Privacy Policy – Corallis
PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA CARRIED OUT IN CONNECTION WITH THE PROMOTION ACTIVITIES OF THE CORALLIS PROJECT THROUGH WWW.FORTIM.RO/CORALLIS
1. WHO WE ARE AND THE PURPOSE OF THIS DOCUMENT
This Privacy Policy has been prepared by Fortim Trusted Advisors S.A., a company organized and operating under the laws of Romania, having its registered office in Bucharest, Sector 1, Șoseaua Nicolae Titulescu, nr. 4-8, 2nd Floor, West Wing, having the registration number issued by the Trade Register J40 /3890 /2002 and the unique registration code 14625999 (hereinafter, “we” or “Fortim Trusted Advisors“).
The Company owns and operates the Corallis Real Estate Project (“Project“) home page www.fortim.ro/corallis (“Corallis Page“).
With this document we wish to explain why and how we use the personal data of visitors to the Corallis Page.
This Privacy Policy applies in relation to our relationship with individuals who visit the Corallis Page and register through it to receive information and commercial communications from Fortim Trusted Advisors regarding real estate properties, in particular properties within the Project (more details on this can be found in Section 2 (Purposes, grounds for processing and categories of personal data we process) of this Privacy Policy).
“Personal data” means any information relating to an identified or identifiable natural person, and an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
This Privacy Policy contains important information about the use of your data by Fortim Trusted Advisors. We therefore encourage you to take the time to read it fully and carefully before interacting with us. Please feel free to let us know if you have any concerns using the contact details at the end of this Privacy Policy.
This Privacy Policy is drawn up by Fortim Trusted Advisors acting in its capacity as data controller under the data protection legislation applicable in Romania, in particular Articles 13-14 of Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (“GDPR“).
Fortim Trusted Advisors acts, in relation to some of the data processing purposes described in this Privacy Policy, as an associated controller together with Kesz Investments Romania S.R.L., a company organized and operating under the laws of Romania, having its registered office at Calea Turzii 178.K E, Cluj Napoca, with the registration number issued by the Trade Register J12/6010/2021 and the unique registration code 45333986 (“Kesz“), pursuant to a joint controller agreement between us and Kesz. We have described in this Privacy Policy when your personal data is processed by the two entities as associated operators. You will be able to exercise all of your data subject rights in relation to the processing of your data under this Privacy Policy against both Fortim Trusted Advisors and Kesz by writing to Fortim Trusted Advisors, in all situations where Fortim Trusted Advisors acts as an associated controller with Kesz. Fortim Trusted Advisors is also responsible for fulfilling its obligation to inform you about the processing of your data in accordance with Articles 12-14, GDPR, including in situations where Fortim Trusted Advisors and Kesz act as associated operators; Fortim Trusted Advisors fulfills this obligation to inform you through this Privacy Policy.
2. PURPOSES, GROUNDS FOR PROCESSING AND CATEGORIES OF PERSONAL DATA WE PROCESS
We use the following categories of your personal data for the purposes and on the grounds described further in this Section. To access the information relevant to you, please click on the links below for the category of data subject to which you relate.
2.1. If you are a visitor to the Corallis Website https://fortim.ro/corallis/
Activity | Purposes | Personal Data Categories | Processing ground |
(a) Using the Corallis Page Fortim.ro/corallis | In order to allow you to use the Corallis Page, to ensure the functionality and security of the Corallis Page, as well as to monitor traffic or improve the content of the fortim.ro website. For these purposes we use, among other things, cookies, as detailed in the fortim.ro Cookies Policy available here: https://fortim.ro/privacy-policy/ | IP address used for connection Date and time of connection Details of the equipment used to connect | Our legitimate interest in providing the Corallis Page (Art. 6(1)(f) GDPR) Your consent to the collection of data by the Corallis Page through certain categories of cookies (Art. 6 para. 1 lit. a) of the GDPR) |
Fortim Trusted Advisors pursues the purpose specified in lit. a) above exclusively for its own interests.
2.2. If you sign up through the Corallis fortim.ro/corallis Corallis Page to receive information and communications from Fortim Trusted Advisors regarding the purchase of real estate in general
Activity | Purposes | Personal Data Categories | Processing ground |
a) Registering and communicating with you about real estate (part of the Project or in general) by voice calls, electronic messages (including whatsapp, SMS, email) and sending newsletters | Registration of people interested in the Project Communication with Project stakeholders | Name, contact details (phone number, e-mail address) Preferences, interests | Your consent to the data and information included in the contact form (Art. 6(1)(a) GDPR) |
b) Analyzing and documenting your use of our real estate (in general) communications and newsletters | Identifying and tracking how our communications and newsletters are being used, what is of interest in them, structuring our communications according to your needs and improving the reach of our information and promotion campaigns | Your e-mail address, your name Details of the equipment you use to access our communications (operating system, type of equipment, etc.) | Your consent (Art. 6.1.a of GDPR) |
c) Processing your requests to stop receiving our communications and newsletters | Automatic receipt and operation of your requests to unsubscribe from receiving our regular newsletters, deletion of your data from our communication and newsletter mailing databases | Your e-mail address, your name | Our legal obligation (Art. 6(1)(c) GDPR) |
d) Online advertising of real estate (in general) | Online real estate (in general) advertising (personalized or not) | Preferences, interests | Your consent to the use of marketing cookies on the www.fortim.ro/corallis website (art. 6 paragraph 1 lit. a) of the GDPR) |
We process your personal data for the purposes set out in lit. a) above as a controller associated with Kesz when the activities carried out relate to the Corallis Project. Thus, we have decided together with Kesz to use your personal data obtained inter alia through the www.fortim.ro/corallis page to send you communications and information regarding the Project, inter alia, respectively to send you, if you consent to the use of marketing cookies on the Corallis Page, personalized online advertising relating to the Project, inter alia. Fortim Trusted Advisors has access to your contact and other information that you submit to us through the Corallis Page and in subsequent communications between us and you, and Kesz may obtain access to this data if it wishes.
We, Fortim Trusted Advisors, may, however, use the contact details obtained through the Corallis Page to send you information about other real estate properties in which you may be interested. In this case, we, Fortim Trusted Advisors, will only act on our own behalf and will be solely responsible for these communications to you.
In general, the activities described in b) – d) above are carried out by us, Fortim Trusted Advisors, on our behalf only, pursuing our general objectives of promoting the Project and other real estate properties.
2.3. If you plan to visit a real estate unit within the Corallis Project
Activity | Purposes | Personal Data Categories | Processing ground |
a) Scheduling and carrying out Project visits, involving actions such as verbal (voice calls) and/or written (whatsapp, sms, e-mail) communication | Visiting the Project by interested persons | Name, contact details (phone number, e-mail address) Preferences, interests | Your consent (Art. 6.1.a of GDPR) |
b) Communication of information related to the visits of the Project units to Kesz | Informing Kesz about Project visits | Name, contact details (phone number, e-mail address), viewing date | Legitimate interests pursued by Kesz to keep track of the viewing status of the Project units (Art. 6(1)(f) GDPR) |
We process your personal data for the purpose specified in b) above as a controller associated with Kesz, who wishes to be informed about Project viewings. Your personal data related to your visits to the Project are collected and centralized by Fortim Trusted Advisors and subsequently transmitted to Kesz for the purpose of informing Kesz about your Project visits.
We would also like to note that we may receive your contact details from Kesz in order to organize Project visits when you interact directly with Kesz in connection with the Project.
2.4. If you send us requests or complaints
Activity | Purposes | Personal Data Categories | Processing ground |
a) Handling your and the authorities’ requests and complaints | Ensuring the smooth handling of your requests and complaints (including those based on your rights as a data subject under the GDPR) | Identification and contact details (name, contact details – address, e-mail address, telephone number, ID details) Image, voice recordings Other data you give us in the course of our interactions | Our legitimate interests in handling your requests and complaints (Art. 6 (1) (f) GDPR) Our legal obligations (Art. 6 para. 1 lit. c) of the GDPR) (as regards our obligations to handle your requests based on your rights under the law) |
b) Handling requests from the authorities; protecting our rights | Good handling of requests from the authorities, i.e. ensuring that our rights are protected | Identification and contact details (name, contact details – address, e-mail address, telephone number, ID details) Image, voice recordings Other data you give us in the course of our interactions | Our legal obligations (Art. 6 (1) (c) of the GDPR) (as regards our obligations to respond to requests from authorities) Our legitimate interests to protect our rights (Art. 6(1)(f) GDPR) |
We process your personal data for the purpose specified in lit. a) above as a controller associated with Kesz when your requests are related to the Project and our activities related to the Project. In these situations, we work with Kesz to respond to your requests and complaints. If your requests are not related to the Project, we process your personal data only on our own behalf, without involving Kesz.
3. PROVISION OF DATA AND YOUR CONSENT
When you submit your personal data directly to us through the Corallis Page or in communications with Fortim Trusted Advisors or Kesz, please provide all categories of personal data requested by us. Otherwise, we may not be able to properly carry out the activity for which you are contacting us (including, among other things, responding to your requests).
Where we use your data on the basis of your consent, in the circumstances set out in Section 2 above, you should be aware that you can withdraw that consent at any time and we will no longer use your data from that point onwards. In any event, however, our activities carried out prior to your withdrawal of consent, including those involving your data, remain valid and in effect without the possibility of revocation.
You may withdraw your consent to the processing of your data where this is the basis on which we use your data, as set out in Section 2 above, by contacting us using the contact details set out in Section 9 (Contact) below.
If you provide us with personal data of natural persons other than yourself, please inform them, before disclosing the data to us, of how we intend to use their data, e.g. by sending a link to this Privacy Policy to them. If we contact these individuals directly, e.g., to ask for their consent to use their data, where necessary, we will ensure that we provide them with this Privacy Policy.
4. TO WHOM WE DISCLOSE YOUR PERSONAL DATA
We primarily disclose your personal data to our associated data controller, Kesz, in the situations described in this Privacy Policy.
We also disclose your personal data to our external service providers, such as, for example, our IT service providers, consulting and marketing service providers or communication transmission service providers. They will only access and use the personal data necessary for the provision of the services contracted by us, on the basis of appropriate contractual documentation, the legal basis for these data transfers being our interest in contracting and benefiting from the services offered by these providers for the performance of our activities.
We and Kesz may also disclose your personal data obtained as described in this Privacy Policy as follows:
- our business partners, if this is necessary in the context of the provision of their services, where justified by our interaction with you;
- to our auditors, consultants, lawyers or other specialized professional service providers, if necessary for them to provide the services contracted by us, having regard to our legitimate interest or legal obligation to contract for those services;
- public authorities and institutions, where we have a legal obligation to do so, or at their express request, if permitted by law.
As a general rule, we only transfer your personal data to recipients in countries belonging to the European Union (EU) and/or the European Economic Area (EEA). Where we use service providers outside the EU/EEA, we ensure that appropriate tools are in place, in compliance with applicable law for the transfer of personal data to the countries where they operate, i.e. that your personal data is protected.
5. HOW WE PROTECT YOUR DATA
It is very important for us to protect your personal data. To this end, both we and Kesz apply appropriate measures to ensure the security of personal data, including:
- Dedicated policies: each of us and Kesz adopts and reviews our data processing practices and policies, including physical and electronic security measures, to protect our systems from unauthorized access and other possible security threats to your data.
- Specific technical measures: each of us and Kesz uses technologies to ensure the security of the personal data we process, performs back-ups and checks the adequacy of the security technology used in relation to the level of risk of our activities.
- Data Retention: Each of us and Kesz apply security measures in relation to the retention of your personal data. Your data is held securely by Fortim Trusted Advisors and Kesz respectively.
- Staff training: each of us and Kesz trains its employees and collaborators on the legislation and best practices in the field of personal data processing.
- Control of our service providers: each of us and Kesz include provisions in our contracts with our service providers to ensure the protection of the data they use.
- Data Minimization. Each of us and Kesz has ensured that it only uses your personal data that is necessary, appropriate and relevant for the purposes stated in this Privacy Policy.
- Restricting Access to Data. Each of us and Kesz strictly restricts access to the personal data we use in connection with the activities performed pursuant to this Privacy Policy to employees, collaborators and others who need to access it to perform their job duties. All such persons are subject to strict confidentiality obligations in relation to the data to which they have access, and we will not hesitate to hold them to account and terminate our collaboration with them if they do not treat the protection of your and other persons’ data with the utmost seriousness.
We also undertake to adopt any further measures required by law in the field of personal data protection in connection with the use of your data.
However, while we take all reasonable steps to ensure the security of your data, we cannot guarantee the absence of any breach of security or the impossibility of penetrating our security systems. In the unfortunate event that such a breach should occur, we will follow legal procedures to mitigate the effects and inform data subjects.
6. THIRD-PARTY APPLICATIONS AND ONLINE TECHNICAL TOOLS
Please see https://fortim.ro/ro/politica-de-confidentialitate/for details of the third-party applications and online technical tools (including social networks) we use through the fortim.ro website..
7. HOW LONG WE KEEP YOUR DATA
We intend to retain your personal data for as long as necessary to fulfill the data processing purposes we pursue. In some cases, we are required by law to retain certain information and data about you for legally prescribed retention periods, which are generally set for archival purposes (e.g. 5 or 10 years for financial accounting purposes). We may also need to retain certain data and information about you in order to support and protect our own interests; however, in this case, we will not retain data and information about you for more than 3 years after the termination of our relationship, including our communications.
If you are a user of the www.fortim.ro website, we retain your data in accordance with the website’s privacy and cookie policies.
Where we use your data on the basis of your consent, e.g. in the case of sending communications to promote the Project or in the case of our social media interaction, we will, as a rule, use your data until you withdraw your consent, but we may retain your data for longer periods of time in accordance with our archiving obligations or practices.
When you participate in viewings of Project units, we will retain the data we obtain about you at these viewings for up to one year after the date of the viewing, but if you consent to receive communications from us about the purchase of units at the viewing we will retain your contact details as a rule until you withdraw your consent, unless we need to retain them for longer periods of time in accordance with our archiving obligations or practices.
8. YOUR RIGHTS
Under the law, you have the following rights in relation to the processing of your personal data by us, respectively by Kesz (when acting as a controller associated with us):
8.1. Right of access: you can obtain confirmation of the processing of your personal data, as well as information on the specifics of the processing such as: the purpose, the categories of personal data processed, the recipients of the data, the period for which the data are kept, the existence of the right to rectification, erasure or restriction of processing. This right allows you to obtain a copy of the personal data processed free of charge, as well as any additional copies for a fee.
8.2. Right to rectification of data: you can ask us to amend your personal data that is incorrect or, where appropriate, to complete data that is incomplete.
8.3. Right to erasure: you may request the erasure of your personal data where: (i) it is no longer necessary for the purposes for which we have collected and process it; (ii) you have withdrawn your consent to the processing of your personal data and we can no longer process it on other legal grounds; (iii) personal data is processed contrary to the law; or (iv) personal data must be erased in accordance with the relevant legislation.
8.4. Withdrawal of consent: you may withdraw your consent to the processing of personal data processed on the basis of consent at any time, without this in any way affecting the processing carried out prior to the withdrawal. You can withdraw your consent to receive newsletters at any time by clicking the UNSUBSCRIBE button in every communication we send you.
8.5. Right to object: you can object at any time to processing based on the legitimate interest of Fortim Trusted Advisors or Kesz (when acting as a controller associated with us) by providing us with reasons relating to your specific situation. For details of the processing we carry out in the legitimate interest, please see Section 2 above.
8.6. Restriction of data processing: you may request the restriction of the processing of your personal data by us if: (i) you contest the accuracy of the personal data, for a period of time that allows us to verify the accuracy of the data concerned; (ii) the processing is unlawful, and you object to the erasure of your personal data, requesting instead the restriction of their use; (iii) the data are no longer necessary for our processing, but you request them for legal action; or (iv) if you have objected to the processing, for the time period during which it is verified whether the legitimate rights of the data controllers of your data prevail over your rights as a data subject.
8.7. Right to portability: you may request us, under the conditions of the law, to provide you with the personal data you have provided to us in a structured, frequently used and machine-readable form. We may also, at your express request, transmit your personal data to another entity if technically possible. You will only be able to exercise your right to portability if (cumulatively): (i) the processing is carried out by automated means; and (ii) the processing is carried out on the basis of your consent or in order to perform a contract with you.
8.8. The right not to be subject to automated individual decision-making processes, including profiling: we process your personal data by automated individual decision-making processes for profiling you in order to deliver personalized advertising about the Corallis Apartments Project, based on your consent to the use of marketing cookies through the website www.fortim.ro. If you would like more details about this data processing, please contact us at the contact details in Section 9 (Contact) below.
8.9. Right to lodge a complaint to the National Supervisory Authority for Personal Data Processing: you have the right to lodge a complaint to the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro) if you believe that your rights have been violated, using the contact details of the authority included below. However, we respectfully request that you contact us with any complaints or concerns you may have before contacting the authority.
National Authority for Personal Data Processing Supervision | B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, postal code 010336 Bucharest, Romania [email protected] |
You may exercise any of these rights against us using the contact details in Section 9 (Contact) below.
If you exercise any of your rights under the law, this will not affect: (i) data processing that has already taken place; or (ii) data processing that is not based on your consent.
9. CONTACT
To exercise one or more of the rights set out above or to ask a question about these rights or about our processing of your personal data, please contact us by e-mail at [email protected]. If you contact us, Fortim Trusted Advisors, about a data processing activity carried out as a data controller associated with Kesz, we will promptly inform Kesz of the request received so that we can handle your request together to the extent necessary.
10. VERSIONS OF THIS PRIVACY POLICY
This Privacy Policy is valid from 24.07.2024
We may amend this Privacy Policy to reflect our activities in which we use your personal data. We will indicate any change to this Privacy Policy by indicating its date in this Section.
