Privacy Information Notice
The security of your data and the protection of your personal rights is an important and serious concern for us. Therefore, we process your personal data exclusively on the basis of applicable law. We are subject to the European Data Protection Regulation (GDPR), as well as Law 190/2018 and Law 506/2004. Data processing only takes place if the legality is checked in advance and corresponding legal bases are available. In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations.
A. INFORMATION REQUIREMENTS PURSUANT TO ART. 13 GDPR – APPLICANTS
Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)
diconium romania S.R.L.
8-10 Str. Tudor Arghezi St, TOF 111, 1st floor, Bucharest, 2nd district
Commercial Register no. J40/11098/2022
Fiscal code 46285623
E-mail: dataprotection@diconium.com
Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)
- Handling of applicants/eRecruiting (Art. 6 Sect. 1 b GDPR)
Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)
Human resource services, providers of and consultants for the software-supported applicant portals, disposal service providers, affiliates
Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)
Data shall not be transmitted to any non-EU countries.
Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)
Personal data will be deleted six months after the application process ends. In the case of inclusion in the applicant pool (if we receive your consent in this respect), deletion will take place after two years, if no suitable position can be offered.
If the applicant is hired, the required data will be transferred to the personnel file. Information regarding data removal can be derived from the mandatory information concerning the processing of employee data.
Right to revoke (Art. 13. Sect. 2 c GDPR)
If you have agreed to the processing of your data, you do have the right to revoke your consent with future effect. This shall be without prejudice to the legality of the processing of your data until the revocation is received. Please contact the responsible person at the contact information provided below.
Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)
As the data subject, you have the right at any time to access, correct and delete your data and to limit handling as well as a right to data transferring. Please contact the person responsible at the contact data provided below.
Right to file complaints (Art. 13 Sect. 2 d GDPR)
As the data subject, you have the right to file complaints at any time with the competent Romanian data protection authority (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) under https://www.dataprotection.ro/.
Existence of a requirement to provide personal data (Art. 13 Sect. 2 e GDPR)
The collected data is necessary for the execution of application processes (purpose 1). When data is not provided it is not possible to carry out application procedures.
B. INFORMATION REQUIREMENT PURSUANT TO ART. 13 GDPR – SUPPLIERS, SERVICE PROVIDERS, OTHERS
Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)
diconium romania S.R.L.
8-10 Str. Tudor Arghezi St, TOF 111, 1st floor, Bucharest, 2nd district
Commercial Register no. J40/11098/2022
fiscal code 46285623
E-mail: dataprotection@diconium.com
Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)
- Purchase and implementation of support services for the fulfillment of business purposes (Art. 6 Sect. 1 f GDPR)
- Fulfillment of legal obligations (Art. 6 Sect. 1 GDPR)
- Delivery of informational materials (Art. 6 Sect. 1 f GDPR)
- Interests of the person responsible when weighing the parties’ interests (Art. 13 Sect. 1 d GDPR)
- Assertion of legal claims and defense in legal disputes
- Guarantee of the company’s IT security and IT operations
- Prevention of crime
- Measures for business management and further development of services and products.
Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)
Government agencies, banks, financial auditors, affiliated companies, disposal service providers, credit reporting agencies.
Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)
No data shall be transmitted to non-EU countries.
Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)
As a rule, personal data shall be deleted within three years after termination of the business relationship, unless a longer statutory retention period applies in exceptional cases or if a person affected revokes consent.
Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)
As the data subject you have the right at any time to access, correct and delete your data and to limit handling as well as a right to data transferring. Please contact the responsible party at the contact information provided below.
Right to object (Art. 21. Sect. 1 GDPR)
If your information is being processed to protect legitimate interests, you have the right to object to such processing at any time by getting in touch with us at the contact information provided, if your special situation gives rise to grounds that are in conflict with such data processing. In this case, we shall seize to conduct this type of processing unless it serves more prominent protection-worthy interests at our end.
Right to file a complaint (Art. 13 Sect. 2 d GDPR)
As the data subject, you have the right to file complaints at any time with the competent Romanian data protection authority (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) under https://www.dataprotection.ro/.
Existence of a requirement to provide personal data (Art. 13 Sect. 2 e GDPR)
The collected data are required for entering into and managing the contractual relationship. When data is not provided it is not possible to conclude and carry out the contractual relationship.
C. INFORMATION REQUIREMENTS ON THE USE OF MICROSOFT 365
Our handling of your data and your rights – Information according to Articles 13 & 14 of the General Data Protection Regulation (GDPR)
These information requirements inform you how data is processed when data processing is carried out via our Microsoft Tenant. For more information about data processing by Microsoft or about the cookies set by Microsoft, please refer to Microsoft’s privacy policy.
Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)
diconium romania S.R.L.
8-10 Str. Tudor Arghezi St, TOF 111, 1st floor, Bucharest, 2nd district
Commercial Register no. J40/11098/2022
Fiscal code 46285623
E-mail: dataprotection diconium.com
We use Microsoft Teams to make phone calls, video conferences, or share data and information with you as a guest.
- Phone calls (Art. 6 para.1 f GDPR)
If you call or are called by our landline number, it will be logged as an itemized bill in Microsoft Teams. Users can see their phone number in full in their call history. Administrators can only view their phone number anonymously in the itemized bills. At least the last 4 digits of the phone number are not displayed.
If the call is from or to a Microsoft Teams account, the Microsoft Teams username is documented in the itemized bill.
Administrative itemized bills are stored for 30 days and then deleted.
Data processing is done for the interest of providing telephone services and to prevent track security incidents, misuse of telephone lines as well as excessive operational costs.
- Video conference (Art. 6 para. 1 f GDPR)
If you participate in a videoconference by telephone, the data is processed as described in point 1. If you participate in the video conference via the Teams applications or via browser, your video signal, your audio signal and your IP address will be processed, depending on what you enable. In addition, an administrative connection log is created. If you participate in a video conference with a registered Teams account, your username will be logged. Guest users are logged as Anonymous participants. The log records the duration of your participation, as well as the connection quality.
The connection log is deleted after 30 days.
The data processing is done in the interest of providing video conferencing and to be able to trace to be able to track security incidents.
Participation in video conferences is voluntary. In addition, participants decide for themselves whether to transmit their audio or video signal.
- Recording of video conference (Art. 6 para. 1 a GDPR)
In individual cases, it may be necessary to record video conferences. In this case, you will already be informed of this when you receive the invitation. You will also be informed again before the recording starts. Microsoft Teams also informs you once again via a pop-up window or, in the case of telephone participants, via a voice message, that a recording has been started.
Participation in appointments that are recorded is voluntary. With your participation and prior information, you implicitly consent to the recording. You can object to the recording at any time without stating a reason for the future by leaving the conference or by declaring your objection via the contact details provided above.
As a matter of principle, recordings will only be made available to the participants who were scheduled to attend the conference. Publication will only take place with the express separate consent of the persons reproduced in the recording by image or sound.
The team screen view and the audio output and input of the person who started the recording will be recorded. This includes audio and video signals as well as the user names and abbreviations specified in teams. If a screen transmission of a participant takes place, this is also recorded.
- Teams channels and chats (Art. 6 para. 1 f GDPR)
If you chat with us via teams, the content you provide, such as files and voice messages, will be stored for the purpose of processing your request or order. Channel messages, group chats or chats in conferences are visible to all participants as long as you do not write to certain persons via private messages. 1 to 1 chats are only visible to the persons involved in the communication.
Chat messages are deleted after 3 years.
- MS Forms
Surveys are partly implemented with Microsoft Forms. Surveys can be created digitally using Microsoft Forms and completed via a link.
Surveys are basically anonymous and no data of the data subject is requested or processed by the data controller. However, it cannot be ruled out that personal information will be provided in the responses. The information is processed on the basis of the company’s interest (Art. 6 para. 1 f GDPR) in the truthful reflection of the survey results. The information is stored until the survey is evaluated and then deleted. As a matter of principle, the data will not be transferred to third parties.
If surveys are not conducted anonymously or data is passed on to third parties, you will be informed of this before the start of the survey and your consent (Art. 6 para. 1 a GDPR) will be obtained.
Participation in surveys is voluntary. You can refuse participation at any time without giving a reason. If you have participated in a personal survey, you can withdraw your consent at any time without giving a reason for the future by contacting us at the above contact details.
When using Microsoft Forms, Microsoft sets cookies in order to conduct the survey on our behalf:
| Cookie | Storage time |
| MUID | 1 Year |
| FormsWebSessionId | 1 Month |
| usenewauthrollout | 1 Month |
| DcLcid | 3 Month |
| __RequestVerificationToken | With closing the browser |
| MicrosoftApplications TelemetryDeviceId |
1 Year |
| ai_session | 30 Minutes |
| MSFPC | 1 Year |
| SRM_B | 1 Year |
| MC1 | 1 Year |
| MS0 | 30 Minutes |
In order to provide the MS Forms surveys, Microsoft also collects your IP address and information about your browser and operating system in order to provide the web content. This information may be used in web logging for web application security and is stored by Microsoft for 180 days.
- Encrypted E-Mails (Art. 6 para. 1 f GDPR)
If you receive encrypted emails with Microsoft’s proprietary message encryption and you do not use MS 365 for your emails, you can view the message online. To do this, you will receive a link via email that you can use to start the retrieval. If you call the web content, a one-time password will be sent to you by e-mail, with which you can verify yourself. After verification, the email content is available to you. You can also return protected messages to the sender.
To provide online content, Microsoft processes your IP address and information about your browser and operating system. This information may be included in web logging for web application security and is stored by Microsoft for 180 days.
If you call up content via your web browser, the following cookies are also set:
| Cookie | Storage time |
| X-E4E-CorrelationId | With closing the browser |
| X-AnonResource | With closing the browser |
| ClientId | 1 Year |
| X-OmeVersion | With closing the browser |
| X-ConsumerEncryption | With closing the browser |
| X-CfmRecipientAddress | With closing the browser |
| E4EAnchorMailbox | With closing the browser |
| X-RecipientEmailAddress | With closing the browser |
| X-SenderEmailAddress | With closing the browser |
| X-SenderOrganization | With closing the browser |
| X-MessageId | With closing the browser |
| X-StoreObjectId | With closing the browser |
| X-RecipientPrimarySmtp | With closing the browser |
| X-OTPItemId | With closing the browser |
| X-SenderExternalOrganizationId | With closing the browser |
- Data Processing in Office Online (Art. 6 para. 1 f GDPR)
If documents are shared with you in Office Online (Word, Excel, PowerPoint, etc.), you can edit or comment on these documents depending on the rights assigned. To provide Office Online, Microsoft collects your IP address and information about your browser and operating system to provide the web content. This information may be used in web logging for web application security and is stored by Microsoft for 180 days.
If you are not logged in to Microsoft when you access content, any changes or comments you make to the content will be logged as “Guest User”. If you are logged in to Microsoft, changes and comments are associated with your user name.
If you access content through your web browser, the following cookies are also set:
| Cookie | Storage time |
| MSPRequ | With closing the browser |
| MSCC | 1 Year |
| OParams | With closing the browser |
| MSPOK | With closing the browser |
| FedAuth | With closing the browser |
| KillSwitchOverrides _enableKillSwitches |
With closing the browser |
| KillSwitchOverrides _disableKillSwitches |
With closing the browser |
| WordWacDataCenter | 6 Month |
| WacDataCenter | 6 Month |
| uaid | With closing the browser |
| WacUPToggleState | 1 Year |
| PrivNote | 1 Year |
| timeZoneId | 1 Year |
| PNL1-ARRAffinity | With closing the browser |
| DcLcid | 3 Month |
| DE5-Excel-ARRAffinity | With closing the browser |
| DE5-ARRAffinity | With closing the browser |
| ShCLSessionID | With closing the browser |
| PageLoadSkeletonState | 1 Year |
| ExcelIsPreviousSession SimplifiedRibbonOn |
1 Year |
| ExcelWacDataCenter | 6 Month |
| BIGipCookie | With closing the browser |
| PowerPointWacDataCenter | 6 Month |
| VisioWacDataCenter | 6 Month |
| RpsContextCookie | 1 Tag |
| OneNoteWacDataCenter | 6 Month |
- Guest Access (Art. 6 para. 1 f GDPR)
People who collaborate with us more often can get a guest account. To create a guest account, their name, their email address or an email address assigned by us, and their username will be processed to grant them access to shared Microsoft 365 resources (Teams, SharePoint, OneDrive, etc.).
Access attempts to Microsoft 365 are logged. Likewise, the use of the services, as well as the use of data and files is logged, indicating their username and the time of modification. Likewise, data are processed that they enter in the context of the use in the services.
The data processing is based on the interest to fulfill the common tasks and orders.
As a guest you can also store a profile picture. The depositing of a profile picture takes place voluntarily without the instigation of the responsible person. By depositing your profile picture, you consent to the data processing (Art. 6 para. 1 a GDPR). You can revoke your consent at any time by deleting or replacing the profile picture, or by sending your revocation to the contact details provided above.
If you participate in Teams conferences with your guest account, further connection data will be collected. In particular, data will be collected on the end devices you use (device type, device name, operating system, camera, speakers, graphics card, network card) and on your network connection (IP address).
Data linked to your profile will be completely removed from Microsoft 90 days after deletion of the profile.
- Who Gets Access to This Data?
We use Microsoft 365 to digitize and simplify communication with you. In principle, only persons involved in the communication will have access to the data. If it is necessary for the fulfillment of our tasks, other persons, affiliated companies or service providers required to process your requests in individual cases may also be involved.
To maintain IT operations and for security incidents, it may also be necessary for affiliated companies, IT maintenance, support service providers or IT security experts to have access to the data.
In addition, Microsoft has access to your data to maintain service, ensure security, and provide support in the event of problems. Access by the service provider is limited to the minimum necessary. The employees are bound to confidentiality and extensive technical and organizational measures have been taken to protect your data. The data transfer takes place on the basis of commissioned processing (Article 28 GDPR).
Is Data Transferred to a Third Country or to an International Organization?
The data processing is carried out with the help of cloud systems of Microsoft Ireland Operations Limited. Data storage takes place within the EU. If problems arise during data processing, it may be necessary to call on the support of other Microsoft companies and service providers, which may be located in different third countries. In this case, it cannot be ruled out that the support will gain access to the personal data in order to rectify the problem. In this case, a standard EU contract has been concluded which regulates the security and handling of personal data in accordance with data protection requirements.
Right to information, correction, deletion, restriction, data transferability and objection (Art. 13 Sect. 2 b GDPR)
As the data subject, you have the right to at any time receive information, have your data corrected or deleted and to have its processing restricted as well as a right to data transferability. Please contact the person responsible at the contact data provided below.
Right of revoke
If you have consented to the processing of your data, you have the right to revoke this consent at any time for the future. The lawfulness of the processing until the revocation is not affected by this. To do so, please contact the responsible office using the contact details provided.
Right of complaint
As the data subject, you have the right to file complaint at any time with the competent Romanian data protection authority (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) under https://www.dataprotection.ro/.
If you have data protection related questions or want to know more about our data protection policies, please contact our responsible person under dataprotection@diconium.com or visit our data privacy page.