|

ANNEX No. 1 to the Official Rules of the “Xerox Genuine Supplies Loyalty Program” Campaign
Information Regarding the Processing of Personal Data

  1. Data Controller

For the purpose of carrying out the Campaign, the personal data of participants will be processed by Xerox Romania, with its registered office at Bulevardul Dimitrie Pompeiu 5–7, Hermes Business Campus, Bucharest 020335, having the unique registration code 10453114 (hereinafter referred to as the "Controller").
The Controller’s contact details for questions or for exercising the rights of data subjects regarding their personal data are: Xerox Romania, Bulevardul Dimitrie Pompeiu 5–7, Hermes Business Campus, email: ROM.Reception@xerox.com, attention: Data Protection Officer.
Additionally, data will be processed by CREATE DIRECT SRL, located at Str. Siriului 42–46, Sector 1, Bucharest, unique registration code RO 16678558, acting as a Processor on behalf of the Controller (hereinafter referred to as the “Processor”).

  1. Categories of Personal Data Processed

Within the Campaign, the Controller will process the following categories of personal data from participants:
(i) Full name
(ii) Email address
(iii) Mobile phone number

  1. Purpose of Processing

Personal data will be processed for the purpose of conducting the Campaign, sending notifications related to campaign participation, statistical reporting, and prize delivery.

  1. Legal Basis for Processing

The data will be processed based on the participant’s consent and/or the legitimate interest of the Controller, as expressed through the participant’s acceptance of the Official Rules and its annexes.

  1. Recipients of Personal Data

Personal data collected in the context of the Campaign will be disclosed, where applicable, only for the execution of the activities described in these Rules, to the Controller’s authorized Processor (Create Direct SRL), the prize supplier, and public authorities where required by applicable law.

  1. Data Retention Period

Personal data of non-winning participants will be stored for 12 months after the end of the Campaign.
Data of winners will be stored in accordance with applicable financial and accounting laws, i.e., for 10 years from the end of the financial year in which the prize tax was paid.
Personal data of non-winners will be destroyed within 60 days of the end of the Campaign and will not be used for any purpose.
Upon expiration of the retention period, the Controller will delete or destroy the personal data and will require the Processor(s) to do the same.

  1. Rights of Data Subjects

In order to ensure fair and transparent processing, the Controller informs participants of the following rights under applicable data protection laws:
(i) The right to withdraw consent at any time when processing is based on consent, without affecting the lawfulness of processing prior to withdrawal
(ii) The right to request access to personal data
(iii) The right to request correction of personal data
(iv) The right to request deletion of personal data
(v) The right to restrict processing
(vi) The right to object to processing, as provided by law
(vii) The right to data portability
(viii) The right to lodge a complaint with the National Authority for the Supervision of Personal Data Processing
Participants may exercise these rights by submitting a written request to the Controller at Bulevardul Dimitrie Pompeiu 5–7, Hermes Business Campus, or by email to ROM.Reception@xerox.com.

  1. Protection of Personal Data Belonging to Minors

As participation in the Campaign is restricted to individuals aged 18 and over at the start of the Campaign, no data belonging to individuals under the age of 18 will be processed.
If the Controller or Processor becomes aware that they have received personal data of a minor, that data will be immediately deleted or destroyed.
If a parent or legal guardian notifies the Controller about the processing of a minor’s personal data, the Controller will promptly delete or destroy such data from all systems.

  1. Security of Personal Data

The Controller is committed to implementing appropriate technical and organizational measures to ensure an adequate level of security for personal data processed during the Campaign.
The Controller will also require the Processor to follow the same obligations.
The level of security will be assessed based on the risks presented by the processing, particularly accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

  1. Amendments to this Privacy Information

The Controller reserves the right to amend this Annex at any time during the Campaign, but only if more effective data protection measures are identified and without affecting the rights and freedoms of data subjects.
Any such changes will be published on the website of the Controller and/or the Campaign and communicated to participants through the same channels as the initial Rules.

  1. Other Provisions

If participants disclose personal data of third parties in the course of the Campaign, they confirm that they have informed those individuals about how their personal data will be processed and that the data will be used for the purpose of running the Campaign, and that they have obtained those individuals’ consent.

Participants are required to inform those individuals about the contents of this section.
The personal data of Campaign participants will be processed in accordance with applicable data protection legislation, in particular Regulation (EU) 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and the free movement of such data.

Acasa
Catalog
Favorite
Contul meu
3 Cosul meu