Privacy policy

Privacy Policy regarding the processing of personal data

In this section we inform you about how we process your personal data and about the rights you have under Regulation (EU) 679/2016 – General Data Protection Regulation (GDPR), the applicable legislation as well as any other decisions that the National Supervisory Authority for Personal Data Processing (ANSPDCP) may issue regarding the protection of personal data.

We reserve the right to periodically update this Privacy Policy to reflect as accurately as possible any changes in the way we process your personal data. If we make changes, we will post the amended version of the Privacy Policy on our website, so please check the content of this Privacy Policy periodically.

 

About us and how to contact us

ANDREEA LUPU MANAGEMENT CONSULTING SRL is a legal entity of Romanian nationality, established as a limited liability company with registered office in Bucharest, Sector 3, 6-8 Corneliu Coposu Blvd., Unirii View Building, 2nd Floor, ResCo-Work05 Office. For the purposes of the provisions of Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”, we are a personal data controller when processing your personal data.

The contact details of the Data Protection Officer are:

Address: Bucharest, Sector 3, 6-8 Corneliu Coposu Blvd., Unirii View Building, 2nd Floor, ResCo-Work05 Office.

E-mail: contact@lupu-consulting.com

 

What categories of personal data we process

We collect your personal data directly from you so that we can give you control over the type of information you give us and the purpose of the information.

We collect and process your personal data in the following situations:

  • If you contact us directly, by phone, email or via the lupu-consulting.com website to find out and request information about our services;
  • If you become a partner by concluding a service contract with us;
  • If you become a subject in our services offered to companies, services that fall within the scope of workforce management services.
  • If you respond to our direct marketing campaigns or by entering your details online on our website in the CONTACT section;
  • If you visit our website lupu-consulting.com
  • If other business partners transfer your personal data to us with your consent;

In order to fulfil the purposes defined below, we process both personal data provided directly by you or obtained in one of the ways mentioned above as well as other personal data, such as those generated within an existing business relationship.

The personal data we process may be:

  • Contact data: first and last name, initials, address, telephone numbers, email address;
  • Other personal data: date of birth, driver’s license data, income data, name of the company where you are employed, job title, ID card data, facial image, etc.
  • Personal data related to IT activity: information about the devices you use to access our website, how you use our website, including information collected through cookies and other tracking technologies
  • Data about your profile and activity within the employer’s organisation (including: satisfaction rates, outcome of assessments etc.) where you will be a subject of our workforce management services to companies
  • Personal professional data: information about your professional background.

What are the purposes and grounds for processing

We will process your personal data for the following purposes:

For the initiation or execution of a contract

We process your personal data in order to initiate or execute a service contract, such as:

  • processing of contact data (name, surname, email, telephone, city, etc.) when concluding service contracts.
  • the processing of your contact data (first name, surname) and data about your profile and activity within the employer’s organisation, in connection with the provision of workforce management services, personnel assessment services, and other related services covered by contracts concluded with clients in the professional category.

For the fulfilment of legal obligations

For the fulfilment of our legal obligations personal data may be processed and: on the occasion of the preparation of financial-accounting statements, in accordance with tax legislation; on the occasion of conducting internal audit, external audit or financial audit; on the occasion of fulfilling reporting obligations to state institutions and authorities, in accordance with specific applicable legislation, including for the performance of activities related to the authorities’ controls, in accordance with the regulations in force and/or in response to requests from the authorities, on the occasion of ensuring data security measures in the systems (including storage of databases and back-up databases) as well as for the preservation, storage and archiving of documents as well as the security of physical documents in our own premises.

For marketing purposes – exclusively based on express consent.

We want to keep you informed about all campaigns, projects and services offered. To this end, we may send you any type of message via e-mail containing general and thematic information on the projects we organise and all the services we offer. We always ensure that these processing operations are carried out with respect for your rights and freedoms. We base our communications on your prior consent. You can change your mind in this regard and withdraw your consent at any time by:

  • sending an e-mail containing your request to contact@lupu-consulting.com;
  • contacting the Operator using the contact details.

To defend our legitimate interests

There may be situations where we use or transmit information to protect our rights and business. These may include:

  • Measures to protect the website from cyber attacks;
  • Measures to prevent and detect data security incidents, including the transmission of information to the relevant public authorities;
  • Measures to manage various other risks arising in the processing of personal data.

The general basis for these types of processing is our legitimate interest in safeguarding our business, it being understood that we ensure that any measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

 

How long we keep your personal data

We will only keep your data for as long as necessary to fulfil the purpose for which it was collected and for any other related purposes permitted by law (for example, where relevant, for defence in the event of litigation). So, if the information is used for two purposes, we will retain it until the purpose with the longer period expires, but it will no longer be used for the purpose with the shorter period once that period has expired.

We will delete your personal data as soon as it is no longer needed for the purposes mentioned above.

Your personal data is stored as long as we have a legal obligation to do so or as long as limitation periods apply.

Retention periods are based on legal requirements and business needs and your personal data that is no longer needed for the purposes mentioned in the paragraph on Purposes and legal basis of processing personal data is securely destroyed or deleted.

 

To whom we pass on your personal data

Your personal data may be transferred to the following entities:

  • Contractual partners: other HR service providers
  • Companies providing services for us, such as IT maintenance and hosting, legal, other external service providers.

To which countries we transfer your personal data

We store and process your personal data through entities located in the European Union, including in countries to which the European Commission has granted an adequate level of personal data protection.

We will always take steps to ensure that any transfer of personal data is carefully managed to protect your rights and interests. Transfers to processors, processors, joint operators or other third parties will always be protected by contractual commitments.

You can contact us at any time, using the contact details given at the end of this section, to find out more about the transfer of your personal data and the safeguards we have put in place in relation to such transfers.

 

How we protect the security of your personal data

Personal data is considered confidential information and is protected by appropriate technical and organisational measures to prevent unauthorised access, unlawful processing or distribution, as well as accidental loss, alteration or destruction.

Our security measures are regularly enhanced in the context of the development of technology, especially in the IT field.

While we cannot guarantee that the transmission of data over the Internet or the web is free from the risks of cyber-attacks, we, our subcontractors and our partners strive to maintain physical, electronic and procedural safeguards to adequately protect information in accordance with applicable data protection requirements. We use, among others, measures such as:

  • strict control of personal access to your data on a “need to know” basis and only for the purpose communicated,
  • storage of strictly confidential data – under the control of specific security measures.
  • the use of IT security systems to prevent unauthorised access, for example by hackers.
  • continuous monitoring of access to IT systems to detect and stop misuse of personal data.

What rights you have

Rights concerned

Description

Access

You can ask us:

  • to confirm whether we process your personal data;
  • to provide you with a copy of this data;
  • provide you with other information about your personal data, such as: what data we hold, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you through this notice.

Correction

You can ask us to rectify or complete inaccurate or incomplete personal data.

We may attempt to verify the accuracy of the data before rectifying it.

Deleting the data

You can ask us to delete your personal data, but only if:

  • they are no longer necessary for the purposes for which they were collected;
  • you have withdrawn your consent (where the processing of the data was based on consent);
  • you exercise your legal right to object to the processing of personal data;
  • your personal data has been unlawfully processed;
  • we have a legal obligation to do so.

Restriction of data processing

You may request restriction of the processing of personal data, but only if:

  • their accuracy is contested (see rectification section), to allow us to verify their accuracy;
  • the processing is unlawful, but you do not want the data to be deleted;
  • they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court;
  • you have exercised your right to object, and verification of whether our rights prevail is ongoing.

Data portability

You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can request that it be “ported” directly to another data controller, but in each case only if:

  • the processing is based on your consent or the conclusion or performance of a contract; and
  • the processing is carried out by automatic means.

Opposition

You may object at any time, for reasons relating to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.

Automatic decision-making

You are not subject to a decision based solely on automated processing of your personal data.

Complaints

In the event of an incident relating to the processing of your personal data you have the possibility to register a complaint with the supervisory authority.

In Romania, the contact details of the data protection supervisory authority are as follows:

National Supervisory Authority for Personal Data Processing

B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Telephone: +40.318.059.211 or +40.318.059.212;

E-mail: anspdcp@dataprotection.ro

Before contacting the supervisory authority, without affecting your petition rights, please contact us in advance. We will make every effort to resolve any issues amicably.  

Last updated on 11.02.2025