GDPR Compliance
Last Updated: 06.06.2026
1. Introduction
e-HR is committed to complying with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and Romanian data protection legislation. This page describes our compliance measures and commitments to personal data protection.
2. Our Commitment
We commit to: (a) processing personal data lawfully, fairly, and transparently; (b) collecting data only for specific and legitimate purposes; (c) minimizing data collection to what is strictly necessary; (d) keeping data accurate and up-to-date; (e) retaining data only as long as necessary; (f) ensuring data security and confidentiality.
3. GDPR Principles
We process data only on the basis of a valid legal basis (contract performance, consent, legal obligations, legitimate interests).
We collect data only for specific, explicit, and legitimate purposes and do not process it subsequently in a manner incompatible with these purposes.
We collect and process only personal data that is strictly necessary for the purposes for which it is processed.
We ensure that personal data is accurate and up-to-date. We take measures to delete or rectify inaccurate data.
We retain personal data in a form that allows identification of data subjects only for the period necessary for processing purposes.
We process data in a manner that ensures adequate security, including protection against unauthorized or illegal processing and against loss, destruction, or accidental damage.
4. User Rights
Right of Access
You have the right to obtain confirmation as to whether we process your personal data and access to such data, as well as information about how it is processed.
Right of Rectification
You have the right to request correction of inaccurate or incomplete data.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances (e.g., when data is no longer necessary or you withdraw consent).
Right to Restriction
You have the right to request restriction of processing of your data in certain circumstances.
Right to Portability
You have the right to receive your data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object
You have the right to object to processing of your data for certain purposes, such as direct marketing.
5. Data Protection Measures
Technical Measures
- Encryption of data in transit and at rest
- Role-based access control
- Regular and secure backups
- Continuous security monitoring
- Periodic vulnerability testing
Organizational Measures
- Security policies and procedures
- Regular staff training
- Limited data access on a need-to-know basis
- Confidentiality agreements with all partners
- Regular security audits
6. Security Breach Notification
In case of a data security breach that poses a high risk to the rights and freedoms of individuals, we will notify the National Supervisory Authority for Personal Data Processing (ANSPDCP) within 72 hours and, where applicable, affected individuals without undue delay.
7. Data Protection Officer
For questions about personal data processing or to exercise your GDPR rights, please contact us at: [email protected]
8. Supervisory Authority
You have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe that the processing of your personal data violates GDPR. Contact: bd. G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania.
9. Updates
We reserve the right to update this GDPR compliance page to reflect changes in our practices or legislation. We recommend checking this page periodically.
Exercitați Drepturile GDPR
Pentru a-ți exercita drepturile sau pentru întrebări despre conformitatea GDPR, contactează-ne la [email protected]
Contactează-ne