CONFIDENTIALITY POLICY

Suntem consultanţi în domeniul financiar - contabil și fiscal, iar cifrele reprezintă pentru noi mai mult decât simple instrumente de lucru. Contabilitate, salarizare, taxe, audit.

CONFIDENTIALITY POLICY OF THE CROWE FINEXPERT BOSCOLO GROUP


website and social media – finexpert-boscolo.ro

Rev: 3.0 Valid as of 06.03.2023   


1.    Premises

2.    Identity of the controller

3.    Processed personal data

4.    Quality of processed data

5.    Collection purpose

6.    Period in which personal data shall be processed:

7.    Personal data recipients:

        7.1 Third Parties involved in processing personal data

8.    Security measures:

9.    Data transfer

10.  Your rights regarding the processing of personal data

11.  Cookie information

12.  Cookies used on the website and personal data processing purposes

13.  Legal grounds of the processing based on the cookie technologies used by the website

14.  Manner of managing cookies and the consent regarding their use

15.  Manner of exercising the right to oppose, in case of processing based on Legitimate Interests

16.  Security and confidentiality problems

17.  Other security aspects related to cookies


1.  Premises


This confidentiality policy informs you of the information we collect from you when you use our website and the social media resources we control. In collecting this information, we act as a data controller and, by law, we are obligated to provide you with information about us, about the data we collect, the reason and manner in which we use your data and the rights you have on your data.


The purpose of this document is to describe the manner in which we collect, use and treat your data when you use the website.


We assure you that confidentiality is valuable for us, and we commit to comply with the private nature and security of the information provided by you when you visit our website.


Personal data refers to any information which tells us something about you, or which we can correlate with you when you interact with the online resources we control.


According to Regulation no. 679/2016, “personal data”, defined under art. 4, paragraph 1, refers to any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, especially in relation to an identifier, such as a name, an identification number, localization data, an online identifier or one or several specific elements, specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity.


You may also access the website without disclosing your identity or providing any information regarding your personal data. However, information may be automatically obtained when you visit the website, by recording in logs communication data such as the IP address from where you access the website and the links you access, but this shall not identify you as a person in the absence of other data sets.


Crowe Finexpert-Boscolo shall not correlate this information with other data that would allow your identification, unless the website is used in an abusive manner and there is the risk of committing a cyber crime. Other personal data shall be processed only if it is voluntarily offered by you: contact forms, user accounts created on the website. They shall be processed based on your consent as legal grounds.


Crowe Finexpert-Boscolo provides adequate technical means for you to express, in a free and informed manner, your consent for each data set, for which you express your processing approval.


2.  Identity of the controller


The Crowe Finexpert-Boscolo Group is composed of the following personal entities:


FINEXPERT - BOSCOLO AUDIT AND ADVISORY SRL, registered office at address No. 5, Popa Petre Street, unit A, 5th floor, office 501, District 2, Bucharest, Trade Register registration no. J40/4007/1995, Sole Registration Number RO7475015


FINEXPERT - BOSCOLO ZUCCHETTI PAYROLL SRL, registered office at address No. 5, Popa Petre Street, part 2, 3rd floor, section 7, District 2, Bucharest, Trade Register registration no. J40/4049/2006CUI RO18468447


FINEXPERT - BOSCOLO TAX & CORPORATE SRL, registered office at address No. 5, Popa Petre Street, 4th floor, part 1, District 2, Bucharest, Trade Register registration no. J40/8368/2015, Sole Registration Number RO34753380


FINEXPERT - BOSCOLO CONSULTING SRL, registered office at address No. 5, Popa Petre Street, part 2, Section 5, District 2, Bucharest, Trade Register registration number J40/7111/2003, Sole Registration Number RO15462709


The companies shall be collectively hereinafter referred to as “Controller”, defined as a personal data controller according to European Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).


You may contact us by mail at the addresses of the aforementioned registered offices, or by e-mail at dpo@crowe.ro.


We are not obligated to have a data protection officer; therefore, any question regarding the use of your personal data must be sent by using the aforementioned contact data.    


3.  Processed personal data


According to art. 13 of Regulation 679/2016, we hereby inform you that Crowe Finexpert Boscolo, in virtue of the legal grounds indicated in this document, depending on each data category, as a data controller, processes your personal data as follows:



4.  Quality of processed data


The company permanently aims to comply with the principles regarding the quality of processed data, according to the provisions of art. 5 of GDPR. Such data is processed:


·       legally, fairly and transparently in relation to the data subject

·       collected for determined, explicit and legitimate purposes, and is not subsequently processed in a manner which would be incompatible with these purposes

·       adequate, relevant and limited to what is necessary to the purposes for which it is processed

·       stored in a form that allows the identification of the data subjects for a period that does not exceed the period that is necessary for fulfilling the purposes for which the data is processed

·       processed in a manner that ensures the adequate security of the personal data


5.  Collection purpose


We use your personal data only for legitimate business purposes. These include:


·       providing the requested information, and in order to reply to the correspondence received from you;

·       promoting the image of the company;

·       personnel recruitment

·       sending information about us, about our promotions and about our activities and events, and those of our partners;

·       managing customer relations. We may ask you for feedback in relation to our products and services, and send it to certain members of our personnel, in order to improve our offers.

·       personalized marketing: we may send you letters, e-mails or text messages, in order to provide you with a product or a service. You may unsubscribe from such offers. You are entitled to not consent or object to commercial or direct marketing activities, including the creation of a profile in order to carry out the activities from this type.

·       in order to carry out legal obligations and social responsibilities, according to Romanian and international laws.

·       securing online information


Each personal data processing has a well-defined purpose which is indicated in the aforementioned table.


6.  Period in which personal data shall be processed:


The period during which the data is kept depends on the legal grounds of the processing and on the category of the data which is processed, and is indicated in the aforementioned table. As a general principle, personal data shall be processed for a minimum period provided by the law.


In case of personal data whose legal grounds are constituted by your consent, the processing may be carried out as long as you maintain your approval, which you previously signed in a free and informed manner, without affecting the legality of the processing carried out based on your consent, before it is withdrawn.


After the expiry of the indicated period, your personal data shall be deleted according to our internal policies and procedures.


7.  Personal data recipients:


Personal data may be provided to legally authorized state authorities, upon their request, according to the law.


Personal data may also be communicated to other commercial entities (partners, group companies), by complying with the provisions of art. 13 and 14 of Regulation no. 679/2016.


7.1 Third Parties involved in processing personal data


The processing the aforementioned data may involve providers that carry out, based on contracts, actions that would lead to the achievement of the aforementioned purposes.


By procedure, the selection of these providers also involves a standardized assessment phase, which assesses the preparation and compliance degree of the provider’s activities with the GDPR requirements.


These providers are mandated according to GDPR and operate your data by considering the legal provisions, and also written instructions regarding the processing of personal data, issued by the companies from the Crowe Finexpert Boscolo group, which are mandatory. The mandated persons must apply at least the same technical, organizational and legal measures as the operator, as well as other measures, specific to their activities.


The list of mandated persons, generically indicated by categories of activities, may be consulted by a simple request, either to data protection officers or to the contact addresses indicated by the company. The controller is entitled to change these suppliers.


8.  Security measures:


The controller and any entities that are mandated by the controller in order to process data shall establish technological, physical, administrative and procedural guarantees, according to the accepted standards in this field, in order to protect and ensure the confidentiality, integrity and accessibility of the processed personal data.


The controller and the entities mandated by the controller shall prevent the unauthorized use or access to personal data, and shall prevent personal data security breaches (security incidents), according to the instructions, policies and laws applicable to the controller.


The controller ensures that its employees and collaborators process this data by complying with the imposed confidentiality policy and all the internal procedures implemented regarding European regulation no. 679/2016.


9.  Data transfer


The controller does not transfer data outside the European Economic Area, for any of the aforementioned operations. If the use of technical solutions involves storing and processing data outside the European Economic Area, the controller shall previously consider and analyze the legal grounds of the data transfer. This informative note shall be adequately updated.   The safety measures regarding transfers remain valid no matter the situation.


10.  Your rights regarding the processing of personal data


Regulation no. 679/2016 provides the following rights to persons whose data is processed:


·       right to access

·       right to rectify

·       right to delete data

·       right to restrict the processing

·       right to data portability

·       right to oppose

·       right to withdraw your consent at any time, without affecting the legality of the processing carried out based on your consent before withdrawing it;

·       right not to be subject to exclusively automated processing, including profiling, according to GDPR

·       right to submit complaints with the competent supervision authority


For all the personal data processing operations carried out based on a legal obligation or under a contract, the refusal to provide this data may cause the termination of the contractual relations between the parties.


The processing carried out based on legitimate interests is necessary for the adequate operation of the internal processing of the controller and complies with the internal policies and procedures, which constitute obligations related to the employment contract concluded between the parties. All the processing operations carried out based on legitimate interests are detailed and approved by the managers of the organization, and ensure balance between the necessity of the processing and the data subject’s rights. For each processing operation carried out based on legitimate interests, you may ask to read the related documentation.


Depending on the legal grounds of the data processing and on the legal provisions imposed by the national or European legislation, some of the aforementioned rights are not applied.


For the processing whose legal grounds are based on your consent, you are entitled to request its cessation at any time, either by the technical means provided by media resources (by unsubscribing from our news flow, by cookie selection, etc.) or by contacting our company by the classic means provided by us (e-mail address dpo@crowe.ro or telephone number 0312285115)


The controller does not have automated decisional processes.


In all cases, requests may be submitted regarding the processed personal data, and the controller must reply within 30 days. This term may be longer, but its extension must be substantiated in writing by the controller.


Your rights may be exercised upon a request submitted to the data protection officers or to the contact addresses indicated by the company.


You are also entitled to file a complaint to the data protection supervision authority from Romania, if you deem that the processing of the personal data breaches the applicable laws.


The institution to which you may file complaints is:


Personal Data Protection Supervision National Authority

No. 28-30, G-ral Gheorghe Magheru Blvd., Bucharest

anspdcp@dataprotection.ro

www.dataprotection.ro  

+40.318.059.211

+40.318.059.212      


Personal data protection officer: the company is under no legal obligation to appoint one, therefore it has not appointed one


11.  Cookie information


https://www.finexpert-boscolo.ro uses cookies.


The purpose of the information below is to provide to users additional details about the placement, use and management of the cookies used by https://www.finexpert-boscolo.ro.


A user is any natural person who accesses the aforementioned website.


Cookie technologies allow the storage and accessing of information on / from a user’s terminal equipment or device, and may be cookies, software development kits (SDK), plugins or social media buttons, device/browser fingerprinting (fingerprinting or sole identification of the device / web browser), pixels, etc.


A cookie is a small special text file, placed on a user’s device by the websites which the respective user accesses. The cookie is sent by an internet domain / website to a web browser (e.g. Microsoft Edge, Chrome, Firefox), and then sent back by the browser, every time the respective website is accessed. The text files of the cookie have two components (name and value or content) and are stored on the visitor’s computer, tablet or phone for a predetermined period of time.


Each cookie contains identification numbers and the date and time when it was placed in the device / web browser via which the website was accessed. These cookie identifiers are deemed as personal data as they my individualize the devices on which the cookies were placed and their users.


The identification numbers of cookies may be combined with other personal and non-personal data, such as the IP address, other online identifiers such as advertising or user identifiers, information about the accessed pages and subpages, information about the browser, screen resolution, language. These combinations are used for generating additional personal data on the user, such as, for example, socio-demographic data (categories of likes and interests derived from online behavior, age categories, geographic localization).


Also, the user data collected by cookies by automated processes constitutes the basis for creating profiles which are used for delivering behaviorally targeted advertising.


Cookies may be divided into four general categories: session cookies, persistent cookies (based on their lifecycle criterion), first-party cookies and third-party cookies (based on the criterion of their origin).


Session cookies temporarily save in the web browser information about the user’s actions on the website, or data inputted by the user. Session cookies are automatically deleted when the user closes the browser or the window in which the website was accessed.


Persistent cookies remain stored on the user’s terminal after the end or the current navigation session, until their expiry date (generally, their lifecycle may be up to several years). These cookies retain information for future visits, such as the visitor’s browsing preferences or  settings, for the purpose of providing an improved usage experience.


First-party cookies are placed by the website / internet domain accessed by the user.


Third-party cookies are placed by a website / internet domain other than the one accessed by the user, when the accessed website contains information incorporated from a third-party website.


12.  Cookies used on the website and personal data processing purposes


On our website, we use five cookie categories, presented above. These are grouped into specific categories depending on the purposes for which the personal data is processed.


We use cookies from third parties (hereinafter referred to as “web partners”) with which Crowe Finexpert Boscolo collaborates and which process the user’s personal data, after the user accesses our websites, by placing cookies.


Some of the third parties with which we collaborate are Google, Linkedin, Facebook.


Crowe Finexpert-Boscolo recommends consulting the policies of third parties regarding the use of cookies and other similar technologies by the respective third parties, before accepting this type of data processing.


The cookie categories used on our website depending on the purposes for which personal data is processed are:


12.1    Strictly necessary


 These files are strictly necessary for the operation of the website, including those for saving/processing the options expressed by you regarding cookie technologies. These do not contain personal data, are deleted when the page opened by finexpert-boscolo.ro is closed, do not require your consent for placement/accessing, and cannot be deactivated.


The complete and updated list of these cookie types is available in the cookie preference center.


12.2       Ensuring website functions


These files allow the website to offer enhanced and personalized functions, for example retaining personal preferences during browsing and logging-n data, running videos or providing the live chat possibility. they may be added by us or by third-party providers whose services we added on our pages (partners). If you do not allow the placement/accessing of these files, some or all of these services may operate incorrectly. Selecting the general option Active (YES) for this purpose involves your consent for placing/accessing information. Your data may be used for monitoring and preventing fraudulent activities and in order to ensure the adequate and safe operation of systems and processes. Your device may receive and send information which allows you to view and interact with ads and content.


The complete and updated list of these cookie types is available in the cookie preference center. The cookie preference center allows this processing to be restricted, and to be carried out only with your explicit consent, by allowing the storage of these files or by using the button by which you accept the storage of all cookie types.


12.3    Measurement and analysis


These files allow us to monitor visits and traffic sources, so that we can measure and improve the performance of our website. They help us know the most popular or the least popular pages, and see how visitors move within the website. If you do not allow the placement/accessing of these files, we will not know when you visited our website and we will not be able to monitor its performance. Selecting the general option Active (YES) in the Consent column for this purpose involves your consent for placing/accessing information, by Cookie Technologies, by the partners that process data in virtue of your Consent, for which you select the Active (YES) option.


Separately, the “Measurement and Analysis” Purpose includes a processing Purpose, Content Performance Measurement, for which the procedure is similar to the one described above. The performance and efficiency of the content you see or with which you interact may be measured. It may be established that several devices belong to you or to your residence, in order to support one or several purposes. Your device may be differentiated from other devices based on automatically sent information, such as the IP address or the browser type.


The complete and updated list of these cookie types is available in the cookie preference center. The cookie preference center allows this processing to be restricted, and to be carried out only with your explicit consent, by allowing the storage of these files or by using the button by which you accept the storage of all cookie types.


12.4   Targeted advertising and advertising processing


These files are added on our website by our advertising partners (partners).


Market research may be used in order to find out information about the public who visits our websites/apps and view our ads. The performance and efficiency of the ads you see or with which you interact may be measured. Customized ads may be displayed for you, based on a profile about you. A profile may be built about you and your interests, in order to display customized ads which are relevant for you. Ads may be displayed based on the content you view, the app you use, your approximate location or the type of your device. Your data may be used in order to improve the existing systems and software and in order to develop new products. Cookie modules, device identifiers or other information may be stored or accessed from your device for the presented purposes.


If you do not allow the placement/accessing of these files, advertising which is not adapted to your profile shall be displayed for you. Selecting the general option Active (YES) for this purpose involves your consent for placing/accessing information, by Cookie Technologies


The aforementioned profile is not created by Crowe Finexpert Boscolo, but by these targeted advertising providers, by the apps which ensure the enhanced functionality of our online resources. The Finexpert Boscolo group does not have access to any information regarding these preferences.


The complete and updated list of these cookie types is available in the cookie preference center. The cookie preference center allows this processing to be restricted, and to be carried out only with your explicit consent, by allowing the storage of these files or by using the button by which you accept the storage of all cookie types.


12.5     Social networks


These files are placed/accessed by several social network services which we have added to our website, in order to allow the monitoring of your behavior on the accessed website and the correlation of this data with the data related to the account from the respective social network or with other data, in order to build a profile of your interests and to use this data for advertising purposes or in order to customize content; moreover, these files allow the distribution of content to your friends and networks. This may affect the content and messages you see on other websites you visit. If you do not allow the placement/accessing of these files, you may not use or view these distribution instruments. Selecting the general option Active (YES) for this purpose involves your consent for placing/accessing information, by Cookie Technologies, by the partners for which you select Active (YES).


The aforementioned profile is not created by Crowe Finexpert Boscolo, but by these targeted advertising providers, by the apps which ensure the enhanced functionality of our online resources. The Finexpert Boscolo group does not have access to any information regarding these preferences.


The complete and updated list of these cookie types is available in the cookie preference center. The cookie preference center allows this processing to be restricted, and to be carried out only with your explicit consent, by allowing the storage of these files or by using the button by which you accept the storage of all cookie types.


13.  Legal grounds of the processing based on the cookie technologies used by the website


The legal grounds of the personal data processing by strictly necessary cookies is our legitimate interest to ensure that the website operates in an adequate manner.


For the other cookie types, divided into categories depending on the general purposes for which personal data is processed, our legal grounds are constituted by the consent granted by the users of our website, and, in some cases, the legitimate interest of some partners, indicated in the confidentiality policies of the respective partners.


14.  Manner of managing cookies and the consent regarding their use


Cookies used for ensuring the transmission of communications over the internet and cookies that are necessary for providing services requested by users on the website, known as “strictly necessary cookies”, do not need to obtain consent.


Cookies that are not strictly necessary may be refused by the user before accessing the website; however, not all the functions or contents of the website shall be available, thus considerably reducing the usage experience.


Thus, before accessing the website, a “Cookie preference center” consent dialog window shall be displayed on the screen, where the user may choose and activate the cookie categories and partners for which he/she wishes to grant his/her consent regarding the processing of personal data.


The consent logs regarding the use of cookies are stored in order to prove the compliance with the requirements of (EU) Regulation 679/2016 (“GDPR”) on the protection of personal data, and are stored for maximum 13 months.


You are entitled to modify the previously expressed options and to withdraw your consent at any time regarding the processing of data by cookie technologies, and the legality of the processing until the withdrawal shall not be affected. Your consent may be withdrawn at any time from the “Cookie preference center”, which may be accessed on the bottom of the website by clicking on the box which states “Here you may modify cookie settings”.


Alternatively, most browsers offer to the user, by settings, the possibility of having a certain degree of control over cookies:


•                Edge https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy

•                Chrome   https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en

•                Firefox    https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

•                Opera   https://help.opera.com/en/latest/

•                Safari   https://support.apple.com/en-gb/safari


You may find detailed information about cookies and how you may control them at www.aboutcookies.org,  www.allaboutcookies.org and https://cookiedatabase.org


15.  Manner of exercising the right to oppose, in case of processing based on Legitimate Interests


You may exercise the right to oppose the processing of data based on the legitimate interests of some partners, if you deem that your fundamental interests or rights and freedoms prevail over the interest of such a partner, by accessing the confidentiality policy of the respective partner (by clocking on its link in the Cookie preference center) and by directly sending your request to the respective partner.


You may exercise the right to oppose the processing of data based on the legitimate interests of Crowe Finexpert Boscolo, if you deem that your fundamental interests or rights and freedoms prevail over our interests and rights, by sending an e-mail for this purpose to dpo@crowe.ro, in which you indicate the reasons for which you oppose the processing activities carried out based on our legitimate interests.


You may also waive the collection and use of data for behaviorally targeted advertising by using the mechanisms for exercising this option at http://www.aboutads.info/choices and https://www.youronlinechoices.com/ro/.


16.  Security and confidentiality problems


Cookies are not viruses! They use plain text formats.  They are not composed of code fragments, therefore they cannot be executed and they cannot run independently. Consequently, they cannot duplicate or replicate on other networks to run or replicate again.  As they cannot perform these functions, they cannot be deemed as viruses.


However, cookies may be used for negative purposes.  As they store information about users’ preferences and browsing history, both for a particular website and on several other websites, cookies may be used as a form of spyware.  Many anti-spyware products are configured to emphasize this fact, and constantly mark cookies in order to be deleted within antivirus / anti-spyware deletion / scanning procedures.


Generally, browsers have integrated confidentiality settings which provide various levels of cookie acceptance, the period of validity and automatic deletion after the user has visited a particular website.


17.  Other security aspects related to cookies


As identity protection is very valuable, and represents the right of each internet user, it is advisable to be aware of any potential problems which cookies may create.  As information between the browser and the website is constantly transmitted in both ways by means of the cookies, if an attacker or unauthorized person intervenes in the data transmission process, the information contained in the cookie may be intercepted.


Other cookie-based attacks involve incorrect settings of cookies on servers.  If a website does not request the browser to only use encrypted channels, attackers may use this vulnerability to trick browsers to send information through unsecure channels.  Then, attackers use the respective information in order to access certain websites in an unauthorized manner.  It is important to be careful in choosing the most adequate method of personal information protection.


Due to their flexibility and to the fact that the major part of the most visited and largest websites use cookies, these are almost inevitable.  Disabling cookies will not allow the user’s access to the most widely spread and used websites including YouTube, Gmail, Yahoo and others.


Captcha code
Or see contact page