1. Terms

General Data Protection Regulation (GDPR) - means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

Personal data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Restriction of processing - means the marking of stored personal data with the aim of limiting their processing in the future;

Controller- means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

The National Supervisory Authority for Personal Data Processing (ANSPDCP) - means independent public authority established Romania, competent in the field of monitoring compliance with GDPR;

Terms in this policy that have not been defined above will be interpreted in accordance with the GDPR unless they are given a distinct meaning.


2. Introduction

SMARTDREAMERS, based in Piata Trandafirilor str. 19, Târgu Mureș, Mures county, Romania, as a Controller, processes the personal data o employees, partners, natural persons, and other persons who interact with the company and/or are involved in contractual relations.

This policy describes how personal data should be processed, in accordance with the GDPR, the principles of personal data processing, as well as the rights and obligations of employees involved in the process of processing personal data. The good faith and quality conduct that SMARTDREAMERS has and promotes in contractual and labor relations is based on the quality standard protecting the rights to privacy and the processing of personal data.


3. Objectives



This policy applies to:


5. Principles of personal data processing

Personal data are:


6. Types of personal data processed

SMARTDREAMERS, depending on the purpose and the legal basis, mainly collects the following types of personal data:

For data subjects from the U.E. or outside (US, Asia):

For employees and authorized persons:

For data subjects from the U.E. or outside (US, Asia):

7. The legal basis of the processing

The company operates on the basis of the Companies Law no. 31/1990 and operates in accordance with it, as follows:

The data processed for Smart Dreamers employees have as legal basis:

The data of the authorized persons will be processed based on the conclusion and execution of contracts and collaboration protocols.

Data of the persons concerned from the U.E. or from outside it (US, Asia) are processed based on the electronic consent, which they have granted:

Also, the data of the data subjects mentioned above are processed when the information is made public by the data subject.


8. Data transfer

SMARTDREAMERS transfers personal data to third parties on the basis of the contractual obligations assumed or the protocols concluded, offering guarantees of protection of personal data, their security, non-disclosure, and confidentiality, to:

In addition to the above, SmartDreamers transfer personal data when required by law: e.g., ITM, public institutions, or courts.


9. Protective measures and guarantees

SMARTDREAMERS implements appropriate technical and organizational measures to ensure a high level of security and protection of personal data. We use security methods and technologies, together with policies applied to employees and work, control, and audit procedures, to protect personal data collected in accordance with the legal provisions in force. At SMARTDREAMERS level, there are security procedures that apply across the network and for all types of data.


10. Duration of processing

Personal data are stored for processing for the duration necessary to achieve the processing purposes mentioned in this policy and, subsequently, according to legal requirements.


11. Responsibilities

Each employee of SMARTDREAMERS is responsible, in accordance with his duties, for the protection of personal data. Moreover, the following persons carry out specific tasks:

Management - is responsible for ensuring that SMARTDREAMERS fulfills its obligations regarding the protection of personal data provided by the GDPR.

The data protection officer, outsourced (AMPLUSNET) has the following tasks:


12. Rights of the data subject

Any data subject may exercise the following rights, as provided by the GDPR:

The requests for the exercise of the rights provided by the GDPR will be written, signed, and dated and submitted to the Data Protection Officer.


13. Transparency of information

SMARTDREAMERS aims to inform all data subjects that their personal data are being processed and that they are aware of:

In this regard, as well as in order to comply with the obligations stipulated by the GDPR, SMARTDREAMERS has appointed a Data Protection Officer, which can be contacted at