Personal data processing policy through the republicproduction.ro website

Through this Information Note on the processing of personal data we inform you about the way in which your personal data are processed when you visit and / or use the republicproduction.ro website , owned by SC Reea SRL.

REEA SRL is a company organized and operating in accordance with the laws of Romania, headquartered in Mun. Târgu-Mureș, Republic Square no. 41, jud. Mureș, Romania, Postal Code 540110, registered in the Trade Register under number J26 / 628/1998, having the fiscal identification code RO10966500, e-mail [email protected].

1. Purpose of the Personal Data Processing Policy

When you visit or use our website, we process a series of your personal data, as we will describe below. In the vision of the legislation on the protection of personal data, Reea SRL is in this situation a personal data operator, and you have the quality of Targeted Person. Please read this Information Note carefully to understand how we process your personal data.

This Note is worded in accordance with Regulation ( EU ) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing it Directive 95/46 / EC ( General Data Protection Regulation ), also known as „ GDPR Regulation ”.

The processing of personal data is the set of operations we can perform on your data, such as: data collection, storage, organization, transfer and deletion.

This Note on the processing of personal data is an integral part of the Terms and Conditions of Use of the Website.

2. What data do we collect and based on which legal basis?

Your personal data can be collected by us:

• directly from you;

• observed by us when you browse our website.

A. Personal data provided directly by you

a ) You can write us a message through the Contact forms available on the website. The data you enter in these forms – in the case of the Contact form: your full name, your e-mail address, your message; in the case of the form „ Send a demo/Send a demo ”: your full name, your e-mail address, your message, audio file, picture, video, text attached to you; in the case of the form „ Request an offer/Request an offer ”: your full name, your e-mail address, your message – are collected directly from you and are processed on the basis of our legitimate interest in responding to your request and keeping a record of requests made by people who us contact. Regarding the data collected through the tender form, we will process your data and to take steps at your request before concluding an equipment rental contract.

b ) You can contact us by e-mail at [email protected]. We will process your contact details ( name, surname / alias, e-mail ) and other information that you send us based on our legitimate interest, to respond to your requests and to keep a record of the requests made by the persons who contact us.

In the above cases, your data is processed by our hosting provider of the Hetzner Online GmbH website. This company stores data on servers located in the European Union.

When you choose to contact us in any way, please send us only personal data strictly necessary to resolve your request.

B. Traffic data, collected automatically during the browsing of our website

Our website automatically collects certain information in our legitimate interest in order to ensure its security and optimal operation.

This information collected by us is traffic data sent automatically by your browser, collected by us or through third party services: Google, YouTube, Meta ( Facebook, Instagram ), Twitter, Linkedin are statistical data, in anonymous form, which although individually ( or isolated ) cannot lead to direct identification, by correlation with other data sets, in exceptional situations they have the potential to be used to identify a person, such as: locating the device from which you access the Internet, established on the basis of the IP address or following your agreement, provided through the device used for access, the browser used for navigation, its version and functions, other information accessible through the browser or application used, such as the version of the operating system or the resolution used on your device, the names of the accessed pages and / or downloaded files, the source of the previous page.

We use cookies and similar technologies on the website. You can find out more details in the Cookie Policy document.

C. Data collected as Associated Operators

1. Reea is an Associated Data Operator with manufacturers who have access to Artist profile data. The legal basis of the collection is the execution of our contractual obligations.

2. In the case of Republic Production and Bird Music Records accounts on various social networks ( Facebook, Twitter, Linkedin, YouTube etc. ) – we collect your data only for the normal interaction within that network, when: you subscribe to our pages, if you leave us comments on our posts, give Like / Share or write us a direct message. In these cases, we have access to your public profile, the reaction had the date and time of the message / comment.

The data are collected together with the social networks in question, together with which we are Associated Operators. The legal basis for the collection is your consent. The data is used to publish the comment or to be able to reply to the message you sent us. The data are kept until: closing our page on the social network, the moment when you withdraw your previously obtained consent through the social network or until you ask us to delete this information.

When you interact with our pages on various social networks, those networks process some personal data, on the basis of which they provide us with aggregate statistics. These statistics do not directly contain personal data, but only information such as: the number of views of our page, the number of people to whom content has been displayed on our page, the number of appreciations that our page has.

Our accounts on the various social networks are created under the conditions imposed by those networks. For more details on the processing of your data through these networks, please read their personal data processing policies.

4. If you choose to post a comment on the articles in our blog, you can do this if you have chosen to accept the Facebook cookie ( commentaire ) and you are registered in your Facebook account. Your comment can only be seen by people who have chosen to accept the Facebook cookie ( commentaire ). People who have accepted the Facebook cookie ( commentaire ), but have not registered in their Facebook account, can only see the comments without being able to comment . If you do not want to register in your Facebook account and do not accept the necessary cookie, you will not be able to see the comments and you will not be able to comment on the articles on our blog. In this situation, when you accept the Facebook cookie ( comment ) and / or use your Facebook account to comment, your data is only processed by Meta Platforms Ireland Limited, acting in this case as a Personal Data Operator. Reea SRL does not store any personal data in this process. The information collected by Meta Platforms Ireland Limited may be transferred, stored or processed even in countries outside the European Economic Area ( EEA ), such as the United States of America.

3. How do we store and protect your data?

The network securely stores your data on servers located in the European Union.

The network shall implement appropriate technical and organizational measures to ensure the security, confidentiality, integrity, availability and protection of data against destruction, loss, alteration, unauthorized disclosure or unauthorized access to processed personal data.

Some of the technical measures are:

• Implementation of an ISO27001 certified information security management system. This system involves a series of technical measures ( monitoring systems, compliant equipment, specialized personnel, physical security measures, cybernetics, etc. ) and organizational ( policies, operational procedures ) that apply to all staff;

• Use of cryptographic systems for medium and long term data storage;

• Use of antivirus solutions on the computer systems used;

• Encryption of electronic communications.

Some of the organizational measures are:

• Designation of a person in charge of the information security management system;

• Adoption of an internal code of conduct, applicable to all staff;

• Ensuring specialized legal support regarding local and international legislation with implications on personal data;

• Establishing contractual obligations with our partners and employees regarding the confidentiality and protection of personal data.

Your personal data that we process is limited to that that is necessary, appropriate, and relevant for the purposes stated in this Information Note.

Even if we strive to provide as much security as possible to your data, we mention that ensuring the security of the information transmitted cannot be done 100%, given the lack of security of data transmissions made over the Internet due to external factors, such as: viruses or malware, the loss of electronic devices from which you access the Platform, unauthorized access to your electronic devices, insecurity of wifi networks.

For better protection of your data, we recommend:

– In relation to us, do not communicate personal data unless expressly requested;

– Change the username and password of the wifi router;

– Choose strong, complex passwords for your electronic devices ( use a password manager ), unrelated to your personal life and save them in a secure way;

– Secure your electronic devices with passwords or other locking modes;

– Do not leave your electronic devices unattended;

– Check the identity of the persons you communicate with, to make sure that you do not communicate personal data to persons who do not legally represent us.

4. How long do we keep your personal data?

The data collected will be kept only for a determined period of time, depending on the needs and purpose of the processing.

If you have chosen to contact us: through the forms available on the website, we keep your personal data for 3 years from the date we last communicated with you or from the final settlement of your request.

Data obtained for processing based on your consent shall be kept until consent is withdrawn.

After the expiration of the periods indicated above, your data will be deleted by the persons authorized for this purpose by the Reea according to our internal procedures.

5. Who do we share your personal data with?

For the above purposes, your personal data will not be sold or rented to third parties.

We will share the required part of your personal data only to the extent necessary and only to the following categories of third parties:

a ) If you choose to use our Platform, we will be able to provide your personal data to our proxies:

• the company that provides us with certain services, as indicated in Section 2 of this Information Note ( ex: the company that hosts our servers, Hetzner Online GmbH;

• archiving services in physical and / or electronic format; legal, notarial, accounting or other consulting services.

Third parties indicated above who have access to your personal data are obliged, in accordance with the legislation in force or the contracts we have concluded with them, to use the personal data to which they have access only for the purpose of providing the service for which I have contracted them.

b ) Public authorities and institutions, if we have a legal obligation to disclose them.

c ) We may disclose your personal data to third parties:

– If you ask us or give us consent to this;

– If those persons can prove that they have the legal authority to act on your behalf;

– If we have a legitimate interest in managing, expanding or developing our business: if we sell part of our business or certain goods of ours, we may disclose your personal data to the potential buyer; if the Reea or a substantial part of the Reea goods is purchased by a third party, and the personal data held by us will represent part of the transferred assets;

– In order to respond to any claims, to protect the rights of a third party, to protect the safety of any person or to prevent any illegal activity;

– In order to protect the rights of the Network or of our employees and customers, as well as of other persons.

6. Transfer of personal data outside the European Economic Area

The network stores personal data that it processes on servers located in the European Union.

However, some personal data to which we have access can be processed by third-party companies operating outside the European Economic Area ( EEA ). If we provide any personal data to companies operating outside the EEA, we will take appropriate measures to ensure that they provide an adequate degree of protection to the data to which they have access. These measures include the conclusion of contracts in accordance with the standard clauses approved by the European Commission. Where appropriate, we also implement additional safeguards, such as encryption and / or pseudonymization.

7. What are your rights and how do we respect them when we have the quality of Operator?

Personal data legislation gives you a number of rights in relation to your data; below we give you details about them and how you can exercise them:

a ) Right of access – you have the right to request information about your personal data that we process, including the purpose of the processing, if and with whom they are shared and how long they will be kept.

b ) Right to rectification – if your data processed is inaccurate, you have the right to obtain rectification or completion.

c ) Right to delete data ( „ right to be forgotten ” – you have the right to request the deletion of your data, unless we need the data: to exercise the right to free expression and information; for the fulfillment of a legal obligation incumbent on us and / or a task performed in the public interest; for purposes of public interest, for the purposes of scientific, historical or statistical research; the formulation, exercise or defense of a right in court.

d ) Right to restrict processing – you may request the restriction of the processing of your personal data if: you challenge the correctness of the data, for the period in which we verify the accuracy of the respective data; the processing is illegal and you oppose the deletion of personal data, instead requesting the restriction of their use; we no longer need the data for processing, but you ask us for it, exercising or defending a right in court; you opposed the processing, for the period of time in which we check whether our legitimate rights prevail over your rights.

e ) Right to data portability – you have the right to receive your personal data from us, if you have previously provided it to us in a structured, automatically readable form. You also have the right to ask us to transmit your data to another personal data controller.

f ) Right of opposition – you have the right to object at any time, given your particular situation, processing your data if we process it under our legitimate or third party interests. In such a situation, we will no longer process your data with the following exceptions: ( i ) if we can demonstrate legitimate grounds and an interest that prevails over interests, your rights and freedoms and ( i ) if the purpose of the processing is to establish, exercise or defend a right in court.

g ) Right to withdraw your consent – if your personal data is processed on the basis of your consent, you may withdraw this consent at any time. Withdrawal of consent has no retroactive effect, so withdrawal of consent does not in any way affect processing performed prior to withdrawal.

h ) Right to address the National Authority for the Supervision of Personal Data Processing ( ANSPDCP ) – you have the right to lodge a complaint with ANSPDCP if you consider that they have personal data protection rights have been violated. Complaints can be submitted online, for more details, please access the following link: https://www.dataprotection.ro/?page=Plangeri_pagina_principala

8. What can happen if you do not want to send us your personal data?

In most cases, you are not required to communicate our personal data. However, there are situations in which, without additional data, we cannot solve your request.

9. Subsequent processing

Reea uses personal data only for the purpose for which they were collected. According to the GDPR Regulation, the further processing of personal data for historical, statistical or scientific purposes is compatible with the initial purpose of the processing.

10. Lack of an automated decision-making process

As a user of our services, you will not be the subject of a decision based exclusively on the automatic processing of your data that has legal effects on you or that will significantly affect you.

11. How do you contact us?

To send us a request, please write us a message in the contact form available on the Platform or you can send us an e-mail to [email protected].

We will inform you, within one month of receiving your request, of the actions taken. This period may be extended to two months where necessary, taking into account the complexity, number of applications or the impossibility of identifying the applicant. If the deadline is extended, you will be informed within one month of receiving the request, stating the reasons for the delay. If we cannot identify the person contacting us, we will only be able to respond to that request if we request and receive additional information in order to identify the data subject.

If we do not resolve your request in the affirmative, we will inform you of the reasons why we have not taken action and of the possibility to lodge a complaint with ANSPDCP or the court.

12. Final provisions

This Information Note may be amended, in whole or in part, from time to time. The changes are applicable from the time they are placed on the website. Whenever your consent is required or requested, we will inform you. We therefore recommend that you consult this document each time you use our services to get acquainted with the version in force.

This version of the personal data processing policy is stored on our website at https://republicproduction.ro/privacy-policy/.

Version 1 – in force since May 15, 2023