Policy on the protection and processing of personal data

Introduction
This policy explains the practices of the Professional Consulting Group (consisting of the companies Professional Consulting, Expert Accounting, Audit Consulting), hereinafter referred to as PC, regarding the application of the GDPR provisions, as well as the rights you enjoy regarding how information could be processed by to PC.

Starting with 25 May 2018, GDPR (General Data Protection Regulation) applies throughout the European Union.

For PC, the protection of your data is particularly important, which is why we safely manage all personal data provided to us by you or your employer. PC uses the data obtained to fulfill its object of activity to you or your employer (providing tax consultancy, audit, accounting, etc.), including for issuing invoices, various offers or if you apply for a job through the site dedicated to PC.

The protection of personal data received from you is very important to us, which is why we pay great attention to protecting the privacy of all persons who have made their data available to us by participating in courses organized by us, of the persons who send us personal data in order to process a request, as well as those whose personal data has been provided to us by a third party.

We comply exactly with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals.

Our company may collect the following personal information:
– First and last name
– nationality
– profession
– address or residence;
– contact information, including e-mail and telephone number;
– Personal Identification Number;
– information relevant to the presentation of our services to you.

The processing of personal data can only be done if the data subject has given his/her express and unequivocal consent.
If you have any questions in respect of this Privacy Policy regarding the collection and processing of personal data, please contact office@profcons.ro.

What data is covered?
In this privacy statement, “personal data” means any information about a natural person that can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location or an online identifier. Personal data also refers to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.

Your rights in terms of personal data
You have the following rights in connection with your personal data:
The right to access personal data held by PC with regard to you
The right to obtain rectification of your personal data, for example if it is incomplete or incorrect
The right to choose at any time not to receive professional information from PC
The right to restrict or oppose the processing of personal data or to request its deletion (under certain conditions and in accordance with the relevant legislation)
The right to receive a copy of the personal data you have provided to the PC in a structured, commonly used and readable format (known as “data portability”) (under certain conditions and in accordance with incident legislation)
If you have provided personal data voluntarily or have given your consent in any other way, the right to withdraw your consent
Right to lodge a complaint with an authority for the supervision of data protection (see “Complaints” section)
If you have a question or want to exercise your rights, please contact PC at office@profcons.ro.

Complaints
If you have concerns about an alleged breach by the PC of data privacy legislation or any other regulations, you can contact PC at the address: Craiova, A.I. Cuza Street, No. 42, bl. 6A, ap. 14, Dolj County or by email, at office@profcons.ro. A designated PC representative will investigate your complaint and provide you with information on how it will be handled.
You also have the right to lodge a complaint with the data protection supervisory authority in your country or to bring a legal action before the court with territorial jurisdiction or with the court provided for in any applicable employment contract concluded with PC.

Customers
When you hire us to provide you with professional services, we collect and use personal data if we have a legitimate interest in doing so in connection with those services.
In the context of providing professional services to its customers, PC also processes personal data of persons who are not our customers directly (for example, employees, customers or suppliers of our customers).
Most of the personal data we collect and use to provide services is provided voluntarily by our customers (or is collected by us from third party sources at the request of our customers). This information may include:
Basic information such as your name, the company you work for, your position, and your relationship with a person
Contract information such as mailing address, email address and phone numbers
Financial information, such as payment information
Any other personal data about you or other third parties that you provide to us in order to benefit from our services
We use this information:
To provide you with services
To manage our relationship and maintain contractual relationships
For accounting and tax purposes
For marketing and business development purposes
To comply with our legal and regulatory obligations
To ascertain, exercise or defend rights in court
Given the diversity of services we provide, we process many categories of personal data. Below you can consult (non-exhaustive) examples of personal data categories related to some main services we offer:

Auditing services
As part of the provision of auditing services, we process information that contains personal data, such as payroll, administrative records and other documents related to the activities of the audit customer and of any companies within the Group. Examples of categories of personal data that is processed are as follows:
Contact information such as name, address, phone numbers and email address
Employment contract information, such as registration number, department, position and date of commencement of the employment contract
Data on health status and absences, e.g., medical certificates and information on sick leave, annual leave or parental leave
Personal Identification Number
Information on financial conditions, salary details and other allowances
Information on social security and pensions
Other categories of personal data required for the conduct of the audit in accordance with audit best practices.

Consultancy and accounting services
Examples of categories of personal data processed by PC teams are as follows:
Personal information about the customer natural person and his/her family members, including names, addresses, contact information, birth dates and tax identification codes, including personal numbers and email addresses
Personal information about the delegates of the customer natural person, including names, contact information and email addresses
Tax returns: obligations, date of preparation and filing date and comments on tax returns
Data on amounts to be compensated and taxes paid
Working documents used to edit customer information obtained from organizers or other means; data on remuneration from employers; source of income from secondments and travel calendar data
Information on current, past and future travels of the person, including the localities visited and the job activities that took place in each locality
Documents such as tax returns, letters of delegation, immigration documents, requests for inspection by tax authorities and official and personal documents (birth certificates, marriage certificates, documents and diplomas and copies of passports)
Questionnaires on the supervisory role of financial reporting, indicating the status of the employee, the employer and the job description
Company-specific information: contact persons for customers – legal entities and division names
Secondment data: details of current working and living conditions, including country and place of secondment, division of the employer bearing the salary and secondment costs
Immigration data: work permit questionnaires, work permit status, copy of the application form, copy of the work permit, copy of the visa, copy of the passport and other immigration documents.

The legal grounds for the processing of personal data of our customers are as follows:
Execution of a contract
Compliance with a legal or regulatory obligation
Our legitimate interest in providing high quality, consistent, flawless services and ensuring the prompt payment of any fees, costs and obligations related to our services
Our legitimate interest in understanding any conflicts of interest or issues related to the legislation on auditor’s independence
Our legitimate interest in protecting PC from inadvertent involvement in transactions with proceeds from illicit activities or in support of any other illicit or fraudulent activities (e.g. acts of terrorism).

Natural persons whose personal data we obtain in connection with the provision of services to our customers
Within the professional services provided to its customers, PC processes personal data of inatural persons with whom it has no direct relationship (contractual or otherwise). For example, if we are conducting a statutory audit, the audit team must audit the customer’s records, which may include salary information about the customer’s employees, supplier data, financial management information, legal proceedings data, and complainants. Another example: if we conduct a due diligence analysis for the benefit of a customer regarding a purchase, PC obtains personal data targeting the employees, management and customers of the company that is the subject of the purchase.
We ask customers to confirm that they have the authority to provide us with personal data in connection with the execution of the services and that any personal data they provide to us has been processed in accordance with applicable law.
The legal grounds for the processing of personal data of natural persons whose personal data we obtain in connection with the provision of services to our customers are as follows:
Compliance with a legal or regulatory obligation
Our legitimate interest in ensuring the provision of high quality, consistent and flawless services to our customers worldwide.

Contact persons in the relation with customers
We process personal data regarding the contact persons in relation with the customers (existing and potential customers and natural persons employed within the respective customers or associated with them and other contact persons for business purposes. The contact persons, designated by the customer for the relation with PC, receive informative materials made by PC, questionnaires and invitations to events/seminars.
We process the following categories of personal data:
Name, job title, address, email address, telephone and fax number
Name of the employer or organization with which the natural person is associated
Marketing preferences
Responses to invitations and confirmations regarding participation in events.
We do not intentionally collect data from sensitive categories, unless you provide us with such data if you participate in one of our events.
The data of contact persons for job purposes who have not actively interacted with PC in the last 18 months is deleted from our system. If you opted not to receive PC communications in the future, your basic contact information will remain on our list of people who have opted not to receice communications.
The legal grounds for the processing of personal data of the contact persons for job purposes are as follows:
Explicit consent of the contact person for job purposes
Our legitimate interest in managing the relationship with the contact persons for job purposes and in providing information about e PC, about our services and the events we organize.

Participants in PC events and seminars
We process personal data regarding participants in events and seminars organized by PC.
In our event management processes, we process the following personal data (but only to the extent necessary for a particular event):
Name:
Information about the customer’s personnel (information about the home address, the registered office address s and information about the activity carried out)
Customer information (information about home address, registered office address and information bout the activity carried out)
Email address
Gender
Home address or other postal address
Employer name
Occupation (job title)
Phone or fax numbers
We do not intentionally collect data from sensitive categories, unless you provide us with such data.
Participants in PC events held outside the premises must bring a photo ID in order to identify themselves in order to protect our persons, property and information and to prevent unauthorized persons from accessing PC events organized outside the premises.
PC can take photos and audio or video recordings in public areas during PC events. We use these records in our marketing materials. The images and voices of the participants are recorded. Records are edited, copied, displayed, published or distributed.
The legal grounds for processing the personal data of the participants are as follows:
Explicit consent of the participant
Our legitimate interest in organizing events and managing the registration process.
Our legitimate interest to protect our employees, property and information and to prevent unauthorized persons from accessing PC events held outside the premises.
Our legitimate interest in providing information about PC, about our services and the events we organize.

Social media platforms
PC uses various social media platforms, for example for recruitment or marketing purposes. We use social media platforms to give you easy access to relevant information about PC employment opportunities and the events we organize, as well as to promote our services and image.
Although PC is responsible for the content it publishes through social media platforms, PC is not responsible for the administration of social media platforms (such as the creation of usage statistics or the placement of cookies). When you use these social media platforms, you are required to comply with the legal and privacy requirements imposed by the providers of social media platforms. These providers collect personal data about you, including statistical and analytical data about your use of social media platforms, such as a general list of pages you’ve visited, likes, recent hits, posts you post or find interesting. If you wish to access such data or to invoke one of your other rights (such as your right to object to the processing of your data), you must contact the provider of the social media platform. Some social media providers provide PC with aggregate data that is relevant to our pages, such as the number of likes generated by our content or the number of posts, visitors to our pages, photos that are downloaded, or links accessed.

 

Social media platform plugins (such as like and share buttons)
On our website, we insert the so-called plugins of social media platforms. When you visit a page that displays one or more such buttons, your browser establishes a direct connection to that social network server and loads the button there. At the same time, the provider of the social media platform knows that the respective page on our website has been visited. We have no influence on the data that social media platform providers collect through buttons. If you want to prevent this, you need to log out of your social media accounts before visiting our site. Social media providers also set cookies, unless you have disabled the acceptance and storage of cookies in your browser settings.

Facebook plugins
Our website contains plugins for the social network Facebook. Facebook plugins can be recognized by the Facebook logo or by the like buttons on our websites.
When you visit our website, a direct connection is established between your browser and the Facebook server through the plugin. This allows Facebook to receive information that you have visited our website from your IP address. If you click the Facebook “like” button while logged in to your Facebook account, you can share the content of our website on your Facebook profile. This allows Facebook to associate visits to our website with your user account. If you are not logged in to your Facebook account, when you click the Facebook button, the Facebook login page will appear where you need to enter your login information. Please note that we do not know the content of the data transmitted to Facebook or how Facebook uses this data.
The legal grounds for the processing of personal data of visitors to our pages on social platforms and for the use of plugins and tools of social platforms are as follows:
Our legitimate interest in promoting PC services and image
Our legitimate interest in attracting, identifying and hiring human resources with specialized skills
Our legitimate interest is to improve your experience on our website and to optimize our services
Natural persons who communicate with PC by email
PC uses a variety of tools to maintain the security of our IT infrastructure, including our email services. Examples of such tools include:
Systems that scan emails received by PC recipients to identify suspicious attachments and URLs to prevent malware attacks
Tools that ensure the detection of threats to terminals address to identify malicious attacks
Tools that block certain content or sites
If you communicate with a PC recipient by email, your emails are scanned by PC-operated tools to maintain the security of your IT infrastructure, which could lead to content being read by authorized PC users other than the intended recipient.
Legal grounds for processing personal data of natural persons who communicate with PC by email:
Our legitimate interest in protecting our IT infrastructure against unauthorized access or data leakage
Our legitimate interest in analyzing email traffic. 

Job candidates
We collect information from and about candidates about the employment opportunities available within PC. In general, the data we collect about candidates for our jobs includes CVs, identity documents, study documents, employment history, information about previous jobs and references.
We use your personal data to harmonize your skills, experience and studies with the specific positions offered by PC. This information is passed on to the people involved in the recruitment process, to decide whether to invite you to an interview. PC also collects other information if you are invited in the interview stage (or equivalent stage) and in the subsequent stages. This information includes also the interview notes, the evaluation results, the feedback and the offer details.
PC collects personal data about candidates (“you”) from the following sources:
Directly from you: for example, information you provided when you applied for a position directly through PC career website
From recruitment agencies: for example, when a recruitment agency that has information about you contacts us to nominate you as a potential candidate;
Through publicly available sources online: for example, if you have a professional profile posted online (such as on your current employer’s website or on a professional social networking site, such as LinkedIn)
By recommendation: for example, by a recommendation from a former employee or employer or from a person you nominated for references
The legal grounds for the processing of personal data of candidates at our jobs are as follows:
Explicit consent of the candidate
Our legitimate interest in attracting, identifying and hiring human resources with specialized skills
Our legitimate interest in processing and managing applications for PC posts, including the triage and selection of candidates
Our legitimate interest in recruiting and hiring candidates by proposing an offer to admitted employees and by conducting pre-employment checks for selection
Our legitimate interest in managing our career websites (including carrying out statistical analysis)
Compliance with a legal or regulatory obligation (when performing background checks to determine if a candidate is eligible for the position)

Suppliers
We process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and contractors) in order to manage our relationship and contract and to benefit from services from our suppliers.
The personal data we process is generally limited to contact information (name, employer name, telephone number, email address and other contact information) and financial information (payment information).
The legal grounds for the processing of personal data of our suppliers are as follows:
Execution of a contract
Compliance with a legal or regulatory obligation
Our legitimate interest in managing payments, fees and charges and collecting and recovering money owed to PC
Our legitimate interest in understanding any conflicts of interest or issues related to the legislation on auditor’s independence
Our legitimate interest in protecting PC from inadvertent involvement in transactions with proceeds from illicit activities or in support of any other illicit or fraudulent activities (e.g. acts of terrorism).
For more information on the processing of personal data you can consult the website of the National Authority for the Supervision of Personal Data Processing at www.dataprotection.ro.