SC ONIUM Design Services SRL takes your privacy extremely serious and respects your rights to personal data protection and privacy. Our Privacy Policy concerns the personal data we collect through our website or other electronic environments (social media, email) as well as those we collect in live interactions (meetings, trade fairs, telephone, interviews or other interactions), also including personal data we might receive through our contractual partners (ex. recruitment agencies).

Please read this Privacy Notice carefully to understand how we handle your personal information. If you don’t agree with our privacy policy, please don’t use our website or don’t send us any of your personal data.

For any questions, requests or suggestions concerning your personal data, the way it is processed or the purpose of processing, please contact us at  dataprotection@onium.ro

1. Who we are

SC ONIUM Design Services SRL is a Romanian based company, with its headquarters in Brasov.

The fact that we process your personal data collected through our website https://www.onium.ro/ (hereinafter “website”, “our website” or similar), as well as through other electronic means of communication (social media, email etc.) or outside the electronic environment, makes us a data controller, in accordance with the terms and definitions set by the (EU) Regulation no. 679/2016 (also known as the “GDPR”), approved by the European Parliament on the 27th of April 2016.

2. Definitions

According to GDPR, the below terms and definitions have the following meaning:

  1. Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular or by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. Data subject: a natural person whose personal data are processed;
  3. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. Controller: any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  5. Processor: any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  6. Consent: means any freely given, specific unambiguous statement or clear affirmative action of the data subject’s intent, by which he or she, signifies its agreement to processing of their personal data.

 3. Personal data categories and their processing

Brief description

How we collect your personal data:

We collect your personal data:

  • Provided by you – personal data that you provide to us through the use of our contact form, on our social media pages, via email, on the telephone or in physical form (name, email address, phone number, other details that you communicate to us)
  • Observed by us – cookies, IP, geographic location, and information you made public on your social media profile which you use to engage with us

[render_cookies_list]

Personal data collected, ways of processing, legal ground and retention period – brief description

Ways in which we collect personal data:

  • Provided by you – we collect personal data that you provide to us by completing contact forms on our social media pages and on our website, by sending them in e-mail to our corporate e-mail addresses, by discussing with us by phone or by filling any other physical (paper based) forms, papers containing your name, e-mail address, phone number, physical address or any other personal data that you choose to share with us;
  • Observed by us – we collect personal data directly via our web presence using cookies, regarding your IP (Internet Protocol) address, geographic location, and all other personal data you chose to make publicly available via your social media profile you are using in order to establish contact with us;

What categories of personal data we are processing and for what purposes?

  • Data obtained from your interaction with our website`s technologies (ex. cookies): IP (Internet Protocol) address, functional cookies, tracking cookies for Google and Facebook, data regarding the device you use to access our website. We process this information to assure the functionality of our website and determine the level of its efficiency, to analyze web traffic and to promote our services in the online environment.
  • Contact information: name, email address and phone number provided are processed by us in order to establish communication and commercial relation with you based on your intent.
  • Data obtained from the content of the messages you send us: we process these data in order to be able to answer to your enquiries and also be able to provide you with accurate information.
  • Data included in your CV (curriculum vitae, resume): name, e-mail address, phone number and other contact information, marital status, age, gender, professional performance and educational path followed are processed by us for the purpose of evaluating your fitness within our job requirements and for having the possibility of getting in contact with you.

What are the legal grounds of our personal data processing?

All personal data processing activities carried out by SC ONIUM Design Services SRL described in this privacy policy have legal grounds in the EU Regulation no. 679/2016 (GDPR).

Data processed based on your consent: we process certain personal data such as profiling data and cookies for online advertising and email addresses for direct marketing purposes;

Data processed based on our legitimate interests: we process certain personal data such as (functional cookies, contact information you provide to us, the content of the messages you send us, data from CV’s we receive) based on our legitimate interests to continuously develop the quality of the services we provide, respond to inquiries we receive and communicate with people interested in our services, sell our products/services and recruit new employees.

What is the retention period of collected personal data?

In order to respect the principle of “storage limitation” set by GDPR, we only store personal data for the periods of time necessary for us to fulfill the purposes for which we collected and processed the personal data and also to respect all the legal obligations we have in this respect.

Do we transfer personal data to 3rd parties?

We may transfer certain personal data to third parties having contractual relation with us, based on that contractual relation and only for the purpose of fulfilling that contractual relation.

We can send personal data to certain categories of third parties in the European Economic Area we have contractual relations with in order to pursue our legitimate interests described in this privacy policy.

We take the necessary steps to verify that our partners handle personal data according to GDPR requirements and implement the necessary technical and organisational measures to protect your personal data.

Third parties we may send personal data to:

  • Web hosting provider
  • Marketing services provider
  • HR services provider

4. Detailed description of the scenarios of our personal data collection:

Visiting our website:

How we can enter in possession of your personal data?

By accessing our website you allow the technologies which contribute to the normal functioning of our website to collect certain personal data of yours; These information make part of the category of data directly observed by us.

What type of personal data we are processing and in what purpose?

Data from your interaction with the website (IP, geographic location data, cookies, data about the type of device used to access the website).

We process these data on the grounds of our legitimate interest in analyzing the audience and improving our website’s structure and content, to improve the relevance of the information we provide and to protect ourselves from cyber attacks and fraud.

We also process analytics and advertising cookies based on consent.

The summary of all types of data processing is:

  • continuous improvement of our services,
  • ensuring the website’s functionality and optimization
  • investigation and resolution of potential fraud or security incidents
  • market analysis and promoting our services online

Why we need your personal data to be disclosed and what happens if you refuse to do so?

  • Data which enables the proper functioning of our website:

Providing these data is mandatory because it allows access to and use of our website. If you did not provide this data, you could not properly access or use the website.

  • Data for website optimization, analytics and advertising:

Providing these data is not mandatory, you can decide whether you want to give your consent in order to process them. In the case you choose not to give us your consent, you will not be able to receive advertising messages from us and we will not be able to analyze the way in which you interact with our website.

To give or retract consent please use the “cookie settings” button on the bottom-right.

What is the retention period of collected personal data?

We do not store cookies. Cookies are stored on your own browser and you can delete them at any time.

The only data we have access for a longer period of time (38 months) is the data Google Analytics provides us about how the visitors which have given consent for analytics cookies have interacted with our website.

Do we transfer personal data to 3rd parties?

The following third parties will be able to access these data: our web hosting provider, Google, Facebook.

The servers on which this data is stored are located within the European Union or are part of Privacy Shield, guaranteeing the handling of personal data according to GDPR standards.

What are the security measures we implemented for avoiding security incidents?

To reduce the risk of security incidents regarding collected personal data, a series of security measures have been implemented:

Limiting access of unauthorized persons to our premises by implementing an access control system;

Complying with all the physical security requirements set by the legislation;

Securing electronic access through: secure servers, password policies, IT security softwares, firewall;

Continuous training of our employees regarding data protection and data privacy obligations and limiting their access to personal data with relevance of their job requirement compliance;

Security measures implemented by third parties are assured by contractual obligations;

Are your personal data used in automatic profiling process?

We do not conduct any automatic profiling and we do not make decisions as a result of the automatic profiling of the processed data. However, external analysis and reporting services (Google Analytics) can use your data for complex profiling processes. To avoid this, we recommend one of the options below:

Cancel the acceptance for analysis and marketing cookies from our cookie management application

Unsubscribe from cookies directly from your browser or navigate the Internet in ‘incognito’ mode provided by your browser

Potential client / partner getting in contact with us:

How we can enter in possession of your personal data?

When you choose to write us a message through the contact form on our website or interact with us on a social media platform, you offer us personal data about yourself. We are collecting and using this information in order to be able to get in contact with you and to provide you an adequate and comprehensive response.

Personal data may be disclosed to us directly from you or we may observe/complete them from sources which are publicly available (social media platforms on which you contact us on).

Contact data (name, surname, email address, phone number): We process these data on the basis of our legitimate interest in selling our services and answering your queries.
The purpose of processing these data is public communication, answering to your requests in the most effective way and developing new business relationships.

Additional data (company, the content of your messages): These data can be processed if you show an interest in working with us.
We process these data based on our legitimate interest in selling our services and products and answering your queries. The purpose of their processing is to respond as efficiently as possible to your requests and to prepare for the commencement of business relationships.

Why we need your personal data to be disclosed and what happens if you refuse to do so?

We need this data to answer your questions or requests.

In the event that you refuse to provide us with this data, we will not be able to contact you, respond to your questions or requests or develop new business relationships with you.

What is the retention period of collected personal data?

We will keep your personal information for as long as needed to be able to answer your questions and interact with you. If you are a customer or potential customer, we will process and keep your business information in our CRM/database, in order to develop and maintain a business relationship.

Do we transfer personal data to 3rd parties?

We do not transmit this data to third parties or other countries without your consent.

What are the security measures we implemented for avoiding security incidents?

To reduce the risk of security incidents regarding collected personal data, a series of security measures have been implemented:

Limiting access of unauthorized persons to our premises by implementing an access control system;

Complying with all the physical security requirements set by the legislation;

Securing electronic access through: secure servers, password policies, IT security softwares, firewall;

Continuous training of our employees regarding data protection and data privacy obligations and limiting their access to personal data with relevance of their job requirement compliance;

Security measures implemented by third parties are assured by contractual obligations;

Are your personal data used in automatic profiling process?

These data are not used to make decisions following an automatic profiling process.

5. Your rights in relation your personal data

According to the GDPR, all data subjects have the following right regarding their personal data:

  1. Right of access to data: You have the right to access your personal data in order to check the lawfulness of its processing or to find out what personal data related to you we are processing and for what purpose. You also have the right to request the list of personal data processed by us.
  2. Right to rectification: if you consider that the personal data we collected and are processing about you is incomplete or inaccurate, you have the right to request their rectification.
  3. Right to erasure or “the right to be forgotten”: You may request the deletion of your personal data and we have the legal obligation to comply with your request in cases when this data is no longer necessary for the purposes for which we were processing it, or when your personal data was processed based on your consent and in the situation when personal data is processed based on a legitimate interest and there is no overriding legitimate interest to continue processing of if the processing is unlawful or without any legal basis for their processing;
  4. Right to restrict processing: You may request the restriction of the processing of your personal data. In this case, we will not delete your personal data, but we will stop processing it.
  5. Right to data portability: You have the possibility to transfer your personal data from one operator to another or to ask us to transfer your personal data to you to use for your own purposes;
  6. Right to object: You may oppose to the processing of your personal data for purposes such as direct marketing or other purposes based on our legitimate interests, such as profiling.
  7. Right of not being subject to automated decision making and profiling which can cause harm: You have the right not to be the subject of a decision based solely on automatic processing that could have significant legal effects or which could affect you in a meaningful way;

In addition to these rights, you have the right to withdraw your consent at any time where it is applicable.

If you wish to exercise any of the rights in the list above, please contact us at:

You also have the right to file a complaint with the supervisory authority (ANSPDCP – http://www.dataprotection.ro/) about how your personal data is processed by SC ONIUM Design Services SRL

6. Contact

For any questions or requests relating to your personal data processed by SC ONIUM Design Services SRL please contact us at:

[ultimate_gdpr_myaccount]