Our Privacy Strategy and Policy

 

Copyright. ©2021 ARON SAMU PHD LLM ESQ OÜ. All rights reserved.

This document is protected by copyright. The rightful owner of the information, the company which provides the Data Protection Officer services to RUA - ONLINE COUNTRY S.A. hereby reserves all rights regarding the information regarded as the structured manner of organizing the text.

This document has a complex legal nature:

  • The document regarded as the structured and organized display of the information - RUA - ONLINE COUNTRY S.A. has a right to the limited use for an indefinite time-frame of the text of this English language version, without the Header and Footer sections bearing the author’s corporate information or without referencing the specific author of this document, even by making use of its own styling and branding for its identification, for the personal benefit of facilitating the interactions and contractual agreements to which it takes part. RUA - ONLINE COUNTRY S.A. hereby notifies you that it is not the owner of this document regarded as a means of structuring the information. Regarded as such, the rightful owner of the information reserves all rights regarding the information contained within this document. Any exchange involving this document presented in a different digital format than bearing the “.pdf” extension, or in another physical format than the minimum number of A4 sheets is forbidden.

  • The physical document held by the parties - may be managed by the parties as a physical document only to the extent and for the specific purpose of its use within their relationship of interaction and for the purpose of proving the relationship of interaction to the other party or to the national or supranational authorities which have a valid and necessary legal right interpreted in the strictest objectively-possible manner; to this end it may be copied or exchanged, in its entirety or in part, in any case necessarily including the section “Copyright. ©2021 ARON SAMU PHD LLM ESQ OÜ. All rights reserved.”. Any exchange involving this document presented in a different digital format than bearing the “.pdf” extension, or in another physical format than the minimum number of A4 sheets is forbidden. The information and Personal Data integrated in the physical document as a consequence of filling in the required fields and of the signing of the final section which requests the identification of the parties on the occasion of signing it in physical form will be managed within the activity flow of the Data Protection Officer of RUA - ONLINE COUNTRY S.A., and will be stored by the latter in the account of the Google LLC Email address aron.samul@aronsamu.com.

Following the disappearance of any circumstances which bind the parties to keep the document in order to exercise their contractual rights or to fulfill their contractual duties or to interact with the national or supranational authorities which have a valid and necessary legal right interpreted in the strictest objectively-possible manner regarding this document, the parties have the duty to destroy the physical and/ or electronic copies of this document, regarded in both of its dual meanings, both as a structured manner of organizing the information as well as a physical document.

Any unauthorized use, reproduction, alteration, modification, addition or management is forbidden. For any information or doubt regarding the rights in connection to this document, the parties have the duty to contact the rightful owner of the information at the Google LLC Email address aron.samu@aronsamu.com.

The owner of the information and RUA - ONLINE COUNTRY S.A. as holder of the right to limited use for an indefinite time-frame of the text of this version hereby reserve their rights to use any and every legal means in order to mitigate and recover the damages suffered due to the infringement of their rights.

RUA - ONLINE COUNTRY S.A., a company whose registered office is located at Mun. Tîrgu Mureș, No. 18 Vulcan Str., Apt. 1, Postal code 540074, registered with the Trade Registry under number J26/513/2021, having the fiscal code number 43971210, ("RUA") has adopted and is currently enforcing Our Privacy Strategy and Policy ("Strategy and Policy") in order to secure and uphold a degree of privacy security in respect to Personal Data of a level that is compliant with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. This Strategy and Policy refers to and is enforced in respect to the controlling and/ or processing of Personal Data aspects that involve visitors, users and/ or Business Counterparties that are located within the European Union and/ or the Swiss Confederation.

RUA - ONLINE COUNTRY S.A. is compliant with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as these are currently established and enforced by the U.S. Department of Commerce, the European Commission and the Swiss Administration in regards to the management and transferring of Personal Data belonging to visitors, users and/ or Business Counterparties from the European Union, its member countries and Switzerland to the United States in support of transatlantic commerce. RUA - ONLINE COUNTRY S.A. is hereby certifying that we adhere to both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks Privacy Principles of notices, choices, security aspects, integrity of the data, accesses, limitations of the purposes, enforcements, recourses, accountabilities for the onward transfers and liabilities. In the event of any conflict between the provisions of this privacy Strategy and Policy and the Privacy Principles established and enforced by the EU-U.S. and/ or Swiss-U.S. Privacy Shield Frameworks, the Privacy Principles of the latter category shall prevail as applicable. For more information about both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and/ or the Privacy Shield Framework Program, and/ or in order to view our included and active Participation space located therein, you may visit the official .gov Privacy Shield Framework Program webpage.

RUA - ONLINE COUNTRY S.A. hereby officially acknowledges the jurisdiction of The Federal Trade Commission (FTC) regarding the aspects pertaining to the compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

All RUA - ONLINE COUNTRY S.A. staff under employment contracts that are involved in the management of Personal Data stemming from Europe and/ or the Swiss Confederation are informed and required to adhere to and comply with the Provisions of this Strategy and Policy.

We define capitalized concepts as Specific Terms within Section 4 of this Strategy and Policy.

1. REACH

This Strategy and Policy extends to and regulates the controlling and/ or processing of visitors’, users’ and/ or Business Counterparties’ Personal Data that RUA - ONLINE COUNTRY S.A. comes in contact with throughout its business operations (the principal place of doing business and official company Headquarters being located in Romania, member country of the European Union) regarding visitors, users and/ or Business Counterparties that are residents of the European Union, any of its member countries or/ and Switzerland. We provide information, products and/ or services to consumers and/ or businesses.

This Strategy and Policy also applies to data and/ or information that cannot result into instances of individual person(s) identification, including to cases in which pseudonymization is used. Such pseudonymization may involve the replacement of any personal identifiers with fictional alternatives in order to render the identification of individual persons impossible.

2. IMPLEMENTATION, ENFORCEMENT, MANAGEMENT AND OVERSIGHT

RUA - ONLINE COUNTRY S.A. have designated the executive leadership of our organization to implement, enforce, manage and oversee our program of data and information security, including our compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program, including but not limited to Our Privacy Strategy and Policy. The executive leadership will acknowledge, review and approve any modifications of a material manner that involve (even isolated aspects of) our program as they are necessary and/ or reasonable. Any comments, questions, issues, concerns or complaints regarding Our Strategy and Policy and/ or program may be directed to any official channel provided for within Section 13 of this document.

We will implement, manage, oversee, test and/ or challenge, and update our policies concerning our program of data and information security (including our efforts, practices, and systems) in order to uphold the protection of the Personal Data that we come into contact with. Our staff under employment contracts or/ and entity engaged in any legal relationship with our organization where we exert significant control over their activity will be trained and instructed, as reasonably applicable, to adhere to, implement and/ or enforce Our Strategy and Policy as effectively as reasonably possible. You may learn more about the specific action plan that we are enforcing in our efforts to best safeguard Personal Data from the provisions of Section 8 of this document.

3. REVIEWS, VERIFICATIONS AND RENEWALS

RUA - ONLINE COUNTRY S.A. will update and re-engage both of its EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program on an annual basis, unless securing the maintaining of such certifications becomes mandatory on a more frequent basis (in which case we will adhere to the stricter requirements) or if our business operations, strategies and entire regulatory framework adherence requirements mandate that such certifications become undesirable or if we will adhere to, implement and enforce a different system of ensuring adequacy of a higher level of strictness regarding the protection and upholding of the standards of privacy and security for the benefit of U.S., EU and/ or Swiss Confederation nationals.

Before applying for and/ or obtaining the re-approval of our participation within both of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program, we will implement and enforce a proprietary audit in order to make sure that our statements and practices regarding our management of visitors’, users’ and Business Counterparties Personal Data are as proper, accurate and compliant as possible, and that our business organization constantly and all-inclusively applies the before-mentioned practices in an reasonably-utmost appropriate manner. Specifically, within our proprietary auditing process and procedures, we will commit to the following actions:

  1. Revisit, appropriately adapt and maintain the up to date nature of Our Privacy Strategy and Policy including the version of the document which we do and will continue to publish throughout our website presences in order to ensure the continuous compliance with both of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program in respect to our management of the Personal Data stemming from visitors, users and/ or Business Counterparties.

  2. Make sure that Our Privacy Strategy and Policy is made available to the public and that it clearly informs and instructs our visitors, users and/ or Business Counterparties about RUA - ONLINE COUNTRY S.A.’s involvement within both of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program, as well as about the always available option to obtain a copy of supplemental data and/ or information regarding the matter (e.g. to access and receive an issuance of Our Privacy Strategy and Policy).

  3. Maintain the full compliance status of Our Privacy Strategy and Policy in respect to the principles of the Privacy Shield Framework Program.

  4. Guarantee that RUA - ONLINE COUNTRY S.A. visitors, users and/ or Business Counterparties came in contact with the procedures available to them in order to initiate comments, questions, issues, concerns or complaints as well as with any and all of the means to escalate the matter to the attention of dispute resolution instances presenting the regulatory guarantee of independence (we may achieve this by means of visibly displaying the information on our public website, and/ or any business interaction).

  5. Revisit, appropriately adapt and maintain the up to date nature of our strategies and implementations concerning the training of our staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity regarding our involvement in and adherence to the Privacy Shield Framework Program as well as the corresponding proper manner of managing the visitors’, users’ and/ or Business Counterparties’ Personal Data.

RUA - ONLINE COUNTRY S.A. will implement, issue and enforce a proprietary audit document during each and every year of our adherence intended for perpetuity to both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program.

4. SPECIFIC TERMS DEFINITIONS

Terms which are presented in a Capitalized form within Our Privacy Strategy and Policy are defined as Specific Terms hereafter:

Business Counterparty” and “Business Counterparties” designate (a) client(s) and/ or customer(s) from the European Union or the Swiss Confederation involved in a business-type interaction with RUA - ONLINE COUNTRY S.A.. These designations will also include any agent(s), representative(s), or any staff under employment contracts or entity engaged in any legal relationship with their organization(s) or where they exert significant control over their activity, and also include all of our staff under employment contracts or the entities engaged in any legal relationship with our organization or where we exert significant control over their activity in the event that we are managing their Personal Data within our business interaction with the Business Counterparty or Business Counterparties.

Our “staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity” also includes temporary, part-time, or contract-based hires, even former ones, independent contractors, and/ or applicants seeking RUA - ONLINE COUNTRY S.A. or any affiliates or subsidiaries thereof employment, that are at the same time legal residents of countries within the European Economic Area (“EEA”).

Personal Data” is currently designated by the European Union Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”, published in the Official Journal of the European Union OJ L 119, 4.5.2016, within pages interval 1–88) as any information relating to an identified or identifiable natural person (‘data subject’), designating an identifiable natural person as one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, physiological, genetic, mental, economic, cultural or social identity or traits of that natural person (including but not limited to visitors’, users’ and/ or Business Counterparties’ identification credentials, geographical location(s), device(s) information, marital status, Email information, password(s) and other identification data, phone, address and/ or emergency contact information, collection of education and employment or qualification(s) history information). Personal Data does not designate information that is anonymized or voluntarily made publicly available by its rightful owner. It should be noted that as far as the Swiss Confederation is concerned, the term “person” designates both (a) natural person(s) as well as legal entities, without distinction being made in respect to the actual embodiment of the specifically-involved legal entity).

Sensitive Data” designates Personal Data that discloses visitors’, users’ and/ or Business Counterparties’ biometric data, health and/ or medical state, photographic or video captures, race or ethnicity, political, religious and/ or philosophical inclusions and/ or opinions, sexual preferences and/ or orientation, or membership(s) in work-related unions (e.g. trade unions).

Third Party” and/ or “Third Parties” designate any legal entity or multiple thereof that is outside of the framework of RUA - ONLINE COUNTRY S.A., our staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity.

5. PERSONAL DATA MANAGEMENT FRAMEWORK

RUA - ONLINE COUNTRY S.A. supplies diverse end-solutions to its visitors, users and/ or Business Counterparties that interact with its proprietary business strategy. RUA - ONLINE COUNTRY S.A. manages Personal Data from said visitors, users and/ or Business Counterparties whenever necessary and to extent necessary in the context of its most aggressive lawful pursuit of its proprietary business strategy, including but without limitation to visitors accessing its website, users that register for any and/ or all of our services or part thereof or access their allocated and secured spaces, to any of them that voluntarily submit Personal Data throughout our business interaction(s) (e.g. they can voluntarily choose to engage our live support modules or to submit certain Personal Data in our private business interaction in the secure manner which we allow for, provide and manage).

Any part and/ or the entirety of the Personal Data that we manage can be as diverse as the visitors’, users’ and/ or Business Counterparties’ behaviour within our business interactions. As far as the general information that may be managed, the following categories are of frequent inclusion: information that may facilitate interactions (e.g. name information, Email information, phone information, employment data, as well as financial and/ or payment information, potentially including credit card and/ or bank account information). Users and/ or Business Counterparties may be allocated personal spaces within the ambit of our business interaction, including within a live support environment. They will be free to transfer any information which we reasonably require and they reasonably consider appropriate in the context of our business interactions, any management of their Personal Data being considered to be initiated by their express and unconstrained consent to this extent. We reserve the right to unilaterally deny the provision of specific (or even all) information, products and/ or services (or part thereof) at any moment that there a mutual agreement upon the necessity and opportunity of an information management aspect is not reached between ourselves on one part and visitors, users and/ or Business Counterparties on the other within the context of our proprietary business strategy.

Whenever visitors, users and/ or Business Counterparties interact with our online Internet business presence, we will potentially most always manage their information including Internet Protocol (IP) address and/ or browser-type software characteristics. We can manage interactions between the latter information categories and the particular registered users and/ or Business Counterparties.

We may manage the data and/ or information deriving from visitors, users and/ or Business Counterparties in order to pursue our most aggressive lawful proprietary business strategy, for example in order to provide them with information tailored to their behaviour and/ or predictability of their behaviour as determined by our management of such data and/ or information, and/ or in order to provide for and/ or secure the sale(s) of product(s) and/ or service(s), manage interactions and/ or transactions (including renewals thereof, even of a fully or partially automated manner), satisfy diverse internal and/ or external reporting, invoicing practices and/ or other operations in connection with the visitors’, users’ and/ or Business Counterparties’ interaction(s) with us.

In the case(s) of diverse information, product(s) and/ or service(s), RUA - ONLINE COUNTRY S.A. may act as provider, and in this capacity may be a controller and/ or processor that manages (including but not limited to receiving, storing and/ or processing operations) Personal Data. In any and/ or all such case(s), we may act in the capacity of a Personal Data processor and will ensure that we lawfully process the Personal Data for and following the direction of our partner entities and/ or agents (including thereof). We may manage such collected Personal Data and/ or information, in order to provide for and/ or secure the sale(s) of product(s) and/ or service(s), manage interactions and/ or transactions (including renewals thereof, even of a fully or partially automated manner), satisfy diverse internal and/ or external reporting, invoicing practices and/ or other operations in connection with the visitors’, users’ and/ or Business Counterparties’ interaction(s) with us (including by adhering to the reasonable and lawful requests, indications and/ or business strategies of our partner entities and/ or agents, including thereof).

RUA - ONLINE COUNTRY S.A. manages Personal Data that it received directly from its own visitors, users and/ or Business Counterparties and/ or for its partner entities and/ or agents (including thereof) directly and/ or indirectly in its capacities of data processor and/ or controller for the pursuit of our proprietary aggressive business strategy in a lawful manner, including (without limitation) by means of:

  1. identity verifications (e.g. connected to the users’ and/ or Business Counterparties’ personal digital spaces);

  2. responses to actions originating from the visitors, users and/ or Business Counterparties;

  3. keeping, controlling and/ or processing Personal Data within digital systems located in Romania (European Union Member Country) and/ or other locations (only if they provide adequate regulatory and/ or business safeguards in the strictest sense of interpreting the provisions of the European Union General Data Protection Regulation and those of both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program, for the ultimate purpose of completely eliminating or at the very least to the greatest extent minimizing any or at the very least the utmost liability of RUA - ONLINE COUNTRY S.A. according to said regulatory frameworks);

  4. managing information, products and/ or services, and/ or adhering to and upholding our contractual duties regarding them (including but not limited to transactions’ management, reporting, invoicing, renewals even of a fully or partially automated manner, as well as other operations and/ or activities related to providing information, products and/ or services to visitors, users and/ or Business Counterparties);

  5. for any other proprietary business strategy-related lawful purposes (including but not limited to reporting, tax, customs operations and/ or activities) allowed for or mandatory by the enforceable local (Romanian), other national, supranational and/ or international regulatory framework(s).

RUA - ONLINE COUNTRY S.A. presents an always opt-in mechanism within the context of its information management. We will not disclose Personal Data to Third Parties in the lack of the specifically-expressed or at the very least implied consent of our visitors, users and/ or Business Counterparties granted upon us within the context of our business interactions with them as well as that of the proactively and extensively-interpreted reasonable business practices in any of the business environments connected in any manner whatsoever with our proprietary business strategy.

6. DISCLOSURE(S) AND/ OR FURTHER TRANSFER(S) OF PERSONAL DATA

Except in the event of a provision otherwise contained herein, RUA - ONLINE COUNTRY S.A. will only disclose Personal Data to Third Parties that must reasonably become knowledgeable of such information and only insofar as the scope of the business interaction with RUA - ONLINE COUNTRY S.A. is concerned, in any case not for other reasons. Any and all such subsequent Third Party recipients have to accept to uphold specific duties pertaining to confidentiality, and at the very least to all of the applicable RUA - ONLINE COUNTRY S.A. documentation including the implied references to adhering to the provisions of the European Union General Data Protection Regulation and to those of both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program.

RUA - ONLINE COUNTRY S.A. could potentially provide information, including but not limited to Personal Data, to Third Parties that may act in the capacities of consultants, contractors and/ or agents (even independent ones), in order to perform, provide and/ or manage tasks on behalf of RUA - ONLINE COUNTRY S.A. and under our specific guidance, instructions and/ or oversight. By means of example, RUA - ONLINE COUNTRY S.A. could potentially manage Personal Data in the operations (including systems) of such Third Parties. In any such case, the Third Parties must agree to manage the Personal Data only within the boundaries of the purpose(s) and/ or specific reason(s) for which they have been involved and/ or engaged by RUA - ONLINE COUNTRY S.A., and they must at the same time cumulatively adhere to the provisions included herein:

  1. comply with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and principles of the Privacy Shield Framework Program or at the very least with the provisions and principles of another system or mechanism allowed alternatively by the United States, European Union and Swiss Confederation law(s) and/ or regulation(s) concerning data protection (in the specific areas of transfers, exchanges, controlling activities and processing activities pertaining to Personal Data) which are in force;

  2. comply with the provisions of the European Union General Data Protection Regulation framework;

  3. and agree to provide compliant Personal Data safeguards that are at least as strict and protective as the ones established and/ or enforced by means of Our Privacy Strategy and Policy.

RUA - ONLINE COUNTRY S.A. can also disclose Personal Data for any other reasons and/ or towards other Third Parties whenever visitors, users and/ or Business Counterparties have consented to and/ or solicited such a disclosure. Any entity is hereby aware and agrees that RUA - ONLINE COUNTRY S.A. could potentially be required to disclose the Personal Data of visitors, users and/ or Business Counterparties in order to lawfully comply with a lawful mandatory request deriving from authorities, including but not limited to the purposes of meeting national security and/ or regulatory enforcement specifications.

7. SENSITIVE DATA

RUA - ONLINE COUNTRY S.A. does not request or/ and collect Sensitive Data from its visitors, users and/ or Business Counterparties.

8. THE ACCURACY, INTEGRITY AND SECURITY OF THE DATA

RUA - ONLINE COUNTRY S.A. deploys reasonable proactivity, diligence and efforts in order to uphold the accuracy, integrity and security of the Personal Data it manages. We are constantly adopting and implementing updated informational, physical and technical safeguards as reasonably appropriate in order to safeguard Personal Data from incidents (even partial or attempts) such as losses, misuses, mismanagements or instances of unauthorized accesses, modifications, disclosures or destructions. We deploy secure network and firewall safeguard technologies when managing Personal Data in electronic environments. In order to access our electronic data systems, we enforce the authentication of users by means of credentials including secure passwords or similar methods of secure access. We also deploy limitations on accesses, restricting the staff group that has to be allowed to access Business Counterparty Personal Data in the processes of our business operations (including upholding the security of the system that enables said business operations).

Moreover, RUA - ONLINE COUNTRY S.A. implements secure encryption technologies in order to guard various types of Personal Data. Regardless of our reasonable precautions and efforts, we hereby notify our visitors, users and Business Counterparties that a complete level of security cannot possibly be achieved at any or all given times, and highly recommend that they also research, implement and enforce appropriate personal security standards throughout our interactions.

9. OFFICIAL NOTICE

RUA - ONLINE COUNTRY S.A. hereby notifies its Business Counterparties of its adherence to and upholding of the principles set forth by the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks by means of its publicly-shared organization privacy policy entitled “Our Privacy Strategy and Policy”, which it has made available at the website link - https://www.rua.ro/privacy-policy and that it secures the acknowledgement, approval and adherence to this current version of the strategy and policy of each and every Business Counterparty whenever they initiate an official interaction with our organization in the business process.

10. PERSONAL DATA ACCESS AND/ OR USE SAFEGUARDS

The RUA - ONLINE COUNTRY S.A. staff under employment contracts or entities engaged in any legal relationship with our organization where we exert significant control over their activity may only access and/ or use Personal Data if they are specifically authorized to act in these manners and only within the limitations set forth in the specific authorization, including those pertaining to the purpose of carrying out their specific actions.

11. THE RIGHTS TO ACCESS, RECTIFY, MODIFY AND/ OR REMOVE PERSONAL DATA

  1. Rights to Access, Rectify, Modify and/ or Remove Personal Data. Visitors, users and/ or Business Counterparties enjoy the legal rights to Access, Rectify, Modify and/ or Remove Personal Data (including but not limited to knowing the information included in systems and to ensuring the accuracy and relevance of the information in respect to the purposes and/ or reasons that it had been collected pertaining to management). Visitors, users and/ or Business Counterparties can review their own Personal Data which is managed within systems (including but not limited to databases) and initiate proceedings to rectify, remove or even block any and/ or all inaccurate Personal Data, in a lawful manner intrinsically consistent with all of the RUA relevant policies and specific business agreements that we enforce at any given time. Following the contact with a reasonable request, and as it is required by the principles of the Privacy Shield Framework Program and by those of the European Union General Data Protection Regulation regulatory framework, RUA will provide appropriate Access to Personal Data, for the purposes of rectifying or modifying the information when it is proven to be inaccurate. Users and/ or Business Counterparties can also change their Personal Data from their personal space, however this does not always automatically translate into a removal of the previous information (which we will maintain until specific request for removal given the implied consent or at the very least the implied personal interest of the safe space security in the event of a potential breach). In any case, in order to exercise their rights to Access, Rectify, Modify and/ or Remove Personal Data, visitors, users and/ or Business Counterparties should contact us via one of the official channels listed in Section 13 of this document. Data subjects are legally bound to only provide accurate, truthful and complete data and/ or information whenever they interact with us.

  2. Solicitations to Access, Rectify, Modify and/ or Remove Personal Data. RUA will manage each of the following types and will notify the visitors, users, Business Counterparties and/ or other entities lawfully in the following events: (a) the presence of a lawful request from the data subject; and/ or (b) the presence of a lawful mandatory request for Personal Data disclosure from a regulatory enforcement authority.

  3. Appropriately resolving solicitations to Access, Rectify, Modify and/ or Remove Personal Data. RUA will strive to acknowledge and appropriately resolve each and every reasonable solicitation to access, rectify, modify and/or remove or deactivate (including permanently anonymize) Personal Data in a proactively-timely approach and resolution.

12. CHANGES TO OUR STRATEGY AND POLICY

Our Strategy and Policy can be adapted periodically, in order to maintain its provisions in adherence to the Principles established by both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program as well as to the European Union General Data Protection Regulation framework and principles. We will also inform and enforce the acknowledgment and upholding of these Principles by means of any official communication channel throughout our staff under employment contracts or entities engaged in any legal relationship with our organization where we exert significant control over their activity base. We will also bring notifications to our visitors’, users’ and/ or Business Counterparties’ attention in respect to any updated information that can relevantly impact our management of the Personal Data (even if the management had begun previously), while offering them the choice of having their Personal Data being managed in any updated relevantly impactful manner.

13. COMMENTS, QUESTIONS, ISSUES, CONCERNS OR COMPLAINTS

EU and Swiss Business Counterparties can contact RUA - ONLINE COUNTRY S.A. with questions, raise issues or concerns, or register complaints regarding this Strategy and Policy by contacting us:

Business Counterparty designation:

ARON SAMU PHD LLM ESQ OÜ, by

Name of the Data Protection Officer Entrusted with the protection of personal data:

Dr. Áron Samu, LL.M., Esq.

Address:

Harju maakond, Lasnamäe linnaosa, Sepapaja tn 6, Tallinn, Eesti Vabariik (Estonia), postal code 15551

Mobile phone number:

0040743773239

00407GDPREADY

Google LLC Email address:

aron.samu@aronsamu.com

The availability of the staff Entrusted with the protection of personal data: proactive 24/7 (24 hours daily, 7 days per week, as far as the duties which derive from the legal framework the communication being considered to have been initiated on the first national workday following the date on which the communication was effectively sent if the effective sending of the communication had taken place on a national holiday, the characteristics of workday and holiday being interpreted in accordance with the Romanian law of choice applicable to this document for interpretation purposes).

14. ENFORCEMENT AND RESOLUTION OF ANY ISSUES, CONCERNS OR DISPUTES

In order to ensure our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. Visitors, clients and/ or Business Counterparties stemming from the European Union and/ or the Swiss Confederation that raise any issues, concerns or disputes regarding the management of their Personal Data can feel free to contact us through any of the official channels outlined within Section 13 of this document.

Whenever the visitors’, users’ and/ or Business Counterparties’ issue(s), concern(s) and/ or dispute(s) with us are not resolved in (a) satisfactory manner(s) by means of our ensuing interaction(s), we hereby declare and confirm the upholding of submitting such unresolved instances regarding the issue(s) of privacy and/ or security falling within the ambit of any of the or both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks to the standalone divergence(s) resolve(s) structure(s) operated by the relevant European Union Data Protection Authorities, beginning with our national authority available through the official communication channels presented hereafter:

Romanian National Authority: The National Supervisory Authority for Personal Data Processing
Address: B-dul Magheru 28-30, Sector 1, București, postal code 010336
Telephone: 0040 21 252 5599
Fax: 0040 21 252 5757
Email:
anspdcp@dataprotection.ro
Website: http://www.dataprotection.ro/


 

Any such issue(s), concern(s) and/ or dispute(s) will be directed to the attention of either the United States Department of Commerce and/ or the Federal Trade Commission in order to offer assurance that (any) such instance(s) of interest to the visitors, users or Business Counterparties are processed and solved appropriately. There is an adequately-reasonable period in which the instance(s) should be solved. Whenever the relevant Data Protection Authority directs (an) instance(s) to the attention of the United States of America, the United States Department of Commerce has to adhere to a specific deadline to react. Whenever the Federal Trade Commission is concerned, it has taken upon itself to grant priority to instances generated by singular individual entities.

Whenever (an) instance(s) is not appropriately solved by the previously enumerated means, the final resort will be to forward it in redress to the attention of an available arbitration panel. This redress in (an) instance(s) pertaining to national security involving any entity whose Personal Data reaches the United States will be managed by an Ombudsperson that is independent from the United States intelligence structures. The particular means of operating and the independent status of said Ombudsperson will be clarified, especially its independent status and its status in the interactions with any other regulatory oversight structures that are independent and have authority and jurisdiction over these matters, throughout the initial phase of the redress process.

The final resort, to be exercised only in special limited instances, is the redress that might be sought by European Union and Swiss Confederation entities to the attention of the mandatory arbitration structure of the Privacy Shield Panel.

RUA finally hereby declares and binds itself to the highest standards of openness, cooperation and compliance in respect to both of the European Union and Swiss Confederation Data Protection Authorities and to acknowledge, uphold and enforce the advice issued by these competent Authorities in respect to the data and information pertaining to its staff under employment contracts or entities engaged in any legal relationship with our organization where we exert significant control over their activity that is transferred from the European Union and/ or the Swiss Confederation within the relevant ambits of the employment and/ or other relevant legal relationships where we exert significant control over their activity.

Any data, information or part thereof, submitted by means of a visitor, user and/ or Business Counterparty voluntarily and free of any constraint whatsoever interacting with RUA - ONLINE COUNTRY S.A. within the ambit of our proprietary business strategy, is considered to be submitted in good will, good faith, fair dealing and full acknowledgement of the legal implications of such action, without intent to raise claims of prejudice and/ or inflict any sort of legal liability upon us. Whenever you begin to have any question, issue, concern, objection or other attitudes or opinions which result in you not wanting to proceed in the foreseeable manner of our interactions or if you want to take steps back by removing any information or part thereof from our management, contact us immediately via the official communication channels presented publicly within Section 13 of Our Privacy Strategy and Policy in order to amicably resolve our differences. We reserve the right to act in a manner consistent with our perfectly-lawful business strategy, including to withhold, deny, or restrict your access to information, products and/ or services (even partially) to the least extent necessary given your change in attitude, behaviour and/ or sovereign personal decision(s) regarding our management of your data, information and/ or Personal Data.

Finally, we hereby declare and uphold our acknowledgement, adherence to and enforcement of the entire applicable European Union General Data Protection Regulation regulatory framework (including all of the implied, related and connected regulatory framework provisions, as well as those that will supersede or in any manner alter any category thereof, including the European Union General Data Protection Regulation itself).

Our Privacy Shield Strategy and Policy was published and becomes enforceable today, the 26th of March 2021, and has 22 (twenty two) pages, including 6376 words, 41505 characters, and 35351 characters excluding spaces, according to the specifications determined by Google LLC Docs, showcased hereafter:

 

 

IN FORCE

Version 1.0 - March 26th, 2021

PUBLISHED

Version 1.0 - March 26th, 2021

VERSION(S) HISTORY

  1. Version 1.0 - in force March 26th, 2021

Date of Last Change: March 26th, 2021