Data Processor Contracting Rules
A. General Terms of the Data Processor Contracting Rules
During the current Data Processor Contracting Rules, the following terms are defined as follows:
• "Provider" or “Retargeting.biz” hereinafter refers to S.C. Retargeting Biz SRL, with its registered office in 66 Badea Cartan Street, Bl. 40, ap. 26, District 2, Bucharest ;
• "Service" means any services offered through www.retargeting.biz and/or any module or component thereof;
• "User" means any person visiting or accessing www.retargeting.biz,
• "Beneficiary" hereinafter refers to any person who creates an account on www.retargeting.biz or wants to use in any way or actually uses the Service, including any User.
• ”Personal data” means any information referring to an identified or identifiable person; an identifiable person is a person that can be identified, directly or indirectly, particularly with reference to an identification number or to one or more specific factors of his physical, physiological, psychological, economic, cultural or social identity;
• ”Personal data processing” means any operation or set of operations that is performed upon personal data, by automatic or non-automatic means, such as collecting, recording, organizing, storing, adapting or modifying, retrieval, consultation, use, disclosure to third parties by transmission, dissemination or by any other means, combination, alignment, blocking, deletion or destruction;
• ”Data Controller” means any natural or legal person that establishes the means and purpose of the personal data processing;
• ”Data processor” means a natural or legal person, of private or public law, which processes personal data on the data controller’s behalf;
• ”Personal data filing systems” (database) means any organized personal data structure which may be accessed according to some specific criteria, regardless of the fact that this structure is distributed according to functional or geographical criteria;
• ”Storage” means keeping the collected personal data on any type of storage support;
• ”Third party” means any natural or legal person, of private or public law, including public authorities, institutions and their local bodies other than the data subject, than the controller, or the processor who, under direct authority of the controller or of his processor, is authorized to process data;
• ”Recipient” means any natural or legal person, of private or public law, including public authorities, institutions and their local bodies, to whom the data are disclosed, regardless of the fact that it is a third party or not; the public authorities which receive data in accordance with a special type of inquiry competence will not be considered consignees.
These definitions will be complemented by all the legally applicable definitions.
B. Data Processor Contracting Rules
1. The Provider is Retargeting Biz S.R.L. as defined in the Terms and Conditions , and it will act as a data processor for the personal data processed on behalf of its Clients, who are legal persons constituted and acting based on the applicable laws.
2. The Beneficiaries, as defined in the Terms and Condit ions and with the data provident in their accounts, are the Clients of the Provider. The Beneficiaries have the quality of data controllers in relation with the personal data processed by the Provider, on their behalf. The Beneficiaries are the entities fully responsible for the personal data processed and/or for the database accessed, administrated and used by the Provider, according to these rules.
3. The Provider will process the personal data and/or access, administrate and use the databases of its Beneficiaries only for the purpose of:
a. gathering traffic data on the Beneficiaries' websites for profiling the users of the Beneficiaries web sites; and/or
b. initiating and maintaining the effective communication, through various channels, with the users of the Beneficiaries web sites, based on the Beneficiaries' established triggers .
4. The Provider, while acting as a data processor, will solely follow the Beneficiaries instructions, instructions that must take into consideration each and all the specific principles applicable in the field of personal data processing, principles according to which the personal data must be legally and the fairly processed, collected for specific, explicit and legitimate purposes, adequate, pertinent and non-excessive, accurate and properly stored.
5. The Provider, being a data processor for the personal data accessed and/or processed, data belonging to its Beneficiaries, which are data controllers, will assure and/or maintain, if the case may be, the confidentiality and the quality of all data accessed and/or processed and of each/all the database accessed, administrated or used .
6. The Provider will act only rwithin the timeframe decided by the Beneficiaries and according to the Beneficiaries needs; while acting as a data processor, the Provider will use trained and reliable staff, partners and in-house human resources.
7. The Provider will take all necessary and adequate measures, in order to assure the security of the technical means used, of the databases created, administrated or accessed and of all personal data accessed and/or processed as a data processor. The Provider will take all necessary measures in order to protect the personal data accessed and/or processed as a data processor, so, it will apply adequate technical and organizational measures and will protect the data against any accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access as well as against any other form of illegal processing.
8. The Provider will act in relation with the personal data accessed and/or processed and with the databases created and/or administrated for the Beneficiary only as a data processor only according to the present Data Processor Contracting Rules and the Retargeting.biz's Terms &Conditions while performing its services.
9. The Provider will not disclose, disseminate or make available the personal data accessed and/or processed as a data processor, also the data bases created, accessed and/or administrated as a data processor, to any unauthorised third parties and/or recipients, unless the disclosure, dissemination or availability is mandatory and provided for in the applicable legislation or is specifically demanded by the Beneficiary.
10. The Provider may be hold responsible in case it infringes the provisions of the current text or of the Terms& Conditions and the applicable legislation, but cannot be hold responsible for any violation of the legislation in case the Beneficiaries instructions are illegal.
11. The Beneficiaries acknowledge that they must fully implement and act in respect of the legislation in the field of personal data protection and privacy, according to their applicable national legislation