Updated March 2022

As we consider ensuring the right to the protection of personal data as a fundamental commitment for LUNDIN SOFTWARE, we dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 679/2016 (“General Data Protection Regulation” or ” GDPR ”), as well as with any other legislation applicable. The processing of personal data is carried out by mixed means (manual and automatic), in compliance with legal requirements and under conditions that ensure security, confidentiality, principles and respect for the rights of data subjects. As one of the key principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect personal data when you interact with us about our products and services. , including through our website.


Who we are and how you can contact us

For the purposes of data protection law, the controller of your personal data is SC LUNDIN SOFTWARE SRL, hereinafter referred to as “LUNDIN SOFTWARE”, a company specializing in the development of software products and solutions, design services, implementation, maintenance and support. This Privacy Policy applies to information collected about you by LUNDIN SOFTWARE regardless of how it is collected or stored and describes, inter alia, the types of information collected, how it may be used, when it may be disclosed, how you may control the use and disclosure of information and how the information is protected.

Unless otherwise specified in this Privacy Policy, LUNDIN SOFTWARE is a Personal Data Operator in compliance with the EU General Data Protection Regulation (“GDPR”), which means that we decide the purpose and means of processing and the types of data.

This Policy covers information collected by LUNDIN SOFTWARE through various means of communication, including, but not limited to, the following Web sites: https://lundin.ro

As we are always open to hearing your views as well as providing you with any additional information you may need regarding the processing of personal data, we encourage you to contact us at info@lundin.fo



“Personal information” means information about any person or from any person who can be identified directly or indirectly.

“Processing”, “Processing” or “Processing” means any activity involving personal data, including, but not limited to, the collection, recording, organization, structuring, storage, retrieval and use, disclosure by transmission, deletion or destruction.


What categories of personal data do we process

We generally collect your personal data directly from you when you contact us by phone, email or mail, so that you have control over the type of information you provide to us.

During our business processes we may have access to the following categories of data:

  • personal data (for example, your first and last name);
  • business data containing contact details (ex. function, department, service e-mail address and service telephone number);
  • details of your employer, address, tax data;


We also collect other types of information from you or other sources, hereinafter referred to as “Company Information”, which may include, but are not limited to:

  • Information from legal databases or public sources, such as business cards, web pages, catalogues, company listings, contact recommendations, social networks, etc.;
  • Information about the approximate physical location (for example, city or zip code) of a computer or device derived from the IP address of such computer or device.


What are the purposes of the processing and the legal basis

The purposes for which we may process personal information in accordance with applicable law include:

  • Providing product and service offerings for your business
  • Communicating with you by any means regarding our solutions and services, as well as feedback about your customer and / or user experience of our products and services.
  • Legal compliance: In accordance with applicable law, we reserve the right and may be required to provide information to courts, law enforcement and government authorities regarding any user of the Services when there is reason to believe that the user is in breach of the Terms of Use or applicable law. LUNDIN SOFTWARE reserves the right to access and disclose any information, data, graphics, video, sound, files and other content created, provided or accessed by you (“Content”) in order to comply with applicable laws and laws.


The processing of your data for these purposes has as its legal basis the tax and accounting legislation in force, the conclusion and execution of a contract between LUNDIN SOFTWARE and you or the provision of the best services according to our legitimate interest. Please note that the refusal to provide the requested personal data may make it impossible to provide the offers of solutions and services or services requested. In order to improve our services, we may collect and use certain information in connection with your contact information, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order, or we may conduct, directly or with the help of partners, market research and research. We base these activities on our legitimate interest in doing business, always taking care to seek your consent when there is no other legal basis, so that your fundamental rights and freedoms are not affected.


At the same time, we want to keep you informed about the best offers for the products / services that interest you. In this regard, we may send you direct messages (e-mail / SMS / telephone / etc.) containing general and thematic information, information on products similar to or complementary to those you have purchased, offers or promotions, and other business communications such as market research and opinion polls. We always make sure that these communication messages are made in a manner that respects your rights and freedoms, and that decisions based on them have no legal effect on you and do not affect you in a significant way.


In most cases, we base our marketing communications on your prior consent. You may change your mind and withdraw your consent at any time by:

  • Accessing the “Unsubscribe” link displayed in the messages you receive from us; or through
  • Contact LUNDIN SOFTWARE using the contact details on the site.

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can request us at any time, by the means described above, to stop processing your personal data for marketing purposes, and we will process your request as soon as possible.


There may be situations in which we use or transmit information to protect our rights and business. These may include:

  • Measures to protect the website and LUNDIN SOFTWARE users from cyber attacks
  • Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;
  • Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in defending our business, ensuring that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms. In some cases, we also base our processing on legal provisions such as the obligation to ensure the protection of property and valuables under the relevant legislation.


How we collect information about you

We may collect or obtain information about you in the following ways:

  • directly from you if you contact us by phone or e-mail;
  • during our interactions with you (for example, if you interact with marketing, sales or customer support, or if you visit our booth at an exhibition);
  • We may receive information from users about you from third parties (for example, social networking sites).
  • We may also retain information about you by simply recording your interactions with you, such as e.g. details about the procurement history, records of service activities, etc.

LUNDIN SOFTWARE is not responsible for the personal information you voluntarily provide about yourself through requests for quotations by telephone or email.


As long as we keep your personal data

LUNDIN SOFTWARE keeps information for as long as it deems appropriate or in accordance with the applicable contract, laws or regulations. The information provided by LUNDIN SOFTWARE is stored in internal systems or outsourced service providers. You may request us to delete certain information or withdraw your consent at any time, and we will comply with such requests, subject to the retention of certain information in cases where applicable law or our legitimate interests so require.


Accuracy of personal data processed

LUNDIN SOFTWARE makes reasonable efforts to ensure that your personal information is accurate and, if necessary, up-to-date. For this purpose, we may contact you to ensure that your user information is up-to-date and accurate. In order to exercise your rights regarding the accuracy of your data, you can always contact us at info@lundin.fo


Data minimization

LUNDIN SOFTWARE makes every effort to ensure that the personal information we process is limited to what is absolutely necessary in connection with the purposes set out in this policy or when it is necessary to provide you with services or use our products and services. .


Collection of data on minors

Because we care about the safety and privacy of children online, we do not knowingly contact or collect information from people under the age of 16. The website is not intended to solicit information of any kind from persons under the age of 16.


To whom we transmit your personal data

Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients / third parties:

  • courier service providers;
  • payment / banking service providers;
  • IT service providers;
  • other companies with which we can develop joint programs to offer our goods and services on the market.


If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities. All our relationships with these third-party companies are based on compliance with GDPR principles, the legal basis associated with each type of processing, and the fundamental rights and freedoms of our customers. We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them, which include the necessary confidentiality and data protection clauses. According to the legislation in force, the personal data obtained may be disclosed without the user’s consent to the state institutions authorized for this purpose, but only following an official and legal request addressed to the operator by them.


International data transfer

For customers in Romania, LUNDIN SOFTWARE does not transfer personal information to other locations in other countries. We currently store and process your personal data only in Romania. For customers in EU countries and the EEA, personal data does not leave the area agreed by EU standards as adequate, being stored most often on customer servers located in the same territory. The only personal data that can be transferred through the usual communication channels (telephone, email, online platforms, and courier) are the contact details of our customers’ representatives and external partners, for which there are commercial collaboration agreements, and the transfer is made with everyone’s consent.


As a solution and service provider, LUNDIN SOFTWARE may have a number of business relationships with international manufacturers and service providers, in the European Union or outside the EU, including in countries for which the European Commission has not recognized an adequate level of protection of personal data. The only international data transfers that take place with them are strictly of a commercial nature and with the agreement of the parties and consist of the contact details of the persons who sign or guarantee certain commercial documents such as contracts, product offers, invoices. In addition, such data transfers are punctual, and involve a small number of people. We will always take steps to ensure that any international transfer of personal data is carefully managed. Transfers to service providers and other third parties will always be protected by contractual commitments and, where applicable, by other guarantees, such as standard contractual clauses issued by the European Commission or bilateral contracts that the European Union has with the United Kingdom or the United States of America.

How we ensure the security of your personal data

LUNDIN SOFTWARE makes reasonable efforts to ensure the security of personal data by implementing appropriate technical and organizational measures, to secure your information and to protect it against unauthorized or illegal use and accidental loss or destruction, including:

  • sharing and providing access to your data, to the minimum necessary, subject to restrictions of confidentiality, where appropriate and anonymously, whenever possible;
  • personal data collected by the operator LUNDIN SOFTWARE are stored on secure servers, located in protected rooms and with limited physical access;
  • verifying the identity of any person requesting access to information, before granting them access to information;
  • We only transfer your data through a closed system or through encrypted data transfers.
  • We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including the use of encryption, where applicable.


How we respect the rights of access to personal data

Under the conditions set out in European Union Regulation 679 of 27 April 2016 for the protection of individuals with regard to the processing of personal data and on the free movement of such data, as data subjects, you enjoy the following rights:

→ The right to information, respectively the right to receive details regarding the processing activities performed by LUNDIN SOFTWARE as described in this document;

→ The right to access data, namely the right to obtain confirmation from LUNDIN SOFTWARE regarding the processing of personal data, the provision of copies of the data held, and details of the processing activities such as the manner in which the data are processed, the purpose in which is being processed, the recipients or categories of recipients of the data, etc .;

→ The right to rectification, respectively the right to obtain the correction, without justified delays, by LUNDIN SOFTWARE of inaccurate / unjustified personal data, as well as the updating of incomplete data; The rectification / completion will be communicated to each recipient to whom the data were transmitted, unless this proves impossible or involves disproportionate effort. We may also try to verify the accuracy of the data before correcting it.

→ Right to erasure of data, (‘right to be forgotten’), without undue delay, if one of the following reasons applies:

  • they are no longer necessary for the purposes for which they were collected or processed;
  • if the consent is withdrawn and there is no other legal basis for processing;
  • if the data subject opposes the processing and there are no legitimate reasons prevailing;
  • if personal data have been processed illegally;
  • if personal data must be deleted in order to comply with a legal obligation;

We have no obligation to comply with your request to delete your personal data if the processing of your personal data is necessary:

  • for the observance of a legal obligation of a commercial nature, such as the obligation to keep invoices and other documents with contractual value for periods between 5 and 10 years;
  • to establish, exercise or defend a right in court.
  • There are other cases where we are not required to comply with your request to delete data, but these are the two most likely circumstances that could put us in a position to refuse to do so.

There may be situations where, following the request to delete data, LUNDIN SOFTWARE anonymizes this data (thus depriving it of personal character) and continues in these conditions the processing for statistical purposes;

→ The right to restrict processing, in so far as:

  • the person disputes the accuracy of the data, for a period that allows us to verify the correctness of the data;
  • the processing is illegal, and the data subject opposes the deletion of personal data, instead requesting the restriction of their use;
  • the controller no longer needs the personal data for the purpose of processing, but the data subject requests it for the establishment, exercise or defense of a right in court; or
  • the data subject objected to the processing (other than direct marketing), for the time period in which it is verified whether the legitimate rights of the controller prevail over those of the data subject.

→ The right to data portability, respectively:

  • the right to receive personal data in a structured, commonly used and easy-to-read format;
  • the right for this data to be transmitted by LUNDIN SOFTWARE to another data controller, provided that the conditions provided by law are met.

→ Right to object:

  • with regard to processing activities, it may be exercised by submitting a request as indicated below;
  • at any time, for reasons related to the particular situation of the data subject, that the data concerning him or her be processed under the legitimate interest of LUNDIN SOFTWARE or in the public interest, unless LUNDIN SOFTWARE can prove that it has legitimate and compelling reasons justifying the processing of the data collected and prevailing over the interests, rights and freedoms of data subjects or that the purpose is to establish, exercise or defend a right in court;
  • at any time, free of charge and without any justification, that the data concerning it be processed for the purpose of direct marketing.

→ The right not to be subject to an automatic individual decision, is the right not to be the subject of a decision taken solely on the basis of automatic processing activities, including profiling, which produces legal effects concerning the person concerned or affects him in a similar way to a significant extent.

→ The right to renounce the consent, respectively the withdrawal of the permission to use personal data for any processing activity performed by LUNDIN SOFTWARE for which you have given your consent (subscription to the newsletter, catalogue, etc.). It is important to understand that the withdrawal of consent for a particular type of processing of personal data refers only to the processing performed from the time of notification of the withdrawal of consent, not affecting the processing of data during the existence of consent and will not affect the agreement for other activities or services. To benefit from this right, all you have to do is contact us using the methods set out below and your request will be resolved as soon as possible.

→ The right to address the National Authority for the Supervision of Personal Data Processing (ANSPDCP) in Romania, which may receive notifications from the persons concerned at: B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Telephone: +40.318.059.211, E-mail: anspdcp@dataprotection.ro or through the online platform www.dataprotection.ro

→ The right to go to court for defending any rights guaranteed by this law that have been violated, as well as for situations where you consider that the personal data controller or the competent authority has not paid due attention to your request to exercise the stated rights .


Through this policy, LUNDIN SOFTWARE assures you that we will always place the utmost importance on respecting your fundamental rights and as a data subject. We are convinced that any request you send us will be resolved as soon as possible, in accordance with the provisions of domestic and international law and the requirements of the GDPR. In this spirit, LUNDIN SOFTWARE has developed and implemented a special procedure for resolving requests for access to data from data subjects (customers and partners). We also have every legal basis not to grant a request for access to data if it would adversely affect the fundamental rights and freedoms of other data subjects.


Our contact details

You can contact us at any time for problems, questions or complaints related to the processing of personal data by sending the request by e-mail to info@lundin.fo