GDPR
Sectio Aurea treats the protection of personal data as an integral part of the way it carries out its professional activity. Data is processed responsibly, transparently and in accordance with applicable European and national legislation.
Data processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and international good practices regarding information security. Within the organization, data protection is integrated into internal processes and into the Information Security Management System certified according to the ISO/IEC 27001:2022 standard.
Who is the data controller?
The personal data controller is:
Section Aurea SRL
Vitan Road No. 23C, Vitan Business Center
Sector 3, Bucharest, Romania
Website:
https://www.phi.ro
Sectio Aurea processes personal data in the context of providing professional cybersecurity services, consulting, auditing, technological integration and security operations for organizations.
What data can be processed?
Depending on the professional relationship with the organization, data such as:
name and surname
email address
phone number
the position and organization the person belongs to
information resulting from professional communications or project activities
The data is processed exclusively for legitimate professional purposes, such as:
business relationship management
providing professional services
project coordination
professional communication management
compliance with legal obligations.
Data protection principles
Data processing within Sectio Aurea is based on the fundamental principles set out in the GDPR:
legality, fairness and transparency
limitation of the purpose of processing
data minimization
data accuracy
limitation of storage period
integrity and confidentiality.
These principles are integrated into internal governance, security and risk management processes.
Purposes of data processing
The data is processed exclusively for legitimate purposes related to the organization's activity, such as:
management of commercial and professional relationships
bidding and contract negotiation
project development and contract execution
professional communication management
compliance with legal obligations
legal and operational risk management.
Data security
ectio Aurea implements advanced technical and organizational measures to protect data, including:
strict control of access to information
multifactor authentication
IT infrastructure monitoring
vulnerability management
security incident detection and response technologies.
These measures are integrated into an ISO/IEC 27001 certified Information Security Management System.
Rights of data subjects
The persons whose data are processed have the right to:
request access to their data
request the rectification or updating of data
request the deletion of data, under the conditions provided by law
request restriction of processing
object to certain types of processing
file a complaint with the supervisory authority.
The manner of exercising these rights is described in the full information document.
Contact – Data Protection Officer (DPO)
For any requests regarding data protection or exercising GDPR rights, you can contact:
Eduard-Mădălin Bratu
Data Protection Officer (DPO)
E-mail:
privacy@phi.ro
Phone:
+40 722 154 062
Complete documents
For transparency and to provide detailed information on how personal data is managed, Sectio Aurea makes available the complete documents describing the data protection framework applied in the organization.
These documents explain in detail the principles of data processing, the purposes of using personal information, the security measures implemented and the rights of data subjects.
The documents can be consulted below:
These documents provide detailed information about how Sectio Aurea collects, uses, stores and protects personal data, as well as about the rights of data subjects and how to exercise them.
For questions or requests regarding data protection, you can contact the Data Protection Officer: