document approved on 01/10/2021
Protecting the information you provide to us or that is provided to us about you is very important to us, and we want to assure you that we prioritize its implementation in all activities that involve processing your personal data.
Below are the lines of information we consider essential to present to you and recommend that you take into account about the personal data we collect from you, or about you, the purpose for which we collect and process it, how we use it, and, if necessary, with whom we share it.
Our organization’s details
Our organization details, Albedra Residential S.A., hereinafter referred to as Nord One, the company that
is providing you with the present material containing information about the processing of personal data,
which belong to you, and, if necessary, request your consent to use your personal data for the purpose of sending commercial communications in the manner we deem appropriate. Nord
One is responsible for processing your personal data as a data controller,
which we collect directly from you or from additional sources as a data controller
personal data as defined in the current legislation regarding the protection and processing
personal data, are:
Company name: ALBEDRA RESIDENTIAL S.A.
CUI (tax identification number): RO 39481902
No. reg. Registrul Comerțului: J02/1971/2019
Registered office address: loc. Arad, str. Bicaz nr. 1-5, biroul 5, județul Arad
Branch office address: loc. Timișoara, C-lea Aradului nr. 1, județul Timiș
Contact details: +4 0730 022 945 / vanzari@nord-one.ro
In compliance with national and European legal provisions, namely Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter “Regulation” or “GDPR”), as well as its implementing rules in national legislation, Law 190/2018, your personal data is processed in accordance with the Privacy Policy regarding the protection of personal data for the purposes of processing personal data, internal procedures, and processes approved by the decision-makers in the Nord One organization or its authorized representatives.
The Privacy Policy can be read online by accessing the website www.NordOne.ro or, in case of redirection, on www.Albedra.ro, or upon your request to the data protection officer of Nord One, and can be made available for consultation, including in printed format, by email or at the headquarters or branch offices of Nord One.
The respective Privacy Policy may be modified at any time, and updates and changes to the Privacy Policy are effective immediately upon notification, which we will provide by posting on the website www.nord-one.ro or, in case of redirection, on www.Albedra.ro, and/or by notification to your email address, if Nord One has your contact information and we have your consent to communicate electronically, including a mailing address, email address, and/or mobile phone number.
If you require any additional information regarding the processing of your personal data, please do not hesitate to contact us using the contact details provided below:
e-mail: dpo@albedra.ro
address: localitatea, Timișoara, C-lea Aradului nr. 1, județul Timiș
Schedule: 10:00 – 16:00, working days, Monday -> Friday, by appointment only.
The type of data collected
We process the following types of personal data that you provide to us or that are provided to us for or about you – information hereinafter referred to as “Personal Data” (hereinafter abbreviated as PD):
Data collection methods
We collect your personal data through several methods, and in the list below
we attempt to exemplify some of these methods, but in the case of situations that are
outside the sphere of influence of Nord One (such as a legal obligation or a request from a
authorities), it may not be possible for us to limit ourselves to those mentioned in the list below:
Methods of using collected data
The use of PD belonging to you allows us to improve the products and/or services we offer,
helps us understand your preferences, needs, and behaviors, enables us to personalize your experience, and allows us to communicate with you effectively.
Below is a list detailing, for exemplification, some of the ways in which they can be used:
personal data:
Subject to obtaining your prior consent, which YOU CAN WITHDRAW AT
ANY TIME at no cost to you, by simply requesting
the data protection officer of Nord One or through a mechanism provided
by Nord One to facilitate the easiest possible withdrawal for you
consent, we could also use personal data:
The table below shows the maximum periods for which we will store your personal data.
This period may be extended if we are legally required to do so.
This period may be extended if we are legally required to do so at the relevant time or with your consent.
Data retention period for collected data
After this period expires, if we do not have your consent for
extending the data retention period, your data will be securely deleted.
Legally processed personal data by representatives and/or agents of Nord One, in the context of
providing the contracted products and/or services, as well as in relation to the processes of
communication, including online, or the response provided within a request for a quotation,
filling out online forms, improving services, or provided by them in other ways through
the use of the website or within the relationship with Nord One, may be processed directly and/or through
the intermediaries, based on the following purposes and grounds:
If you are a visitor of the Nord One website, we may process data
your data as described below:
A. For more details regarding the use of cookie modules, please
access the Cookie Policy available on the Nord One website.
Legal Basis for Processing: legitimate interest, in accordance with the provisions of Law 506/2004.
B. For the purpose of managing requests submitted through contact forms, requesting additional information and/or complaints from the Nord One website(s).
Legal Basis for Processing: legitimate interest.
If you wish or are subscribed to the newsletters we transmit via email (activity hereinafter referred to as “Newsletter”), we may process your data for marketing purposes, for transmitting, through remote communication means (e.g., but not limited to email, phone, text message) and through other digital communication platforms, such as newsletters or other commercial messages regarding Nord One’s products and services, affiliates, and cooperating companies.
Legal Basis for Processing: your consent.
IMPORTANT to REMEMBER: your consent for direct marketing activities can be withdrawn at any time, at no cost to you. It should be noted that the withdrawal of your consent will have effects for the future, without affecting the legality of the processing carried out prior to the withdrawal.
If you are a third party and contact us through other telephone numbers (mobile or landline) or through other means of communication, we may process your data in the following manner:
A. In order to comply with legal obligations for the following purposes:
- Handling requests/complaints regarding the exercise of the rights you benefit from in the context of processing personal data, as provided by current legislation;
- Archiving documents according to legal provisions and respecting the deadlines from Nord One’s archival register;
- Managing relationships with public authorities or other entities providing a public service.
Legal Basis for Processing: legal obligation.
B. In order to fulfill the legitimate interests of Nord One for the following purposes:
- managing any other requests, complaints, suggestions.
Legal Basis for Processing: legitimate interest.
AS A CUSTOMER of Nord One (past, current, or future – referred to as “potential customer” in the latter case), we may process your data in the following ways:
4.1. In case you have contracted Nord One’s products and/or services:
A. In order to comply with legal obligations for the following purposes:
- fulfilling financial-accounting and tax obligations, including keeping accounting records, retaining supporting documents underlying accounting records;
- handling requests/complaints regarding the exercise of the rights you benefit from in the context of data processing;
- internal audit;
- archiving documents in accordance with legal provisions and respecting the deadlines from the Nord One’s archival register;
- managing relationships with public authorities or with other entities providing a public service;
- maintaining certain records, reports, forms in accordance with the provisions of special laws;
- ensuring security at Nord One’s workplaces or premises, or protecting the personnel (team) of Nord One.
Legal Basis for Processing: legal obligation.
B. In order to conclude and execute contracts for the following purposes:
- receiving and processing requests for contracting, either directly by you or indirectly, through an employee of Nord One or a third party acting as an intermediary (authorized by Nord One).
One); - the provision of specialized services offered by Nord One, including in the context of completing information request forms for the purpose of providing the requested services to you
- the provision of contracted products;
- managing requests/complaints received regarding the execution of the contract, respectively the provision of services.
- invoicing, collecting service fees, other payment operations, refunding payments.
Legal Basis for Processing: fulfilling a contract between parties / compliance with contractual provisions.
C. In order to fulfill the legitimate interests of Nord One, we pursue purposes such as:
- establishing, exercising, or defending Nord One’s rights in court, as well as in any other judicial proceedings;
- in the context of data processing for telephone appointments.
- for online access to announcements and related information.
- sending offers for specialized services by Nord One, as a result of your request.
- managing any other requests, complaints, suggestions.
Legal Basis for Processing: legitimate interest.
Observation: In the case of any processing of personal data belonging to you carried out based on your consent, we would like to inform you that you can withdraw your consent for that processing at any time, at no cost to you. With the mention that the processing carried out based on your consent until the moment you notify us of your decision to withdraw your consent complies with the legal provisions regarding the processing of personal data.
Regarding our COLLABORATORS or AFFILIATES
Can we grant access to your personal data to some of our partners and to the organizations we contract with, who provide services on behalf of and for Nord One, for the purpose of improving the services or products offered and managing the relationship with potential customers, as well as Nord One’s clients. Before allowing them access, we ensure that we have signed contracts with them that obligate them to have implemented adequate security measures to protect personal data, and we assure you that all these organizations have strict obligations regarding the security measures they take for the processing of your personal data.
At your request addressed to the data protection officer of Nord One, in written form, transmitted by email or registered letter with acknowledgment of receipt to the workplace address of Nord One in location. Timișoara, Calea Aradului nr. 1, Timiș County, we will provide you with the list of organizations to which the processing of your personal data has been permitted.
The list below includes examples from the categories of the organizations to which we allow the processing of your personal data:
- Internet services (for example, but not limited to web hosting, email hosting),
- marketing services
- sponsorships, contests, promotions, awards, raffles,
- data analysis services
- accounting services
- financial-banking services,
- cybersecurity services,
- Maintenance services (for example, but not limited to maintenance services for
- Security, maintenance of IT&C infrastructure,
- customer service (internally referred to as ‘after sales’),
- market research and/or customer satisfaction services,
- audit services;
As part of the collaboration we have with other organizations, we may provide their representatives with personal data belonging to you. As part of the collaboration we have with each of these organizations, we ensure that they also implement a minimum set of security measures so that your personal data is constantly protected, and for example, but not limited to, in the case of a merger or reorganization, we may transfer your personal data with your notification within a reasonable period, but not exceeding 30 days.
In case we are obligated to allow access or transfer your personal data to national or European public or governmental authorities, for reasons of national security or compliance with the current legislation, or for reasons of public importance, we will take measures to notify you in advance whenever necessary and when the law allows it.
If, in good faith, we believe that disclosing your personal information is necessary to protect our rights, resolve legal disputes, investigate fraud, protect our users, customers, or employees, or to comply with our terms and conditions, we will do so and will make every effort to notify you within a reasonable period, but not exceeding 30 days.
In the event we consider it necessary to transfer your personal data to the European Economic Area (hereinafter referred to as EEA), the organizations involved within Nord One as well as collaborators, suppliers, or contracted partners will pay special attention to the methods by which this data is transferred and further processed. We will ensure, to the extent reasonably possible, that your personal data DOES NOT leave the EEA. However, to the extent that we transfer your data to countries outside the EEA (such as, for example, but not limited to, the United States of America), in all cases, we will take measures to
ensure the security of the transfers as being legitimate, based on your explicit consent or other legal basis for processing.
In case we are required to resort to the transfer of this data, we will make every effort to notify you within a reasonable period, but not exceeding 30 days.
The right to information regarding the processing of your data – the right to be informed about the processing and protection of personal data by the Nord One team.
The right of access to data – the right to obtain from Nord One, as the data controller (or through us, from contracted organizations or employed individuals) confirmation of whether personal data are being processed by us or our authorized representatives.
By exercising this right, you will be informed, upon request, whether your personal data is being processed, and in the case of an affirmative response, you have the right to request access to them: the information referred to includes, among others, the purposes of processing, the categories of personal data affected, and the recipients or categories of recipients to whom your personal data have been disclosed or are being disclosed. You have the right to obtain a copy of the processed personal data, and for additional copies, we may charge you a reasonable fee based on administrative costs.
The right to rectification – the right to obtain the rectification, correction of inaccurate or incorrect data, as well as the completion of incomplete data.
By exercising this right, you can obtain from us the modification of your personal data that are found to be incorrect or the addition of other information that you wish to provide to us. Depending on the purposes of processing, you have the right to complete incomplete personal data, including through an additional statement.
The right to erasure (also known as the “right to be forgotten”) – the right to obtain, to the extent that legal conditions are met, the deletion of personal data.
The right to restriction of processing – the right to obtain, to the extent that legal conditions are met, the marking of stored personal data with the purpose of limiting their further processing.
By exercising this right, you can request the limitation or restriction of the processing of your personal data, and in this case, the respective data will be marked and may be processed by us or our processors only for certain clearly specified purposes.
The right to data portability – the right to receive your personal data in a structured, commonly used, and machine-readable format (for example, but not limited to PDF file or spreadsheet), as well as the right to have these data transmitted by us to other entities (for example, another data controller), to the extent that the legal conditions are met, without objections from our part.
Dreptul la opoziţie (cunoscut şi sub denumirea de „drept de a obiecta”) – dreptul de a vă opune în orice moment, din motive întemeiate şi legitime legate de situaţia particulară, ca datele dumneavoastră cu caracter personal să facă obiectul unei prelucrări, în măsura în care sunt îndeplinite condiţiile legale.
By exercising this right, you can object, for reasons related to your particular situation, at any time, to the processing of your personal data by us, and you may request us to stop processing your personal data. If you have the right to object and you exercise it, we or our subcontractors/processors will no longer process your personal data for that purpose. Exercising this right does not entail any cost, but you should know that this right may be invalidated, especially if the processing of your personal data is necessary for formalities.
related to the conclusion of a contract or for the performance of an already concluded contract, or is in contradiction with a legislative provision.
The right not to be subject to a decision based solely on automated processing, including profiling (also known as the right not to be subject to individual decisions) – the right to request and obtain the withdrawal, cancellation, or reassessment of any decision based solely on processing carried out by automated means (including profiling) that produces legal effects or similarly significantly affects the data subjects;
The right to address the court or the national authority for the supervision of personal data processing – the right to file a complaint with the National Authority for the Supervision of Personal Data Processing (whose contact details are available on their website, www.DataProtection.ro or below: B-dul G-ral. Gheorghe Magheru no. 28-30, sector 1, postal code 010336, Bucharest, Romania, with the email address anspdcp@dataprotection.ro and phone number +40.318.059.211), as well as the right to address the court for the protection of any rights guaranteed by the applicable data protection legislation that have been violated.
Please note that the above-mentioned rights are not absolute and there are exceptions, but we promise that with every request received, we will review it so that we can make a decision regarding its validity. If your request is justified, we will accommodate you in exercising your rights. However, if it is NOT justified, we reserve the right to reject it, but we will ensure that you are informed of the reasons for the refusal and your right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) and to seek justice.
We would like to inform you that we place great importance on the implementation of security measures, including technical and organizational measures, so that the data you entrust to us or that we collect about and/or for you are ensured an appropriate level of security corresponding to the risks involved in processing them, especially against misuse, accidental destruction, illegal or unauthorized access, loss, alteration, disclosure, intentional or accidental manipulation, unauthorized access by third parties, deletion, and modification. To this end, alongside specialists in information technology and security, we have developed and implemented DCP security policies and other confidentiality assurance practices. These policies include security procedures that are continuously reviewed and aim to take into account technological advancements.
In the unlikely event of a security breach involving a violation of the security of your personal data, you will be notified of the incident within a reasonable period of time after the breach is discovered, unless a competent public authority determines that notification would impede a criminal investigation or harm national security. In such a case, notification will be postponed according to the instructions of the respective institution, and subsequently, we will promptly respond to your questions regarding such a data security breach.
Please note that we reserve the right to change the content of the Information Note as well as the Privacy Policy under which we conduct all operations of processing personal data and ensuring the confidentiality of information, at any time. All updates and modifications to the Policy are effective immediately upon notification, which we will provide by displaying them on the website www.nord-one.ro or, in the case of redirection, on the website www.Albedra.ro, and/or by notification to your email address.
IMPORTANT TO REMEMBER: In the event that, despite our best efforts, we are unable to identify you, and you do not provide us with additional information to successfully complete the identification procedure, we reserve the right to proceed with the respective request. The response time for each request received from you is 30 days. However, we want to inform you that this period may be extended depending on various factors, such as the complexity of the request, the large number of requests received, or the inability to properly identify you within a reasonable time frame.
If you have any further questions regarding the processing of your personal data or regarding their confidentiality, or even if you wish to exercise your legal rights, please submit a written request, sent by email to dpo@albedra.ro or by registered letter with acknowledgment of receipt, addressed to the data protection officer at the postal address in Timișoara, Calea Aradului no. 1, Timiș county.