Privacy Policy

Privacy Policy

TotalSoft's privacy policy helps you understand what type of data we collect and for what purpose and also what safety measures we have in place to protect the security of your personal data

Privacy Policy

NOTIFICATION ON PROCESSING OF PERSONAL DATA

About this Privacy Notification
This Privacy Notification shall apply as of 25 May 2018, when the General Data Protection Regulation (the “GDPR”) which intend to unify and strengthen data protection across the European Union will come into force. Totalsoft is currently preparing for GDPR by reviewing and adapting where the case its operational processes and data security measures policies from a GDPR perspective and by arranging appropriate procedures to enable the exercise of the new data subjects’ rights under the GDPR.

Totalsoft is one of the most important providers of business software systems in Central Europe and our business is principally oriented to companies, organizations and professionals. We do not knowingly attempt to solicit or receive information from or about children.

From the perspective of data protection regulations, Totalsoft is the “data controller”. Our identity and contact details are:

Data Controller: Total Soft S.A.
Address:  Sos. Bucuresti Nord 10, Global City Business Park, clădirea O21, etajele 6, 7 şi 8, Voluntari, județul Ilfov, Romania 
Trade Registration No:  J23/3370/2016
Phone: (004) 021 335 17 10

This Notification has been prepared to inform individuals (“Data Subject”) about what personal data are collected by Totalsoft in its course of business, why is it processed and how such data is used. 

We reserve the right to update and amend this Privacy Notification and our Personal Data Protection Policy from time to time. We will notify you of any amendments to this Privacy Notification or our Personal Data Protection Policy via announcements on our website or other appropriate means.

Data Protection Officer
As of 25 May 2018, Totalsoft will have in place an internal data protection officer (DPO) for you to contact if you have any questions or concerns about Totalsoft’s personal data policies or practices. You can contact Totalsoft’s DPO via email at dpo@totalsoft.ro 

How do we collect Personal Data?
We mainly collect personal data you give us directly while filling-in our form requiring information about our products on www.totalsoft.ro or www.charisma.ro web-sites or while visiting us or meeting with our representatives. Additional information is collecting through the phone interviews conducted by our marketing departments.

We are also collecting personal data from you or from your organization during the performance of contracts.

Our Personal Data collection process may be carried out through: i) Website, mobile applications, e-mail, digital media or software belonging to third parties, including recruitment portals; ii) contracts, applications, forms, call center, remote support, sales and marketing unit, website cookies, business cards, telephone etc; or iii) vis-a-vis interviews.

What Personal Data do we collect?
When you register with us, we collect information about you including your full name, your employer’s name, your role in your organization, your email address and your telephone (mobile and landline) number. 

When your company is purchasing our products or acquiring our services, we are collecting information about the representatives of the client companies, contact persons, project team members and users. The information collected include full name, the employer’s name, role, professional address, email address, telephone (mobile and landline) and fax number. These are given to us directly by you or by your organization. 


Why do we process your Personal Data?
We process the personal data we collect for two basic purposes: (1) to operate our business and provide the products and services we offer and (2) to send marketing communication for our products and services.

When we process your personal data for providing our products and services, this is necessary for the negotiation, conclusion and performance of the contract with the clients and for the purposes of the legitimate interests pursued in performing such contracts. 

Processing carried out for in our business operation include:
  • Establishing, maintaining and concluding business relationships/contracts;
  • Customizing of available products and services according to demands; updating and improving the available products and services due to client needs, legal and technical developments;
  • User registration to the systems, specifically for available products and services;
  • Providing call center and remote support services; tracking the number and content of calls;
  • Contact/communication;
  • Keeping and tracking visitor records,
  • Providing services to our customers according to contracts.

When we process your personal data for our marketing communication strategy, this is relied on a legitimate interest to market our products and services. Such marketing activities include:
  • Advertising new or existing products, services and campaigns; conducting sales and marketing activities,
  • Conducting market research,
  • Producing statistics and analysis of product use,
  • Contact/communication, including through third party social media platforms,
  • Being contacted for satisfaction surveys.

To Whom and for Which Purposes Do We Transfer Your Personal Data?
We will not share your information with any third party outside of our organization, except if required by a legal obligation to do so or if necessary to perform the contract we entered into with you. For any other transfer to third parties we will prior ask for your consent. 

Your Personal Data may be transferred to the following third parties, based in EU or abroad: audit firms (based on legal request), consultants, judicial authorities or public authorities, resellers, service providing companies, suppliers, shareholders and other Logo Group Companies. 

Where a transfer is contemplated abroad, we will make sure it is to a country benefiting from an adequacy decision issued by the European Commission or alternatively based on approved standard contractual clauses.

What Security Measures have we in place?
We are committed to protect the security of your personal data and to prevent unauthorized access, use or disclosure by:
  • Protecting physical access to our premises and locations where we keep personal data
  • Using updated technological methods
  • Enforcing strong access policies (strong passwords, firewall rules, fine grained access authority etc.)
  • Storing personal data encrypted
  • Continuously monitoring our systems
  • Update policies
  • Training and informing employees and 3rd parties
  • Ensuring secure transfer of data
  • Limiting access to sensitive locations (both physical and logical)

What Are Your Rights As A Data Subject?
As Data Subject, under the GDPR you have a series of rights in respect of your Personal Data and Totalsoft, as data controller, is committed to respect your privacy and to safeguard such rights.

Right of access – you have the right to obtain confirmation that Totalsoft is processing your personal data and access to such data. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Totalsoft might have received the data from us; what the source of the information was (if you didn’t provide it directly to Totalsoft); and how long it will be retained.

Right to rectification – you have the right to ask for the rectification or correction of your personal data if inaccurate. In the same time, if our records are not complete and additional data are necessary for the processing, you have the right to complete your personal data.

Right to erasure (right to be forgotten) – if there is no compelling reason for a continued processing, you have the right to obtain the deletion or removal of your personal data from our databases. Please note that this is not an absolute right and Totalsoft reserves the right to limit it to the cases provided under the GDPR (for instance if the data are no longer necessary in relation to the purposes for which they were collected or if you choose to object to the processing of your data or if the processing is unlawful).

Right to restriction of processing – you have the right to request the restriction of processing your personal data for the time required to verify their accuracy or if you object to a further processing based on legitimate interest or if you want to have the data blocked in the context of exercise or defense of a legal claim. In the same time, you can request blocking your data in case of unlawful processing if you do not choose to have your data erased.

Right to data portability – when we process your data for the performance of a contract or based on your consent, you can request that the data that you have provided to us be provided to you or to another organization in a structured and machine-readable form.

Right to object – you have the right to object at any time to the processing of your data for marketing purposes. For processing other than for marketing purposes, you still have the right to object, but it might be overridden if Totalsoft is under a legal obligation or has a superior legitimate interest to continue processing such data, including in case of exercise or defense of a legal claim.

Right to withdraw consent - when we process your data based on consent, you have the right to withdraw such consent at any time.

You may exercise your rights by sending a request to dpo@totalsoft.ro. We reserve the right to contact you to make sure that the request really comes from you. 

Your requests shall be responded free of charge, except if the requests are unfounded, repetitive or excessive, when we can charge a fee based on the administrative costs of dealing with your request.

Your requests shall be responded within the shortest time possible depending on the nature of the request and within thirty days at the latest, except if we will be obliged to extend such term taking into account the complexity of the request and/or the number of the requests.

In the course of an application; in the event of sharing incomplete or inaccurate information or in case of failure to express the request clearly, we may encounter difficulties meeting your requests which may result in delays in the investigation process. All legal rights of our company are reserved in case of any incorrect, contrary to facts/law and malicious applications.

If you feel that your personal data are being misused or their processing by the Totalsoft is otherwise not compliant with GDPR, please contact our DPO at dpo@totalsoft.ro to inform him or her of any issues related to the processing of your data and ask him or her to take appropriate action. If the problem cannot be solved this way, you may lodge a complaint with the national supervisory authority the contact of which may be found on its website at www.dataprotection.ro

General Personal Data Protection Policy
You can view our General Personal Data Protection Policy by clicking here.


Use of our website

As is true of most other websites, Totalsoft’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Totalsoft’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visits to our web pages, and gather broad demographic information that assists us in identifying visitor preferences.

Totalsoft’s website also uses cookies and other similar technologies. These allow us to store preferences, provide you with sign-in options for our online platforms, deliver advertising through our partners based on your interests and also analyse how our website and platforms are performing.