Website Privacy Notice – corporate website
Welcome to ARCwaste. This privacy notice describes how we collect, use, and share your personal data:
- through your use of our website at https://www.ARCwaste.ro (“the Site”),
- where we enter into business partnerships with you (or the company you work for), and
- where you (or the company you work for) provides services to us.
We recommend that you read this privacy notice in full to ensure you are fully informed. However, if you only want to access a particular section of this notice, then you can click on the heading below to access the information for that topic.
Please note that the Site is not aimed at children and we do not knowingly collect data relating to children.
When we refer to “ARCwaste”, “we” or “us”, we are referring to ARCwaste Collection and its affiliated companies involved in the processing of your personal data.
We are also a member of the Arçelik Group. More information about the Arçelik Group can be found on Arçelik’s website here.
- When you contact us with general queries, complaints or public relations inquiries .
- When you visit our Site, we capture information automatically through cookies and similar technologies. You can manage these when you visit our Site. See our Cookie Notice for further information.
- During the course of our commercial discussions, such as entering into business partnerships or where we engage you to provide services to us; For example, if you are an employee, representative or contact person of one of the producers or authorized representatives acting on behalf of the producers with whom, based on the operating license, we conclude contracts for the transfer of responsibility, we act as controller in processing your data.
- When we organize and carry out business trips, marketing events or promotional marketing contests and campaigns and you decide to take part at them;
- When we are handling immigration formalities on your behalf, in order to allow you to visit our company for business purpose;
- When you visit our offices we process certain information about you in order to register as a visitor;
- When you access one of ours dedicated whistle-blower line, in order to confidentially report violations or concerns regarding behaviours that may violate Global Code of Conduct and company’s ethical principles.
- We may collect personal data about you through your colleagues or, where available, through publicly available sources, such as professional networking sites, general market research, Trade Register, Land Register, etc.
If you provide us or our service providers with any personal data relating to other individuals, you confirm that you have the authority to do so, and where required, have obtained the necessary consent and acknowledge that it may be used in accordance with this Privacy Notice.
We may provide additional Privacy statement on certain occasions when we collect or process personal data about you, which should be read in conjunction with this Privacy Notice.
Where we talk about “personal data” in this privacy notice, this means any information that may be used alone or in combination with other information to identify you.
The types of information we collect are set out below:
- We need a small amount of information from our business partners and service providers to ensure that our contract runs smoothly. For example, we need contact details of relevant individuals (such as names, telephone numbers, and email addresses) so that we can communicate with you;
- We need your contact data, signature, data regarding the status and/or professional characteristics (such as: occupation, position, employer) in order to conclude and execute the contract with you or with the company whose representative / contact person you are. We also need other information, such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us). We may also hold extra information that someone in your organisation has chosen to tell us from time to time;
- Details of your interactions with us when you contact us via email (for public relations inquiries), telephone, or post using the details listed on the Site.
- Personal data from the notifications you send us, documents attesting your identity in order to organise business trips, to schedule reservations, to organize and carry out marketing events or promotional marketing contests or campaigns;
- We may process certain information about you during your visit in our offices, required to register as a visitor, such as: name, e-mail address, phone number, company name, time and date of arrival;
- You may want to share your name, contact information or other related information (such as evidence or documentation related to the issue) when you decide to report violations or concerns regarding behaviour that may violate Global Code of Conduct and Ethical principles. Copies of documents you provide to us to prove your age or identity where the law requires this. For example, if you send us a request relating to your personal data, we may need further information to verify your identity. We will therefore process personal data contained in the identity documents you choose to provide us with;
Information we collect through cookies and similar technologies. Data we collect automatically includes the type of web browser or mobile device, your operating system, your IP address, the URL of the landing page and the referring website, the time and date of your visit to the Site, and the search terms used by you to reach the Site. For more information, please see our Cookie Notice.
There are several different reasons under data protection law for which we may collect and process your personal data. These include:
Performing contractual obligations
In some circumstances, we need your personal data to comply with our contractual obligations. For example, where we process your personal data in connection with obtaining services from you.
Complying with a legal obligation
If the law requires us to, we may need to collect and process your personal data.
We may process your personal data where it is necessary for our legitimate interests as a company, where this does not override your data protection interests and fundamental rights. For example, we will process your personal data to administer and manage our business relationship with you.
This section tells you how and why we will use your personal data and explains the lawful basis we rely on in each case. Please remember that if you choose not to share your personal data with us, we may not be able to provide the services or products you have requested.
We process your personal data for the following purposes on the basis of our contractual obligations to you:
- To store (and update where necessary) your contact details on our database so that we can contact you in relation to our agreements.
We process your personal data for the following purposes to comply with our legal obligations.
- To send you service-related communications which are required by law, or necessary to inform you about updates to the services we provide to you. For example, updates to our privacy notice or terms and conditions;
- To verify your identity where the law requires us to;
- To comply with applicable legal, regulatory or professional requirements (such as: archiving and keeping records of the contracts and relevant documents, based on which the parties had trade and economic relations; financial- accounting rules; managing claims, legal files, civil and criminal cases), resolving requests and addressing communications from the competent authorities.
We process your personal data for the following purposes on the basis of our legitimate interests.
- To administer our business relationship with you;
- To respond to your queries, including any public relations inquiries;
- To deliver relevant website content to you across our Site and to measure and understand the effectiveness of the content we serve to you;
- To administer and protect our Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data);
- To use data analytics to improve our Site, content, marketing, and user experience;
- To protect our business from fraud and other illegal activities;
- For audit and report purposes, internal compliance and risk analysis, use of systems and applications (hosted or internal), as well as for the purposes of relations with other contractual partners;
To protect or enforce our legal rights, for example defending ARCwaste in the case of legal disputes.
We sometimes share your personal data with third parties. The types of third parties with which we share personal data are described below:
Other Arcelik group companies
We may share your personal data with other companies belonging to the Arçelik Group, including our parent company Arçelik A.S. in Turkey, who may use your personal data for purposes and in a manner consistent with the information set out in this privacy notice. In particular, Arçelik A.S. will process some of your personal data for analysing and reporting purposes at a global level based on its legitimate interests in developing the Arçelik Group’s business and complying with local rules and regulations. Arçelik A.S. may disclose your personal data to third parties (such as service providers, agents and public authorities and institutions) where it is necessary for Arçelik A.S. to lawfully carry out its business activities in accordance with the purposes set out above and as required and permitted by applicable law.
We may disclose your personal data to companies that provide services to us and other members of the Arçelik Group. Examples of the types of service providers we work with include:
- IT companies that operate the Site on our behalf,
- Customer relationship management companies who help us manage our contacts database and our communications with you, and
- Customer services companies who operate and manage our call center.
Our service providers are required to keep your personal data confidential and are not allowed to use it for any other purpose than to carry out the services they are performing for us.
Third parties where required by law
We may disclose your personal data to a third party if it is necessary to comply with a legal obligation or the decision of a judicial authority, a public authority or a government body or if disclosure is necessary for national security, law enforcement or other issues of important public interest.
We may disclose personal data to professional advisors, such as lawyers, auditors, consultants and insurers, as necessary in the course of the professional services they provide us with.
Third parties in connection with a business sale
If we make a sale or transfer of assets or are otherwise involved in a merger or business / asset transfer, we may transfer your personal data to one or more third parties as part of that transaction. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
Other third parties with your consent
We may also share your personal data with other third parties when you consent to such sharing.
When we share your personal data with our affiliated companies or other companies with whom we contract (as described in ‘Who do we share your personal data with?’), these companies may be located outside the European Economic Area (“EEA”) , the UK or your country of residence, as applicable, in countries with different laws for protecting personal data than the laws in your country of residence. In particular, your personal data may be transferred to our group companies located in Turkey, including Arçelik A.S.
If we transfer your personal data outside the EEA, the UK or your country of residence, as applicable, we will take steps to ensure that your data will receive the same level of protection as if it was being processed within the EEA, the UK or your country of residence, as applicable. For example, we may include standard contractual clauses adopted by the European Commission in our contracts with third parties or our group companies to ensure there are safeguards in place to protect your personal data. Please contact us using the details in ‘How to contact us’ for more information about the specific measures we have taken.
Please note that Arçelik A.S. may further transfer your personal data to third parties located in countries that do not provide an adequate level of data protection. Such transfers will be carried out in accordance with applicable laws including where applicable, contractual requirements set out in standard contractual clauses.
We will take reasonable precautions to protect your personal data against loss, misuse or alteration. Among other measures, we ensure the security of your personal data by means of encryption, password protection and by otherwise restricting access to it.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data as required by law, we cannot guarantee the security of your personal data transmitted to us using unsecured means; any such transmission is at your own risk.
You have the following rights with respect to your personal data that we process, subject to conditions set out in the applicable laws:
- to request access to your personal data (commonly known as a “subject access request”) and to certain additional information about our processing of your personal data that this privacy notice is designed to address,
- to request the correction of any inaccurate or incomplete personal data,
- to request the erasure of your personal data or the restriction of the processing of your personal data,
- to object to our processing of your personal data,
- to withdraw any consent you have given,
- under certain circumstances to demand data portability,
- to lodge a complaint with the applicable data protection supervisory authority; and
- to contest certain automated decisions we make about you that have legal or otherwise similarly significant consequences. We do not typically carry out such automated decision-making but, if we do, we will make it clear where such decisions are being made.
To exercise your rights, please contact us using the contact details listed in ‘How to contact us’.
Supervisory Authorities are independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the applicable data protection legislation.
Generally speaking, the main contact point for questions on data protection is the Supervisory Authority in the country where company/organization in question is based. However, if that company/organization processes data in different countries or is part of a group of companies established in different countries, that main contact point may be a Supervisory Authority in another country.
For EEA (European Economic Area) countries find your National Supervisory Authority clicking here.
We may change and update this privacy notice from time to time. Any changes to our privacy notice will be posted on this page.
This Privacy notice was last updated on 21.05.2021.