This GDPR Information Notice is intended to inform you about the personal data processing operations carried out by CREASOFT TIME MANAGEMENT SRL, a company registered with the Trade Register under no. J2021007098407, sole registration code RO 44137701, with its registered office in Bucharest, 7 Iuliu Maniu Blvd., Sector 6, Building A, Staircase 3, 4th Floor, Room 13A, Postal Code 061072, in its capacity as data controller in relation to the Beneficiaries contracting the services and products offered by Creasoft, as detailed in the GTC.
PRELIMINARY INFORMATION
Thank you for your interest in our company. When you enter into a business relationship with us, you entrust us with your information. The information contained in this document (hereinafter referred to as the "Information Notice") is important. We recommend that you read it carefully, as it explains how we, as Data Controller in accordance with Regulation (EU) No. 679/2016 (hereinafter referred to as the "Regulation", "GDPR"), process and protect personal data.
This Information Notice is also intended to present the categories of personal data we process, the purposes of processing ("why do we process personal data?"), the storage period, your rights, how you can exercise those rights, and other information required under the GDPR.
By visiting the website, purchasing our services/products, or interacting with us by any means and/or through any communication channel (email, telephone, social media, etc.), you agree to this Information Notice. If you do not agree with what is described in this Information Notice, please do not use our services.
DEFINITIONS
"GDPR" or the "Regulation" means Regulation (EU) No. 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
"Data subject" means any identified or identifiable natural person whose personal data is processed by us as controller, such as customers, prospective customers, and website visitors.
"Processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural, or social identity.
All other terms used in this document have the meaning assigned to them by the GDPR and other applicable legal provisions.
OUR COMMITMENT
The protection of personal data is very important to us. That is why we are committed to complying with European and national legislation on personal data protection, especially the GDPR, and with the following principles:
Lawfulness, fairness, and transparency
We process personal data in a lawful, fair, and transparent manner. We are always transparent about how we use personal data, and you are properly informed.
Purpose limitation
Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
Data minimization
We collect and use only the personal data strictly necessary for the fulfillment of the purposes.
Accuracy
We make the necessary efforts to ensure that the personal data we process is accurate and up to date.
Storage limitation
We store data only for the minimum period necessary to fulfill the purposes.
Security and confidentiality
We have implemented reasonable security and encryption measures so that your personal data is protected as effectively as possible. However, please note that no website, no application, and no internet connection is completely secure.
CHANGES
We may change this Information Notice at any time. All updates and amendments to this Information Notice become effective immediately upon notification, which will be made by publication on the website / at the company's premises and/or by any other means permitted by law.
QUESTIONS AND REQUESTS
If you have any questions or concerns regarding the processing of your data, if you wish to exercise your legal rights, or if you have concerns regarding how we handle any privacy issue, you may write to us at the email address indicated.
PERSONAL DATA WE PROCESS
Creasoft processes the following categories of personal data:
Identification and contact information
Full name
Telephone number
Age
Date of birth
Identity document
Sex
Nationality
Domicile
Residence
Email
Signature
Other possible personal data: identity card series and number, passport series and number, copy of identity document, copy of passport, personal numeric code (CNP).
Tracking
IP address
Essential cookies (authentication and session, language, anti-forgery / CSRF protection, interface configuration)
Special categories of data
No.
Creasoft is a manufacturer and developer of electronic systems and customized control and monitoring software, including time attendance and payroll solutions.
Although Creasoft does not have direct access to the personal data of its clients' employees, depending on the service requested from us, we may sometimes collect and process the following personal information about you in specific and exceptional situations:
Client employees' data: first name, last name, email address (preferably business email), telephone number, address, position within the company, attendance records, salaries, information provided by the employee/prospective employee in job applications/CVs, as well as any other requests made available to employees through the software, including possible requests containing medical data in the event of sick leave.
We may also collect and process from clients data relating to the name of the company they represent, their position within the company, and areas of interest in the field in which they operate, including HR.
Also, for the control and monitoring services offered, the identification of authorized personnel is performed by presenting an RF card previously registered in the Creasoft Access application. Based on the code (serial number) read from the presented card, the person holding the card is identified, and a name or employee number is associated with that person in the database, data which may be processed by Creasoft.
PURPOSES
We process personal data for the following purposes:
For the conclusion or performance of a contract between you and us
For business and administrative purposes
To provide various information related to our products and services
To respond to your questions and requests and provide customer support services
To provide and improve the services we offer
To diagnose or remedy technical issues
For software demonstrations and the functioning of the services provided
To defend ourselves against cyberattacks
To comply with legal obligations, such as tax law compliance
To establish, exercise, or defend legal claims before the courts
LEGAL BASES
In order to lawfully process personal data, we rely on one or more of the following legal bases:
Processing is necessary for the conclusion or performance of a contract between you and us
The processing of personal data is necessary in order to conclude or perform a contract between you and us.
Processing is necessary for compliance with a legal obligation
In certain situations, the processing of data is necessary for compliance with a legal obligation, such as keeping invoices and accounting records for a certain period of time.
Processing is necessary for our legitimate interests
We may rely on this legal basis only where our interest prevails over your rights and interests. When we rely on legitimate interest, we conduct a legitimate interest assessment (balancing test) through which we weigh our interest against your interests. Where our interests prevail, we will rely on legitimate interest. Where your interests prevail, we will not rely on legitimate interest and, to the extent that we cannot identify another legal basis, we will not carry out that processing activity.
STORAGE PERIOD
We store personal data only for the period necessary to fulfill the purposes, but no longer than 5 years from the termination of the contract or the last interaction with us. After the end of this period, personal data will be destroyed or erased from our IT systems, or transformed into anonymous data for use for scientific, historical, or statistical research purposes.
Please note that in certain situations expressly regulated by law, we store data for the period imposed by law.
SECURITY OF PERSONAL DATA
We understand how important the security of personal data is and take the necessary measures to protect our clients and other persons whose data we process against unauthorized access to personal data, as well as against unauthorized alteration, disclosure, or destruction of the data we process in the course of our activities.
We have implemented the following technical and organizational measures for the security of personal data:
a) Dedicated policies. We adopt and constantly review internal personal data processing practices and policies (including physical and electronic security measures) in order to protect our systems against unauthorized access or other possible security threats. These policies are subject to constant verification to ensure that we comply with legal requirements and that the systems function properly.
b) Data minimization. We ensure that the personal data we process is limited to what is necessary, adequate, and relevant for the purposes stated in this Policy.
c) Restricted access to data. We try to restrict access to the personal data we process as much as possible to the minimum necessary: employees, collaborators, and other persons who need to access such data in order to process it and perform a service. Our partners and collaborators are subject to strict confidentiality obligations, whether contractual or legal.
d) Specific technical measures. We use technologies that ensure the security of personal data, always trying to implement the best available solutions for data protection. We also perform periodic data backups so that data can be recovered in the event of an incident, and we have periodic audit procedures in place regarding the security of the equipment used. However, no website, application, or internet connection is completely secure or invulnerable.
e) Ensuring data accuracy. Sometimes we may ask you to confirm the accuracy of your personal data so that we can make sure it reflects reality.
f) Staff training. We constantly train and test our employees and collaborators regarding legislation and best practices in the field of personal data processing.
g) Data anonymization. Where possible, we try to anonymize/pseudonymize the personal data we process so that we can no longer identify the persons to whom the data relates.
However, although we make constant efforts to ensure the security of the data entrusted to us, less favorable events may still occur and we may experience security incidents/data breaches. In such cases, we will strictly follow the incident reporting and notification procedure and take all necessary measures to restore the situation as quickly as possible.
PROFILING AND AUTOMATED DECISION-MAKING
We do not make automated decisions producing legal effects or similarly significant effects on you.
YOUR RIGHTS
Your rights under the GDPR are as follows:
a) The right to be informed about the processing of your data
b) The right of access to your data. You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed and, where that is the case, access to the data and the information provided for in Article 15(1) GDPR.
c) The right to rectification of inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.
d) The right to erasure ("the right to be forgotten"). In the situations provided for in Article 17 GDPR, you have the right to request and obtain the erasure of personal data.
e) The right to restriction of processing. In the cases provided for in Article 18 GDPR, you have the right to request and obtain restriction of processing.
f) The right to data portability. You have the right to transmit the data we hold about you to another controller.
g) The right to object to the processing of your data. In the cases provided for in Article 21 GDPR, you have the right to object to the processing of your data.
h) The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
i) The right to seek judicial remedy in order to protect your rights and interests.
j) The right to lodge a complaint with a Supervisory Authority.
Name: National Supervisory Authority for Personal Data Processing
Address: 28-30 General Gheorghe Magheru Blvd., Sector 1, Postal Code 010336, Bucharest, Romania
Telephone: +40 318 059 211 or +40 318 059 212
Email: anspdcp@dataprotection.ro
Please note that:
If you wish to exercise your rights, you may do so by sending a written, signed, and dated request to the following email addresses: dpo@creasoft.ro and/or gdpr@creasoft.ro.
The rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed in order to determine whether it is justified. To the extent that the request is justified, we will facilitate the exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for refusal and of your right to lodge a complaint with the Supervisory Authority and to seek judicial remedy.
We will try to respond to your request within one month. However, this period may be extended depending on various factors, such as the complexity of the request, the large number of requests received, or the impossibility of identifying you within a reasonable period.
If, despite all our efforts, we are unable to identify you and you do not provide additional information enabling us to do so, we are not obliged to comply with the request.
ABOUT THE COOKIE POLICY
In order to ensure the proper functioning of the Creasoft website, we sometimes place small files called "cookies" on your computer or mobile device.
The purpose is to allow the website to remember your preferences (such as username, language, etc.) for a certain period of time, so that you do not have to re-enter them while navigating the website during the same visit.
Usually, Creasoft uses 2 types of cookies for:
storing visitors' preferences (filters/sorting) and language
authentication and session
Visitors' preferences
These cookies are placed by Creasoft and remember:
whether you have accepted (or refused) this website's cookie policy
whether you have already responded to various pop-up questionnaires so that they are no longer displayed to you in the future
Operational cookies
There are some cookies that we must include in order for certain web pages to function. For this reason, they do not require your consent. These include:
authentication cookies
technical cookies necessary for certain IT systems
Authentication cookies
These are stored when you log in to a website managed by Creasoft.
Deleting cookies from your device
You can delete all cookies already stored on your device by clearing your browser history. This will delete all cookies from all websites you have visited.
However, this may also mean that you lose some saved information, such as stored login details or website preferences.
Updated today, 01.09.2025
Adrian-Constantin Dinu
