What is personal information?
For the purposes of this policy, personal information is considered any information about an individual, other than function or contact information that is used for business communication.
Personal information does not include anonymous or non-personal information – information that cannot be associated with an individual.
What personal information do we collect?
We collect and maintain several types of information such as:
Data required to run applications.
Supplier data for contracts and invoices.
Customer data for contracts and invoices.
Why is personal data collected?
The operator is the person who determines the purpose for which the data is processed. The authorized person is the person who processes personal data on behalf of the operator.
In the conditions in which we process as an operator, we request personal data directly from you – customer or supplier.
If we process data as agents, we take over the data from the operator and process it according to the method established by them.
The purpose for which we process data is to provide you with services or to make payments to you.
The organization does not process personal data for:
- Conduct market research;
- Sell them to other parties;
- To provide to other parties for their purposes.
Where do we store personal information? About transfer and monitoring.
The organization ensures technical and organizational measures for possible loss, destruction or unauthorized access. The information is stored on the server protected by antivirus and firewall. We have privacy policies and obligations to respect the protection of personal data implemented in the organization.
Your data will not be transferred outside the EU.
We constantly monitor how the information is kept.
How is personal data used?
Personal data is used for the purposes mentioned above and for any other purpose required by law.
When does the organization have the right to disclose personal data?
We only share personal information if:
It is required by law;
There are complaints and investigations.
Notice and Consent
Consent is not required for the data processed according to the law by our organization.
According to the regulation, you can notify us about your personal data or, if we are authorized, you can notify the operator. As soon as possible, depending on your request and according to the regulations and legislation in force, we will give you an answer.
How personal data is protected?
Petro Aqua maintains whenever possible protections regarding personal data consisting of passwords, firewall, anti-virus, safe, etc. All are designed to protect personal data from unauthorized access by copying, change or loss
Data recovery is done according to the business continuity plan.
How long personal information is retained?
Petro Aqua may retain personal data as long as necessary for the purpose for which the personal data was retained (according to consent, contractual requirements, legal processing requirements and regulations) unless otherwise required by law. Upon request, unless the law requires otherwise, the data is deleted or anonymized.
Updating personal information
It is important that the data maintained within the organization is accurate and up-to-date. If the information changes, it is the operator’s, customer’s or supplier’s obligation to notify of these changes. If necessary, the information will be modified or the previous information will be kept and the information that appeared along the way will be added.
Access to personal information
Staff may at any time request to be provided with the personal information held by the organization about them. The request is made in writing to the personal data protection officer.
The right of access to personal information is not absolute, there are cases where applicable law or regulatory requirements allow the organization to deny this right.
If it is desired to delete personal information we will endeavor to comply with this requirement, unless the law requires otherwise, but we must ensure that the resulting data will not be incomplete so that the organization can no longer fulfill its contractual obligations.
Restriction and Objections
If you want to restrict the processing of some data, you must write to us, taking into account that these requirements may result in our inability to fulfill our contractual obligations.
At your request, we provide your information to another operator, in a structured format.
For any questions or concerns regarding this policy, customers and suppliers should contact tthe Organisation.
Any revision of this policy is communicated as soon as possible.