REGULATIONS RELATED TO DATA PRIVACY AND COMMUNICATION (GDPR)
These Regulations related to Data Privacy and Communication (“Regulations”) set out the terms and conditions under which Actalia (linguistic service provider, hereinafter referred to as “LSP”) interacts with third party service providers (hereinafter referred to as Provider) to and for the Beneficiaries (hereinafter referred to as “Beneficiary”). In their relationship with LSP, the Provider and the Beneficiary, respectively, accept and agree with the following Regulations.
1. PURPOSE, DEFINITIONS AND INTERPRETATION
1.1 These Regulations constitute an integral part of the agreement between the Provider and LSP, and respectively between LSP and Beneficiary (including any general delivery terms (“GDT”) and, collectively, with the agreement, “Agreement”) and must be read in conjunction with it. If not otherwise specified, the terms and conditions of the Agreement remain unchanged and in full force and effect. Should there be any inconsistency between these Regulations and the Agreement, the terms contained in the Regulations will prevail.
1.2 If not otherwise specified in these Regulations, the terms written in capital letters shall have the same meaning as those specified in the Agreement.
2. DATA PRIVACY
2.1 Each Party shall take the reasonable steps in order to protect personal data (e.g. information referring to an identified or identifiable individual) processed in the context of the Agreement, against loss or unauthorized access, use, erasure and disclosure; and, as required by the applicable laws, shall process personal data in a way that ensures the necessary privacy and security of the personal data.
2.2 LSP will be able to supply personal data to the Provider, for the purpose of executing the hereby agreement. Each Party shall be responsible with personal data processing itself or on its behalf, according to the data protection applicable laws.
If requested by LSP, the Provider shall cooperate, in good faith, and shall provide assistance if the Beneficiary wishes to exercise its rights of access, rectification, erasure or portability, or in case of requests from the competent authorities, in order to prove the compliance with the applicable obligations.
2.3 To the extent that the Provider processes personal data that are not LSP data in association with the Agreement, such personal data shall be processed by the Provider according to the hereby Regulations.
2.4 For the purpose of executing the agreement with the Beneficiary, LSP may outsource personal data to Providers. It shall be the responsibility of the latter to apply the provisions in force regarding personal data protection.
2.5 If the Beneficiary notifies or intends to notify other parties (e.g. competent authorities with regards to data protection and/or government) about personal data breach (any discovered or suspected incident which led to the accidental, illegal or unauthorized destruction, loss, alteration, access, disclosure or use of personal data) involving the personal data received by the Provider from LSP and the notification involves LSP, the Beneficiary must, first, to the extent permitted by the law, provide LSP with any draft notification and any related correspondence, and reasonably cooperate with LSP to finalize such notification and correspondence and other communication that might follow with the authorities.
3. Communication tools
3.1 As part of its services delivered to the Beneficiary, LSP may, from time to time, facilitate the communication with the beneficiary, using its own tools. LSP- shall process the communications (“Communications”) sent according to the Privacy and Cookies Notice applicable to Clients, available at www.actalia.ro. The Beneficiary agrees and consents to the processing of Communications by LSP (including any processing, storage, reception, access, comprehension and scanning of communications by LSP)
4. Card Payment Security
4.1 LSP does not directly process payments by card, but uses specific services delivered by specialized providers in this field. It shall be the responsibility of the latter to constantly comply with the requirements, compliance criteria and validation processes set out in the current Payment Card Industry Data Security Standard (PCI) issued by the major credit card companies.