Introduction
This Privacy Policy outlines Tomi Ren EOOD ("we", "our", "Tomi Ren" or "the Company") practices with respect to information collected from users who access our website at www.tomirencx.com ("Site"), or otherwise share personal information with us (collectively: "Users").
We are the controllers of personal information collected on this website and through offline or other means during business activities. We collect Personal Data from individuals with whom we interact for business purposes, including but not limited to contact individuals within business customer/prospect and vendor organizations, job candidates, and employees and their beneficiaries/plan participants. We are committed to respecting your privacy and recognize your need for appropriate protection and management of any personally identifiable data ("Personal Data") you share with us.
Tomi Ren’s Privacy Policy outlines how Tomi Ren collects, uses, shares, and secures your Personal Data on a global basis where Tomi Ren is the controller of your Personal Data, as defined by applicable privacy laws. This policy also describes your choices and rights regarding your Personal Data.
Grounds for data collection
Processing of your personal information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter "Personal Information", "Personal Data") is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject. Tomi Ren processes your Personal Data to ensure the efficiency and effectivity of Tomi Ren business activities and relationships, conduct business and commercial transactions, maintain the recruitment/employment relationship, and plan and conduct marketing.
When you use the Site, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.
We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.
1. Purpose
This policy contains the basic principles and rules for organizing and carrying out activities related to the collection, processing, storage, communication of and use of personal data in TOMI REN EOOD.
This policy aims to ensure the implementation of Regulation No 2016/679 of the EP and the Personal Data Protection Act within the framework of the company's business processes.
2. Field of application
All employees of TOMI REN EOOD shall apply in their daily work the guidelines of this policy. This is especially important for employees working with personal data.
This policy applies to personal data of the company's employees as well as to personal data of other natural persons against whom TOMI REN EOOD acts as a controller or processor.
3. Terms and definitions
This policy uses terms and definitions in the sense in which they are used in the Personal Data Protection Act and Regulation No 2016/679 of the EP (Article 4).
For conciseness, the following abbreviations are used in the policy: The terms and definitions used in the policy are the meaning in which they are used in the Personal Data Protection Act (PDPA).
4. Responsibilities and credentials
4.1 Manager
● affirms the policy;
● exercises control over adherence to the policy
● ensures the policy is communicated to all employees;
● participates in the implementation of the policy;
● Exercises control over compliance with the policy;
5. General Provisions
5.1 Principles for handling personal data
When handling personal data, TOMI REN EOOD adheres to the following principles:
1) Legality, good faith and transparency:
Personal data shall be processed lawfully, fairly and in a transparent manner to the data subject.
2) Limitation of objectives
Personal data shall be collected and/or processed only for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.
3) Minimization of data
Subject to collection and processing is only appropriate personal data relating to the purposes and limited to what is necessary in relation to the purposes for which it is processed and collected and processed.
4) Accuracy
Personal data is kept accurate and up-to-date in order to be suitable for achieving the purposes for which it is processed.
5) Storage limitation
Personal data shall be kept in a form that allows identification of data subjects for no longer than necessary for the purposes of the controller.
6) Integrity and confidentiality
Personal data shall is collected, stored and processed with an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.
7) Accountability
The Company applies in its work the principles listed herein and maintains the necessary documents and records as proof thereof.
5.2 Rights of data subjects
TOMI REN EOOD ensures the rights of data subjects in the performance of its obligations as a controller or processor of this data. These rights are the following:
5.2.1 Right to be informed
TOMI REN EOOD, in the role of a data controller, performs actions to inform data subjects about:
● Their rights regarding to collected and processed data, doing so before or at the time of data collection or in the event of a subsequent change in the purposes of the processing
● The purposes of the processing and their legal basis;
● The recipients or categories of recipients of the personal data, if any;
● The retention period or criteria for determining that period;
● Data and contact details for personal data requests or issues;
5.2.2 Right of access
TOMI REN EOOD, acting as controller, shall provide data subjects with confirmation as to whether or not personal data is being processed and, if so, provide him or her with access to the personal data and the following information:
● The purposes of the processing and their legal basis;
● Categories of personal data;
● Retention period or criteria for determining that retention period;
● Recipients or categories of recipients of personal data, if any;
● The existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
● The right to lodge a complaint with a supervisory authority;
● Where the personal data is not collected from the data subject, any available information as to its source;
● The existence of automated decision-making, including profiling, if applicable;
5.2.3 Right to rectification
Tomi Ren EOOD, acting as the controller, shall ensure that a data subject is required to request without undue delay correction of inaccurate personal data concerning him or her.
Considering the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5.2.4 Right to erasure
TOMI REN EOOD, acting as a data controller, enables data subjects to request the erasure of personal data relating to him or her without undue delay.
TOMI REN EOOD has the obligation to erase personal data without undue delay where one of the following grounds applies, as applicable:
● Data is no longer needed for the purposes for which it was collected;
● The subject withdraws his/her consent (if he/she has given such);
● In cases of objection to processing and proof of lack of legal grounds;
● In case of unlawful processing.
Before carrying out erasure as a processor, TOMI REN EOOD, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to notify controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of such personal data.
5.2.5 Right to data portability
TOMI REN EOOD as a personal data controller, ensures data portability if the conditions laid down for this are met (Article 20, paragraph 1 of the Regulation) by transmitting without hindrance to the subject his or her personal data in a structured, widely used and machine-readable format.
TOMI REN EOOD may transfer personal data directly to another controller, where technically feasible.
5.2.6 Right to objection
When TOMI REN EOOD is a controller it shall ensure that the data subject is able to, on grounds relating to his or her particular situation, object at any time to processing of personal data concerning him or her, including profiling.
TOMI REN EOOD shall no longer process personal data in the event of objection, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing.
If the data subject objects to processing for direct marketing purposes, such personal data shall no longer be processed for these purposes.
5.2.7 Rights in automated individual decision-making and profiling
TOMI REN EOOD, in the role of controller, informs the subject (when applicable) of the existence of automated decision-making, including profiling (Art. 22 of the Regulation), as well as essential information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing.
6. Records of processing activities
6.1 List of registers
TOMI REN EOOD, in the role of controller, creates and maintains the following internal registers of processing activities:
● Register Personnel;
● Register Job Applicants;
● Register Civil contracts;
If necessary, TOMI REN EOOD, in the role of processor, creates and maintains internal records of processing activities.
6.2 Contents of register
Internal registers of personal data processing activities in the company contain the following information:
● Name and contact details of the controller/processor and, where applicable, of any joint controllers/processors, of the controller's representative and of the Data Protection Officer, if any;
● Purposes of processing;
● A description of the categories of data subjects and categories of personal data;
● Categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations;
Where applicable, transfers of personal data to a third country or international organization, including the identification of such third country or international organization and documentation of appropriate safeguards;
● The applicable deadlines for deletion of different categories of data;
● General description of the technical and organizational security measures.
7. Requirements for the staff working with personal data
7.1 General requirements
Every employee of TOMI REN EOOD who is engaged in the processing of personal data is obliged:
● To process personal data lawfully and fairly;
● Use personal data which it has access to in accordance with the purposes for which it is collected and not further process it in a manner incompatible with those purposes;
● To perform accurately and timely its obligations (if any) to update or delete personal data;
● To apply all necessary measures for the protection of personal data to ensure their constant confidentiality, integrity, availability as well as integrity of processing systems and services;
● To report immediately, in accordance with the established order, weaknesses and events related to the security of personal data
● In the event of any controversial issues regarding personal data, before taking any action, seek assistance from the competent employees of the company, including the DPO, if appointed.
● To know and comply with the current external legal documents regulating work with personal data;
● To know and to comply with all internal documents related to the management of personal data;
● To participate in all events related to training, improving or maintaining the level of awareness and competence with regard to personal data.
8. Data Protection Impact Assessment (DPIA)
8.1 General provisions
A DPIA must be carried out when:
● The processing falls within a List of types of processing operations for which DPIA is required, prepared and disclosed by the CPDP;
● Processing is for profiling purposes;
● There is a high risk to the rights and freedoms of natural persons arising from the use of new technologies, the nature, scope and context of the processing and/or the purposes of the processing.
The DPIA uses the guidelines of ISO/IEC 29134 Information technology. Security techniques. Guidelines for privacy impact assessment.
Where the result of the DPIA indicates that the processing will result in a high risk to the rights and freedoms of natural persons, TOMI REN EOOD shall compulsorily perform:
● Consultation with CPDP before processing;
● Take measures to limit the risk.
The DPIA is conducted in the company and as:
● Form of early warning to identify previously hidden weaknesses in the processing of personal data;
● Method of identifying problems before control bodies or competition.
8.2 Execution
The DPIA shall include the following actions:
1) Preparation of a systematic inventory of the envisaged processing operations;
2) Preparation of an inventory of the purposes of processing;
3) Establishing the lawfulness of the processing;
4) An assessment of the necessity and proportionality of the processing operations in relation to the purposes;
5) Assessment of the risks to the rights and freedoms of data subjects;
6) Establishment of measures to mitigate risks and achieve compliance with the requirements of the Regulation.
The DPIA takes into account compliance with the approved Codes of Conduct (Article 40 of the Regulation), if such are adopted by TOMI REN EOOD.
Where appropriate and applicable, TOMI REN EOOD may ask data subjects or their representatives for an opinion on the intended processing, without prejudice to the protection of commercial or public interests or the security of processing operations.
When there is a change in the risk associated with the processing operations TOMI REN EOOD carries out a review to assess whether the processing complies with the DPIA.
9. Ensuring security for personal data
9.1 General provisions
TOMI REN EOOD applies technical and organizational measures to ensure the necessary level of security for the personal data it processes.
The company provides a proven high level of protection and warranties for:
● The main properties of information - confidentiality, integrity, availability;
● Integrity of processing systems and services – continuity, availability, reliability;
● Maintaining the level of security through regular testing, evaluation and evaluation of the effectiveness of technical and organizational measures;
● Prevent unauthorized access to personal data by applying adequate measures where necessary – pseudonymization, encryption, anonymization, randomization.
TOMI REN EOOD maintains certificates of conformity to the information security standard - ISO 27001.
TOMI REN EOOD applies an effective method for assessing the risks to the rights and freedoms of data subjects when processing their personal data. The main risks are aimed at:
● Accidental or unlawful destruction of data;
● Loss of data without the possibility of recovery;
● Unauthorized or erroneous data change;
● Unauthorized disclosure or access to data;
The Company guarantees that its employees processing personal data have the necessary qualifications and experience both to carry out this processing in a secure manner and in accordance with the legal requirements and internal rules of the company.
The Company maintains documents and records ensuring and proving compliance with the requirements of the Regulation.
9.2 Actions in case of security breaches
In the event of a personal data breach that may lead to a violation of the rights and freedoms of data subjects, TOMI REN EOOD shall notify CPDP within 72 hours after establishment of such violation.
In the event of a personal data breach, TOMI REN EOOD shall notify the controller concerned (if any) immediately after the establishment of that breach.
Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, TOMI REN EOOD shall immediately carry out:
● objective assessment of whether previously taken data protection measures ensure that their confidentiality will be maintained;
● follow-up measures to ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
● an assessment of the efforts necessary to notify each data subject affected by the breach;
● depending on the results of the actions described above and in compliance with the requirements of the Regulation, it takes one of the following actions:
- Does not take action to notify data subjects;
- Immediately notifies data subjects of the breach;
- Makes a public announcement or other similar measure is taken so that data subjects are equally effectively informed
Retention
We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Cookies
What is this Cookie Policy all about? To whom this Cookie Policy applies?
Tomi Ren EOOD uses “cookies” when you use our websites, mobile sites, or mobile apps. This Cookie Policy explains what cookies are, what type of cookies we use, how we use them, as well as how you can exercise control over cookies.
What do we mean by ‘Cookie’? Why and how do we use cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. Tomi Ren EOOD uses cookies and similar technology on this website, which helps us to know a little bit about you and how you use our website. This improves the browsing experience for you and enables us to tailor better products and services to you and other website visitors. Cookies are stored locally on your computer or mobile device.
Here are some more examples of how and why we use cookies:
• if you have agreed (or not) to our use of cookies on this site;
• remembering client’s information necessary to log in;
• analysing how you use our site which helps us to troubleshoot any problems and to monitor our own performance;
• for the purposes of security and complying to the settings of your software (e.g. so our website can load on your device);
• gathering data about visits to the website, including numbers of visitors and visits, length of time spent on the site, pages clicked on or where visitors have come from.
What cookies do we use?
Our website uses the following cookies:
• Essential cookies
Some of the cookies we use are cookies which are essential and necessary for the normal functioning of the website. These cookies cannot be switched off because the website wouldn’t work properly anymore. These cookies do not store any personal data.
• Google Analytics Cookie
We use Google Analytics cookies which is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. Each such cookie has a different function and expiration period which, in any case, cannot exceed 2 (two) years. Google Analytics cookies may collect and use some of your personal data.
For more information on how Google Analytics cookies work and what they do, please visit:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Who will have access to the cookies?
The cookies can be accessed by Tomi Ren EOOD Group IT department and, exceptionally, by other Tomi Ren EOOD employees where access is strictly necessary for the performance of their professional duties.
For how long the cookies are kept?
The data collected through Cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above. In any event, such information will be kept for a maximum of two (2) years.
How can I exercise control over the cookies? What happens if I disable cookies?
Except for the cookies which are strictly necessary for the normal functioning of the website, you can disable all other types of cookies.
However, if you do that some features of this site may not work as intended.
You can alter the settings of your browser to erase one, more or all cookies or prevent automatic acceptance of cookies for the future.
Visit the ‘options’ or ‘preferences’ menu on your browser to change settings and check the following links for more browser-specific information:
• Cookie settings in Internet Explorer;
• Cookie settings in Mozilla Firefox;
• Cookie settings in Google Chrome;
• Cookie settings Safari Desktop;
• Cookies settings on Safari Mobile;
• Cookie settings on Android Browser;
• Cookie settings on Opera mobile.
Changes to the Cookie Policy
We may update this Cookie Policy from time to time. If we make significant changes we will let you know but you may also regularly check this Policy to ensure you are aware of the most updated version.
This Cookie Policy was last updated on 13.03.2023.
Please keep in mind that any preferences will be lost if you delete or block cookies and many websites, including Tomi Ren EOOD’s website, might not work properly. Therefore, we do not recommend turning cookies off when using our website.
Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.
Third party collection of information
Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.
This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Policy.
How do we safeguard your information
We take great care in implementing and maintaining the security of the Site and your information. We employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorized use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy. Wherever your Personal Data may be held within Tomi Ren or on its behalf, Tomi Ren takes commercially reasonable and appropriate steps to protect the Personal Data that you share with Tomi Ren from unauthorized access or disclosure. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.
Transfer of data outside of the EEA
Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection. We will utilize appropriate safeguards governing the transfer and usage of your personal information such as Standard Contractual Clauses pursuant to Article 46 of the GDPR. If you would like further detail on the safeguards we have in place you can contact us directly as described in this Privacy Notice.
Advertisements
We may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regards to your use of the Services to serve advertisements to you (e.g., by placing third-party cookies on your web browser). If you wish to opt out of interest-based advertising, contact us. Please note you will continue to receive generic ads.
Marketing
We may use your Personal Information, such as your name, email address, telephone number, etc. ourselves or by using our third party subcontractors for the purpose of providing you with promotional materials, concerning our services, which we believe may interest you.
Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. If you unsubscribe we will remove your email address or telephone number from our marketing distribution lists.
Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.
Corporate transaction
We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.
Minors
We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow use of our services by minors without prior consent or authorization by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at Info@tomirencx.com.
Updates and amendements of this policy
You should review this Privacy Policy on a routine basis as Tomi Ren reserves the right to change this Privacy Policy, or any portion thereof, an updated version of our Privacy Policy will be posted to our website.
How to contact us
If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at info@tomirencx.com. Protecting your privacy online is an evolving area, and this website is constantly evolving to meet these demands.
Tomi Ren EOOD
E-mail: info@tomirencx.com
Last Modified 13.05.2023
Tomi Ren CX
Copyright © 2023 Tomi Ren CX - All Rights Reserved.
Powered by GoDaddy