Privacy Policy
We value your privacy
Last updated on 02.12.2024
1. WHO IS PROCESSING YOUR DATA?
Please read this Privacy Policy (hereinafter referred to as the “Policy”) carefully as it contains important information regarding how, when, and why North Star Support Group SRL collects, uses, and stores your personal data, with whom it may share it, as well as to inform you about your rights as a data subject and the measures taken to protect your personal data, in connection with North Star Support Group SRL’s processing over its website, and services.
Accessing and/or using North Star Support Group SRL website, and services by any person imposes the obligation to comply with the provisions set forth in the Terms and Conditions.
The website https://nssg.global/gdpr/ (hereinafter referred to as the “Website”) is owned and managed by North Star Support Group SRL, a company incorporated by Romanian laws, headquartered at 26, Grigore Alexandrescu Street, Bucharest, Romania.
2. APPLICABILITY
This Policy regarding the processing of personal data only applies to the processing activities performed by North Star Support Group SRL and shall be complemented with the Terms and Conditions https://nssg.global/terms-and-conditions/ and the Cookie Policy https://nssg.global/cookie-policy/ .
The Website may contain information about or links to other websites that are outside North Star Support Group SRL custody and/or control. Carefully read and review the privacy policies of each of those websites when you browse on them to get an understanding of how your personal data is being used and shared by those third-party websites.
3. DEFINITIONS
The terms used within this Policy have the same meanings as those mentioned in Terms and Conditions, unless otherwise mentioned in this Policy.
- “NSSG”, “we”, “us” or “our” means North Star Support Group SRL and any of its affiliates that are providing the Website, and services.
- “Users” means any natural person or any customer’s employees, representatives, consultants, contractors, or agents who are using the Services for customer’s benefit.
- “You” or “your” means current or potential customer of NSSG, as a User of the Website, and Services provided by NSSG.
- “Services” means all of our web-based websites (including this website), applications, tools and platforms that you have subscribed to or that we otherwise make available to you, and are developed, operated, and maintained by us, accessible via the Website, or another designated URL, and any ancillary products and services, including any consulting services, that we provide to you either for a fee or free of charge; Services or other products or features made available by us to you on an unpaid trial or free basis are considered free Services.
- “Personal data” means any information relating to an identified or identifiable natural person;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processing activity(ies)” means one or more operations that relate to one of the different stages that the processing of personal data may involve.
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Policy, NSSG acts as Controller.
- “Data subject” means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the user’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. COLLECTING PERSONAL DATA
In general, the personal data we process is collected directly from you, as a data subject. However, there may be situations where your personal data is collected indirectly from social media, from the website of the company you represent, from your employer as a contact person, from a third party who recommended you or from various public platforms (for example ad platforms).
When we, as the Controller, do not receive the personal data directly from you, we will inform you within the legal term about our processing of your personal data.
If you provide us with personal data belonging to other individuals (for example, colleagues), you have the responsibility to inform them about how we process their personal data for the purposes mentioned below, as well as regarding their rights related to the processed personal data. You are also responsible to ensure that you rely on the appropriate legitimate ground for collecting and sharing the personal data, such as obtaining the consent of the individuals concerned, when this consent is required by the law for processing of their personal data, such as collection, use, storage and transfer.
5. CHILDREN AND SPECIAL DATA
Our Website and Services are not directed at children. We do not knowingly or intentionally collect personal data from children who have not reached the level of maturity in their country and who are not able to assume obligations in accordance with the applicable legislation.
If you are the holder of parental responsibility of a child who has not reached the level of maturity in the country of residence and you believe your child has provided us with personal data, please contact us to request the erasure of their personal data and we will act upon your request in accordance with the legal requirements.
Depending on the acquired service, we may also collect special categories of personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, or personal data relating to criminal convictions and offences or related security measures) but only if this is strictly necessary to protect your vital interests where you are physically or legally incapable of giving consent, or for the provision of health care or treatment, or based on your consent.
We do not collect nor is our intention to collect personal data revealing trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning a natural person’s sex life or sexual orientation, , excepting the situations expressively regulated by the law.
6. PROCESSED PERSONAL DATA, PURPOSES, LEGAL GROUNDS AND RETENTION PERIODS
Below you will find information about the purposes for which we process your personal data, the categories of personal data we collect for those purposes, the legal grounds on which we carry out the processing activities and the periods of time we store the personal data in relation to the purposes of the processing.
Where the lawful basis for the processing is the data subject’s consent, you may withdraw your consent at any time without constraint and without affecting the lawfulness of the processing prior to its withdrawal.
Depending on the nature of our relationship or interaction, we will process your personal data for the following purposes.
6.1 Purpose: information regarding the products and services in our offer and any other information that we think you may be interested in such as case studies, webinar series and other intelligence & geopolitical learning events.
Personal data categories: first name, last name, e-mail address, company name, position/role
Legal basis: processing of personal data is performed based on your consent or considering our legitimate interests when we have a business or commercial reason to contact you.
Retention period: personal data will be processed until you withdraw your consent or object to the processing, after which personal data will be deleted where there is no other legal ground for the processing. You can withdraw your consent or object to the processing at any time, by clicking Unsubscribe/Opt-out at the bottom of any of our emails, without affecting the legality of the processing based on the consent or our legitimate interests before withdrawal or objection.
6.2 Purpose: answer requests and provide assistance and support related to accessing/ using our services
Personal data categories: first name, last name, e-mail address, company name, position/role, and any other personal data that you choose to include in your request.
Legal basis: processing of personal data is performed based on our legitimate interest to communicate with you and provide our support in solving your requests that arise from using/accessing our services, and to maintain and promote your satisfaction in relation to our services.
Retention period: personal data is stored for as long as we have an existing contractual relationship in place with you or with your company and subsequently for a period of 3 (three) years after its termination. If we don’t have a contractual relationship yet, but you choose to contact us, we will store your personal data for a period of 6 (six) months after which it will be deleted.
6.3 Purpose: conclude and execute the services agreement, as well as to manage the contractual relationship
Personal data categories: first name, last name, e-mail address, image (if the case) company, position/role, phone number, signature, representation powers.
Legal basis: processing of personal data is necessary for the performance of the services agreement concluded with you or based on our legitimate interest to conclude and execute the services agreement with the company that you represent, depending on the case.
Retention period: personal data is stored for as long as we have an existing contractual relationship in place, and subsequently for a period of 3 (three) years after its termination (or until you withdraw your consent for processing your image, whichever comes first). At the end of the storage period, personal data will be deleted.
6.4 Purpose: recruitment and selection for vacancies within our company
Personal data categories: first name, last name, e-mail address, phone number, information on the candidate’s professional/work experience (former employers, current employer, seniority in the current position), information regarding studies, diplomas, certifications, profile on a professional social network (e.g. LinkedIn) and any other personal data included in the application documents.
Legal basis: processing of personal data is performed in order to take steps at your request prior to entering into a contract.
Retention period: personal data is stored for the duration of the recruitment and selection process and subsequently for a period of 6 (six) months to manage possible complaints. At the end of the storage period, personal data will be deleted.
6.5 Purpose: prevent and detect information on breaches of law, as well as to investigate and deal with misconduct, including with regard to alleged fraud, and to maintain records of reports
Personal data categories: first name, last name, e-mail address, phone number, date of reporting, object of reporting, signature (if applicable), voice (recorded) (if applicable), manner of resolution, as well as any other personal data included in the reporting.
Legal basis: processing of personal data is performed based on our legal obligation under the legislation on the protection of whistleblowers in the public interest to ensure and maintain internal reporting channels on breaches of law, corroborated with our legitimate interest to ensure that violations of applicable laws or regulations, including violations of our Code of Conduct are dealt with properly and in a timely manner in order to protect the company, employees, customers etc. from the effect of the illicit facts, corroborated with your consent for recording the conversation (if the report is made using a telephone line or other voice messaging system) and disclosure of your identity and of any other information that would allow the direct or indirect identification.
Retention period: personal data is stored for a period of 5 (five) years from the reporting date. At the end of the storage period, personal data will be deleted.
6.6 Purpose: ensure the protection and security of persons and our assets through video surveillance equipment installed on our premises
Personal data categories: your image.
Legal basis: processing of personal data is performed based on our legal obligation under the legislation on the security of objectives, goods, values, and protection of persons, corroborated with our legitimate interest to ensure the protection and security of our personnel and assets, as well as the protection of the life and integrity of individuals, through real-time monitoring and access to images if there are suspicions of having committed an offence.
Retention period: personal data is stored for a period of 30 (thirty) days. At the end of the storage period, personal data will be deleted.
6.7 Purpose: ensure the protection and security to our premises through a register regarding the access of persons
Personal data categories: first name, last name, identity document series and number, destination, time of arrival and departure, date.
Legal basis: processing of personal data is performed based on our legal obligation under the legislation on the security of objectives, goods, values, and protection of persons.
Retention period: personal data is stored for a period of 2 (two) years from the end of the calendar year during which the register of access of persons to our premises was completed. At the end of the storage period, personal data will be deleted.
6.8 Purpose: establish, exercise, or defend a claim in proceedings before a court, administrative procedure, or other formal proceedings in which we are/might be involved
Personal data categories: first name, last name, company name, position/role, email address, phone number, representation powers, and any other personal data necessary to fulfill the purpose.
Legal basis: processing of personal data is performed based on our legitimate interest to defend our rights or interests, or to sustain our claims resulting from the execution of the agreement with you or with the company that you represent.
Retention period: personal data is stored in accordance with the regulations on the protection of personal data, as long as they are required by law or are necessary to fulfill the purpose.
6.9 Purpose: fulfill our legal obligations (e.g. provide responses to public authorities requests)
Personal data categories: first name, last name, company name, position/role, email address, phone number, representation powers, and any other personal data necessary to fulfill the purpose.
Legal basis: processing of personal data is performed based on our legal obligations under the applicable legislation.
Retention period: Personal data is stored for a period of 3 years from the date of the response provided to the public authority’s request. At the end of the storage period, personal data will be deleted.
7. TRACKING TECHNOLOGIES
Our website uses cookies, plug-ins and other online identifiers (collectively referred to as “cookies”) in order to ensure functional browsing or to provide a better browsing experience, to perform statistical analysis regarding accessed information, or to provide you with custom content and advertising appropriate to your preferences and interests.
Detailed information regarding the cookies we use may be found in our Cookie Policy.
8. AUTOMATED DECISION MAKING, INCLUDING PROFILING
We do not make decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
9. DISCLOSURE AND TRANSFER OF PERSONAL DATA
We may transfer your personal data, to the extent that this is necessary to the following categories of recipients: companies from the same group, service partners, subcontractors, payment providers, archiving companies, IT service providers, software or hardware vendors, market research companies, marketing companies, public authorities, court or arbitral tribunals, as well as competent authorities to investigate criminal offenses.
Personal data may be disclosed or transferred to the categories of recipients mentioned above in order to provide our Services at the highest quality level, ensure the intervention of specialists by outsourcing parts of our business or to provide access to services and benefits according to our business partnerships, or to ensure compliance with the specific legal obligations to which we are subject according to the activity carried out.
In the event that personal data is transferred to third countries we will apply the technical and organizational measures required by law and we will inform you about the transfer in accordance with the legal requirements.
10. SECURITY OF PERSONAL DATA
The security of your personal data is important to us. Therefore, we maintain a variety of appropriate technical and organizational measures to protect your personal data from loss, misuse, and unauthorized access or disclosure. We limit access to personal data to employees or contractors who we believe reasonably need to retrieve that information to provide our Services. Considering the current state of technology, we have implemented reasonable physical, technical and procedural safeguards designed to protect your personal data, such as limiting access, encrypting, anonymizing, or storing it on secure media.
It is very important that you, as a data subject, know the risks and take the measures to protect your personal data, for example by checking the sources of information, avoiding access to suspicious or unknown links, regularly changing passwords and using appropriate anti-virus and anti-malware solutions.
11. YOUR RIGHTS AND HOW TO EXERCISE THEM
The law grants data subjects enforceable and effective rights concerning their personal data which can be exercised under particular conditions.
You have the following rights regarding your personal date:
- Right to be informed: You have the right to be informed regarding the processing of your personal data, as we are doing through this Policy.
- Right of access: You have the right to obtain confirmation whether or not we process your personal data, as well as information on the specifics of the processing activities, and get access to that personal data.
- Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: You have the right to obtain from us without undue delay the erasure of your personal data, to the extent that the legal requirements are met. Personal data will be erased when the legal requirements are met.
- Right to restriction of processing: If the applicable legal provisions are met, you have the right to obtain the restriction of processing of your personal data.
- Right to data portability: If the applicable legal provisions are met, you have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another Controller.
- Right to object: In certain situations, such as when we process personal data based on legitimate interest, you have the right to object to the processing of your personal data. In the event of unjustified opposition, as Controller we are entitled to further process your personal data.
- Right to object to commercial communication: You may also object to the processing of your personal data for the purpose of sending commercial messages.
- Right not to be subject to decisions based solely on automated processing, including profiling: If the applicable legal provisions are met, you have the right not to be subject to a decision based solely on automatic processing, including profiling, which has legal effects on you or affects you similar to a significant extent.
- Right to Opt-Out of Sale or Sharing of Personal Data: If we sell your personal data to third parties or share it with third parties for cross-context behavioral advertising, you have the right, at any time, to stop us from selling or sharing your personal data.
- Right to address to the Supervisory Authority: You have the right to file a complaint with the competent Supervisory Authority on any violation of your rights regarding the processing of your personal data. If you want to contact the Supervisory Authority from your place of residence in EU, you may find the contact details at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
- Consent withdrawal: To the extent that we process your personal data based on your given consent, you can withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
Except for the right to contact the Supervisory Authority, which you can exercise using the contact details indicated above, you can exercise your legal rights by contacting our Data Protection Officer by e-mail at dataprotection@nssg.global.
We will respond to your requests without undue delay and in any case within one month of receiving the request. This period may be extended by two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receiving your request, stating the reasons for the delay.
In the event that we do not take action on your request, we will inform you, without undue delay and no later than one month after the receipt of your request, of the reasons for not taking action. In such a case, you have the possibility to lodge a complaint with the competent Supervisory Authority or to take a legal action.
12. UPDATES
This Policy is subject to periodic reviews and updates to ensure that it always corresponds to reality, and it is in line with the applicable legal requirements. For this reason, please regularly consult this Policy to keep up to date with any changes. Any major changes to this Policy will be notified accordingly.
13. CONTACT
If you have any questions or concerns regarding the processing of your personal data, this Policy or how it applies, or you wish to exercise any of your rights, you can contact our Data Protection Officer as follows:
- Email: dataprotection@nssg.global.
- Post mail: 26, Grigore Alexandrescu Street, Bucharest, Romania.