Last updated: October 25, 2022
This Privacy and Cookies Policy is applicable to Forty Management (hereinafter referred to as “us”, “we”, “our” or “Forty”). This website www.fortymanagement.ro is owned and operated by Forty Management company (the “Website”).
A. Privacy Policy
I. General provisions
This Privacy and Cookies Policy is applicable to Forty Management (hereinafter referred to as “us”, “we”, “our” or “Forty”). This website https://fortymanagement.ro/ is owned and operated by Forty (the “Website”).
This Privacy Policy informs you of the way we collect, use and disclose personal data we receive from certain categories of individuals, such as Website’s users, buyers, tenants, employees and collaborators/contractual partners of Forty. Forty will process personal data by complying with the provisions herein.
The purpose of this policy is to explain to you which data we process, why we process them and what we do with them when you enter into a legal relationship with Forty (including, without limitation, when you rent/buy properties from us or when you visit this Website).
II. Purposes, bases and categories of personal data
In compliance with the provisions of the General Data Protection Regulation 2016/679 (the “GDPR”), personal data processed by Forty may be used for purposes, such as:
1. Taking the necessary steps for concluding and performing the contracts and fulfilling the legal obligations, as well as for achieving the legitimate interests of Forty, which also include operations, such as requesting an offer, making payments and drafting the financial and accounting documents based on art. 6 para. (1) letters b), c) and f) of the GDPR. For these purposes, we will process personal data, such as first and last name, data in the ID cards of contractual or possible contractual partners (including but not limited to buyers or tenants, suppliers, contractors, etc) contact details, data about property and bank details.
Through this Website, we may also collect personal data of potential buyers who requested us for an offer/real estate agencies/tenants, as well as the personal data of landowners, who decide to acquire, enter into a joint venture or to different hybrid schemes that transfer the value of the land to shares in the future project, either residential, office or mixed-use. Furthermore, we collect personal data for performing due diligence activities in case a business relationship will be concluded between us and the company that you are representing, pursuant to art. 6 para. (1) letter f) of the GDPR, respectively the legitimate interest of entering into business relationship with reliable and integer partners.
2. Management and maintenance of this Website, which involves storage of cookies as they are described at Section B below, based on art. 6 para. (1) letters a) and f) of the GDPR.
While using our Website, we may ask you to provide us with certain personal data that can be used to contact or identify you. These personal data may include, but is not limited to, your first and last name, e-mail address, information that your browser sends whenever you visit our Website (“Log Data”).
The Log Data may include information, such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages and other statistics.
3. Personnel recruitment operations based on art. 6 para. (1) letter a) of the GDPR. Through this Website, we collect personal data of candidates, such as first and last name and data included in the CV.
4. Work relations, which entail data processing for the performance of the employment contracts, the fulfillment of the legal obligations devolving upon Forty in connection with these contracts and/or the achievement of Forty ’s legitimate interests deriving from the work relations based on art. 6 para. (1) letters b), c) and f) of the GDPR. For these purposes, we will process personal data of our employees, such as first and last name, data in the ID cards, contact details and bank details.
5. Compliance with legal obligations to which we are subject. We process personal data to comply with a range of legal obligations and statutory requirements (anti-money laundering, tax, health and safety legislation, etc.). For example, know your customer (KYC) rules and regulations require us to verify the identity before accepting you as a customer. Upon request by authorities, we may report the transactions carried out by customers.
6. Providing you with the best-suited products of home design or apartments for rent or sale. We disclose or receive data from third party service providers who assist and enable us to use the personal data to support delivery of your contract with us for example, consultants who can advise you on your project.
7. Solving your requests, questions or complaints based on art. 6 para. (1) letters a) and b) or/and f) of the GDPR. For this purpose, we will process personal data, such as first and last name and contact details.
8. Communication with our collaborators and contractual partners as well as access to our premises based on art. 6 para. (1) letters b) and f) of the GDPR. For this purpose, we will process personal data, such as first and last name and contact details.
We will not process personal data of children without the prior consent of their parents/legal representatives.
If we intend to use your personal data for a purpose other than the Forty for which they have been collected, we will inform you in advance about the secondary purpose and will provide any other information requested as per the GDPR.
III. Security
The security of your personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
We continuously try to ensure you the most appropriate level for the protection of your personal data and, to this end, we have implemented appropriate technical and organizational protection measures. We are constantly working for improving our security measures.
IV. Data retention and categories of recipients of personal data
Forty stores your personal data no longer than absolutely necessary. After the expiry of the retention period, personal data shall be destroyed or erased from the all supports (either physical or electronically ones). To the extent that they need to be used for scientific or statistical research purposes, personal data shall be rendered anonymous, in strict observance of the GDPR provisions.
Personal data are mainly processed by Forty ’s personnel and collaborators in charge of processing these data. We will disclose your personal data where required to do so, for instance by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Website. Also, there are situations where your personal data are sent to the companies in our groups and our contractual partners, which may be:
- third parties (for example, contractors, real estate agencies, manufacturers, accounting firms, audit firms, service providers, maintenance companies, post offices, couriers);
- competent authorities and institutions;
- lawyers, public notaries, auditors, bailiffs, translators, real estate brokers, safety and security firms;
- banks and financial institutions, insurance companies and insurance brokers;
- investors or potential investors;
- buyers and tenants.
Whenever we use subcontractors, acting either as data controllers or data processors, we ensure that the requirements set by the GDPR are met and that your personal data are processed in an adequate manner.
In principle, your personal data will not be transmitted to a third country or international organization. In any case, such transmission only occurs as part of a data processing agreement, an express consent by you or based on a legal obligation and taking into account respective legal safeguards.
V. Social networks
We cooperate with a number of networks, such as Facebook, Instagram, LinkedIn, Google Maps. When you are using this service your browser will automatically connect to the respective social network and transmit your IP address and other information such as cookies, if you have visited the respective platform before. As far as possible, we avoid this kind of data transfer until you interact directly with one of these platforms. By clicking on the corresponding symbol (e.g. the Facebook logo) you indicate that you want to communicate with the platform you have selected (in this case, Facebook) and agree that information about you, such as your IP address, is transmitted to this social network.
The plug-in establishes a direct connection between your browser and the servers of the respective social media. We have no influence whatsoever on the type and extent of the data the plug-in transfers to the social media servers.
VI. Rights of data subjects
According to the GDPR, the data subject may benefit from the following rights with regard to personal data processing:
- right to be informed – the right to receive a minimum content of information in relation to the processing activities performed by Forty, in accordance with the GDPR;
- right of access to data – the right to obtain from Forty, upon request and based on the conditions set by the GDPR, confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and information on the processing;
- right to rectification – the right to obtain from Forty, without undue delay, the rectification of inaccurate personal data concerning you;
- right to erasure of data – you can exert your right to erase the data from Forty ’s files, in accordance with the data protection provisions;
- right to restriction of processing – may be exerted if Forty of the following applies: the accuracy of the personal data is contested by you, the processing is unlawful and you oppose the erasure of the personal data, Forty no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, you have objected to processing pending the verification whether the legitimate grounds of the controller override yours;
- right to data portability – the right to receive the personal data from Forty in a structured, commonly used and machine-readable format;
- right to object – the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, save for contrary legal provisions. This right may be exerted in the following conditions: you request in written to Forty the exertion of this right, you specify the data and the legitimate grounds relating to your particular situation;
- right not to be subject to an individual decision – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In relation to a decision based solely on automated processing, you have the right to obtain human intervention and to contest the decision, to the contact details specified in this policy;
- right to contact the supervisory authority, namely the National Supervisory Authority for Personal Data Processing; and
- right to lodge a complaint with the competent courts of law.
The rights listed above are not absolute. There are exceptions, which is why every received request will be analyzed so as to decide if it is grounded or not. If the request is grounded, we shall facilitate the exercise of your rights. If the request is ungrounded, we shall reject it, but we shall inform you about the grounds of such a rejection and about the right to submit a complaint with the supervisory authority or the competent courts of law.
VII. Whom can you contact?
In order to exert your rights, you may submit a written request to our headquarters or to the email contact@centraldistrict.ro.
We shall attempt to answer your request within 30 days. However, the term may be extended according to the GDPR, depending on the complexity of the request, the large number of requests received during that period or the inability to identify you in due time.
If we use our best endeavors and we do not manage to identify you and you do not provide us with additional information in order to be able to identify you, we are not bound to answer your request.
B. Cookies Policy
This Website uses cookies in order to ensure the proper functioning of the Website and to optimize its content, as well as in order to analyses traffic and offer the visitors a better experience when browsing the Website.
The information presented below aims at providing users with more details on the placing and use of the cookies used by this Website.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
Like many websites, we use cookies to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Website’s functionality. These third-party service providers have their own privacy policies addressing how they use such information.
Our Website uses the following types of cookies:
A. STRICTLY NECESSARY COOKIES | ||
Type of cookie | The role of using | Duration of processing |
DFR | Sets that all deferred content (css, js, img) loaded and cached by visitor’s browser | 1 year after last Website access |
PHPSESSID | Stores hash for PHP session data | 5 days |
B. FUNCTIONALITY COOKIES | ||
Type of cookie | The role of using | Duration of processing |
ACA | Stores visitor viewed and accepted cookie agreement | 1 year after accepting the cookie |
PVC | Stores visitor pages viewed count | 1 year after last Website access |
NSM | Stores that visitor was shown and viewed newsletter overlayer | 30 days after Website visualisation |
NSS | Stores that visitor is subscribed or just subscribed to the newsletter. | 1 year after newsletter subscription |
SST | Stores that visitor viewed slideshow sliding tooltip | During the visit on the Website |
C. PERFORMANCE COOKIES (GOOGLE ANALYTICS) | ||
Type of cookie | The role of using | Duration of processing |
_gat, _ga, _gid | Google analytics session tracking | 2 years |
D. TARGETING/ADVERTISING COOKIES | ||
Type of cookie | The role of using | Duration of processing |
_fbp | Facebook tracking pixel | 7 days |
For cookies which are not strictly necessary, as provided at Sections B – D inclusively above, you may withdraw your consent at any time by accessing the links below. It is important to note that the deactivation or refusal to receive certain types of cookies can make certain sections of the website difficult to view and use.
All the modern browsers offer the possibility to change the settings of cookies. You can configure the settings of the cookies following the instructions by accessing the links below:
- Settings Cookie in Internet Explorer
- Settings cookie in Firefox
- Settings cookie in Chrome
- Settings cookie in Safari.
C. Changes to the Privacy and Cookies Policy
We reserve the right to update or change our Privacy and Cookies Policy at any time and you should check this Privacy and Cookies Policy periodically. Your continued use of the Service after we post any modifications to the Privacy and Cookies Policy on this page will constitute your service acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
If we make any material changes to this Privacy and Cookies Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our Website.