Personal Data Retention (Storage) Policy
1.The personal data controller
The controller of the personal data obtained from the company’s clients or provided by them is:
DATA REVOLT AGENCY S.R.L.
Registered office: Bucharest, Romania, Str. Budila, no. 12, apt 3A4, Sector 2.
You can contact us through:
- E-mail: hello@datarevolt.agency
- Phone: (+40) 752 751 051 (standard rate call)
- Post: Str. Maria Rosetti no. 6, Sector 2, Bucharest.
2.Requests regarding the personal data storage (retention) policy
This Policy applies both to the representatives of our contractual partners as personal data Controllers under the General Data Protection Regulation, and to the users of the DATA REVOLT website, regardless of their relationship with DATA REVOLT.
We store and process your personal data only in cases where you have voluntarily provided this data by sending a message using the predefined contact form on the website, by phone, by e-mail, in direct contact with you, or during business meetings or events.
For any requests or questions regarding the storage periods of your personal data within DATA REVOLT, please contact us using the e-mail address mentioned above or the mobile phone number displayed (standard rate call within the Orange Romania network).
3.Storage policy
The storage policy within DATA REVOLT is a tool that ensures that the requirements regarding the principle of accuracy and storage limitation of personal data under the General Data Protection Regulation (GDPR), the relevant laws and regulations in the field of personal data protection are strictly observed. This policy embodies the principle of limiting the retention over time of the personal data processed, which entails storing them only for the period of time necessary for the purposes for which this data is processed. The personal data retention (storage) policy is intended primarily as a resource favorable to the company’s activity, which will allocate relevant retention periods in important areas of activity and in the company’s departments where the law does not impose precise storage terms, allowing the deletion/removal of personal data activities to be carried out in a consistent and controlled manner.
4.Retention (storage) periods
The personal data storage periods are specified in the table below and apply to all record formats, meaning both paper and electronic, unless otherwise specified in this Policy.
| Department | Processing activity | Retention period |
|---|---|---|
| Notifications sent by DATA REVOLT | Notifications sent by DATA REVOLT directly or through its contractual partners (invoices, non-payment notices, etc.) | 3 years from the date each notification was sent |
| Relations with suppliers | Framework service-supply contracts concluded by the company with its clients (legal entities) | 10 years from the date of contract termination |
| Relations with contractual partners | Service-provision contracts concluded by the company with its collaborators acting as consultants (legal entities) | 10 years from the date of contract termination |
| Relations with representatives of contractual partners | Phone calls | We do not record/store phone calls |
| Relations with representatives of contractual partners | Business cards collected during organized events | 1 year from the date the business card was received, if the contract is no longer valid or if the data on it has not been used |
| Business relations (B2B) | Personal data such as: name, position and contact details of the representatives of the companies we work with | Until the date of the data deletion request or until the date we became aware that the data became inactive |
For information on the storage terms of personal data processing activities within the company that are not specified in this Policy, please send your requests to the e-mail address previously mentioned, taking into account the conditions stipulated in art. 2.
5.Retention plan
The storage period applies by default to all records in the respective category and will be observed whenever possible, although we acknowledge that there may be exceptional circumstances that require documents to be kept either for shorter or longer periods. Where individual records or documents require a retention period different from the one recommended, DATA REVOLT must be contacted to discuss the specific storage requirements.
6.Data deletion
You may request the deletion of personal data, to the extent that we hold this data at the time of the request, by sending an email to hello@datarevolt.agency in which you must specify the following:
- Your contact details for sending the company’s response/point of view regarding the request submitted;
- Your name;
- The processing activities through which the data was collected or processed (within promotional campaigns, such as marketing events or other types of campaigns carried out for marketing and advertising purposes, the conclusion of a contract, sending a written request by post or e-mail or via a telephone call, etc.);
- The type of data collected or processed that you wish to be deleted;
- The total number of records to be deleted.
If, at the time of receiving your request, we no longer hold the personal data obtained in direct contact with you, we will inform you of our partner’s details so you can address your request to them.
The response time to a submitted request is one month from the date the request was sent.
We respond to deletion requests received from the representatives of our contractual partners (legal entities) or from collaborating consultants — namely personal data Controllers or Processors with whom we have entered into collaborations, and towards whom we are responsible as personal data Controllers or, as the case may be, Processors.
To the extent that the submitted request will be settled, after evaluation within DATA REVOLT, with the deletion of your data, we will prepare a standardized document that will be sent to you through the agreed means of communication. The document will include at least the following information:
- The purpose(s) for which the data was obtained (processed);
- Data that has been transferred/deleted/removed/destroyed and the processing activity carried out within DATA REVOLT;
- The number of records removed.
The physical document sent is signed by a representative of DATA REVOLT and is stored and scanned in physical format for a period of 3 years from the date of sending the notification, after which the original document will be destroyed and recycled. If the point of view is sent by email, it will be stored on the company’s servers for a period of 3 years from the date of sending it to the requester at the e-mail address provided, then it will be deleted.
If you send a request to DATA REVOLT for access to the processing activities of your personal data within our company, please note that, due to the processing of your personal data and considering the routine established in our systems for the deletion of information processed under the conditions of the Data Storage Policy, or, in the case of natural persons, the obligation to transmit this data to our contractual partner, we try to keep your data updated and accurate at all times. Thus, this routine processing may involve the modification or deletion of the personal information we process after you have submitted a request to us. In this case, DATA REVOLT will provide the information held at the moment we send our response, even if it differs from the information we had stored at the date the request was sent. Please note that the deletion or transmission of your personal data is a procedure that DATA REVOLT would have carried out even if you had not submitted the request.
7.Continuous development
The retention (storage) periods will be maintained by DATA REVOLT, which will make modifications, additions and updates whenever the legislation, the guidelines of the National Supervisory Authority for Personal Data Processing, or organizational or structural changes within DATA REVOLT require such changes.
8.Updates
Our personal data storage (retention) policy may be modified from time to time (generally, in order to comply with legislation and practices regarding data protection and processing). Updated versions will be published on our web page.