General note on personal data protection

Last Update: 07 February 2020

Personal data controller

Company NEPTUN S.A. with headquarters in Campina, no. 57-63, Bobalna street, Prahova county, Trade Register number J29/2/1991, tax code RO 1322535, acting as the “Controller”, collects and processes personal data in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

For the purposes of the Regulation, "personal data" means any information regarding a natural person identified or identifiable ("subject"); an identifiable natural person is a person that can be identified, directly or indirectly, especially by reference to an identification element such as a name, an identification number, localisation data, an online identifier, or to one or several specific elements of the person's physical, physiological, genetic, psychological, economic, cultural or social identity.

Modalities of collecting personal data

The company collects and processes data provided by data subjects (representatives of organisations; contact persons in such organisations, as well as any other persons involved in concluding and executing the contracts concluded between the Company and beneficiaries, customers and potential customers who are natural persons, suppliers, service providers, collaborators), as well as, in certain cases justified by the requirements of carrying out the business, data from public registers.

Purpose of data processing

Personal data will be processed manually and/or electronically for the following purposes:

  1. Carrying out negotiations, as well as concluding and executing the contract with you;
  2. Conducting commercial sales and service activities, as well as post-sales activities specific for carrying out, maintaining and improving commercial relationships;
  3. Ascertaining, exercising or defending certain rights of the Company in court;
  4. Ensuring security of assets and persons in the venues of Neptun and its field offices; preventing and detecting any security and/or fraud threats;
  5. Complying with legal obligations;
  6. Communicating information to the data subjects regarding the products and services offered, on the grounds of the company’s legitimate interest.
Communication of some of your personal data is necessary for fulfilling the purposes indicated above; therefore, a potential refusal to supply such data would not allow the Company to negotiate and conclude a contract with you, sell you our products or provide our services, respond to your potential inquiries or complaints.

Categories of personal data

To achieve the purposes described above, Neptun generally collects and processes the contact data of the data subjects, necessary for carrying out the business relationship with those partners, such as: name, surname, position, e-mail address, phone number and signature.
In order to fulfil our legal obligations, issue financial-accounting documents, delivery documents etc., the number and series of the identity documents and the personal code will be processed in addition to the personal data mentioned above.

Lawfulness of data processing

Any processing of the personal data will take place based on one of the grounds set forth at art. 6 of the General Data Protection Regulation:

  1. the data subject has given his/her consent for his/her personal data to be processed for one or several specific purposes;
  2. the processing is necessary for executing a contract in which the data subject is a party or for taking steps before concluding a contract, upon the request of the data subject;
  3. the processing is necessary in order to fulfil a legal obligation of the data controller;
  4. the processing is necessary in order to protect the vital interests of the data subject or of some other natural person;
  5. the processing is necessary in order to fulfil a task that serves a public interest or results from exercising the data controller’s public authority;
  6. the processing is necessary for purposes related to the legitimate interests of the controller or of a third party, except if the interests or the fundamental rights and freedoms of the data subject prevail and require protection of the personal data, especially when the data subject is a child.

Disclosure of personal data

As a rule, the data of the subjects will only be accessed by authorised employees, to the extent only to which this will be necessary for the fulfilling of their job tasks.
However, for achieving the purposes mentioned above, some personal data might be disclosed to:

  • Processors mandated by the controller, that the Company may rely on in carrying out its current business (IT service providers; billing service providers; document delivery service providers; marketing and advertising service providers; other companies that are members of the group; experts; consultants; lawyers, etc.);
  • - Public authorities and institutions, for the purpose of fulfilling legal obligations and/or protecting our legitimate interests (courts of law or arbitration courts; criminal investigation authorities; tax authorities; other entities of public interest (court bailiffs, notaries, banking institutions, etc.).
Any transfer will be carried out in compliance with the principles set forth at art. 5 of the Regulation, namely lawfulness, fairness and transparency; the principle of limiting the transfer according to the purpose; the principle of reducing the transferred data to a minimum; the principle of data accuracy; the principle of limitation regarding storage of the data; the principle of ensuring data integrity and security; the principle of responsibility.

Transfer of personal data abroad

Within the context of carrying out the above-mentioned operations, your personal data may be transferred to states within and outside the European Economic Area. The Company will make sure that adequate, appropriate security measures are taken to protect the Data, and request the recipients to comply with the requirements of the data protection legislation.

Duration of data processing

NEPTUN S.A. will keep your personal data according to the principles of proportionality and necessity, as long as necessary for the fulfilment of the purposes for which the data was collected, including for the purpose of fulfilling any legal, accounting or reporting requirements.

Rights of the data subject

According to the provisions of Regulation no. 679/2016, the data subject has the following rights:

  • the right to information and access to personal data (art. 13-15);
  • the right to rectification (art. 16);
  • the right to deletion of the data (the “right to be forgotten”) (art. 17);
  • the right to restrict processing of the data (art. 18);
  • the right to data portability (art. 20);
  • the right to oppose processing (art. 21);
  • the right not to be subject to a decision based solely on automated processing, including profiling (art.22);
  • the right to withdraw your consent for the processing, when processing is based on your consent Such withdrawal will not affect the lawfulness of the processing performed prior to it (art. 7);
  • the right to file a complaint with the Supervisory Authority (art.77) and the right to approach the competent courts of law.

In order to exercise the rights mentioned above, the data subject must send a written, dated and signed application at the following address: Strada Bobalna nr.57-63, Campina, Prahova county, or e-mail:

Changes regarding the Note.

The latest update of this Note was in February 2020. We keep the right to update and modify this note at any time.
In such event, we will inform you about such modification by posting a new version on our website, or we will provide it in some other way.