Privacy Policy

1. General Presentation

1.1. Introduction

NEWGEN Solutions SRL as a personal data operator processes personal data relating to the natural persons with whom they interact for the stated purpose. This may represent data relating to customers, suppliers, business contacts, employees, and other persons with whom the company has entered into a contract or with whom it is in a relationship: identification data (name and surname, series/CI no./passport, CNP), contact data (postal and e-mail addresses, telephone numbers), studies, position held.

This policy describes how personal data must be collected, used, and stored in order to be consistent with the company’s data protection standards – and also meet the condition of legality. This control applies to all systems, people, and processes that make up the organisation’s IT systems, including board members, directors, employees, suppliers, and other third parties who have access to NEWGEN Solutions SRL’s systems.

1.2. Existence of the policy

This data protection policy ensures within NEWGEN Solutions SRL:

• Compliance with the legal requirements at European and national level regarding the protection of applicable personal data and good practices in this field;
• Protection of the rights of the persons concerned: for example, partners, customers, employees/collaborators;
• How to store and process personal data collected directly or from third parties;
• Protection of the company from possible risks related to the violation of data security;
• Increasing the degree of trust of the external environment in relation to NEWGEN Solutions SRL.

1.2.1. The legislation regarding the protection of personal data

Regulation (EU) no. 679/2016 describes how companies – including NEWGEN Solutions SRL – must process personal data. Significant fines are applicable if a breach is deemed to have been enacted under the GDPR Regulation, which is designed to protect data of European Union citizens.

These rules apply regardless of whether the data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used correctly, stored securely, and not allowed to be used illegally.

Regulation (EU) no. 2016/679 transposes the fundamental principles on the basis of which data processing is permitted, with companies having the obligation that the personal data they collect:

1. To be processed legally, fairly, and transparently towards the data subject (“lawfulness, fairness, and transparency”);
2. Be collected for specific, explicit, and legitimate purposes and are not subsequently processed in a way incompatible with these purposes (“purpose limitation”);
3. Be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
4. To be accurate and, if necessary, to be updated; all necessary steps must be taken to ensure that personal data that is inaccurate, having regards to the purposes for which it is processed, is deleted or rectified without delay (“accuracy”);
5. Not to be kept longer than necessary (“storage limitation”);
6. To be processed in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing, against accidental loss, destruction, or damage by taking appropriate technical or organizational measures (“integrity and confidentiality”);
7. To be processed in accordance with the rights of the persons concerned;
8. Not to be transferred outside the European Economic Area unless the territory/country where they are to be transferred ensures an adequate level of personal data protection.

1.2.2. Definitions

The GDPR’s definition of Personal data is broad:

Personal data = any information relating to an identified or identifiable natural person.

In order to make a correct interpretation of this definition policy, it is necessary to know the fundamental terms in the field of data protection:

• Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
• Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
• Controller means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

1.3. Principles regarding the processing of personal data

Regulation (EU) No. 2016/679 transposes the fundamental principles on the basis of which data processing is permitted, with companies having the obligation to process personal data under certain conditions.

In order to comply with the applicable legislative framework, the personal data within NEWGEN Solutions SRL are:

• Processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency’);
• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
• Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
• Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

We will always make all necessary efforts to ensure that we comply with all these principles both in the current processing process and as part of the introduction of new processing processes and as part of the introduction of new processing methods, such as possible new IT systems.

1.4. The rights of the data subject

The data subject has several rights under the GDPR Regulation. They consist of:

• The right to withdraw consent;
• The right to information;
• The right of access;
• The right to rectification;
• The right to delete data (“the right to be forgotten”);
• The right to restrict processing;
• The right to data portability;
• The right to object to processing;
• The right not to be the subject of a decision based exclusively on automatic processing, including the creation of profiles;
• The right to submit a complaint to the Authority;
• The right to apply to justice.

Each of these rights is supported by appropriate forms in NEWGEN Solutions SRL that allow the necessary action to be taken within the terms established by the GDPR Regulation.

Data subjects can exercise some of the above rights by e-mail addressed to the data operator at office@workflowtime.com. Applications will be exempt from any fee. The operator will be obliged to provide an answer within a maximum of one month and, in certain exceptional cases, within two months after receiving the request.

We will always verify the identity of any data subject who addresses us with a request regarding their data processed by us. In order to respond to requests and allow the exercise of rights, the legal department or external legal consultants will have a say on the merits of the request.

1.5. Basis of processing

Processing of personal data at NEWGEN Solutions SRL is based on the following legal grounds contained in Regulation (EU) 679/2016:

1. Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
2. Processing is necessary for compliance with a legal obligation to which the controller is subject;

The personal data collected and processed are necessary to conclude or execute a contract with the data subject in which case their explicit consent is not required. This is because the contract cannot be concluded without the personal data in question; for example, an appointment cannot be made without a telephone number where the customer can be contacted.

Given that personal data must be collected and processed by us in order to comply with the law, explicit consent is not required. This may be applicable to certain employment and taxation data, for example.

1.6. Purposes of processing

As part of our professional activity, we process personal data to implement the company’s object of activity – the sale of specific company products.

We also process personal data to honour the legal obligations that regulate our field of activity, such as the Civil Code, the Fiscal Code, and the Labour Code.

2. Policy Applicability Limits

2.1. The scope of the policy

This policy applies to:

• Offices of NEWGEN Solutions SRL;
• All departments of NEWGEN Solutions SRL;
• All the staff and volunteers of NEWGEN Solutions SRL;
• All contractors, suppliers, and other persons working on behalf of NEWGEN Solutions SRL.

It applies to all data that the company holds in relation to identifiable natural persons.

The categories of personal data processed are those that you provide when filling out the contact form. This data includes: name, email address, and telephone number.

In addition to providing products from the electrotechnical industry, we reserve the right to process personal data for marketing purposes. To update you on the latest news related to the products of NEWGEN Solutions SRL.

2.2. Risks

This policy helps protect NEWGEN Solutions SRL from real security risks including:

• Violations of confidentiality;
• Damage to reputation. For example, the company could be harmed if this data were obtained by interested parties from the inside through a security breach.

3. Data Storage

These rules describe how and where personal data should be stored. When data is stored on paper it should be kept in a secure place where unauthorized persons cannot gain access. These instructions also apply to data that is normally stored electronically but has been printed for some reason:

• Papers or files should be kept in a closed place or in a closed drawer;
• Employees should ensure that paper or printouts are not left with unauthorized people who may see them, such as on the printer;
• Prints should be destroyed when no longer needed.

When data is stored electronically it must be protected from unauthorized access, accidental deletion, or intentional hacking attacks:

• Data should be protected by strong passwords that are changed regularly and never shared between employees while sensitive data should be encrypted;
• When data is stored on removable media (such as CD, DVD) it is kept safe when not in use;
• Data will only be stored on dedicated servers or units and should be uploaded to an approved cloud computing service;
• Servers containing personal information should be placed in a safe place away from the general office space;
• Data must be saved directly on laptops and not on other mobile devices such as tablets or smartphones;
• The data has a periodic back-up;
• All servers and computers containing data are protected by Security and firewall software.

4. Use of Data

NEWGEN Solutions SRL does not process personal data on a large scale and neither sensitive data. Even so, we want to keep your data safe. In order to prevent risk situations such as those of corruption or even theft, we have established a series of rules that must be followed when using this data:

• When working with personal data and remaining even for short periods of time unattended, staff ensure that computer screens are closed;
• Personal data is processed at the headquarters and/or at the workplace of our beneficiaries. All documents containing personal data in electronic format, on paper, and on any other storage and transfer medium of personal data are processed/collected/kept/stored/archived/destroyed etc. by the beneficiary under the terms of the law;
• We reduce as much as possible the transmission of personal data by e-mail considering that this way of communication is not secure. As an exception, the only transmission of sensitive data by e-mail is that intended for the person concerned at their express request;
• Sensitive data should be encrypted before being transferred outside the European Economic Area;
• Workers are prohibited from saving personal data on their personal devices;
• Data will be kept in few places; the staff must not create any additional places that are not necessary, such as unnecessary copies;
• Staff are trained to take every opportunity to ensure data is up to date. For example, by confirming some details when the customer calls;
• Data is updated when inaccuracies are discovered. For example, when a customer can no longer be contacted via a phone number, it is recommended to remove them from the database.

5. Disclosure of Data for Other Reasons

In certain circumstances, the law allows personal data to be disclosed to law enforcement without the data subject’s consent.

In these circumstances, NEWGEN Solutions SRL will disclose the necessary data. The data controller will ensure that the request is legitimate, seeking assistance from the company’s legal advisors where necessary.

6. Provisioning of Information

NEWGEN Solutions SRL aims to ensure that the data subjects know how the data is processed, making sure they understand:

• How their data is used;
• How they can exercise their rights.

For this purpose, the company has a Cookies Policy establishing how personal data is used within it.

7. Consequences

Failure to comply with this data Policy by company employees or other external collaborators may lead to disciplinary sanctions (including termination of the employment contract), termination of contracts, and, depending on the circumstances, action in court for the full recovery of damages caused to the organization as a result of failure to comply with this Policy.

When there is suspicion of illegal activities (such as for example the theft of documents, copying, distribution, transfer of databases), the Company will report the criminal activity to law authorities for the prosecution of the perpetrator.

This Policy will be made known by the company’s management to all employees, collaborators, business partners, or other third parties including by publishing it on the company’s website workflowtime.com.