GDPR

NOTICE REGARDING PRIVACY POLICY AND PERSONAL DATA PROTECTION

Business clients:

  1. General Information

The following notification on data protection is designed to inform you about the processing of your personal data and your rights regarding this processing in accordance with the General Data Protection Regulation ("GDPR") and local applicable legislation.

We, OFFICE MAX SRL, act as the data controller in accordance with GDPR and, therefore, are responsible for the processing of the data described below.

For data processing requests, you can contact us at any time via email at: data.protection@officemax.ro .

  1. Information about the collected data, processing basis Clients, Suppliers, Other Business Partners

We process data strictly in accordance with at least one provision from Regulation (EU) 2016/679, Article 6(1), based on:

  • Conclusion/execution of a contract (recital 44, Article 6(1)(b))
  • Fulfillment of a legal obligation (recital 45, Article 6(1)(c), Article 6(3))
  • Legitimate interests (recital 47, 48, Article 6(1)(f))
  • Vital interests (recital 47, Article 6(1)(d))
  • Consent (recital 32, 42, 43, Article 6(1)(a))

We do not process special categories of personal data.

Employees

We collect and process only data necessary for the conclusion and execution of employment contracts, the legitimate interests of OFFICE MAX, and legal reporting to public institutions/entities.

The personal data processed by us are stored within the EU on OFFICE MAX SRL proprietary support.

In case of activating cloud solutions for personal data processing (eg, online HR software), we will conclude written contracts with strict confidentiality clauses and access to this information.

We do not collect/request excessive personal data as they are not necessary/processed in our business processes. The data we target are public or available in legal, financial, or insurance databases.

Marketing and Customer Analysis

We will process all your personal data for commercial transactions necessary for contract execution and for customer relations, obtaining special quotations, and data analysis.

This includes market research, customer opinion surveys, customer analysis, customer segmentation, and profiling the legal entity to determine buying behavior and customer activity, repeated purchases of certain goods, and purchase data.

We may also contact you for these purposes via email, SMS, phone, fax, or mail. For the purposes mentioned above, your data will be stored in our database and enriched with data collected from public sources (eg, Trade Register).

Data Recipients

To achieve the purposes mentioned at points 2.a) and b), we use service providers, ie, processors under Article 28 GDPR, such as our courier services or other business services (on-site service, support reports, vendor price/guarantee support, etc.).

Mandatory/Voluntary Data Provision and Duration of Storage

After concluding a contract with you to process customer registration, the following data are necessary: ​​customer name (= your company name), industry, legal form, registered office address, fiscal address, delivery address, business phone/fax numbers, VAT registration code , identification data of authorized persons for purchases, technical contacts, collection, service, delivery, other specific duties/services, as applicable, and for financial and legal relations, the functions of these individuals, proof of the existence of your company.

The rest of the data collected during the customer registration process are provided by you voluntarily. You are not obliged to provide us with this personal data, and this data is not a legal or contractual requirement or a requirement necessary to conclude a contract. If you do not provide us with this personal data, it will not have consequences for you.

Your personal data will be stored for a minimum period until the termination of the contract, except when we have a legal obligation to continue storing your data for the purpose of presenting them to public authorities, such as tax authorities. The storage and transfer of your personal data to public authorities for the purpose of fulfilling a legal obligation are legally based on Article 6(1)(c) GDPR.

Archiving Storage Period

The data storage duration is 11 years from the last contact for business partners*, and 51 years for employees. *Except for contracts explicitly concluded with different archiving durations.

This duration may change with legislative amendments regarding the archiving of fiscal accounting or legal documents.

Your Rights

To exercise your rights in accordance with GDPR, you can contact us at any time and free of charge by sending a notification to the email address: data.protection@officemax.ro . These rights are as follows:

  • The right to receive information about the data processing and a copy of the processed data (right of access, Article 15 GDPR),
  • The right to request the rectification of inaccurate data or the completion of incomplete data (right of access, Article 16 GDPR),
  • The right to request the erasure of personal data, and, if personal data have been made public, the transmission of information regarding the erasure request to other data controllers (right to erasure, Article 17 GDPR),
  • The right to request the restriction of data processing (right to restriction of processing, Article 18 GDPR),
  • The right to receive personal data concerning the data subject in a structured, commonly used, and machine-readable format and to request the transmission of this data to another data controller (right to data portability, Article 20 GDPR),
  • The right to object to data processing with the intention of stopping processing (right to object, Article 21 GDPR),
  • The right to withdraw consent at any time to stop data processing based on your consent. The withdrawal will not affect the legality of the processing based on the consent given before withdrawal (right to withdraw consent, Article 7 GDPR),
  • The right to lodge a complaint with a supervisory authority if you believe that the data processing constitutes a violation of the GDPR (right to lodge a complaint with a supervisory authority, Article 77 GDPR).

Due to possible changes in legislation, a modification of these data protection notifications may become necessary. In this case, you will find the changes in the GDPR section on www.officemax.ro , available online. To the extent that the changes affect processing based on your consent, we will request your new consent, if necessary.

Individuals:

We use your data only with your consent in various ways depending on their nature. Below, we have detailed all types of data we collect and how we subsequently use them:

Email Address

If you have provided your email address, we will use it to send you informative emails about our products and services, as well as articles and resources published periodically on this site. In case of online payment, your email address will be transmitted to the online payment processor. The email address will be used for e-marketing campaigns on social networks promoting the site.

First and Last Name

If you have provided your first and last name, we use this data to personalize the emails you receive from us.

Phone Number

If you have provided your phone number, we use this data to contact you quickly, by phone, messages, or through WhatsApp. The phone number will be used for e-marketing campaigns on social networks promoting the site, as well as to send you SMS and messages via WhatsApp with promotional offers, news, and events.

Billing Information

If you have provided billing information (including VAT ID, Trade Registry Number, company headquarters address, bank account, bank name, legal representative's name, legal representative's position), we use this data to issue the invoice related to the order placed on our site . This data will be saved in our ERP system.

Personal Data Sharing

We have not sold, do not sell, and will never sell your data to third parties. We provide services based on the trust of customers and potential customers, and the safety of personal data is essential in this process. The only entities that have access to user data on this site are the agencies or providers with whom we collaborate under contracts containing confidentiality clauses, without which we could not carry out our activity, and, in exceptional cases and only based on official requests, public institutions applying the law in Romania. The only user data on this site that third parties have access to are aggregated and anonymized – based on which users cannot be identified.

Your Rights in Data Context

Here are your rights regarding data collection and processing:

  1. The right to be informed about how your data is collected and used;
  2. The right to access the data we have about you;
  3. The right to request the correction of the data we have about you;
  4. The right to request the deletion of the data we have about you;
  5. The right to request the cessation of sending marketing messages to you;
  6. The right to request the sending of your personal data to you or to another operator;
  7. The right to file a complaint regarding the use of your data with the relevant authorities.

We have taken all technical measures so that you are not obliged to provide us with any data (everything is optional), but it is good to know that without them, certain parts of the site may not function correctly, we may not be able to collaborate, or we may not be able to inform you about our services and products that you might be interested in.

For any questions in this context or clarifications, do not hesitate to contact us at data.protection@officemax.ro or by phone at +40 21 529 88 55.