GDPR

Information

on the processing of personal data carried out by SC TNP Global&Partners SRL, in accordance with the European Regulation on the protection of personal data (Regulation EU 2016/679 of the European Parliament and of the Council)

1. What is GDPR?

The European Union has adopted the General Data Protection Regulation (GDPR), which replaces the current legal provisions on personal data and sets out requirements on how companies and authorities handle personal data. The regulation strengthens data subjects’ rights by giving them greater control over their own data.

As of May 25, 2018, GDPR applies directly and uniformly to all EU Member States.

The purpose of this notice is to describe how TNP Global & Partners, (hereinafter referred to as “TNP” or “we” or “us”), processes your personal data.

2. What are the categories of data subjects and personal data we collect and what is the purpose for which it is processed?

2.1 Clients

TNP provides valuation services for all classifications of tangible and intangible assets and valuation related services. Our services are intended for both corporate and individual clients and are performed only at the request of those interested in them.

In these cases, we process the personal data of the natural persons who represent the client/potential client in the relationship with TNP. This information is either publicly available or we receive it directly from these individuals or their employer.

TNP has certain duties that derive from being an ANEVAR Corporate Member and from the application of the International Valuation Standards in the valuation activity, so we have both contractual obligations and certain obligations that derive from the specific regulations of our profession or from the adjacent legislation (see e.g. Law 129/2019 on the prevention and combating of money laundering and terrorist financing).

2.2 Suppliers of TNP

In order to carry out the valuation activities and related services, TNP enters into contractual agreements with various suppliers, namely other independent valuers or organized as companies, credit institutions, internet service providers, utility providers, etc.

In these cases, we process the personal data of the individuals who represent the supplier in its relationship with TNP. And in this case, the information may either be publicly available or we receive it directly from these individuals or their employer.

We also do not administer computer systems to which external users have access. However, we do store personal data about users and monitor user behavior on these systems to protect against abuse of our systems. The processing of personal data in the context of users’ access to our systems is based on the legitimate interest of ensuring high IT security and countering abuse of our systems.

2.3 Personal data categories

In our activity we may process the following types of personal data about individuals:

• Personal identification data (name, surname, domicile, residence or address where correspondence is received, telephone, e-mail, CNP, series and number of the identity card, handwritten signature, as well as username, log-in and passwords for users of our systems).
• Personal details of assets owned (information related to movable / immovable assets falling within the scope of the services provided).

3. What are the legitimate grounds for data processing?

We process personal data either for the purpose of executing a contract, on the basis of the consent of the person, or by law (Law 129/2019 on preventing and combating money laundering and terrorist financing).

We may also base our processing of personal data on a legitimate interest where, according to our assessment, we consider that the processing is fair, reasonable and proportionate to the purpose of the processing.

4. Do we transmit personal data to third parties?

All our employees must comply with specific obligations and must not unlawfully disclose or use confidential information, including personal information.

TNP discloses your personal data in accordance with its obligations under the applicable legal framework, for example to credit institutions or to external – collaborating – evaluators, when an evaluation report is requested.

In some cases, we are obliged to provide information including personal data to public authorities, such as ANEVAR and tax authorities.

We also transmit personal data to authorities and judicial bodies, if we are obliged to do so by a legal provision of these entities.

Occasionally, we may also disclose some personal information to external collaborators in order to manage and improve the services provided by TNP, as well as to fulfill legal obligations, such as external or IT audits. In the latter case, these third parties, in turn, have similar obligations to TNP with regard to the protection of personal data. By way of example, we may disclose personal data to the following entities:

• Companies that provide us support in our activity (IT systems support, software development services);
• Our advisors, including lawyers and auditors.

5. Do we transfer personal data outside the European Economic Area?

We store personal data in servers located in Romania. TNP is unlikely to transfer personal data to other companies in the EU or outside the European Economic Area. However, for such transfers, TNP has taken a number of measures to ensure an adequate level of protection of individuals’ data, similar to that afforded by European legislation.

6. Storage of personal data

We have the right and duty to store a range of information and data, including personal data. We will store personal data for as long as necessary and in accordance with the regulations applicable to our business in order to fulfill the purpose for which it is collected and processed. The period for which we store personal data varies according to the applicable rules in each case.

We also take into account the retention periods for data and information established by other specific regulations (such as financial-accounting, labor relations legislation) or by the archival nomenclature.

7. What are the rights of data subjects?

As a data subject, you have the following rights:

• if TNP’s basis for processing your personal information is consent, you have the right to withdraw your consent at any time. If you withdraw your consent, it will only take effect from the date of withdrawal;
• if the processing is based on consent or a contract, the right to request TNP to provide the personal data obtained directly from the data subject and, if possible, to transmit those data directly to another controller (right to data portability);
• the right to request a copy of the personal data held by the TNP;
• the right to request TNP to rectify any inaccurate or outdated personal data;
• the right to request that personal data be deleted as soon as they are no longer required by the TNP;
• in the event of a dispute as to the accuracy of the processing of personal data, the right to restrict the processing;
• if processing is based on legitimate interests, the right to object to the processing of personal data (where applicable);
• the right not to be subject to a decision based solely on automated processing, including profiling, where the decision is likely to produce legal effects or similarly and significantly affect you; automated processing means that there is no human intervention, the processing is done solely in a computerized system. Please note that TNP does not use automated individual decision-making processes and does not create profiles.
• the right to submit a complaint to the supervisory authority (National Supervisory Authority for Personal Data Processing, contact: Bld. Gral. Gheorghe Magheru nr. 28-30, sector 1, postal code 010336, http://www.dataprotection.ro/).

8. Who can you contact if you have questions or requests regarding the processing of personal data?

If you have any questions about the processing of your personal data, you can contact us by sending an e-mail to gdpr@tnpglobal.ro.