Privacy policy

Welcome to https://www.4waw.ro/

We know that the processing of personal data is as serious a topic as possible, therefore, this procedure describes in detail every flow within the organization, in which personal data of clients, partners, potential clients, or visitors of the platform are processed.

The greatest challenge is to secure this data against unauthorized processing without the data subject’s consent and only for the purposes for which the consent was obtained.

OCCUPATIONAL HEALTH SERVICES SRL, undertakes major efforts to keep the information and preferences safe. We know how important it is to be safe when you are online, so we assure you of the confidentiality of your data, considering that at the moment you are on an encrypted connection (SSL) through which, the information transmitted is encrypted and is processed by us only with your consent. Remember, at any time during our collaboration, you can express your choice regarding the processing of your personal data.

We are aware that the GDPR only provides a modernised legal framework of compliance based on responsibility for the protection of personal data.

Processing your data is necessary to provide you with the services you request. In this respect, we take several security measures to protect you online. One of the measures we have taken to ensure transparency and proportionality towards you is to eliminate the unnecessary collection of personal data and minimization of the data we collect. Therefore, we only ask for the information we need and store it to improve your experience.

Please read the terms and conditions carefully before using this site to place an order.

 

  • TERMS AND CONDITIONS FOR USE

The website https://www.4waw.ro/ is the property of OCCUPATIONAL HEALTH SERVICES SRL, registered in BUCHAREST, ROMANIA.

Accessing, visiting, using the contact form, or buying the products/services/packages presented on the https://www.4waw.ro/ website involves accepting the terms and conditions listed below.

 

OCCUPATIONAL HEALTH SERVICES SRL reserves the right to refuse collaboration with clients who manifest inappropriate behavior and language (aggressive, licensed, etc.) or who have in the history of collaboration debits.

OCCUPATIONAL HEALTH SERVICES SRL reserves the right not to honor the delivery of products or services whose price is wrong and does not fall within the company’s price grid. In this case, the customer will be contacted and will have the option to confirm the order at the correct price or refuse it.

OCCUPATIONAL HEALTH SERVICES SRL reserves the right to make changes and updates to these terms and conditions, as well as the offer, without prior notice and without specifying the reasons; OCCUPATIONAL HEALTH SERVICES SRL also reserves the right to correct any omissions or errors in the display that may occur as a result of typographical errors, lack of accuracy or errors of software products, without prior notice. These errors do not oblige OCCUPATIONAL HEALTH SERVICES SRL to any action.

HOW TO CARRY OUT COLLABORATIONS Delivery is made within the time limit agreed, following the provisions and clauses of the contract concluded with the seller (in the case of collaboration or service contracts) or respecting the agreed deadlines and conditions in the initial discussions, before the order from the user.

OCCUPATIONAL HEALTH SERVICES SRL is not the beneficiary of transport costs in case of deliveries.

 

  • AUTHOR RIGHTS

The content and design of the https://www.4waw.ro/ website are the property of OCCUPATIONAL HEALTH SERVICES SRL and are protected under the Copyright Law and Intellectual and Industrial Property Laws. You cannot reproduce the materials displayed on the site without having written permission from OCCUPATIONAL HEALTH SERVICES SRL. The use of any elements on the site, without the written consent of OCCUPATIONAL HEALTH SERVICES SRL, is punishable according to the laws in force. The personal data of the buyers may be transmitted to the law authorities following a request under the laws in force, in order to carry out any verification of commercial transactions or any other verifications justified under the law.

The service contract concluded between OCCUPATIONAL HEALTH SERVICES SRL and its clients, entitles clients to copy and/or print portions of the content of the site (manuals and tutorials) only for personal use, without commercial intent.

OCCUPATIONAL HEALTH SERVICES SRL may, without any further notice, formality, or an explanation of its attitude, suspend or terminate your access to the content of the site or to part of this content.

OCCUPATIONAL HEALTH SERVICES SRL assumes no liability, under any circumstances, for any damage, directly or indirectly, suffered as a result of the use or interruption of use or lack of regularity of the information and services provided on this site. 

OCCUPATIONAL HEALTH SERVICES SRL does not guarantee the accuracy or actuality of the information provided.

 

  • COMMITTEE AND REQUIREMENTS FOR PRICE OFFERS

The user has the obligation to provide accurate and concrete data on the desired project. OCCUPATIONAL HEALTH SERVICES SRL cannot be held liable in any way for the inconvenience caused by the provision of incorrect or incomplete information.

If OCCUPATIONAL HEALTH SERVICES SRL or seller, considers a request or order to be incomplete or incorrect, it may ask the user for additional details using the e-mail address or contact phone number provided by him or delete the request without any notice to the user.

 

  • SOLUTION FOR LITIGATIONS

Dispute resolution may be done amicably or through the competent courts or through mediators. The European Commission has implemented an online dispute resolution platform. 

 

  • NOTIFICATIONS AND ANNOUNCES

OCCUPATIONAL HEALTH SERVICES SRL reserves the right to send notifications regarding the services offered as well as announcements from third parties, when they may be for the benefit of users.

 

  • FINAL PROVISIONS

All users of this site are subject to these terms and conditions so that accessing it requires acceptance and compliance with the Terms and Conditions set out in this document.

The purpose of data collection is: to provide services according to the current offer.

Everyone has the right to object, free of charge and without any justification, to the processing of his/her personal data for direct marketing purposes.

According to Romanian law, minors cannot conclude commercial contracts and their personal data is not processed without parental consent.

Failure to accept this convention or any provision thereof shall entail the obligation of the person concerned to cease immediately access to the site or use in any way of the service. Further access or visit of the site, the use in any way of the service constitutes a full acceptance of the convention and any provision thereof, including any subsequent changes that may be made without restriction by the provider, without the need for any other formality.

 

  • CONFIDENTIALITY POLICY

OCCUPATIONAL HEALTH SERVICES SRL guarantees the security and confidentiality of data hosted and transmitted through its computer system. This information can be used by OCCUPATIONAL HEALTH SERVICES SRL to send confirmation of orders, various special offers, promotions, etc. to the user, based only on the consent of the data subject.

The provision of personal data to OCCUPATIONAL HEALTH SERVICES SRL does not imply any obligation on the part of users, and they may refuse to provide such data under any circumstances and may request free deletion of the data from the database.

OCCUPATIONAL HEALTH SERVICES SRL, owner of an online platform, does not intervene directly or indirectly on databases where customer information is stored.

To make possible the invoicing, dispatch, and delivery of the orders placed, the user must agree that OCCUPATIONAL HEALTH SERVICES SRL will collect and process the data entered, according to the requirements of Law No. 679/2016 (GDPR).

According to the requirements of Law No. 679/2016 (GDPR) for the protection of individuals concerning the processing of personal data, and the protection of privacy in the electronic communications sector, OCCUPATIONAL HEALTH SERVICES SRL has the obligation to manage safely and only for the specified purposes, the personal data provided.

In this respect, OCCUPATIONAL HEALTH SERVICES SRL has developed a series of technical and organizational measures to prevent risks that may arise in the processing of personal data.

The processing of personal data within the organization is conditioned by several technical and organizational measures to secure them.

These measures are intended to protect information at the organization level from security incidents.

At the level of the organization, the following security measures were undertaken to reduce the risks:

Technical measures:

 

  • SSL Certificate – is intended to secure the exchange of information over the Internet. It encrypts the information before it circulates through the Internet. Encrypted information can only be decrypted by the server to which it is addressed. This ensures that information sent to an online website/platform will not be stolen, intercepted, or processed. Information about bank cards, passwords, and in general any information that is intended to remain private is secured by this certificate. The SSL certificate of the online platform OCCUPATIONAL HEALTH SERVICES SRL is also used to secure mail correspondence, in such a way that the personal data of customers circulate in a secure environment and is regulated by a series of security measures that ensure the confidentiality of the information.
  • Automatic backup – set to a time frame to guarantee information and to ensure that all clients are sure that the information and preferences provided by them do not disappear and are not destroyed, lost or incorrect in case of a server error.
  • Anti-spam and antivirus filters that prevent infiltration of malicious content or viruses that can process data unauthorized or that can transmit it to other entities or persons that have not obtained the consent of the data subject.
  • Protect customer profile content by entering a more complex password generation rule. A password is required of the customer when creating the account that meets a higher complexity criterion (alphanumeric + special characters);
  •  Securing modules and scripts – constantly checking the operation of the elements involved in the client-server, server-client interaction.
  • Checking and optimizing modules to maintain their up-to-date to prevent vulnerabilities. This measure prevents the identification of global vulnerabilities used in platforms, 0-day vulnerabilities that can intercept the exchange of data and implicitly personal data in the customer’s interactions with the platform or the process manager with the client and platform.
  • Classification of access types by the process manager – management groups, the possibility to add or delete certain rights on a user with full access – personalization of access as needed.
  •  Password protection of the device from which the process manager performs data processing, to prevent unauthorized intervention.
  •  Firewall – software program and hardware installed in the location of the servers of the company that offers to host the online platform are intended to protect the server and network equipment, against cyberattacks, attempting unauthorized penetration, installation of malicious software applications that can endanger the personal data of users of the platform. The firewall blocks unauthorized persons’ access to information stored on internet-connected equipment.
  • Access to the data processing systems in which personal data are processed is possible only after the authorized person has been successfully identified and authenticated (e.g. with username and password), with the use of the best security measures. In case of lack of authorization, access is denied.
  •  All attempts to access, both successful and rejected, are recorded (user ID, computer, IP address used) and archived in a format according to audit rules for 3 months. To detect improper use, the server performs repeated, random checks;
  • Access is blocked after repeated incorrect authentication attempts.
  • Constant verification of platform vulnerabilities, which could allow the extraction of personal information and data. Hosting has security measures and solutions that recurring scans processed files and data flow.
  •  Combating the risks of security breaches by taking precautions from a technical and organizational point of view by securing the platform and constantly updating with stable versions of it.

  

Organizational measures:

  

  • Elimination of the risk generated by the human factor by prohibiting the processing of information outside the secure platform except for the preparation of transport notes in the courier company’s platform, which is also a secure environment;
  • Adoption of security measures without distinguishing between customer types (new/existing/potential);

 

  • Adoption of an internal process and processing verification policy when the product is delivered or information regarding an order or possible offer is taken;
  • Avoiding differentiation between clients through mechanisms that can positively or negatively profile the person concerned. For this reason, we do not ask for personal data on sexual orientation, sexual interests, sex, religion, belonging to movements or groups, etc. Clients are free to order and choose what they want. By this measure, we consider that we respect the integrity of the person and avoid any trace of analysis/profiling based on these criteria;
  • Updating the privacy policy and terms and conditions OCCUPATIONAL HEALTH SERVICES SRL;

 

  • Informing customers about the delivery, return and order processing procedure;

 

  • Training the process manager on the risks of processing personal data outside the online platform;
  • Training the process manager on the need for notification in the event of a major security incident;

 

  • Training the process manager on the management of situations that may occur when processing data inside the platform (errors, usage errors);

 

  • Training the process manager on the use of the information he processes and awareness of the character of the personal information;

 

  • Prohibition of data processing outside the platform by managing commands directly in the user interface of the platform, no need to process data in other unsecured and vulnerable environments;
  • The process manager shall be regularly instructed on:
  •       Principles of data protection, including technical and organisational measures;
  •        Requirement to keep data secret and confidentiality about organization secrets and trade secrecy, including transactions made;
  •        Proper, careful use of data, data media, and other documents;
  •        The secret of telecommunications;
  •        Other specific confidentiality obligations, where necessary;

From the point of view of processing, within OCCUPATIONAL HEALTH SERVICES SRL, personal data are processed only for the purposes for which the consent of the data subjects was obtained, including for parallel purposes and the conclusion of a contract or delivery of a product to the customer, requested by him/her.

Since this organization operates mostly online, the processing of customers’ personal data is transmitted online through the applications and the platform on which orders and requests for offers are requested. The data collected are minimized and are directly related to the purpose for which consent was obtained.

The exercise of the rights provided for by Law 679 / 2016 (GDPR) is entirely the responsibility of the operator who has the legal obligation and to designate a person responsible for processing personal data within the organization. This person will develop a set of technical and organizational measures to secure data processing and has the obligation to inform the operator about the nature of the processes, types of information, and how these processes take place within the organization. The controller has the responsibility and obligation to ensure that these measures are implemented, that there is no risk of security breaches or leaks as well as compliance with the legislation in force regarding the processing of data and the rights of data subjects.

The following personal data are processed through the online platform:

  • first and last name
  • email
  • phone/ fax

OCCUPATIONAL HEALTH SERVICES SRL does not process categories of data of a special nature.

The processing of personal data is not related to other evidence systems. The actual activity of the company is to take orders initiated by customers through the online platform, to store and process them for invoice, shipment, and supply of the ordered products.

The processing of the information entered by the client into the platform is processed and stored strictly in accordance with the purposes for which the client’s consent was given:

  • Billing;
  • Delivery;
  • Marketing purpose and third-party advertising such as Google or others;

The purpose of data collection is to send mail and honor requests. Your refusal to provide the data makes it impossible to place your order on this site and its processing, according to the requirements, as well as the impossibility of fulfilling the purpose.

According to Law No. 679/2016 (GDPR), the user has the right of access, the right to be forgotten, the right to carry personal information and data, the right to intervene on data, the right not to be subject to an individual decision and the right to apply to the judiciary. At the same time, it has the right to object to the processing of personal data and may request the deletion of the data. For the exercise of these rights, the user can address with a written request, dated and signed to the e-mail address dpo@4waw.ro. Also, if some of the user data is incorrect, we ask that we be notified of this in order to be able to make the necessary corrections.