About Coface

Information Notice

Information notice on the protection and confidentiality of personal data of Coface candidates

 
Coface Group is represented in Romania by the following entities:
  • COFACE ROMANIA CREDIT MANAGEMENT SERVICES SRL
  • COMPAGNIE FRANCAISE D’ASSURANCE POUR LE COMMERCE EXTERIEUR S.A. BOIS-COLOMBES - SUCURSALA BUCURESTI
  • COFACE ROMANIA INSURANCE SERVICE SRL
  • COMPAGNIE FRANCAISE D’ASSURANCE POUR LE COMMERCE EXTERIEUR S.A. BOIS-COLOMBES  SUCURSALA TEHNOLOGIA INFORMATIEI BUCURESTI
This is to inform you of the processing of your personal data by the Coface Group and its affiliates and of your rights under the REGULATION (UE) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter referred to as GDPR). The personal data officer of Coface Group and its affiliates can be contacted at the address:
DPO-Romania@coface.com.
 
PURPOSE AND LEGAL BASIS OF THE PROCESSING
The Coface Group and its affiliates process your personal data in accordance with the provisions of GDPR, local laws on data protection, as well as in compliance with the specific provisions of labour and insurance industry laws. As an employer, the Coface Group must keep and process your personal data in order to:
 
a) Manage the process of recruiting, actual employment and/or for human resources management
 
b) Manage the work relationships
The personal data that the Coface Group and its affiliates hold and which is to be processed shall be used for the management and administration of work relationships. The Coface Group and its affiliates shall keep and use the personal data in order to be able to efficiently, lawfully and adequately manage the contractual relationship, during your recruiting process, throughout your employment, upon and after the termination of your employment relationships. This activity includes the use of information enabling the Company to perform the employment agreement and to comply with all applicable legal requirements.
 
c) Pursue legitimate interests
As a company providing business information and collection services (risk management services), the Coface Group and its affiliates may sometimes process your personal data for the purpose of legitimate business interests pursued, for example in order to prevent fraud, for administrative purposes or in order to report possible offences. The Coface Group and its affiliates shall not process your personal data when such interests are overridden by the interests or fundamental rights and freedoms.
 
d) Protect the Company’s standing in case of legal proceedings
In the event you do not wish to provide certain data required for the process of employment and the performance of the employment agreement, it is possible for the Coface Group and its affiliates to be unable, in certain circumstances, to meet their legal obligations and you will be informed of the consequences of such decision. The legal basis for personal data processing is Art. 6(1)(b) of GDPR – processing for pre-contractual and contractual purposes, as well as for complying with legal provisions in accordance with Art. 6(1)(c) of GDPR. Moreover, the Coface Group and its affiliates also process your personal data in accordance with Art. 6(1)(f) of GDPR in order to protect the legitimate interests of the Coface Group and its affiliates or of third parties. This may be necessary notably in order: i) to ensure IT security and IT operations; ii) to assess professional competency and probity in compliance with the legal provisions specific to the insurance industry or iii) to ensure a high level of professional training and propose personal development programs. Whenever special personal data categories are required (e.g. data concerning your health or information on criminal convictions), the Coface Group and its affiliates process such data in accordance with the legal provisions expressly authorising the Company to process such data. The personal data processing for marketing purposes, if any, shall be strictly subject to your consent in accordance with Art. 6(1)(a) of GDPR.
 
TYPES OF PERSONAL DATA WE PROCESS
During the process of recruitment, actual employment and/or management of human resources, the scope of personal data may include the following types of information:
  • personal data enabling the identification of the applicant/employee: surname, first name, gender, date of birth;
  • information submitted by the applicant in order to enable the conduct of specific initial tests: address, telephone, fax, e-mail address;
  • information enabling to verify the conditions of eligibility and selection related to the recruiting process, namely: nationality, foreign languages, professional experience;
  • where applicable, results to the initial specific tests and other related tests.
All these references outline a person’s identity and are usually contained in the CV, from the very moment when the data subject applies for a job. The policy of Coface Group and its affiliates requires that only the personal data that is necessary for the agreed purposes should be collected and we request our employees to provide us with personal data only if it is strictly necessary for such purposes. When we need to process the personal data for the performance of employment agreement or for legitimate interests of the Company, we may request our employees to also provide information on other data subjects, such as family members. The Coface Group and its affiliates may process several personal data categories, varying depending on your position within the company (surname, first name, personal telephone number, e-mail address, domicile/residence address, national identification number, date and place of birth, nationality, marital status information, data set forth in your driving licence, series and number of the identity card/passport, surname and first name and national identification number of your family members (including minors), bank details and other financial details, data regarding your health, data concerning criminal convictions or financial penalties, geolocation data, data regarding your professional training and experience). The type of information we collect includes the application form and the references provided by you, your employment agreement and any amendments thereto; the correspondence with or about you, e.g. letters on salary increase or, upon your request, certificates on obtained income, your capacity as an employee, the number of sick leave days; information required for salaries, benefits and reimbursement of expenses; contact information and emergency contact details; recorded requests for annual leave, sick leave, unpaid leave; and references on your career history, such as professional training, periodic evaluations, other methods of performance monitoring and disciplinary investigations and resolution of complaints filed by you or concerning you, as the case may be. Some of your contact information (surname, first name, e-mail address, telephone) shall be certainly referred to in many of the company’s documents or communications. Such communications are drawn up by you or other co-workers as part of the duties and activities of the Company. Where necessary, the Company is required to keep information on your health, such as the documentation concerning the absences for medical reasons. Such information shall be used in order to ensure compliance with the legal provisions on health, safety and protection at the workplace. Moreover, the Company needs such data in order to administer and manage the payment of social contributions (without being limited to health insurance contribution, social security, and unemployment), non-salary benefits (subscription with a medical clinic – for both the employee and the next of kin), professional training and personal development programs. In order to meet certain legal obligations, where the Company processes data based on your consent, you have the right to withdraw such consent at any time. Moreover, the Company may monitor how the computers are made used of, and the professional e-mail addresses. Likewise, in order to keep track of employees’ worked hours, the Company uses, at its Main Office, badges (access cards) and in/out reports in accordance with the card readers. In its territorial offices, in order to keep track of employees’ worked hours, the Company has in place in each territorial office hardcopy time sheets. Additional information on the management of working hours may be accessed via Company’s intranet at www.coface.ro. If in the future we intend to process your personal data for other purposes than the ones it was collected for, we shall provide you with information on the new purposes as well as all further relevant information.
 
SOURCE OF PERSONAL DATA
The Coface Group and its affiliates collect personal data directly from you, but certain data may also come from inside sources, such as your manager or in some cases from outside sources, such as the person you mention within references and from public sources. Whenever we need to process personal data received from legal person third parties, the latter are required to provide you with the information required on the use of submitted personal data. 
 
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
a) Third party entities for the performance of employment agreement
As employer, the Company is subject to legal, regulatory and professional obligations. We process personal data for the purpose of meeting legal obligations or of answering the requests from authorities or public institutions, as the case may be. The Company may disclose information concerning you only to those third parties to which we are legally bound in this respect or in order to perform the agreement entered into between you and the Company; as an example, your personal data may be submitted to banking units (e.g.: in order to pay the salaries and benefits), payroll companies managing salary calculations, state authorities or public authority entities (e.g.: in order to report fiscal obligations, bailiffs), providers of healthcare services (e.g. for the formalities prior to entering into the employment agreement, in order to meet certain legal obligations, in order to grant benefits).
 
b) Customers, business partners and other legal entities
As part of the performance of specific job-related duties, some of your personal data may be disclosed to other legal entities such as Customers, financial auditors, consultants, business partners of the Company.
 
c) Group Companies
The Company may also disclose certain personal data (e.g.: contact details, relevant professional experience) to other companies of the COFACE Group for purposes related to your employment or in the normal course of the activities you carry out.
 
DATA STORAGE PERIOD
The criteria used in order to determine your personal data storage period include:
 
  • Over the recruiting process as well as after its end, the Company may keep the applicants’ personal data for a period of 3 years, the storage of such data being performed for the specific purposes of the recruiting process and actual employment
  • Data storage for the purpose of performing the employment agreement
  • Data storage for the purpose of complying with the specific legal obligations
  • Data storage in order to defend certain rights in legal actions.
 
YOUR RIGHTS AND HOW YOU MAY EXERCISE THEM
In accordance with the General Data Protection Regulation (GDPR) you have the right to request the access to your personal data, the right to rectify or supplement the processed data, the right to have your personal data deleted (subject to the valid legal provisions), the right to restrict the processing, the right not to be subject to an automated decision, including profiling, as well as, in certain circumstances, the right to data portability. Whenever your consent was required for processing certain personal data, you are entitled (in certain circumstances) to withdraw such consent at any time, which will not affect the lawfulness of processing prior to the withdrawal of your consent.
For such request, please directly contact: DPO-Romania@coface.com or access the page available on www.coface.ro
 
FILING A COMPLAINT
You have the right to file a complaint with the National Personal Data Processing Supervisory Authority (“ANSPDCP”) via the website www.dataprotection.ro.
 
TRANSMISSION OF PERSONAL DATA TO A THIRD COUNTRY
Whenever Coface Group or its affiliates transfer personal data to service providers outside the European Economic Area (EEA), the transfer shall only take place if the European Commission confirmed the existence of an adequate data protection level or other adequate data protection measures were taken (e.g. mandatory corporate data protection standards or EU standard contractual clauses), in accordance with the public information available at the time of transfer.
AUTOMATED INDIVIDUAL DECISION
The Company does not use decisions that are based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.
 
See the available information notices for each company:
Top
  • Romanian
  • English