This Strategy and Policy extends to and regulates the controlling and/ or processing of visitors’, users’ and/ or Business Counterparties’ Personal Data that REEA comes in contact with throughout its business operations (the principal place of doing business and official company Headquarters being located in Romania, member country of the European Union) regarding visitors, users and/ or Business Counterparties that are residents of the European Union, any of its member countries or/ and Switzerland. We provide information, products and/ or services to consumers and/ or businesses.

This Strategy and Policy also applies to data and/ or information that cannot result into instances of individual person(s) identification, including to cases in which pseudonymization is used. Such pseudonymization may involve the replacement of any personal identifiers with fictional alternatives in order to render the identification of individual persons impossible.

REEA have designated the executive leadership of our organization to implement, enforce, manage and oversee our program of data and information security, including our compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program, including but not limited to Our Privacy Strategy and Policy. The executive leadership will acknowledge, review and approve any modifications of a material manner that involve (even isolated aspects of) our program as they are necessary and/ or reasonable. Any comments, questions, issues, concerns or complaints regarding Our Strategy and Policy and/ or program may be directed to any official channel provided for within Section 13 of this document.

We will implement, manage, oversee, test and/ or challenge, and update our policies concerning our program of data and information security (including our efforts, practices, and systems) in order to uphold the protection of the Personal Data that we come into contact with. Our staff under employment contracts or/ and entity engaged in any legal relationship with our organization where we exert significant control over their activity will be trained and instructed, as reasonably applicable, to adhere to, implement and/ or enforce Our Strategy and Policy as effectively as reasonably possible. You may learn more about the specific action plan that we are enforcing in our efforts to best safeguard Personal Data from the provisions of Section 8 of this document.

REEA will update and re-engage both of its EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program on an annual basis, unless securing the maintaining of such certifications becomes mandatory on a more frequent basis (in which case we will adhere to the stricter requirements) or if our business operations, strategies and entire regulatory framework adherence requirements mandate that such certifications become undesirable or if we will adhere to, implement and enforce a different system of ensuring adequacy of a higher level of strictness regarding the protection

and upholding of the standards of privacy and security for the benefit of U.S., EU and/ or Swiss Confederation nationals.

Before applying for and/ or obtaining the re-approval of our participation within both of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program, we will implement and enforce a proprietary audit in order to make sure that our statements and practices regarding our management of visitors’, users’ and Business Counterparties Personal Data are as proper, accurate and compliant as possible, and that our business organization constantly and all-inclusively applies the before-mentioned practices in an reasonably-utmost appropriate manner. Specifically, within our proprietary auditing process and procedures, we will commit to the following actions:

1. Revisit, appropriately adapt and maintain the up to date nature of Our Privacy Strategy and Policy including the version of the document which we do and will continue to publish throughout our website presences in order to ensure the continuous compliance with both of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program in respect to our management of the Personal Data stemming from visitors, users and/ or Business Counterparties.
2. Make sure that Our Privacy Strategy and Policy is made available to the public and that it clearly informs and instructs our visitors, users and/ or Business Counterparties about REEA’s involvement within both of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks certifications within the Privacy Shield Framework Program, as well as about the always available option to obtain a copy of supplemental data and/ or information regarding the matter (e.g. to access and receive an issuance of Our Privacy Strategy and Policy).
3. Maintain the full compliance status of Our Privacy Strategy and Policy in respect to the principles of the Privacy Shield Framework Program.
4. Guarantee that REEA visitors, users and/ or Business Counterparties came in contact with the procedures available to them in order to initiate comments, questions, issues, concerns or complaints as well as with any and all of the means to escalate the matter to the attention of dispute resolution instances presenting the regulatory guarantee of independence (we may achieve this by means of visibly displaying the information on our public website, and/ or any business interaction).
5. Revisit, appropriately adapt and maintain the up to date nature of our strategies and implementations concerning the training of our staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity regarding our involvement in and adherence to the Privacy Shield Framework Program as well as the corresponding proper manner of managing the visitors’, users’ and/ or Business Counterparties Personal Data.

REEA will implement, issue and enforce a proprietary audit document during each and every year of our adherence intended for perpetuity to both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program.

Terms which are presented in a Capitalized form within Our Privacy Strategy and Policy are defined as Specific Terms hereafter:

“Business Counterparty” and “Business Counterparties” designate (a) client(s) and/ or customer(s) from the European Union or the Swiss Confederation involved in a business-type interaction with REEA. These designations will also include any agent(s), representative(s), or any staff under employment contracts or entity engaged in any legal relationship with their organization(s) or where they exert significant control over their activity, and also include all of our staff under employment contracts or entity engaged in any legal relationship with our organization or where we exert significant control over their activity in​ the event that we are managing their Personal Data within our business interaction with the Business Counterparty or Business Counterparties.

Our “staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity” also includes temporary, part-time, or contract-based hires, even former ones, independent contractors, and/ or applicants seeking REEA or any affiliates or subsidiaries thereof employment, that are at the same time legal residents of countries within the European Economic Area (“EEA”).

“Personal Data” is currently designated by the European Union Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”, published in the Official Journal of the European Union OJ​ L 119, 4.5.2016, within pages interval 1–88​) as any information relating to an identified or identifiable natural person (‘data subject’), designating an identifiable natural person as one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, physiological, genetic, mental, economic, cultural or social identity or traits of that natural person (including but not limited to visitors’, users’ and/ or Business Counterparties’ identification credentials, geographical location(s), device(s) information, marital status, Email information, password(s) and other identification data, phone, address and/ or emergency contact information, collection of education and employment or qualification(s) history information). Personal Data does not designate information that is anonymized or voluntarily made publicly available by its rightful owner. It should be noted that as far as the Swiss Confederation is concerned, the term “person” designates both (a) natural person(s) as well as legal entities, without distinction being made in respect to the actual embodiment of the specifically-involved legal entity).

“Sensitive Data” designates Personal Data that discloses visitors’, users’ and/ or Business Counterparties’ biometric data, health and/ or medical state, photographic or video captures, race or ethnicity, political, religious and/ or philosophical inclusions and/ or opinions, sexual preferences and/ or orientation, or membership(s) in work-related unions (e.g. trade unions).

“Third Party” and/ or “Third Parties” designate any legal entity or multiple thereof that is outside of the framework of REEA, our staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity.

REEA supplies diverse end-solutions to its visitors, users and/ or Business Counterparties that interact with its proprietary business strategy. REEA manages Personal Data from said visitors, users and/ or Business Counterparties whenever necessary and to extent necessary in the context of its most aggressive lawful pursuit of its proprietary business strategy, including but without limitation to visitors accessing its website, users that register for any and/ or all of our services or part thereof or access their allocated and secured spaces, to any of them that voluntarily submit Personal Data throughout our business interaction(s), (e.g. they can voluntarily choose to engage our live support modules or to submit certain Personal Data in our private business interaction in the secure manner which we allow for, provide and manage).

Any part and/ or the entirety of the Personal Data that we manage can be as diverse as the visitors’, users’ and/ or Business Counterparties’ behaviour within our business interactions. As far as the general information that may be managed, the following categories are of frequent inclusion: information that may facilitate interactions (e.g. name information, Email information, phone information, employment data, as well as financial and/ or payment information, potentially including credit card and/ or bank account information). Users and/ or Business Counterparties may be allocated personal spaces within the ambit of

our business interaction, including within a live support environment. They will be free to transfer any information which we reasonably require and they reasonably consider appropriate in the context of our business interactions, any management of their Personal Data being considered to be initiated by their express and unconstrained consent to this extent. We reserve the right to unilaterally deny the provision of specific (or even all) information, products and/ or services (or part thereof) at any moment that there a mutual agreement upon the necessity and opportunity of an information management aspect is not reached between ourselves on one part and visitors, users and/ or Business Counterparties on the other within the context of our proprietary business strategy.

Whenever visitors, users and/ or Business Counterparties interact with our online Internet business presence, we will potentially most always manage their information including Internet Protocol (IP) address and/ or browser-type software characteristics. We can manage interactions between the latter information categories and the particular registered users and/ or Business Counterparties.

We may manage the data and/ or information deriving from visitors, users and/ or Business Counterparties in order to pursue our most aggressive lawful proprietary business strategy, for example in order to provide them with information tailored to their behaviour and/ or predictability of their behaviour as determined by our management of such data and/ or information, and/ or in order to provide for and/ or secure the sale(s) of product(s) and/ or service(s), manage interactions and/ or transactions (including renewals thereof, even of a fully or partially automated manner), satisfy diverse internal and/ or external reporting, invoicing practices and/ or other operations in connection with the visitors’, users’ and/ or Business Counterparties’ interaction(s) with us.

In the case(s) of diverse information, product(s) and/ or service(s), REEA may act as provider, and in this capacity may be a controller and/ or processor that manages (including but not limited to receiving, storing and/ or processing operations) Personal Data. In any

and/ or all such case(s), we may act in the capacity of a Personal Data processor and will ensure that we lawfully process the Personal Data for and following the direction of our partner entities and/ or agents (including thereof). We may manage such collected Personal Data and/ or information, in order to provide for and/ or secure the sale(s) of product(s) and/ or service(s), manage interactions and/ or transactions (including renewals thereof, even of a fully or partially automated manner), satisfy diverse internal and/ or external reporting, invoicing practices and/ or other operations in connection with the visitors’, users’ and/ or Business Counterparties’ interaction(s) with us (including by adhering to the reasonable and lawful requests, indications and/ or business strategies of our partner entities and/ or agents, including thereof).

REEA manages Personal Data that it received directly from its own visitors, users and/ or Business Counterparties and/ or for its partner entities and/ or agents (including thereof) directly and/ or indirectly in its capacities of data processor and/ or controller for the pursuit of our proprietary aggressive business strategy in a lawful manner, including (without limitation) by means of:

1. identity verifications (e.g. connected to the users and/ or Business Counterparties personal digital spaces);

2. responses to actions originating from the visitors, users and/ or Business Counterparties;

3. keeping, controlling and/ or processing Personal Data within digital systems located in Romania (European Union Member Country) and/ or other locations (only if they provide adequate regulatory and/ or business safeguards in the strictest sense of interpreting the provisions of the European Union General Data Protection Regulation and those of both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program, for the ultimate purpose of completely eliminating or at the very least to the greatest extent minimizing any or

at the very least the utmost liability of REEA according to said regulatory frameworks);

1. managing information, products and/ or services, and/ or adhering to and upholding our contractual duties regarding them (including but not limited to transactions’ management, reporting, invoicing, renewals even of a fully or partially automated manner, as well as other operations and/ or activities related to providing information, products and/ or services to visitors, users and/ or Business Counterparties);

1. for any other proprietary business strategy-related lawful purposes (including but not limited to reporting, tax, customs operations and/ or activities) allowed for or mandatory by the enforceable local (Romanian), other national, supranational and/ or international regulatory framework(s).

REEA presents an always opt-in mechanism within the context of its information management. We will not disclose Personal Data to Third Parties in the lack of the specifically-expressed or at the very least implied consent of our visitors, users and/ or Business Counterparties granted upon us within the context of our business interactions with them as well as that of the proactively and extensively-interpreted reasonable business practices in any of the business environments connected in any manner whatsoever with our proprietary business strategy.

Except in the event of a provision otherwise contained herein, REEA will only disclose Personal Data to Third Parties that must reasonably become knowledgeable of such information and only insofar as the scope of the business interaction with REEA is concerned, in any case not for other reasons. Any and all such subsequent Third Party recipients have to accept to uphold specific duties pertaining to confidentiality, and at the

very least to all of the applicable REEA documentation including the implied references to adhering to the provisions of the European Union General Data Protection Regulation and to those of both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program.

REEA could potentially provide information, including but not limited to Personal Data, to Third Parties that may act in the capacities of consultants, contractors and/ or agents (even independent ones), in order to perform, provide and/ or manage tasks on behalf of REEA and under our specific guidance, instructions and/ or oversight. By means of example, REEA could potentially manage Personal Data in the operations (including systems) of such Third Parties. In any such case, the Third Parties must agree to manage the Personal Data only within the boundaries of the purpose(s) and/ or specific reason(s) for which they have been involved and/ or engaged by REEA, and they must at the same time cumulatively adhere to the provisions included herein:

1. comply with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and principles of the Privacy Shield Framework Program or at the very least with the provisions and principles of another system or mechanism allowed alternatively by the United States, European Union and Swiss Confederation law(s) and/ or regulation(s) concerning data protection (in the specific areas of transfers, exchanges, controlling activities and processing activities pertaining to Personal Data) which are in force;

1. comply with the provisions of the European Union General Data Protection Regulation framework;

2. and agree to provide compliant Personal Data safeguards that are at least as strict and protective as the ones established and/ or enforced by means of Our Privacy Strategy and Policy;

REEA can also disclose Personal Data for any other reasons and/ or towards other Third Parties whenever visitors, users and/ or Business Counterparties have consented to and/ or solicited such a disclosure. Any entity is hereby aware and agrees that REEA could potentially be required to disclose the Personal Data of visitors, users and/ or Business Counterparties in order to lawfully comply with a lawful mandatory request deriving from authorities, including but not limited to the purposes of meeting national security and/ or regulatory enforcement specifications.

REEA SRL does not request or/ and collect Sensitive Data from its visitors, users and/ or Business Counterparties.

REEA SRL deploys reasonable proactivity, diligence and efforts in order to uphold the accuracy, integrity and security of the Personal Data it manages. We are constantly adopting and implementing updated informational, physical and technical safeguards as reasonably appropriate in order to safeguard Personal Data from incidents (even partial or attempts) such as losses, misuses, mismanagements or instances of unauthorized accesses, modifications, disclosures or destructions. We deploy secure network and firewall safeguard technologies when managing Personal Data in electronic environments. In order to access our electronic data systems, we enforce the authentication of users by means of credentials including secure passwords or similar methods of secure access. We also deploy limitations on accesses, restricting the staff group that has to be allowed to access Business Counterparty Personal Data in the processes of our business operations (including upholding the security of the system that enables said business operations).

Moreover, REEA SRL implements secure encryption technologies in order to guard various types of Personal Data. Regardless of our reasonable precautions and efforts, we hereby

notify our visitors, users and Business Counterparties that a complete level of security cannot possibly be achieved at any or all given times, and highly recommend that they also research, implement and enforce appropriate personal security standards throughout our interactions.

REEA SRL hereby notifies its Business Counterparties of its adherence to and upholding of the principles set forth by the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks by means of its publicly-shared organization privacy policy entitled “Our Privacy Strategy and Policy”, which it has made available at the website link - https://www.reea.net/privacy​. and that it secures the acknowledgement, approval and adherence to this current version of the strategy and policy of each and every Business Counterparty whenever they initiate an official interaction with our organization in the business process.

The REEA SRL staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity may only access and/ or use Personal Data if they are specifically authorized to act in these manners and only within the limitations set forth in the specific authorization, including those pertaining to the purpose of carrying out their specific actions.

1. Rights to Access, Rectify, Modify and/ or Remove Personal Data. Visitors, users and/ or Business Counterparties enjoy the legal rights to Access, Rectify, Modify and/ or Remove Personal Data (including but not limited to knowing the information included in systems and to ensuring the accuracy and relevance of the information in respect to the purposes and/ or reasons that it had been collected under management for). Visitors, users and/ or Business Counterparties can review their own Personal Data which is managed within systems (including but not limited to databases) and initiate proceedings to rectify, remove or even block any and/ or all inaccurate Personal Data, in a lawful manner intrinsically consistent with all of the REEA relevant policies and specific business agreements that we enforce at any given time. Following the contact with a reasonable request, and as it is required by the principles of the Privacy Shield Framework Program and by those of the European Union General Data Protection Regulation regulatory framework, REEA will provide appropriate Access to Personal Data, for the purposes of rectifying or modifying the information when it is proven to be inaccurate. Users and/ or Business Counterparties can also change their Personal Data from their personal space, however this does not always automatically translate into a removal of the previous information (which we will maintain until specific request for removal given the implied consent or at the very least the implied personal interest of the safe space security in the event of a potential breach). In any case, in order to exercise their rights to Access, Rectify, Modify and/ or Remove Personal Data, visitors, users and/ or Business Counterparties should contact us via one of the official channels listed in Section 13 of this document. Data subjects are legally bound to only provide accurate, truthful and complete data and/ or information whenever they interact with us.
    
2. Solicitations to Access, Rectify, Modify and/ or Remove Personal Data. REEA will manage each of the following types and will notify the visitors, users, Business Counterparties and/ or other entities lawfully in the following events: (a) the presence of a lawful request from the data subject; and/ or (b) the presence of a lawful mandatory request for Personal Data disclosure from a regulatory enforcement authority.
    
3. Appropriately resolving solicitations to Access, Rectify, Modify and/ or Remove Personal Data. REEA will strive to acknowledge and appropriately resolve each and every reasonable solicitation to access, rectify, modify and/or remove or deactivate (including permanently anonymize) Personal Data in a proactively-timely approach and resolution.

Our Strategy and Policy can be adapted periodically, in order to maintain its provisions in adherence to the Principles established by both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks of the Privacy Shield Framework Program as well as to the European Union General Data Protection Regulation framework and principles. We will also inform and enforce the acknowledgment and upholding of these Principles by means of any official communication channel throughout our staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity base. We will also bring notifications to our visitors’, users’ and/ or Business Counterparties’ attention in respect to any updated information that can relevantly impact our management of the Personal Data (even if the management had begun previously), while offering them the choice of having their Personal Data being managed in any updated relevantly impactful manner.

EU and Swiss Business Counterparties can contact REEA SRL with questions, raise issues or concerns, or register complaints regarding this Strategy and Policy by contacting us:

Business Counterparty designation:

ARON SAMU PHD LLM ESQ SRL, by

Name of the Data Protection Officer Entrusted with the protection of personal data:

Dr. Áron Samu, LL.M., Esq.

Address:

No. 80-82 Horea Str. Apt. 6, Cluj-Napoca Mun., Cluj County, Romania, postal code 400275

Mobile phone number:

0040743773239

00407​GDPREADY

Google LLC Email address:

dpo.gdpr.reea.srl@aronsamu.com

The availability of the staff Entrusted with the protection of personal data: proactive 24/7 (24 hours daily, 7 days per week, as far as the duties which derive from the legal framework the communication being considered to have been initiated on the first national workday following the date on which the communication was effectively sent it the effective sending of the communication had taken place on a national holiday, the characteristics of workday and holiday being interpreted in accordance with the Romanian law of choice applicable to this document for interpretation purposes).

In order to ensure our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. Visitors, clients and/ or Business Counterparties stemming from the European Union and/ or the Swiss Confederation that raise any issues, concerns or disputes regarding the management of their Personal Data can feel free to contact us through any of the official channels outlined within Section 13 of this document.

Whenever the visitors’, users’ and/ or Business Counterparties’ issue(s), concern(s) and/ or dispute(s) with us are not resolved in (a) satisfactory manner(s) by means of our ensuing interaction(s), we hereby declare and confirm the upholding of submitting such unresolved instances regarding the issue(s) of privacy and/ or security falling within the ambit of any of

the or both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks to the standalone divergence(s) resolve(s) structure(s) operated by the relevant European Union Data Protection Authorities, beginning with our national authority available through the official communication channels presented hereafter:

Romanian National Authority: The National Supervisory Authority for Personal Data Processing

Address: B-dul Magheru 28-30, Sector 1, București

Telephone: 0040 21 252 5599

Fax: 0040 21 252 5757

Email: ​anspdcp@dataprotection.ro

Website: ​http://www.dataprotection.ro/

Art. 29 WP Member: President of the National Supervisory Authority for Personal Data Processing

Art. 29 WP Alternate Member: Representative of the Department of International Affairs

Any such issue(s), concern(s) and/ or dispute(s) will be directed to the attention of either the United States Department of Commerce and/or the Federal Trade Commission in order to offer assurance that (any) such instance(s) of interest to the visitors, users or Business Counterparties are processed and solved appropriately. There is an adequately-reasonable period in which the instance(s) should be solved. Whenever the relevant Data Protection Authority directs (an) instance(s) to the attention of the United States of America, the United States Department of Commerce has to adhere to a specific deadline to react. Whenever the Federal Trade Commission is concerned, it has taken upon itself to grant priority to instances generated by singular individual entities.

Whenever (an) instance(s) is not appropriately solved by the previously enumerated means, the final resort will be to forward it in redress to the attention of an available arbitration panel. This redress in (an) instance(s) pertaining to national security involving any entity

whose Personal Data reaches the United States will be managed by an Ombudsperson that is independent from the United States intelligence structures. The particular means of operating and the independent status of said Ombudsperson will be clarified, especially its independent status and its status in the interactions with any other regulatory oversight structures that are independent and have authority and jurisdiction over these matters, throughout the initial phase of the redress process.

The final resort, to be exercised only in special limited instances, is the redress that might be sought by European Union and Swiss Confederation entities to the attention of the mandatory arbitration structure of the Privacy Shield Panel.

REEA finally hereby declares and binds itself to the highest standards of openness, cooperation and compliance in respect to both of the European Union and Swiss Confederation Data Protection Authorities and to acknowledge, uphold and enforce the advice issued by these competent Authorities in respect to the data and information pertaining to its staff under employment contracts or entity engaged in any legal relationship with our organization where we exert significant control over their activity that is transferred from the European Union and/ or the Swiss Confederation within the relevant ambits of the employment and/ or other relevant legal relationships where we exert significant control over their activity.

Any data, information or part thereof, submitted by means of a visitor, user and/ or Business Counterparty voluntarily and free of any constraint whatsoever interacting with REEA within the ambit of our proprietary business strategy, is considered to be submitted in good will, good faith, fair dealing and full acknowledgement of the legal implications of such action, without intent to raise claims of prejudice and/ or inflict any sort of legal liability upon us. Whenever you begin to have any question, issue, concern, objection or other attitudes or opinions which result in you not wanting to proceed in the foreseeable manner of our interactions or if you want to take steps back by removing any information or part

thereof from our management, contact us immediately via the official communication channels presented publicly within Section 13 of Our Privacy Strategy and Policy in order to amicably resolve our differences. We reserve the right to act in a manner consistent with our perfectly-lawful business strategy, including to withhold, deny, or restrict your access to information, products and/ or services (even partially) to the least extent necessary given your change in attitude, behaviour and/ or sovereign personal decision(s) regarding our management of your data, information and/ or Personal Data.

Finally, we hereby declare and uphold our acknowledgement, adherence to and enforcement of the entire applicable European Union General Data Protection Regulation regulatory framework (including all of the implied, related and connected regulatory framework provisions, as well as those that will supersede or in any manner alter any category thereof, including the European Union General Data Protection Regulation itself).

Our Privacy Shield Strategy and Policy was published and becomes enforceable today, the 25th of May 2018, and has 20 (twenty) pages, including 6241 words, 40800 characters, and 34785 characters excluding spaces, according to the specifications determined by Google LLC Docs, showcased hereafter:

IN FORCE

Version 1.0 - May 25th, 2018
 

VERSION(S) HISTORY

1.Version 1.0 - in force May 25th, 2018
 

Date of Last Change:​May 25th, 2018

The personal data which we gather directly or by means of certain third party services include:

• The IP address, when you access Internet pages
• The name of the accessed page
• Identification data like for example: last name, first name, Email address, phone number, when you decide to contact REEA SRL and these are offered voluntarily by means of consent or which we consider objectively-necessary or at the very least useful in our proprietary business interest in order to be able to contact you regarding the purpose for which you express your consent and/ or interest.
• Statistical data, in anonymous form, which even though individually (or in an isolated manner) cannot lead to direct identification, by means of their correlation with other sets of data, exceptionally have the potential to be used for identifying a person.
• This data may include for example:
  • The location established on the basis of the IP address, or following your consent, provided by means of the device used for accessing our platform.
  • The Browser used for navigation, its version and functions
  • Other information which is accessible by means of the utilized Browser or application, like for instance the version of the operating system or the resolution used by your device.
  • The names of the accessed pages and/ or of the downloaded files
  • The source of the preceding page

REEA SRL does not carry out processing that would lead to the identification of persons on the basis of the statistical data, this data being gathered by means of third party services and places at our disposal in an anonymous format. Most times, the gathering of this information may be blocked by configuring the utilized device appropriately, or by means of refusing our access to this data whenever your consent is required to this end.

REEA SRL does not collect and does not process Sensitive Data, or which relates to minors by means of the pages that are available within the Internet address www.reea.net. We hereby specifically notify you not to send any type of personal data, other than those enumerated within section 2 of this document either voluntarily or accidentally by means of the forms placed at your disposal.

We also specifically hereby notify you of the duty to not provide any type of personal information within the pages which offer you the possibility to input or post comments.

The persons which are considered to be minors in accordance with the applicable legislation are bound by the duty to request the assistance of their legal representatives and to contact us immediately by means of the Google LLC Email address dpo.gdpr.reea.srl@aronsamu.com.

• The IP address - is gathered for the purpose of ensuring the security requirements, in accordance with the legal requirements that are currently in force as well as for the purpose of adhering to the internal norms and regulations regarding the information security.
• Identification data - is being gathered and processed in exclusive compatibility with the purposes for which you express your interest or with those that we have established in our own legitimate proprietary business interest, such as, for example, within the process of answering offer-issuing requests, or that of establishing a pre-contractual business relationship. To this end, they will be transferred within the REEA SRL organisation to one or more departments or internal structures (including but without limitation employees, contractual personnel or personnel under legal control). As the case may be and taking into account your specific consent or our legitimate proprietary business interest, we will also use it within the ambit of marketing or information dissemination campaigns as far as the content alterations, those of the terms of use or that of this Privacy Policy are concerned.
  We hereby specifically notify you regarding the fact that there are instances in which REEA SRL is held to notify you, on the basis of legislative provisions or of our proprietary legitimate interest, even in the absence of a specific agreement stemming from your part, whenever there are grounds which indicate the fact that you might be adversely-impacted, that our business relationship could be impacted including but without limitation in respect of the pre-contractual stage in which we might find ourselves, or that the notification is justified on the basis of our proprietary business interest. Subsequently, we hereby enumerate a series of a few examples of such instances: fraud prevention, the loss or unauthorized disclosure of certain information, the unavailability of certain services, the need to update the personal date, obtaining a consent in respect to a newly-relevant type of processing etc..
• Statistical Data - is used anonymously in order to:
  • Monitor the trends and/ or identify certain potential security breaches;
  • Create reports for the purposes of improving the browsing experience, the manner in which we present the information, or in order to ensure the appropriate functionalities in line with the technological evolution (including but without limitation the field of information security).

For the purpose of improving the services, the communication and/ or the experience of our visitors, the data will be transferred as the case may be, within the scope of the purpose for which it has been obtained, towards:

• REEA SRL Internal Departments (including employees, contractual staff or personnel under legal control), which have specific duties to monitor and solve your requests;
• Governmental Authorities, such as the fiscal, judicial, police, regulatory or arbitrage ones in the situations imposed by means of the law;
• The lawful tutelage representatives, the legal representatives in the events in which the data subject is considered to be a minor in accordance with the applicable legislation;
• Data Processors in accordance with the legislation that is in force.

The internal communication is carried out in all situations in accordance with the internal information security management system, which is ISO 27001 certified, as well as with adherence to the 2016/679 EU Regulation (the General Data Protection Regulation, “GDPR”).

The statistical data is collected by means of specialized services, or indirectly provided by means of certain functionalities which serve the purpose of improving your experience and which can be in turn offered by means of certain third party services.

Within the pages of the www.reea.net address we use the following services:

• Google Analytics, owned at the date of the last accessing by Google LLC - we hereby invite you to decide upon whether to consult the terms of using this service at the up to date Internet address, currently https://policies.google.com/terms (date of the last accessing November 13th 2018)
• Facebook Pixel, owned at the date of the last accessing by Facebook Inc. - we hereby invite you to decide upon whether to consult the terms of using this service at the up to date Internet address, currently https://www.facebook.com/about/privacy (date of the last accessing November 13th 2018)
• LinkedIn (including widgets, buttons, share buttons functionalities), owned at the date of the last accessing by the LinkedIn Corporation - we hereby invite you to decide upon whether to consult the terms of using this service at the up to date Internet address, currently https://www.linkedin.com/legal/user-agreement (date of the last accessing November 13th 2018)
• Twitter (including widgets, buttons, share buttons functionalities), owned at the date of the last accessing by Twitter Inc. - we hereby invite you to decide upon whether to consult the terms of using this service at the up to date Internet address, currently https://twitter.com/en/tos (date of the last accessing November 13th 2018)

REEA SRL carries out every reasonable effort in order to uphold and secure the rights of the users of the www.reea.net domain. The rights over the personal data are:

• The right of acces to the personal data - In a reasonable and free manner, you enjoy the right to request a report regarding the personal data which we manage, in accordance with the provisions of the GDPR.
• The right to rectification - In the instances in which you notice disparities, or in which you become aware of the alteration of certain personal data which is managed by REEA SRL, which are no longer accurate, you enjoy the right to request their rectification, in accordance with the provisions of the GDPR. In our own proprietary business interest, we hereby notify you regarding your duty to exercise this right as often as the circumstance becomes applicable, in accordance with the provisions of the GDPR.
• The right to object to the personal data management - You enjoy the right to request the cessation of certain types of procedures being carried out by REEA SRL regarding the personal data, in accordance with the provisions of the GDPR. This right may be exercised whenever a certain type of operation is considered to be groundless. We will take the request into consideration and we will clearly notify you regarding the manner of proceeding, the legal basis and the decision to solve your request.
• This right may not be exercised, or the request will be denied, if the management of the personal data derives from a requirement provided for by the legislative framework which is in force, if it is in accordance with the provisions of an ongoing contract, if it adversely affects a third party (except for the case in which by means of the favourable solving of your objection we may continue to protect that third party appropriately), or if it may influence the investigations of certain State authorities. Moreover, you may not oppose the management which constitutes a part of, affects, or may affect the REEA SRL security systems.
• We nevertheless assure you of the fact that we will process you requests at any possible time, in strict compliance with the provisions of the applicable regulatory framework, and especially with those of the GDPR.
• The right related to profiling and automated decision-making - Grants you the possibility to oppose the decision-making being carried out by automated management systems, without the intervention of a real person. REEA SRL does not apply such management procedures to the personal data that is gathered by means of the webpages within the www.reea.net domain.
• The right to restrict data processing - Grants you the possibility to request the restriction of the management of the personal data in the following circumstances:
  • You are aware that we manage personal data which no longer complies with reality, or there is inaccurate information present.
  • There are sufficient reasonable grounds in order to consider that the carried out management is illegal.
  • You wish to specifically store the data, by means of issuing an agreement to this end in writing, but you do not wish that this data would be included, partially or completely, within certain management-type procedures.
  • A request is issued by means of which you claim your “Right to restrict data processing” in respect to the personal data which is managed by REEA SRL within the ambit of our proprietary legitimate business interest.
• The right to data portability - Grants you the possibility to request the transfer of the personal data, by means of automation, whenever this is possible from a technical standpoint, on the basis of a contract or of a specific consent, issued in writing.
• The right to “be forgotten” (to erasure) - Represents the right to request the erasure of the personal data within the following circumstances:
  • The data is no longer necessary for the management, it does no longer serve the purpose for which it has been gathered, or it becomes inaccurate.
  • The legal basis for the management disappears by means of legislative modifications, or by means of the retraction of a previously-issued consent.
• The right to lodge a complaint - Ensures your option to register a complaint in the instances in which you are unsatisfied with the manner in which we respond, or due to the quality of our responses, respectively that of the solutions which we offer in response to the requests which you have made in respect to the gathering or management of the personal data.
• The right to compensation and legal counsel - Represents your right to request compensation and legal counsel in the circumstances in which proven damages are due as a consequence of personal data management-type procedures being carried out by REEA SRL in its Data Controller capacity.

We hereby mention that in every situation we are bound by the legal duty to appropriately verify the identity of the data subject and as a consequence of this fact this could imply the request of additional specific personal data.

This document has the nature of “Additional applicable internal documentation” in accordance with Our REEA SRL Terms of Access, Use and/ or Interaction Business Strategy and Policy, and will in any case be completed in the manner prescribed for by the latter with the contractual documentation, including but without limitation to the provisions of the Contracts and the Additional Agreements to the before-mentioned which you will enter into alongside REEA SRL.
 

The management of the advertising materials

We hereby reserve the right to unilaterally decide, at any given time, the cessation of a negotiation or the cessation of providing services or the refusal to manage information or personal data (including advertising materials), without this decision being construed in such a manner as to impact the outstanding duties between REEA SRL and yourself in the capacity of our Client. Upon the cessation of the contractual relationship, the delivery and receipt of the entirety of the information will be acknowledged by means of a record which will exonerate REEA SRL from any future liability and will transfer the entirety of the risks associated with any liability upon yourself for the following period starting from the moment of the cessation of the contractual relationship with the REEA SRL commercial entity.

You hereby acknowledge your exclusive liability and ensure us regarding the fact that any advertising content is acknowledged by you insofar as its origin and belonging is concerned previous to any publication of such. You are directly acknowledging the responsibility of upholding of the REEA SRL Documentation, as well as the upholding of the documentation of the companies which offer you the platforms within which the marketing campaigns and contests are carried out, which you select prior to entry within the REEA SRL contractual relationship or in any case at the same time of the moment of such entry in the limited circumstance in which you also request assistance services related to the registrations within these platforms.

REEA SRL will not, under any circumstance, become liable for any information which is managed in the sole interest of our clients. The entirety of the information will be initially approved by you in your capacity of Client and Data Controller, and periodically as well, so that prior to any action undertaken by REEA SRL these will be decided upon, initiated and organized by yourself while bearing the entire legal liability over the content. REEA SRL will only subsequently proceed to execute these actions in accordance with your precise and specific instructions, in its capacity of Service Provider and Data Processor.

REEA SRL is not in any manner liable for your contractual relationship with the companies which offer you the platforms within which the marketing campaigns and contests are carried out, which is independent from the relationship between our organizations, case in which you remain completely and exclusively liable and owe the duty to uphold your duties therein. We hereby also reserve our right to recover any damages which might have been caused to us due to our forwarding of certain funds on your account and in your instance in the event in which alterations or cessations of our contractual relationship with you arise.

REEA SRL, in its capacity of Data Processor in respect to you, the Client, in your capacity of Data Controller, actively become involved at any given time in order to protect the personal data which we come into contact with. The authorized personnel which we involve in its management is selected and operates with the upholding of the principles of the minimization and anonymization of the personal data. The personal data to which the current section makes reference to are both your personal ones or those belonging to the organization which you represent, as well as those of the visitors and clients of your own organization. We constantly review our data and systems in order to ensure an optimal degree of privacy and security.

We hereby mention that in our capacity of Data Processor, we also gather financial data in order to manage your online presence and in order to be able to engage you within certain marketing campaigns or contests. The payments are made by you, the contractual relationships in this regard being established directly between yourself and the the companies which offer you the platforms within which the marketing campaigns and contests are carried out. Moreover, we hereby reserve the right to contact you regarding our contractual relationship. The legal basis of the processing is represented by your specific consent to this extent, issued by means of the contractual duties which you undertake.
 

Notification regarding the copyright

The copyright and any other relevant rights as far as intellectual property is concerned belong to the Client within the ambit of its individual social media networks profiles in its capacity of Personal Data Controller in the absence of a provision to the contrary. The Client grants a free and universal license right to the REEA SRL commercial entity in order for the latter to be entitled to edit, use, modify, rectify, adjust, eliminate any information or part thereof in connection with these authorship rights and any other relevant rights as far as intellectual property is concerned outside of the Client’s individual social media networks profiles, in its capacity of Data Processor.

We hereby reserve the right to modify these aspects without prior notification except for the publishing of the last up to date version within the Internet webpage. The most recent version which is in force is represented by the one which is published on the www.reea.net Internet page at any given time.

You hereby acknowledge the fact that the provision of services by REEA SRL to you in your capacity of Client presupposes at any given time the full acknowledgement of any subsequent modifications of these provisions.

In the event of any questions, misunderstandings, or simply in order to request any additional information, you may address the REEA SRL Data Protection Officer by means of the Google LLC Email address dpo.gdpr.reea.srl(at)aronsamu.com.

All of the rights may be exercised by using the means and contact data placed at your disposal within the “Contact us” section at the end of the current Privacy Policy.

REEA SRL engages in every reasonable effort in order to protect the data, including that of a personal nature, of all the persons with which it comes into contact. To this end it constantly strives to improve the internal policies and procedures, as well as to improve its own security systems and the training of its personnel.

Some of these measures are, for example:

• The designation of a Data Protection Officer (entrusted with the personal data protection, “DPO”)
• The designation of an Information Security Management Officer/ Manager
• The implementation of an ISO27001-certified Information Security Management System. This system implies a series of technical (monitoring systems, compliant equipment, specialized personnel, physical and cybernetic security measures etc.) and organisational (operational policies, procedures) safeguards which apply to the entirety of the personnel
• The adoption of an internal organizational code of conduct, applicable to the entirety of its staff
• Providing the special legal support regarding the local and international legislation which impacts the personal data
• Carrying out ongoing training sessions with the involved personnel in the fields of personal data protection and of information security in general
• Ensuring the safeguards of adequate organisational and security systems to the benefit of the partners and collaborators whenever personal data is managed in the capacity of Controller by means of the enforcement of specific contractual provisions.

Depending on the specific nature of the processing and on that of the duties imposed upon us by the in force legislative framework, the personal data storage timeframes may vary from a low of a few days to a high of a number of years. We hereby mention that the storage timeframes include the archiving timeframe. Thus, the storage timeframes are closely correlated to the validity timeframes of certain issued documents, it is relative to the purpose of the processing and may be influenced by legal provisions regarding to the prescription of certain situations as provided for by the Criminal Code, the Civil Code or other normative provisions that are currently in force.

We hereby assure you that in all given instances we will promptly analyze the possibility of the utmost removal of the data from the entirety of the systems within which its processing is no longer necessary or does no longer correspond to the purpose for which it has been gathered (for example, we will be able to remove the account from a marketing list, so that you will stop receiving notifications, but we will not be able to delete the issued invoices in the event in which good or services have been purchased, as there are specific legal provisions in place imposed by the Tax Code regulating the storage timeframes in such instances). Moreover, we are bound to contact you if there is a legal basis for this action (such as the event of a security breach in which financial data has been compromised, or if the results of our analysis regarding the situation indicates the possibility that you have been impacted from a material and/ or moral standpoint).

On the basis of the above-mentioned, we may state that the REEA SRL policies provide for, in accordance with the current regulatory framework that is in force, durations of storing the personal data starting from 30 days and reaching up to 70 years. As the case may be, the necessary duration that must pass prior to removal in the event of certain specific requests will be transmitted to you via the reply to your request.

Specifically in the case of the www.reea.net domain:

      - The web logs (journals) and those resulted from the security systems will be maintained for a duration of 12 months on the basis of the legislative requirements and that of the legitimate interest (the analysis of security systems, the fulfilment of certain contractual duties).

      - Statistical data will be stored in a granular manner for 12 months, and in an aggregated manner for a maximum duration of 3 years.

      - The identification data that is sent by means of the contact form will be stored for a duration of 12 months in the situations in which the incidence of a contractual relationship is not reached.

A. DPO (Data Protection Officer, entrusted with the protection of the personal data, Personal Data Protection Officer)

        In order to exercise the rights contained within the current Privacy Policy, in order to receive additional information regarding the gathering and management of personal data by REEA SRL, or for any issues which imply personal data and especially in the event in which minors are involved in accordance with the normative regulatory provisions that are in force, we hereby notify you of your right and duty to immediately and without undue delay contact the REEA SRL Data Protection Officer (DPO):

        Business Counterparty designation:

        ARON SAMU PHD LLM ESQ SRL

        Name of the Data Protection Officer Entrusted with the protection of personal data: Dr. Áron Samu, LL.M., Esq.

        Mobile phone number: 0040743773239 = 00407GDPREADY

        Google LLC Email Address: dpo.gdpr.reea.srl@aronsamu.com

        Address: No. 80-82 Horea Str. Apt. 6, Cluj-Napoca Mun., Cluj County, Romania, postal code 400275

        The availability of the staff Entrusted with the protection of personal data: proactive 24/7 (24 hours daily, 7 days per week, as far as the duties which derive from the legal framework the communication being considered to have been initiated on the first national workday following the date on which the communication was effectively sent if the effective sending of the communication had taken place on a national holiday, the characteristics of workday and holiday being interpreted in accordance with the Romanian law of choice applicable to this document for interpretation purposes).

        We hereby notify you regarding your duty to refrain from including any type of personal data or file attachments unless we will specifically request this.

B. RMSI (Information Security Management Officer - Manager)

        In the event in which you hold information regarding the infringement of certain security provisions, or if you hold information regarding a security breach, please contact the Information Security Management Officer (Manager) by means of the Email address rmsi@reea.net.

        We hereby notify you regarding your duty to refrain from including any type of personal data or file attachments unless we will specifically request this.
 

C. The National Supervisory Authority for Personal Data Processing

        The direct contact data of the National Supervisory Authority are presented at the up to date Internet address which we invite you to decide to access, currently www.dataprotection.ro (date of last access November 12th 2018).

        Address: B-dul Magheru 28-30, Sector 1, Bucharest

        Telephone: 0040 21 252 5599

         Fax: 0040 21 252 5757

         Email: anspdcp@dataprotection.ro

         Internet website: www.dataprotection.ro

D. Personal Data Controller

         The Controller of the Personal Data which is gathered and managed by means of the webpages included within the www.reea.net address is:

         Commercial Entity:

         SC REEA SRL

         RO 10966500

         J26 / 628 / 1998

         Str. Republicii, Nr. 41, 540110, Târgu Mureș, Romania

         Contact phone number: +40 365 410 942

         Email: office@reea.net

IN FORCE

Version 1.0 – November 13th 2018

VERSION(S) HISTORY

1. Version 1.0 - in force November 13th 2018

Date of Last Change: November 13th 2018

The Document has been revised as far as the personal data protection provisions are concerned. Subsequently to the analysis, adjustments and corrections of the proprietary content of the REEA SRL company have been carried out. The ARON SAMU PHD LLM ESQ SRL company hereby certifies by means of the Data Protection Officer Dr. Áron Samu, LL.M., Esq. a level of upholding of the current normative provisions that are in force equivalent to that of “Efforts awareness” and hereby grants the current document a red color codein accordance with the certification standards of the ARON SAMU PHD LLM ESQ SRL company, today, November 13th 2018.