personal profile and qualifications which may be necessary for the purpose of executing the employment relationship. The legal bases are Article 6 (1) b) GDPR and section 26, sub-section 1 BDSG. In this case your application documents will be deleted and destroyed three years after the end of the year in which your employment relationship is terminated.

Transfer of your data within the Pfeifer & Langen Group

IT services are provided by our affiliate ISG Informatik Service Gesellschaft mbH under a contract processing arrangement pursuant to Article 28 GDPR.

Our cooperation with third party entities

We also benefit from the advantages of a society and business community that is based on the division of labor. In the area of data processing, this means that we do not implement all data processing activities on an in-house basis. Some activities are performed by external processors:

  • Career platforms: To find you we advertise our job vacancies on external career platforms. If you apply for a job via one of these platforms, the platform may send us your documents. No other collaboration takes place.
  • External (IT) service companies with which we have a contract processing arrangement conclude contracts with us in which they undertake to process data strictly in accordance with our specifications and instructions and to take comprehensive technical and organizational measures to protect the data.
  • External (IT) service companies which work for us at their own responsibility conclude contracts with us in which they undertake to take technical and organizational measures to protect data.

Transfer of data to other third parties, transfer of data outside the EU

We only transfer personal data to third parties if this is necessary for the stated purposes of data processing and if it is admissible under Article 6 GDPR and section 26, sub-section 1 BDSG. No data is transferred outside the EU.

Your data protection rights and remedies

If we process your personal data you have a number of rights under the GDPR and BDSG. You have the right

  • to obtain information about the personal data concerning you which we store, about the source of the data, about the purpose for which it is processed and about the recipients or categories of recipients (Article 15 GDPR, section 34 BDSG);
  • under certain circumstances to request the rectification, restriction of processing or erasure of your personal data by us (Article 16–18 GDPR, section 35 BDSG);
  • to request the transmission of your data to another controller (Article 20 GDPR) and
  • to lodge a complaint with us or the competent supervisory authority about the processing of your personal data (Article 77 GDPR).

You can also object to the further processing of your personal data if we process it for the purpose of a legitimate interest (Article 6 (1) f) GDPR). Since we do not process your data for direct marketing purposes, you can only object on grounds relating to your personal situation. As of the date on which you exercise this right to object we will stop processing your personal data until your objection has been reviewed. If the review reveals that your objection is justified, we will delete the data (section 36 BDSG, Article 21 GDPR).

You can withdraw your consent to the processing of your personal data (Article 6 (1) a) GDPR) at any time; in such case we will no longer process your personal data unless we are permitted by law to continue processing it.

A justified objection or withdrawal of consent does not affect the lawfulness of processing up to the time of the objection or withdrawal of consent.

We comply with your rights without delay and without charge. Please use the contact details provided to contact us or our data protection officer in order to exercise your rights or obtain clarification on any other issue.

Data protection information for Romania

NOTIFICARE PRIVIND INFORMATIILE COLECTATE DE LA PERSOANA VIZATA („Politica de confidentialitate“)

PFEIFER & LANGEN ROMANIA SRL, CUI 38616599, nr. Registrul Comertului J05/3119/2017, cu sediul social in Oradea, Calea Sântandrei, nr. 39, jud. Bihor, in temeiul art. 13 din Regulamentul (UE) 2016/679 privind protectia persoanelor fizice in ceea ce priveste prelucrarea datelor cu caracter personal si privind libera circulatie a acestor date, furnizeaza urmatoarele informatii:

Ce date personale prelucram? Scopul prelucrarii

Acestea pot fi numele si prenumele, adresa de domiciliu, adresa de e-mail, adresa de facturare, telefon, datele din actul de identitate, nr inmatriculare masina si/sau remorca, etc. – in principal informatiile necesare pentru:

  • procese de vanzari si marketing (incheierea unui contract, achizitii si livrari pe teritoriul national, etc),
  • procese de HR (recrutare personal, angajare, administrare, evidenta concedii medicale, recuperare fractie valoare concediu medical, achizitie tichete de masa, etc),
  • expediere documente/colete prin curier,
  • registratura societatii,
  • etc,

Ce categorii speciale de date prelucram? Scopul prelucrarii

Intrucat evenimentele din ultima perioada privind raspandirea si eforturile de diminuare a efectelor virusului COVID-19 au impact direct in activitatea societatii noastre, implementarea unor masuri de urgenta privind asigurarea securitatii si sanatatii angajatilor – colaboratorilor – vizitatorilor, poate conduce la inceperea unui proces de colectare si prelucrare a categoriilor speciale de date (cum sunt datele privind sanatatea).

In acest context, PFEIFER & LANGEN ROMANIA SRL prelucreaza categorii speciale de date, respectiv date privind sanatatea angajatilor, colaboratorilor si vizitatorilor, aflate in sediul/perimetrul societatii, astfel:

  • numele si prenumele persoanei care presteaza activitati in sediul/perimetrul societatii,
  • locul de munca,
  • daca locuiesc/vizitat zone in care se afla(u) persoane afectate din cauza COVID-19 (zonele rosii/galbene),
  • daca au venit in contact direct cu persoane afectate din cauza COVID-19,
  • daca au avut una sau mai multe simptome (febra, dificutatea de a inghiti, de a respira, tuse intensa, stare de oboseala, etc),
  • alte date privind sanatatea persoanelor (temperatura corporala) aflate in sediul/perimetrul societatii,

Vo fi colectate doar informatiile absolut necesare pentru prevenirea raspandirii COVID-19.

Activitatea de prelucrare este conforma cu principiul legalitatii si respecta atat prevederile art 6, precum si prevederile art 9 din GDPR.

De ce solicitam aceste informatii? Temeiul juridic

Solicitam aceste informatii, in temeiul:

  • incheierii unui contract sau a indeplinirii obligatiilor contractuale, – indeplinirii obligatiilor legale care ii revin operatorului,
  • interesului legitim,
  • interesului public in domeniul sanatatii publice,

Interesul legitim este dat de operatiunile de prelucrare in timpul procesului de recrutare, instruire a personalului, recuperare fractie valoare concediu medical, prevenirii infractiunilor, expedierea documentelor/coletelor prin curier, etc.

Interesul public in domeniul sanatatii publice (in contextul infectarii cu COVID-19), presupune protectia impotriva amenintarilor transfrontaliere grave la adresa sanatatii.

Orice informatie privind sanatatea persoanelor aflate in sediul/perimetrul societatii, care este prelucrata, va fi tratata intr-o maniera confidentiala, orice comunicare catre personalul societatii despre posibila prezenta a coronavirusului la locul de munca nu va duce la identificarea persoanei care este afectata.

Ne angajam sa protejam confidentialitatea datelor dumneavoastra. Vom folosi informatiile dumneavoastra personale, in conformitate cu toate legile si reglementarile in vigoare, care se refera la protectia datelor si a vietii private, inclusiv Regulamentul UE general privind protectia datelor (GDPR).

Cat timp pastram informatiile dumneavoastra personale?

Vom pastra informatiile dumneavoastra personale atat timp cat este necesar pentru scopul pentru care le utilizam si ulterior in conformitate cu procedurile interne si cerintele legale.

In ceea ce priveste stocarea datelor de sanatate prelucrate pentru impiedicarea raspandirii si a diminuarii efectelor virusului COVID-19, acestea se vor stoca distinct de alte date cu caracter personal, colectate pentru alte scopuri. Aceste date de sanatate vor fi pastrate atat timp cat este necesar pentru scopul pentru care le utilizam si ulterior in conformitate cu procedurile interne si cerintele legale.

In cazul in care exista refuzul de acces in perimetrul societatii, termenul de pastrare este de 30 zile, care se poate prelungi in cazul in care in acest interval exista o disputa/conflict/plangere administrativa, caz in care acele date cu caracter personal vor putea fi stocate pana la stingerea respectivei situatii.

Cu cine impartasim informatiile dumneavoastra personale?

Informatiile dumneavoastra personale sunt procesate doar de operator si procesatorii cu care exista o relatie contractuala. Datele cu caracter personal pot fi stocate, prelucrate si transferate catre o tara terta din grupul Pfeifer & Langen (doar in interiorul UE).

Datele privind sanatatea angajatilor (categorii speciale de date) vor fi consultate si prelucrate numai de catre autoritatile competente.

Suntem un membru al grupului Pfeifer & Langen, (pentru mai multe informatii va rugam sa vizitati: https://www.pfeifer-langen.com/en/index.html).

Putem dezvalui informatiile dumneavoastra personale catre terte parti, inclusiv in urmatoarele situatii:

  • folosim parti terte pentru a desfasura anumite activitati in numele nostru care implica prelucrarea informatiilor cu caracter personal. De exemplu, angajam terti furnizori de servicii pentru a duce la indeplinire comenzile, livra colete, transmite prin curier, intretine si actualiza baza de date in care sunt reflectate detaliile angajatilor si clientilor (inclusiv eliminarea informatiilor repetitive sau incorecte), sa procesam platile prin card, indeplinirea obligatiilor legate de medicina muncii, instruire angajati, etc. Aceste parti terte au acces la informatii personale necesare pentru a indeplini misiunile alocate catre ei, dar nu le pot utiliza in alte scopuri;
  • putem dezvalui, de asemenea, informatii cu caracter personal politiei si altor autoritati de aplicare a legii in legatura cu prevenirea si depistarea infractiunilor;
  • putem transmite informatii personale catre asiguratorii nostri in cazul in care este facuta sau ar putea fi facuta o plangere impotriva noastra;
  • putem transmite informatiile dumneavoastra personale catre parti terte in cazul in care avem obligatia de a divulga sau de a transmite informatiile dumneavoastra personale pentru a ne conforma cu orice obligatie legala (inclusiv in legatura cu o hotarare judecatoreasca), sau in scopul de a implementa sau aplica orice acorduri in care sunt vizate datele personale sau in orice alt mod au legatura cu acestea (inclusiv acordurile/intelegerile intre dumneavoastra si noi); sau pentru a proteja drepturile, proprietatea sau siguranta noastra sau pe cele ale clientilor, angajatilor nostri sau ale altor parti terte;

Care sunt drepturile tale si cum pot fi exercitate

  • dreptul la informare – poti solicita informatii privind activitatile de prelucrare a datelor tale personale;
  • reptul la rectificare – poti rectifica datele personale inexacte sau le poti actualiza;
  • dreptul la stergerea datelor (“dreptul de a fi uitat”) – poti obtine stergerea datelor, in cazul in care prelucrarea acestora nu a fost legala sau in alte cazuri prevazute de lege;
  • dreptul la restrictionarea prelucrarii – poti solicita restrictionarea prelucrarii in cazul in care contesti exactitatea datelor, precum si in alte cazuri prevazute de lege;
  • dreptul de opozitie – poti sa te opui, in special, prelucrarilor de date care se intemeiaza pe interesul nostru legitim;
  • dreptul la portabilitatea datelor – poti primi, in anumite conditii, datele personale pe care ni le-ai furnizat, intr-un format care poate fi citit automat sau poti solicita ca respectivele date sa fie transmise altui operator;
  • dreptul de a depune plangere – poti depune plangere fata de modalitatea de prelucrare a datelor personale la ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal);
  • dreptul de retragere a consimtamantului – in cazurile in care prelucrarea se intemeiaza pe consimtamantul tau, ti-l poti retrage oricand;
  • drepturi suplimentare aferente deciziilor automate: poti cere si obtine interventia umana cu privire la respectiva prelucrare, iti poti exprima propriul punct de vedere cu privire la aceasta si poti contesta decizia;

Iti poti exercita aceste drepturi, fie individual, fie cumulat, prin simpla transmitere a unei solicitari prin e-mail, la: data.protection.ro@pfeifer-langen.com.

Putem cere dovada identitatii dumneavoastra inainte de a putea sa va dezvaluim informatiile personale sau pentru a va conforma cu alte cereri.

De asemenea, aveti dreptul de a face plangere catre autoritatea de supraveghere, daca nu sunteti multumit de modul in care am procesat informatiile dumneavoastra personale. Puteti contacta autoritatea de supraveghere la adresa de e-mail anspdcp@dataprotection.ro; tel 0318.059.211, 0318.059.212. De asemenea aveti dreptul de a va adresa instantelor de judecata.

Accesul si rectificarea sau stergerea datelor personale

Persoana vizata are dreptul de a solicita in orice moment accesul la, rectificarea, stergerea sau restrictionarea procesarii datelor colectate de catre noi. Pentru a ne ajuta sa pastram datele personale actualizate, recomandam utilizatorilor sa ne informeze despre orice schimbare sau discrepanta. Pentru a vizualiza sau modifica datele personale, pentru a obtine informații despre perioada de timp pentru care intentionam sa pastram datele personale sau pentru alte intrebari legate de datele personale, va rugam contactati ofiterul de conformitate, e-mail data.protection.ro@pfeifer-langen.com.

Securitatea procesarii

Vom procesa datele in mod sigur, vom aplica si mentine masuri tehnice adecvate pentru a proteja datele personale impotriva distrugerii sau pierderii accidentale sau ilegale, alterare, divulgare sau acces neautorizat, in mod special atunci cand procesarea presupune transmiterea datelor printr-o retea atat cat si impotriva oricarei alte forme de procesare ilegala. Intrebari legate de securitatea datelor personale pot fi trimise catre ofiterul de conformitate, e-mail data.protection.ro@pfeifer-langen.com.

Date de contact

Ofiter de conformitate

Daca aveti intrebari cu privire la procesarea datelor dumneavoastra cu caracter personal, drepturile dumneavoastra privind acestea, etc, va rugam sa ne contactati:

  • PFEIFER & LANGEN ROMANIA SRL, e-mail data.protection.ro@pfeifer-langen.com,
  • ne puteti suna la +40 259-307.000,
  • ne puteti scrie la adresa sediului social din: Oradea, Calea Sântandrei, nr. 39, jud. Bihor,

Autoritatea de supraveghere
ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
http://www.dataprotection.ro
anspdcp@dataprotection.ro
0318.059.211, 0318.059.212
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod postal 010336, Bucuresti, Romania.

NOTIFICATION REGARDING THE INFORMATION COLLECTED FROM THE DATA SUBJECT („The confidentiality policy“)

PFEIFER & LANGEN ROMANIA SRL, VAT no. 38616599, no. Trade Register J05/3119/2017, with registered office in Oradea, Calea Sântandrei, nr. 39, Bihor, pursuant to art. 13 of EU Regulation 2016/679 regarding the protection of natural persons in relation with the processing of their personal data and the free movement of such data, provides the following information:

What kind of personal data do we process? Purpose of processing

Such data can be surname and first name, domicile address, e-mail address, invoicing address, phone, data from the identity document, car registration number and/or trailer, etc – mainly the information needed for:

  • sales and marketing (conclusion of a contract, acquisitions and deliveries on the national territory, etc) processes,
  • HR processes (recruiting personnel, hiring, management, record of medical leaves, recovery of partial value of the medical leave, purchasing of meal vouchers, etc),
  • delivery of documents / packages by courier,
  • registration office of the company,
  • etc,

What special categories of data do we process? Purpose of processing

As the events of the last period regarding the spread and the efforts to diminish the effects of the COVID-19 virus have a direct impact on the activity of our company, the implementation of emergency measures regarding the safety and health of the employees – clients – visitors, can lead to the start of a collection process and processing of special categories of data (such as health data).

In this context, PFEIFER & LANGEN ROMANIA SRL processes special categories of data, respectively data on the health of employees, clients and visitors, located in the company headquarter/perimeter, as follows:

  • the name and surname of the person performing activities in the company headquarter/perimeter,
  • the work place,
  • if they live/visited areas where there are (were) people affected by COVID-19 (red / yellow areas),
  • if they came in direct contact with persons affected by COVID-19,
  • if they had one or more symptoms (fever, difficulty in swallowing, breathing, coughing, tiredness, etc.),
  • other data regarding the health of the persons (body temperature) in the headquarter/perimeter of the company,

Only the information absolutely necessary to prevent the spread of COVID-19 will be collected.

The processing activity complies with the legality principle and respects both the provisions of art 6, as well as the provisions of art 9 of the GDPR.

Why do we request such data? The legal basis

We request such data pursuant to:

  • concluding a contract or fulfilling certain contractual obligations,
  • fulfilling legal obligations that are due to the operator,
  • legitimate interest,
  • public interest in the area of public health,

The legitimate interest is given by the processing operations during the recruitment process, personnel training, recovery of the partial value of the medical leave, preventing crimes, etc.

The public interest in the field of public health (in the context of COVID-19 infection), implies the protection against serious cross-border threats to health.

Any information regarding the health of the persons in the headquarter/perimeter of the company, which is processed, will be treated in a confidential manner, any communication to the personnel of the company about the possible presence of coronavirus in the workplace will not lead to the identification of the affected person.

We are committing ourselves to protect the confidentiality of your data. We will use your personal data according to the “EU Regulation on the protection of natural persons with regard to the processing of personal data (GDPR)”, to the laws and regulations in force.

How long do we keep your personal data?

We shall keep your personal data as long as it is necessary for the purpose we are using them and late on pursuant to the internal procedures and legal requirements.

As regards the storage of the processed health data to prevent the spread and diminution of the effects of the COVID-19 virus, they will be stored separately from other personal data collected for other purposes. These health data will be stored for as long as necessary for the purpose for which we use them and subsequently in accordance with internal procedures and legal requirements.

If there is a refusal of access to the perimeter of the company, the retention period is 30 days, which can be extended if during this period there is a dispute/conflict/administrative complaint, in which case those personal data may be stored until the situation is extinguished.

Whom do we share your personal data?

Your personal data is processed only by the operator and processors with whom there is a contractual relationship. Personal data may be stored, processed and transferred to a third country within the Pfeifer & Langen group (only within the EU).

Employee health data (special categories of data) will be consulted and processed only by the competent authorities.

We are a member of the Pfeifer & Langen group, (for more information, please visit: https://www.pfeifer-langen.com/en/index.html).

We can share your personal data to third parties on the following cases:

  • we are using third parties to carry out certain activities in our name which involve the processing of personal data. For example, we are hiring third service suppliers to carry out orders, deliver packages, send by courier, maintain and update database where appear the employees and clients details (including the elimination of repetitive or incorrect information), to process card payments, fulfill the occupational medicine obligations, train the employees, etc. Such third parties have access to personal data needed to fulfill missions assigned to them, but they cannot use them in other purposes;
  • we can also disclose personal data to police and other authorities who apply the law in connection with prevention and finding of crimes;
  • we can send personal data to our insurers if there is or might be made a complaint against us;
  • we can send your personal data to third parties if we have the obligation to disclose or send your personal data in order to comply with any legal obligation (including in connection with a court order) or for the purpose of implementing or applying any agreements where personal data are involved or connected in any other way with them (including agreements/understandings between you and us); or in order to protect our or our clients, employees or third parties rights, property or safety;

Which are your rights and how can they be exercised:

  • the right to be informed – you may request information on your personal data processing activities;
  • the right to correction – you may correct your personal data if they are incorrect or you may update them;
  • the right to erase your personal data (“the right to be forgotten”) – you may obtain your personal data to be erased if their processing was not legal or in other cases stipulated by law;
  • the right to restrict their processing – you may ask the restriction of processing in case you dispute the data accuracy, as well as in other cases stipulated by law;
  • the right to oppose – you may oppose especially to data processing that is based on our legitimate interest;
  • the right to receive your personal data – you may receive, in certain conditions, your personal data you have submitted to us, in a form that can be read automatically or you may request the respective data to be sent to another operator;
  • the right to submit a complaint – you may submit a complaint against the way your personal data are processed by ANSPDCP (National Supervisory Authority for Personal Data Processing);
  • the right to withdraw your consent – in case the processing is based on your consent, you may withdraw it anytime;
  • additional rights related to automatic decisions: you may request and obtain human intervention regarding the respective processing, you may express your own point of view in relation thereto and you may dispute the decision;

You may exercise such rights, either individually, or cumulatively, by sending a request by e-mail to: data.protection.ro@pfeifer-langen.com.

We may ask for the proof of your identity before sharing your personal data or in order to comply with other requests.

Furthermore, you have the right to make a complaint to the supervisory authority if you are unsatisfied with the way we have processed your personal data. You may contact the supervisory authority at the e-mail address anspdcp@dataprotection.ro; tel 0318.059.211, 0318.059.212. You are also entitled to address the courts.

Access to and modification or erasing your personal data

The data subject has the right to request at any time the access to modification or restriction of processing the personal data we collect. To help us keep the personal data updated, we recommend the users to inform us on any change or variance. In order to see or modify the personal data, to obtain information on the time period for which we intend to keep the personal data or for any other questions related to personal data, please contact the compliance officer, e-mail data.protection.ro@pfeifer-langen.com.

Processing security

We will process the data in a safe way, will apply and maintain proper technical means to protect the personal data against accidental or illegal damage or loss, alteration, disclosure or unauthorized access, especially when the processing involves sending the data through a network and also against any other forms of illegal processing. Questions related to the security of personal data may be sending to the compliance officer, e-mail data.protection.ro@pfeifer-langen.com.

Contact data

Compliance officer

If you have any questions regarding the processing of your personal data, your rights concerning your personal data etc., please contact us:

  • PFEIFER & LANGEN ROMANIA SRL, e-mail data.protection.ro@pfeifer-langen.com;
  • you may call us at: +40 259-307.000;
  • you may write to us at the address of our registered office: Oradea, Calea Santandrei, nr. 39, Bihor;

Supervisory Authority

ANSPDCP (National Supervisory Authority for Personal Data Processing)
http://www.dataprotection.ro;
anspdcp@dataprotection.ro;
0318.059.211, 0318.059.212;
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod postal 010336, Bucharest, Romania;