The company EOS KSI ROMANIA SRL with its registered office in Bucharest, B-dul Dimitrie Pompei no. 10A, building C3, floor 6-7, Sector 2, registered at the Trade Register Office attached to the Bucharest Tribunal with number J40 / 13219/2002, unique registration code 15089252, debt recovery entity registered in the Register of debt recovery entities located in the record of the National Authority for Consumer Protection and registered in the record of the National Authority for Supervision of Personal Data Processing, e-mail address office@eos-ksi.ro , telephone number: 021.300.3558, hereinafter referred to as the Operator, processes accordingly with the provisions of Regulation (EU) no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (EU Regulation), hereinafter referred to as GDPR, your personal data in good faith and in achieving the purposes specified in this Information Note. These personal data, belonging to you as an employee or visitor (hereinafter referred to as "Person concerned"), have been provided to the Operator by you on the occasion of your presence inside the building, and the processing will be performed according to the lower:

1. Personal data

The data processed are the name (if applicable and only if the person is denied access to the premises and shows symptoms, on the grounds that the operator can prove to the authorities the fulfillment of the legal obligation) and the results of measuring body temperature with appropriate means (thermometer with non-contact) to check whether or not it exceeds a certain predefined level (eg: 37.3 degrees Celsius or any other value established as a result of the recommendations and / or instructions of the authorities and / or the internal policies of the Operator and / or the legislation relevant) which may be an indicator of COVID-19 virus infection.

2. Purposes of personal data processing. Legal basis

Allowing access to the building responsibly, by taking all appropriate technical and organizational measures to ensure occupational health and safety and reducing the spread of COVID-19 virus, to detect potential infected persons and to avoid their access within the company and their contact with other persons, being an indirect defense of a public or community interest.

Because the personal data are part of the special categories, the basis of the processing is represented by art. 9, para.2, let. b (fulfillment of the specific obligations and rights of the Operator), letter g (major public interest) and let. i (reasons of public interest in the field of public health) from GDPR, corroborated with art.6, paragraph 1, letter c) of the GDPR and the fulfillment of a legal obligation (legal provisions regulating aspects such as epidemiological triage, preliminary measurement of body temperature, contained in acts such as Law 55/2020 art. 13  and point 2 letter a) and point 3 letter, b) from GD no. 24/2020). The data processing is done in compliance with the principles of processing, according to GDPR, respectively legality, fairness, transparency, minimization of data, accuracy, limitations related to storage, integrity and confidentiality.

The provision of personal data is necessary for access to the building, being an appropriate measure in the category of those necessary to ensure health and safety at work and reduce the spread of COVID-19 virus. If the data subject refuses to measure body temperature, access to the building will not be allowed; if the data subject is an employee of the Operator, he can address a competent medical staff or can continue teleworking, according to the internal regulations and the relevant legislation. If the data subject is not an employee of the Operator, he can address a competent medical staff.

 

3. Retention period  

 

- Data is not stored (the measurement is performed with a non-contact thermometer that does not store data and if the measured values ​​are in normal parameters)

- 30 days, in case there is a refusal of access to the premises, which can be extended if in these 30 days there is a dispute / conflict / administrative complaint, in which case those data elements can be stored until to extinguish that situation.

 

4. Controllers/ Processors and Recipients of data

- to the competent authorities, at their request, for the verification of the degree of fulfillment of the legal obligations

- to the DSP, occupational medicine, external doctor and other competent authorities if there is an employee with these symptoms and, according to the internal procedure, the authorities must be notified or if an employee is confirmed with coronavirus and the authorities request additional data

5. Data subject rights

According to REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and of the national legislation in force regarding the protection and security of personal data, you benefit from the right of access to data according to art. 15; the right to rectify the data, according to art. 16; the right to delete data, according to art. 17; the right to restrict data processing, according to art. 18; the right to data portability, according to art. 20; the right to object, according to art. 21; the right not to be subject to an automated individual decision, including profiling, according to art. 22.

To exercise these rights, you can address a written request, dated and signed to the person responsible for processing personal data within the company. The application can be submitted at the headquarters of EOS KSI ROMANIA S.R.L. - Romania, Bucharest, Blvd Dimitrie Pompeiu, no. 10A, Conect Business Park, Building C3, floor 7, Sector 2 or can be sent by e-mail to protectiadatelor@eos-ksi.ro.

We inform you that, by virtue of Regulation 2016/679, you can contact the National Authority for the Supervision of Personal Data Processing, at the address: Bd. G-ral Gheorghe Magheru 28-30, sector 1, postal code 010336, Bucharest, Romania , phone: +40318059211, e-mail: anspdcp@dataprotection.ro , if you consider that your rights provided in Regulation 2016/679 have been violated.