Policy of Code Crafters by BT S.R.L. regarding the processing and protection of personal data within the software development activity (the “Policy” or the “Privacy policy”)
About this Privacy Policy
Code Crafters by BT S.R.L. (hereinafter referred to as “Code Crafters”, the “company” or “we”/”us”) constantly endeavours to process the personal data of all the individuals it interacts with, in accordance with the applicable legal provisions and the highest security and confidentiality standards.
For a better guidance and support of our personal data processing and protection activity we have appointed a data protection officer (DPO), who may be contacted by any data subject in regard to any aspects concerning the way in which Code Crafters processes such data, via a notice sent to:
- the company’s headquarters in Cluj-Napoca, 30-36 Calea Dorobantilor Street, Cluj county, with the mention “to the attention of the data protection officer” or a message to
- the e-mail address privacy@codecrafters.ro.
Please find below our policy in this field of utmost importance to any individual, a policy that we undertake to review periodically for an ongoing improvement. We may update this policy from time to time and we commit to inform you in a timely manner about the changes/revised version. You will always find the updated version of this policy on our website.
Through this Policy’s provisions we mean to comply with our obligation to inform all the categories of natural persons whose personal data we process (“data subjects"), in accordance with the provisions of art. 13-14 of the EU Regulation no. 679/2016 or the General Data Protection Regulation (hereinafter referred to as “GDPR”).
Whenever we have the objective possibility to directly inform certain categories of data subjects about the processing of their data, we undertake to do so. Whenever we have the objective possibility to directly inform certain categories of data subjects about the processing of their data, we undertake to do so. In some cases, however, we will either have no objective possibility, or it would involve a disproportionate effort for us to fulfill this obligation directly. For all the above situations, we commit to inform the data subjects through this Privacy Policy.
This Policy does not address to the employees of Code Crafters, as they are informed in regard to their personal data processed by Code Crafters as an employer through a distinct document.
Please also be aware that through this policy we only inform data subjects whose personal data Code Crafters processes as a controller. If, as a part of our software development activity, we get access to/process personal data for which our contractual partners for whom we provide our services acts as the controller, we are a processor and we only process the respective personal data on behalf of and under the instructions of our contractual partner. In such case, our contractual partner - as the controller – has the obligation to inform you in regard to the processing of your personal data.
We hereby present which categories of personal data we process in our activity, who the data subjects are, the purposes for which we process personal data, to whom we may disclose or transfer personal data, how long we keep them, in what way we ensure their security, and what rights the data subjects are entitled to exercise in connection with this processing.
If you are not familiar with the meaning of the different terms used in the GDPR or the applicable legislation, we recommend that you first study the following section regarding:
A. Specialized terms used in this Policy
The terms defined in this section will have the following meaning when they are used in this Policy:
- “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing of personal data” or “data processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- “BT Financial Group”- means Banca Transilvania S.A. (“BT”) together with the entities controlled by it, such as: BT Microfinanțare IFN SA ( „BT Mic”), BT Asset Management S.A.I. S.A., ( „BTAM”), BT Leasing Transilvania IFN S.A. („BTL”), BT Direct IFN S.A. („BTD”), BT Capital Partners S.S.I.F. S.A.(„BTCP”), BT Pensii Societate de Administrare a Fondurilor de Pensii Facultative SA (“BT Pensii”), Code Crafters by BT, Fundația Clubul Întreprinzătorului Român, Fundația Clujul are Suflet and other entities that may join this Group in the future;
- “Controller” means the legal person, who, alone or jointly with others, determines the purposes and means of the processing of personal data;
- “Data subjects” means any natural person whose personal data is processed;
- “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;
- “Third party” means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- “Supervisory authority” means a public independent supervisory authority which is established by a Member State, responsible with the monitoring of GDPR application. In Romania the national supervisory authority for the personal data processing is “ANSPDCP”;
B. Who is Code Crafters by BT?
CODE CRAFTERS BY BT S.R.L. is a software development company, Romanian legal entity, registered with the Trade Register under no. J12/727/2022, tax identification number RO 45619687, with the following address: registered office in Cluj-Napoca, 30-36 Calea Dorobantilor Street, Cluj, phone no. *0801 01 0128, e-mail address: contact@codecrafters.ro, website: www.btcodecrafters.ro.
Our official website is https://btcodecrafters.ro (hereinafter referred to as “Code Crafters’s website”).
Code Crafters is a subsidiary of Banca Transilvania S.A. and is part of the BT Financial Group.
C. What categories of personal data does Code Crafters process, to whom do they belong and for what purposes do we use them for?
Within our activity, we processes, as a controller, different categories of personal data, depending on the data subjects’ relationship to us. The purposes for which we process these data are also directly dependent to the way that different categories of data subjects relate with Code Crafters. Based on the relationship you have with our company in a certain context, we distincly present to you below how we process your personal data:
1. If you are a signatory and/or a contact person acting on behalf of a Code Crafters contractual partner
a. Who is the signatory/contact person acting on behalf of a Code Crafters contractual partner?
- The signatories are usually the legal representatives or other representatives of Code Crafters’ contractual partners, designated to sign the agreements concluded between us and that certain contractual partner
- The contact persons are individuals appointed by the contractual partner to communicate with us for the proper contractual performance, even if their data are mentioned or not in the agreement.
b. Purposes for processing personal data belonging to signatories/contact persons acting on behalf of Code Crafters contractual partners
If you are a signatory/contact person of any contractual partner of our company, we process your personal data, as the case may be, for:
- the conclusion and proper contractual performance of the agreement concluded between Code Crafters and that certain contractual partner (usually this is your employer), as well as for other purposes, in close connection with the conclusion and proper performance of the agreement, respectively:
- conclusion of analyses and the keeping of records for the company’s economic, financial and/or administrative management;
- defending in justice our company's rights and interests, the resolution of disputes, investigations or any other petitions / complaints / requests in which our company is involved;
- performance of risk control regarding the company’s processes and procedures, as well as the performance of audit activities or investigations;
- taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to us by any person or by legal authorities or institutions, including electronic communication and internet requests;
- performance of internal analysis (including statistics);
- archiving of documents both in physical and electronic format and for security back-up;
- performing registration and secretary services for the correspondence addressed to the company and/or sent by the company, and for courier services;
- ensuring the security of IT systems used by Code Crafters and of the spaces where the company performs its activity;
- prevention of fraud.
c. Categories of processed personal data belonging to signatories/contact persons acting on behalf of Code Crafters contractual partners
We usually process the following categories of personal belonging to you, as the case may be:
For signatories:
- identity details- name, surname;
- position held within the Code Crafters contractual partner;
- signature.
For the contact persons:
- identity details - name and surname;
- contact details - telephone number (work number) and/or e-mail address (work e-mail address);
- position held within the Code Crafters contractual partner.
2. If you are a visitor of Code Crafters websites/social media pages
a. Who is a visitor of the Code Crafters websites/social media pages?
A visitor of the Code Crafters websites/social media pages is any individual who accesses any of the Code Crafters website/social media pages;
b. Purposes for processing personal data belonging to visitors of Code Crafters websites/social media pages
Through cookies or other similar technologies, the company processes your data whenever you visit a Code Crafters website, for the purposes described in the cookie policies of each of our websites, as well as within the banners and cookies setting centers.
For the website https://btcodecrafters.ro, the Cookie policy is found at the following link: https://btcodecrafters.ro/cookie-policy/
c. Categories of processed personal data for the visitors of Code Crafters websites/social media pages
If you are a visitor of Code Crafters website the company will collect the following categories of personal data:
- data processed through cookies. For further details please refer to our Cookie Policy;
- IP address;
- data about the equipment used to access the website.
If you visit any of Code Crafters’s social media pages and insert comments, images, opinions and/or value statements to our posts, we will usually process:
- your user name on the respective social media platform;
- the opinions you insert;
- images you insert.
In some cases we might ask you to provide – usually when you participate in different contests/campaigns or when you insert comments through which you complain about Code Crafters’s software development activity or you ask about any aspects in regard to our activity - other information to help us identify you and/or the situation you bring to our attention, that permit us to send to you an answer to your request. Generally, we might ask you to provide further information regarding:
- details on the situation that you bring to our attention;
- identity details – usually name, surname;
- contact details: upon case, e-mail address and/or telephone number.
When you provide such personal data through the social media platform, we will process them for the above mentioned purposes in this section. For the security of your personal data, please do not insert such data in public posts on our social media platforms.
Please bear in mind that whenever you insert images of yourself or belonging to other individuals or when you “tag” other individuals in the company’s social media pages, you give your consent to the processing of your data by Code Crafters and, respectively you guarantee to us that you have obtained the similar consent of the individuals they belong to.
Last but not least, we inform you that any personal data that you insert in Code Crafters’s social media pages will also be processed by the providers of the social media platform and thus they will also fall under the provisions of the privacy policy of that respective platform. Code Crafters has no control over the way the providers of these platforms process your personal data for their own purposes and we hold no liability for such processing.
3. If you are a candidate for positions available at Code Crafters or for internships organized by the company
a. Who is a Code Crafters candidate?
You are a candidate for positions available at Code Crafters or for internships organized by Code Crafters if you have sent to the company or if the company has received your CV to be used for recruiting purposes (directly from you or through/from other natural or legal persons), if you have brought to our knowledge, in any other way, that you are interested in obtaining certain positions in Code Crafters/ participating in Code Crafters internships, or if we found your details on different platforms (e.g. LinkedIn, recruitment platforms) and we believe that you are suitable for a position within the Company.
When we contact you to present you with the opportunity to become our employee/intern, we use as communication channels the embaded chat of the platform where we find your data or your contact details that we found online or we received from/about you (e.g. phone number, e-mail) because we have legitimate interest to recruit the best candidates. Following our first discussion, we will continue using your personal data for recruitment purposes only if you consent to such processing. You express your consent in that regard if you agree to have an interview/to further discuss the recruitment details with us. If we don’t receive your consent in the following 30 days after we contact you, we will delete your personal data.
b. Purposes for processing personal data belonging to Code Crafters candidates
The company processes your personal data, as appropriate, for:
- recruitment for the position/positions or, as the case may be, for the internship you wish to obtain/participate in within the company, as well as for purposes closely related to this activity, such as:
- taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the company by any person or by legal authorities or institutions, through any channel, including electronic communication and internet requests;
- providing evidence for the requests/agreements/options regarding certain aspects requested/discussed/agreed, by taking notes on the discussed issues;
- conducting internal analysis (including statistics);
- performance or risk control regarding the company’s processes and procedures, as well as the performance of audit activities or investigations
- archiving of documents both in physical and electronic format and for security back-up;
- performing registration and secretary services for the correspondence addressed to the company and/or sent by the company, and for courier services;
- ensuring the security of the IT systems used by Code Crafters
- prevention of fraud.
Your personal data shall be processed by our company within the recruitment process for one year from the date you express your consent (unless you become our employee/intern following the recruitment process in which case your personal data shall be processed for the conclusion/execution of the employment/internship contract). If you withdraw your consent during this time, we will cease to process your data for these purposes, if there’s no other legal ground. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
c. Categories of personal data belonging to Code Crafters candidates
The company usually processes the following categories of personal data belonging to candidates:
- identity details- name, surname;
- the age, to verify your eligibility to become an employee or, where applicable, to participate in certain internships of Code Crafters;
- contact details-e-mail address and/or telephone number;
- data on studies and professional experience;
- any other relevant data from the CV.
4. If you are a person who addresses to Code Crafters requests/claims/complaints on any channel ("Code Crafters petitioner")
a. Who is/when do we process your personal data as a Code Crafters petitioner?
You are such a person if you address to Code Crafters any request, on any channel, whether you are a signatory and/ or a contact person acting on behalf of a Code crafters contractual partner, a candidate for positions available at Code Crafters or you belong to any other category of individuals.
b. Purposes for processing personal data belonging to Code Crafters petitioners
Depending on the situation and the relationship you have with the company, when submitting a request, the company processes your personal data for the following purposes:
- verifying your identity, including in order to confirm/infirm if you have a pre-existing relation with us;
- taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the company by any person or by legal authorities or institutions, through any channel, including electronic communication and internet requests;
- providing evidence for the requests/agreements/options regarding certain aspects requested/discussed/agreed, by taking notes on the discussed issues;
- performance or risk control regarding the company’s processes and procedures, as well as the performance of audit activities or investigations;
- conclusing internal analysis (including statistics);
- archiving of documents both in physical and electronic format and for security back-up;
- performing registration and secretary services for the correspondence addressed to the company and/or sent by the company, and for courier services;
- ensuring the security of the IT systems used by Code Crafters;
- prevention of fraud;
c. Categories of processed personal data belonging to Code Crafters petitioners
In order to register, confirm the receipt, analyze, formulate and send answers to any requests/claims/complaints you send to our company, we process the following categories of personal data:
- identity details - name, surname and any other data from this category that Code Crafters petitioners make available to our company or data that Code Crafters needs to process to verify the identity of the Code Crafters petitioner in order to prevent disclosure of confidential information (including personal data) to persons who are not allowed to receive them;
- contact details – correspondence address, e-mail address, phone number;
- depending on each case, any other information that the company is aware of, and which are necessary for analyzing the requests.
D. Sources from which Code Crafters collects personal data
When the personal data belonging to data subjects are not collected directly from them, we may collect them from different sources, such as, but not limited to:
- from public sources, such as but without being limited to: Trade Registry Office, social media, internet, ;
- from entities in the BT Financial Group, for their use for certain and legitimate purposes, in general for the smooth conduct of the joint economic activity carried out with other entities of the BT Group and for the fulfillment of the legal requirements related to the supervision on the consolidated basis of the BT Financial Group;
- from the contractual partners of the company in various areas;
- from any other individuals or legal entities who send us notices/requests containing your personal data
E. Which are the legal grounds on which Code Crafters processes personal data and what the possible consequences of failure to provide such data are?
The legal grounds on which Code Crafters processes personal data are, as appropriate:
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- the legitimate interest of the company and/or third parties;
- the data subject’s consent
- processing is necessary to comply with a legal obligation applicable to us
Except for the cases in which the personal data are processed based on the data subjects’ consent, and in some cases in which the legal ground of the processing is the legitimate interest, the refusal of the individuals to provide their personal data/to have their data processed by Code Crafters, shall render the provision of the requested services or the resolution of the submitted requests impossible.
F. To whom does Code Crafters disclose/transfer personal data?
The personal data of the company’s data subjects previously mentioned in this Policy, are disclosed by Code Crafters or, as applicable, transferred, in accordance with the applicable legal provisions of GDPR, based on the applicable legal grounds, depending on the situation, and only under strict confidentiality and security conditions, to categories of recipients, such as but not limited to:
- entities within the BT Financial Group;
- service providers who assist the company in its software development activity, such as, but not limited to: service providers used by the company for: IT services (maintenance, software development), hard-copy or electronic archiving, courier services; market research, advertising, monitoring of traffic and behavior of the users of online tools, marketing services via social media, etc.;
- public authorities and institutions, such as, but not limited tothe Ministry of Justice, the Mnistry of Internal Affairs,
- public notaries, lawyers, bailiffs (judicial executors);
- providers of social media.
G. Personal data transfers from Code Crafters to third countries and/or international organisations
Only if it’s necessary for the fulfillment of the purposes of the agreements concluded with the Code Crafters contractual partners, and only in specific situations or on the basis of adequate guarantees, the company shall transfer personal data abroad, as applicable, including to countries that do not provide an adequate level of protection of such data. The countries that do not ensure an adequate level of protection are countries outside the European Union/European Economic Area, except for the countries for which the European Commission has recognized an adequate level of protection, such as: Andorra, Argentina, Canada (only companies), Switzerland, the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zeeland, Uruguay, Japan, UK (unless a contrary decision of issued for any of these countries).
If Code Crafters contractual partners are located in states that do not provide an adequate level of personal data’s protection, the transfer of data to those states are carried out with appropriate safeguards, in accordance with the mechanisms provided by the GDPR consisting of Standard Contractual Clauses approved by the European Commission which you can find here:https://eur-lex.europa.eu/legal-content/RO/TXT/PDF/?uri=CELEX:32021D0915&from=EN.
If it is necessary to transfer personal data to third party countries or international organisations in other circumstances, the company will only do so if appropriate safeguards are provided for these transfers.
H. Automated decision-making, including profiling
We shall not use your data for automated decision making. We may use profiling through cookies, only if you consent to the use of cookies.
I. How long does Code Crafters process personal data?
Personal data processed by the company, will be kept by the company for limited periods of time for which it is necessary for the purposes for which the processing is concluded.
J. Which are the rights that the data subjects may exercise in regard to the personal data processed by Code Crafters?
Any data subject whose data are processed by the company, is guaranteed and can benefit from the rights provided by the GDPR, respectively:
a) right of access by the data subject: The data subject shall have the right to obtain from Code Crafters confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case information regarding: the purpose of the processing, the categories of personal data concerned, the recipients of these data, the period for which the personal data will be stored, the existence of the right of rectification, deletion or restriction of the processing.
This right allows the data subjects to obtain for free one copy of the personal data processed, as well as, by paying a fee, any additional copies.
b) right to rectification: the data subjects shall have the right to obtain from Code Crafters the rectification of inaccurate or incomplete personal data concerning them;
c) right to erasure (‘right to be forgotten’): the data subjects shall have the right to obtain from Code Crafters the erasure of personal data concerning them whenever:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based and there is no other legal ground that Code Crafters has for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation to which Code Crafters is subject;
d) withdrawal of consent: the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
e) right to object - the data subjects can, at any time, object to the processing of their personal data for marketing purposes, as well as to the processing based on Code Crafters’s legitimate interest, for reasons related to their specific situation;
f) right to restriction of processing: The data subjects shall have the right to obtain from Code Crafters restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- Code Crafters no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing, pending the verification whether the legitimate grounds of Code Crafters override those of the data subject;
g) right to data portability: the data subjects may request, according to provisions of the law, to receive from Code Crafters the personal data concerning them, in a structured, commonly used and machine-readable format and to request the transmition of those data to another controller if this is technically feasible.
h) right to file a complaint with the National Supervisory Authority for Personal Data Processing: the data subjects have the right to file a complaint with the National Supervisory Authority for Personal Data Processing if they consider that their rights have been violated: National Supervisory Authority for Personal Data Processing- B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336 Bucureşti, România anspdcp@dataprotection.ro.
For exercising the rights mentioned in points a) - g) above, or for any questions about the processing of personal data conducted by Code Crafters, the data subjects can use the contact details below:
- by mail, at the following address: 400121, Cluj-Napoca, 30-36 Calea Dorobantilor Street, Cluj County, with the mention "in the attention of the data protection officer"
- at the following email address privacy@codecrafters.ro.
K. How does Code Crafters protect the personal data it processes?
Code Crafters has implemented an internal framework of standards and policies to ensure the security of the personal data. They are regularly updated in line with the legal regulations applicable to Code Crafters and taking into account the state of the art. We guarantee to protect your personal data.
The company adopts and applies adequate technical and organizational measures (policies and procedures, IT security etc.) in order to ensure the confidentiality and integrity of the personal data and of the way in which they are processed.
Code Crafters employees are bound to keep the confidentiality of the personal data they process within their activity and may not unlawfully disclose them, under any circumstances.
The company makes sure that its contractual partners/service providers that have access to personal data and act as the company’s processors are contractually bound in accordance with the legal provisions and it checks their compliance with the assumed obligations. The contractual partners who act as the company's processors will process the personal data on behalf of and for the company, only in accordance with the instructions received from the company and only in compliance with the imposed security and confidentiality requirements.
We warrant that Code Crafters does not sell the personal data it collects from the data subjects and does not transmit such data to entities, other than the ones that are entitled to receive them, in line with the legally established principles and obligations.
This policy is regularly reviewed to guarantee the rights of data subjects and to improve the ways in which personal data are processed and protected.