PERSONAL DATA PROCESSING AGREEMENT

NOR RESIDENTIAL SOLUTIONS S.R.L., a limited liability company, having its offices at 5-7 Bd. Dimitrie Pompeiu, Hermes Business Campus, HBC 2 (Building C), 1st floor, room 4, 2nd district, Bucharest, registered with the Bucharest Trade Registry under no. J40/16881/2018, CUI 40205188, hereinafter referred to as the “Company

in accordance with the EU General Data Protection Regulation no. 2016/679 (“GDPR”), regarding the protection of individuals with respect to the processing of personal data and on the free movement of such data and for the repealing of Directive no. 95/46 /EC, informs the potential promissory buyers (the “Clients“) of the immovables envisaged to be transferred, upon the processing of Clients personal data (“Data“) as follows:

Processed Data categories

  1. name, surname;
  2. nationality / citizenship;
  3. date, place of birth, age;
  4. address of residence and residence;
  5. e-mail address;
  6. telephone number;
  7. identity card (e.g. serial number and identity number);
  8. personal numeric code;
  9. civil status and marital status.

2. The basis of Data processing

2.1. The Data are required to be provided by the Clients and to be processed by the Company for:

  1. conclusion and execution of the reservation agreement, of the promise to sale and purchase agreement, of the sale and purchase agreement (the “Agreements”);
  2. fulfilment of Company’s legal obligations to, inter alia, keep accountings records.

2.2. The Clients are required to provide the Data, which are necessary for the conclusion of the Agreements. The refusal to provide the Data determines the impossibility of concluding the legal operation and of performing the Agreements.

3. Purpose of Data processing

3.1. The Data will be processed for the purpose of concluding and executing the Agreements, keeping the accounting records and settling disputes that may arise from the execution of the Agreements.

3.2. The Data may also be processed to:

  1. providing the information requested between the contractual Parties;
  2. contact the Clients, when necessary;
  3. for direct marketing, if the Clients have consented to this by filling in the box below.

4. Duration of Data processing

4.1. The Data will be retained by the Company throughout the duration of the negotiations on the conclusion of the Agreements, as well as after the conclusion of the Agreements, for the duration required by the relevant regulations regarding keeping the accounting records.

4.2. In the event that the negotiations between the Company and the Clients have not led to the conclusion of the Agreements, the Company will delete the Data at the moment of the termination of the negotiations, unless the Clients have expressly agreed to receive marketing information in which case the Company will continue the processing of the Data mentioned at point 1 (i), (v) and (vi) from above.

5. Recipients of the Data

5.1. The Data will be used by the Company. Our policy is not to disclose, share, sell or lease personal data to third parties in other manner than that provided in this Privacy Policy. It may be necessary to disclose personal data (including by providing remote access), only through secured applications, to third parties such as

  1. the public notary chosen by the Company or the Clients;
  2. the Company’s lawyers;
  3. our real estate agents, with whom we entered into the relevant contractual agreements, namely Knight Frank Romania S.R.L., seated in Bucharest, 1st District, 239 Calea Dorobantilor, 3rd Floor, Trade Registration no. J40/3663/2009, Sole Registration Code RO25307184, processing personal data in accordance with the Knight Frank privacy policy available at https://www.knightfrank.com/legals/privacy-statement;
  4. the external accounting companies, if the case, as well as to
  5. the courts, the bailiffs in the event of disputes concerning the conclusion and the performance of the Agreements.

6. Data transfer

6.1. Data may be transferred to other countries of the European Union in order to keep the Clients records by the group to which the Company belongs, without the prior consent and prior Clients’ notification.

6.2. If the Company intends to transfer the Data to countries outside the European Union, the Clients will be informed in advance.

7. Data accessing

7.1. The Data will be accessed by the employees of the Company with data processing attributions only for the purposes mentioned in Section 3 from above, and such employees are required to maintain the confidentiality of the Data, being trained on to Data Protection.

8. Data processing method

8.1. by automated and manual methods.

9. The obligations of the Company regarding the Data

9.1. The Company undertakes to:

  1. process the Data according to this information note and the specific legislation in force;
  2. process the Data only through secured pages;
  3. confirms to the Clients the processing or non-processing of the Data upon a dated and signed application filed in writing to the Company;
  4. rectify, update, block, delete or transform into anonymous data, free of charge, Data whose processing does not comply with the legal provisions;
  5. terminate free of charge the Data processing that is not legally processed;
  6. adopt all necessary security measures to protect Data against unauthorized access;
  7. facilitate the exercise of Clients rights with respect to the Data;
  8. notify the competent authorities of data security breaches;
  9. inform the Clients of data security breach which may create a high risk for his/her rights.

10. The obligations of the Clients regarding the Data

10.1. The Clients undertake to:

  1. Provide true, accurate and complete Data. If the Data is not true, accurate and complete, Clients are required to notify the Company as soon as possible to remedy this situation;
  2. Renew the Data, when the situation requires, to be true, accurate and complete.

11. The rights of the Clients regarding the Data

11.1. Mainly, the Clients have the following rights:

  1. the right to access the Data, respectively to:
    1. obtain from the Company confirmation if data relating to them is/not being processed;
    2. be informed of the transfer of data to states outside the European Union;
    3. receive from the Company a copy of the processed Data.
      In order to exercise the right of access, Clients will submit with the Company a written request, dated and signed.
  2. the right to rectify the Data, respectively to obtain the completion of the Data that is incomplete;
  3. the right to delete Data that exceeds the mandatory data to be provided for the conclusion and execution of the Agreements and the fulfilment of the Company’s legal obligations;
  4. the right to restrict the processing of the Data;
  5. the right to the portability of the Data, i.e. the transmission of the Data directly by the Company to other entities at the Clients request, if this is technically possible;
  6. the right to object to the processing of Data that exceeds the mandatory data to be provided for the conclusion and execution of the Agreements and the fulfilment of the legal obligations of the Company;
  7. the right to address to the competent authorities if they consider that the processing of the Data violates the legal provisions.