AGREEMENT REGARDING THE PROCESSING OF PERSONAL DATA

Between WLC EXPERT SERVICES SRL and the client, being further individually named "Supplier" or "Beneficiary", In this agreement, both parties have the status of data operator. The terms used in the agreement are defined by Regulation (EU) 2016/679 of the European Parliament.

Object of the agreement

The purpose of this Agreement is to determine the manner and modalities in which each Party will process the personal data of the other Party.

Each of the Parties will carry out the activities of processing this data in accordance with the legal provisions in force, applicable at the time of processing.

Purposes and legal grounds for processing

The Parties may process personal data of employees and/or other beneficiaries or representatives designated by the Parties in accordance with the applicable legal provisions and:

• For the purpose of fulfilling the obligations assumed by the Parties by Contract;
• For the purpose of transmitting communications / notifications / notifications to employees and / or other beneficiaries designated by the Parties and / or to the representatives of the Parties regarding the object of the contract and the due date for payment of invoices.

Other purposes for which the personal data of the Parties may be used, in specific situations, are the following:

• For the purpose of communication with public authorities, auditors or institutions competent to carry out inspections and controls on the activity and assets of the Parties, as appropriate.
• For the purpose of collecting debts / recovering outstanding debts, if applicable.
• For the purpose of resolving disputes and disputes, enforcement of judgments, arbitral awards, court orders, etc., if applicable.

The legal ground of the processing is according to:

• art. 6 para. 1 lit. b) of the GDPR, respectively "the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract";
• art. 6 para. 1 lit. c) of the GDPR, respectively "the processing is necessary in order to fulfill a legal obligation incumbent on the operator";
• art. 6 para. 1 lit. f) of the GDPR, respectively "the processing is necessary for the purpose of the legitimate interests pursued by the operator or a third party".

Categories of data subject to processing

The data to be processed by the Parties for the mentioned purposes are the following: name, surname, signature, position, telephone, e-mail address.

In specific situations for the mentioned purposes, other data may be requested, such as data from the identity card / provisional identity card / identity card / passport / diplomatic passport / temporary residence permit in Romania / birth certificate or others.

The Supplier may also process:

• location data provided by the GPS system;
• rental information: delivery location (rental), return location, rental duration;
• information on additional drivers, if applicable;
• the information contained in documents or any other material containing personal data that you make available for the performance of this Agreement;
• health data (for example, in the event of an accident);

Validity

This Agreement shall take effect on the date of its signature by the Parties and shall remain in force for as long as they process personal data under the Agreement.

Data processing and obligations of the Parties regarding the conformity of processing

The parties undertake to comply with the applicable provisions on the protection of personal data, including the provisions of the GDPR, of the implementing legislation, as well as the decisions that the Romanian Supervisory Authority (ANSPDCP) issues periodically in connection with them, when processing data. with personal character in the execution of the order.

The personal data of the employees of the Parties and / or of other beneficiaries designated by them and / or their representatives involved in the provision of the service, will be collected by the Parties in the context of providing the services according to the order / contract.

The Parties will only disclose those personal data that they are authorized or for which they have the right, according to the applicable legal provisions and the contracts / orders to which they are Parties, to disclose them, ensuring that there is an adequate legal basis for data processing and providing information. adequate information of the data subjects regarding the disclosure of their personal data, according to the order / contract.

The Parties agree not to disclose under any circumstances other personal data in connection with employees of the Parties and / or other beneficiaries designated by them and / or their representatives than those necessary for the provision of services under the order / contract.

Each Party shall implement appropriate technical and organizational measures to protect the personal data of the Beneficiaries against unauthorized or illegal processing and against accidental loss, destruction or damage and which provide an appropriate level of security.

The Parties shall ensure that access to the personal data of the Beneficiaries is limited to the staff involved in the provision of the Services and / or the persons specifically empowered by each of them.

The Parties will seek to reduce the volume of data processed only to those data strictly necessary for each specific purpose of processing.

The parties are responsible, in accordance with the applicable personal data protection provisions, for properly informing the data subjects about their own personal data processing operations, including regarding the processing of personal data based on the order.

Security of personal data

The Parties have the obligation to establish and maintain at all times appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, disclosure or unauthorized access, in particular where the processing involves transmission of data over a network, as well as against any other illegal forms of processing.

The Parties shall take appropriate technical and organizational measures to protect the security of any electronic communications networks or services or used for the transfer or transmission of Personal Data (including measures to ensure the secrecy of communications and unauthorized access to any computer or system). thus the security of communications.

Applicable law

This Agreement is governed by Romanian law.

The Parties agree to make every effort to resolve amicably any differences arising in connection with this Agreement. If the parties fail to settle such disputes amicably, they shall be referred to the competent courts for settlement.

Liability

Each Party shall act as an independent data controller for its own processing of data in connection with the Contract and neither Party shall accept any liability for a breach by the other Party of applicable personal data protection legislation.

The Beneficiary has the obligation to inform the employees and / or beneficiaries designated by him as users of the vehicles that are the object of the rental contract, regarding the processing of their personal data by the Supplier. For more details please see our Privacy Policy available on our website ...

Final provisions

This Agreement represents the agreement of the Parties regarding the processing of personal data in connection with the execution of the Contract and supersedes any other provisions, agreements and prior agreements, in any form, concluded by the Parties regarding their roles and obligations in relation to processing of personal data for the execution of the Contract.

This Agreement may be supplemented or amended only in writing, by agreement of the parties.