GDPR
GENERAL DISPOSITIONS
To carry out its activities, Socar Petroleum SA (“Socar”) processes personal data of certain categories of natural persons. These may include personal data of the users of this website, of customers or collaborators/contractual partners of Socar.
Personal data refers to information related to an identified or identifiable natural person, namely, information about a person whose identity is either obviously clear, or can, at least, be established by obtaining additional information.
If the data about such a person is processed, this person is referred to as “data subject” within the meaning of the legislation in the field of personal data protection.
PURPOSES, BASIS AND CATEGORIES OF PERSONAL DATAIn accordance with the provisions of Regulation no. 679 of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and regarding the free circulation of this data and the repeal of Directive 95/46/CE (“GDPR”), the data processed by Socar through this website or for carrying out its activity, they can be used for purposes such as:
1. For the execution of the contract for the purchase of goods and the management of the relationship with clients, which include operations such as sales, making payments and drawing up financial-accounting documents, based on art. 6 para. (1) lit. b) and f) of the GDPR, as the case may be, Socar processes name, surname, address and payment data;- For the execution of the fuel purchase contract based on the fuel card, based on art. 6 para. (1) lit. b) and f) of the GDPR, as the case may be, Socar processes personal data such as name and surname, username, customer representative function, phone number, e-mail address, card data, data from customer/customer representative ID , and signatures;
- For the execution of the contract for the purchase of tolls/tolls and the fulfillment of the legal obligations imposed by the relevant legislation in this matter, based on art. 6 para. (1) lit. b), c) and f) of the GDPR, as the case may be, Socar collects the following categories of data: name and surname (only in the case of issuing tax invoices), registration number, country of registration, date and time of issuance/expiry of the toll/toll (to the extent that they lead to the identification of the person), chassis series, signature, address (only in the case of issuing tax invoices), copy of the registration certificate (only in the case of correcting the registration number), registration number/toll and single transaction series;
- In order to carry out wholesale sales operations, including by completing the form available in the Wholesale Sales section, the following categories of personal data can be collected: name and surname, home address, function, place of work, department, no. phone number, e-mail address, CI data, driver’s license data, as well as signatures, based on art. 6 para. (1) letter b) of the GDPR;
- Administration and maintenance of the socar.ro website, which includes the use of cookies, so as to ensure quick and easy interactions between users and the website, based on art. 6 para. (1) letters a) and f) of the GDPR.
The website uses Google Analytics, which is a web analysis service provided by Google, Inc. (Safe Shield certified supplier), which in turn uses cookies. Through this service, Socar processes personal data such as interest categories, the user’s preferred language, location, technology, devices, browser, IP or other identifiers of the devices with which you access our website.
For more details, see the section on Terms and Conditions, which also includes the Cookies Policy.
We draw your attention to the fact that after entering your personal data in one of the sections of the website, you express your express and unequivocal consent so that the owner of the website can use this data for the purpose for which you provided the data.
- For carrying out personnel recruitment operations, including by filling in the form available in the Careers section of this website and for accessing the Contact section, based on art. 6 para. (1) letter a) of the GDPR, Socar processes the following categories of personal data: name and surname, e-mail address, telephone number, and in the case of the Careers section, including data from your CV;
- For the development of advertising campaigns, based on art. 6 para. (1) letters a), c) and f) of the GDPR, Socar collects personal data such as name and surname, image, voice, contact data or other data required by fiscal provisions, as the case may be;
- For the protection of goods, people and Socar spaces by using video monitoring devices, in Socar stations and at Socar’s headquarters, based on art. 6 para. (1) letter c) and/or f) of the GDPR, as the case may be, Socar processes your image by automated means and the registration number of your vehicle;
- To resolve your requests, questions or complaints, based on art. 6 para. (1) letter a), b) and/or f) of the GDPR, as the case may be, Socar processes the name and surname and contact data provided by you;
- For the development of employment relationships, which involve data processing for the execution of employment contracts, the fulfillment of legal obligations and/or the fulfillment of a legitimate interest, based on art. 6 para. (1) lit. b), c) and f) of GDPR, Socar processes personal data of its employees, as detailed in the information note provided to employees; in certain particular situations, which exceed the execution of the employment contract, Socar processes employees’ data based on their consent, based on art. 6 para. (1) lit. a) from GDPR;
- For communication with our collaborators and contractual partners, based on art. 6 para. (1) lit. a), b) and/or f) of GDPR, as the case may be, Socar processes personal data such as name and surname and contact data;
- For the purchase of real estate or the transfer of real rights to Socar, pursuant to art. 6 para. (1) lit. b) and f) of the GDPR, as the case may be, Socar processes personal data such as name and surname, data contained in the identity document, data contained in the property title, data contained in the fiscal attestation certificate, data contained in the energy certificate and the data contained in the extract from the Land Registry. Also, to the extent that Socar performs an analysis of the ownership history, it is possible to process personal data of persons with whom it does not have a direct relationship, such as the seller’s family members, the seller’s legal representatives or other persons who appear in the history of property rights;
- For the preparation of the civil liability insurance file, to the extent that there are incidents in the Socar stations, which generate damages to some people, based on art. 6 para. (1) lit. a) from the GDPR, Socar processes personal data such as name and surname, the data contained in the identity document, the data contained in the vehicle registration certificate, the data contained in the driver’s license, telephone number and the data contained in the declarations;
- For the call center/help desk support service, dedicated to SOCAR card holder customers, those who purchase scraps and potential customers, based on art. 6, paragraph (1), letter a), b) and f) of the GDPR, as the case may be, SOCAR collects the following categories of data: name and surname, telephone number, workplace, registration number, voice, call recording.
For the electronic invoicing and notification service, dedicated to SOCAR cardholder customers, based on art. 6, paragraph (1), letter a), b), c) and f) of the GDPR, as the case may be, SOCAR collects the following categories of data: e-mail address and mobile phone number, as the case may be.
Description of the type of notification, possibility of transmission and their frequency:
- Issuing Invoice
- Via E-mail – mandatory – the customer will receive the issued invoice by e-mail. Each invoice will be sent via a separate email
- Via Text Message (SMS) – optional – the client will receive information about the issuance of the invoice (invoice number and series, value, date of issue, due date). Each invoice will be sent via a separate SMS
- On the date when the invoice is approaching its due date
- Via e-mail – mandatory –
the client will receive an e-mail reminding him that the due date of the invoice is coming. Each notification of this type will be sent separately for each issued invoice that is close to maturity
Notifications will start to be sent starting 5 days before the due date
These notifications will be sent daily, including on the due date, at 10 AM
The information sent will be the invoice series and number, the due date and the payment amount - Via Text Message (SMS) – optional –
the client will receive an SMS reminding him that the due date of the invoice is coming. Each notification of this type will be sent separately for each issued invoice that is close to maturity
Notifications will start to be sent starting 5 days before the due date
These notifications will be sent daily, including on the due date, at 10 AM
The information sent will be the invoice series and number, the due date and the payment amount
- Via e-mail – mandatory –
- On the date when the invoice exceeded the due date
- Via e-mail – mandatory –
the customer will receive an e-mail reminding him that he has passed the due date of the invoice. Each notification of this type will be sent separately for each invoice issued for which the due date has been exceeded
Notifications will begin to be sent starting with the FIRST day of delay
These notifications will be sent daily, at 10 AM, until the balance of the invoice is closed
The information sent will be the invoice series and number, the due date and the payment amount - c
the client will receive an SMS reminding him that he has passed the due date of the invoice. Each notification of this type will be sent separately for each invoice issued for which the due date has been exceeded
Notifications will begin to be sent starting with the FIRST day of delay
These notifications will be sent daily, for 5 days, at 10 AM
The information sent will be the invoice series and number, the due date and the payment amount
- Via e-mail – mandatory –
- Information regarding the contractual limit
- Via e-mail – optional – the customer will receive an e-mail when the contractual limit is below a percentage/a value, as the case may be
- Via SMS – optional – the customer will receive an SMS when the contractual limit is below a percentage/a value, as the case may be
- Payment registration
- Via e-mail – optional – after each payment registered in HOS, the customer will receive an e-mail with the registered amount and the number of the contract for which he applied
- Via SMS – optional – after each payment registered in HOS, the customer will receive an SMS with the registered amount and the number of the contract for which he applied
- Fleet card transaction
- Via e-mail – optional – after each successful transaction, the customer will receive an e-mail with the value of the transaction, the card series and the assigned “registration number”
- Via SMS – optional – after each successful transaction, the customer will receive an SMS with the value of the transaction, the card series and the assigned “registration number”
- Status of the card
- Via e-mail – optional –
after each change in the status of a card, the customer will receive an e-mail in which the new status of the card, its series and the assigned “registration number” will be specified. Statuses are:
Active
Card temporarily blocked – non-payment
Temporarily blocked card – lost card
Permanently blocked card – expired card
Permanently blocked card – damaged card - Via SMS – optional –
after each change in the status of a card, the customer will receive an e-mail in which the new status of the card, its series and the assigned “registration number” will be specified. Statuses are:
Active
Card temporarily blocked – non-payment
Temporarily blocked card – lost card
Permanently blocked card – expired card
Permanently blocked card – damaged cardThe number of e-mail addresses and/or telephone numbers that can be assigned for a notification is a maximum of 3.
During the course of the contract, each customer can add notifications or waive some of them, depending on his needs, by sending an e-mail to the address card@socarpetroleum.ro or by calling the SOCAR Call Center service.
Attention, these changes only apply to optional notifications!
- Via e-mail – optional –
PERSONAL DATA PROCESSING METHODS AND THE TRANSFER OF THESE DATA
Socar processes your personal data for the period of time necessary to execute contracts, to comply with the legal obligations specific to our field of activity or according to the applicable statute of limitations or to comply with the archiving obligations imposed by the applicable legislation (for example, those specific to the fiscal and financial field -accountant, which requires keeping financial-accounting documents for a period of 10 years). In the case of CVs sent through this website, they are stored for a period of 6 months. Personal data processed through video monitoring will be stored for a period of 30 days for each individual recording.
After the end of the storage period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data to the extent that it will be necessary to use them for scientific or statistical research purposes. Please note that in certain expressly regulated situations, we store the data for the period required by law.
When consent is the basis for the processing of personal data, Socar will inform you about this before granting consent. You have the right to withdraw your consent at any time, specifying that this does not affect the legality of the processing carried out on the basis of the consent before its withdrawal.
The personal data of minors (such as: name and surname, address, telephone number, educational institution, other personal data of them, personal data of family members) will not be processed by Socar, without the prior consent of their parents/legal representatives.
In the event that Socar intends to use your data for a purpose other than the one for which the data were collected, Socar will inform you, prior to further processing, regarding the secondary purpose, as well as provide you with any other mandatory information according to the law .
Your personal data are processed by the Socar staff who have the role of processing this data. Where there is a legal basis, your data can be transmitted to our lawyers, partners who offer correspondence services, insurers, consultants and auditors. In special situations, at the request of judicial bodies, your data can be transmitted.
Your personal data will not be transferred to a third country that does not provide an adequate degree of protection.
THE RIGHTS OF THE PERSONS CONCERNED
Your rights regarding the processing of personal data, as stipulated in the GDPR, are the following: the right to information, the right to access data, the right to rectify data, the right to delete data, the right to restrict data, the right to be notified regarding the rectification or deletion of personal data, the right to data portability, the right of opposition, the right not to be subject to an individual decision, the right to address the competent authority in the field of personal data protection and the competent courts .
The rights listed above are not absolute. There are exceptions, that’s why every request received will be analyzed in order to decide if it is justified or not. To the extent that the request is justified, we will facilitate the exercise of your rights. If the request is unfounded, we will reject it, but we will inform you about the reasons for the refusal and about the rights to file a complaint with the National Authority for the Supervision of Personal Data Processing and to address you to justice.
WHO CAN YOU ADDRESS TO?
To exercise these rights, you can send a written, dated and signed request to the person in charge of personal data protection, at dpo@socarpetroleum.ro. In the request, it will be specified whether the information is to be communicated to a certain address (even the e-mail address) or through a correspondence service that ensures delivery in person.
Your personal data will not be subject to an automated decision-making process.
We will try to respond to your request within 30 days. However, the deadline can be extended under the law, depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a useful period.
If we make every effort and fail to identify you, and you do not provide us with additional information to be able to identify you, we are not obliged to comply with the request.