Confidentiality policy

VERBUND WIND POWER ROMANIA S.R.L.

This Confidentiality policy describes the types of information we collect from you when you access and use our website. As a personal data controller, we have a legal obligation to provide you with clear information about our identity, the purposes and ways in which we process your data, as well as the rights you have as a data subject and how you can exercise these rights.

1. Who processes your personal data?

The personal data controller (hereinafter referred to as the “Controller”) is

VERBUND WIND POWER ROMANIA S.R.L.
J2008008824400
URC: RO23920351
Address: 8 Tudor Arghezi St., space C, 7th floor, 2nd district, Bucharest
E-mail: office@verbund-windpower.com
Telephone number +4031.08.08.644

The Controller has developed this Confidentiality policy, which includes all aspects related to the processing of your personal data through our website www.verbund.ro (hereinafter referred to as the "website"), as well as information related to other data processing activities carried out outside the website, such as contact through any means managed by the Contorller or data provided through third-party platforms, but for which the Controller considers it is important to inform you through this policy.

The personal data we request is generally mandatory (unless otherwise specified) to fulfill the established purposes. Therefore, if you do not provide us with this data or provide it incorrectly, we may not be able to respond to your requests, without however affecting your ability to freely view the content of the website.

For more information or to clarify any concerns related to the processing of your personal data, you can write to us at the postal address or e-mail address mentioned above. You can also consult the website of the National Authority for the Supervision of Personal Data Processing (ANSPDCP) at: https://www.dataprotection.ro/.

2. For what purpose do we process your personal data?

If you are a user of our website, by user meaning any person who accesses the website (hereinafter referred to as the "User"), or if you have been directed to this Confidentiality policy to be informed about aspects relating to the processing of your personal data, these data will be processed by the Controller for the following purposes, as applicable:

• Ensuring the use of the website, as well as improving its functionality and development. This includes detecting, preventing and investigating attacks on the website, as well as collecting statistics on its use.
• Establishing contacts with people interested in projects managed by the Controller.
• Smooth implementation of the personnel recruitment process

The Controller also informs you that, depending on the type of data processing carried out, it is possible to process your data as a processor (as defined in the GDPR), i.e. to process personal data exclusively on behalf of another data controller, such as companies within the VERBUND Group. In any case, the Controller will respond to any request regarding the processing of your personal data.

3. What personal data of the User do we process?

In connection with the purposes mentioned in the previous section, we may collect the following categories of personal data:

Data collected through the website:

• Date and time of accessing the website;
• Data about the device used for access (e.g. model, operating system);
• IP address;
• Name and version of the browser used;
• Session identifier.

For clarity, the website does not use cookies to collect personal data of Users.

Personal data included in the "Contact Form" section:

• Name and surname;
• Email address;
• Telephone number;

Personal data included in the Curriculum Vitae (CV):

• Name and surname (in the case of individuals);
• Image (if applicable);
• Personal Numeric Code (CNP);
• Home address or registered office;
• Email address;
• Telephone number;
• Educational and academic history;
• Professional experience;
• Any other information relevant to the selection process.

4. What is the legal basis for processing your data?

In accordance with the provisions of the GDPR on the protection of natural persons with regard to the processing of personal data and the free movement of such data, the processing of your personal data for the purposes mentioned above is based on the following legal grounds:

Consent (art. 6 para. (1) letter a) GDPR)

• For the processing of data from your Curriculum Vitae (CV) and participation in our selection processes, either via the LinkedIn platform, in person or by email.
• If we cannot justify the use of the images on the basis of legitimate interest (mentioned below), we will obtain your explicit consent, in accordance with the legal basis above.

Execution of a contract or pre-contractual measures (art. 6 para. (1) letter b) GDPR)

• To establish contacts with potential partners or persons interested in the projects carried out by the Controller. This processing is necessary both for the execution of a contract and for the adoption of pre-contractual measures.
• To process the data required for registrations for events organized by the Controller.
• To ensure the proper provision of services, coordination and communication between entities that are part of the VERBUND Group.

Fulfillment of legal obligations (art. 6 para. (1) letter c) GDPR)

• To prevent fraud and money laundering, as well as to communicate data to competent public authorities, courts of law, law enforcement agencies and other institutions that have the right, according to the law, to request such information.
• To manage and resolve any complaints or disputes filed by third parties.

Legitimate interest (art. 6 para. (1) letter f) GDPR)

• For the processing of data collected via the website.
• For efficient communication and coordination between entities within the VERBUND Group.

5. To which recipients will your personal data be disclosed?

Your personal data may be processed by any entity within the VERBUND Group. It may also be processed by our external providers, to the extent that this communication is necessary for the provision of a specific service, the execution of a contract and/or the fulfillment of a legal obligation.

We may also process your personal data as a data processor in the context of providing services to entities within the VERBUND Group and/or third parties.

In such cases, we conclude data processing agreements (in accordance with art. 28 GDPR) to ensure that your data is protected at all times and that its processing complies with the applicable legislation and personal data protection principles.

For clarity, your personal data will not be transmitted to third parties who intend to use it for their own purposes, other than those mentioned above.

Your personal data may be transmitted to various public authorities, courts of law and law enforcement bodies, to the extent necessary for:

• fulfillment of legal obligations by the Controller;
• resolution of any complaints filed by third parties.

6. How long do we keep your personal data?

Your personal data will only be kept for the period necessary to fulfil the purposes for which it was collected. After these purposes have been fulfilled, the data will be blocked and kept exclusively at the disposal of the competent authorities, for the period necessary to solve any legal obligations or liabilities that may arise from the processing. Subsequently, the data will be permanently and securely deleted.

Regarding the processing of personal data included in the Curriculum Vitae or provided within the selection processes, they will be kept for a period of 1 year from the date of collection. In order to keep this data up to date, we may ask you, if you are interested, to send us an updated version of your CV. In this case, the previous version will be deleted and only the most recent version will remain on record.

7. What rights do you have in relation to your data?

You can exercise the following rights at any time and free of charge:

The right to obtain confirmation as to whether or not we are processing personal data concerning you.

• The right to access your personal data.
• The right to rectify inaccurate or incomplete data.
• The right to request the erasure of your personal data (“right to be forgotten”), in accordance with art. 17 of the GDPR.
• The right to withdraw consent to the processing of your data, where the processing is based on your consent (e.g. to receive commercial communications). Please note, however, that our use of your personal data will be lawful until you withdraw your consent.
• The right to request restriction of the processing of your data.
• The right to data portability, namely to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit them to another controller.
• The right to object to the processing of your personal data, in particular where the processing is based on the legitimate interest of the Controller (e.g. for the transmission of commercial communications).
• The right to file a complaint regarding the protection of personal data with the National Supervisory Authority for the Processing of Personal Data (ANSPDCP) (www.dataprotection.ro).

To exercise these rights, you can contact us in writing (at the postal address) or by e-mail, using the contact details indicated in section 1. of this Confidentiality policy. Please attach a copy of a valid identity document and mention the reference "Data Protection".

As a User, you must be aware that the security of computer systems cannot be absolutely guaranteed. When you provide personal data via the internet, there is a risk that this information may be collected and processed by unauthorized third parties without your consent.

8. User Responsibility

As a User, if you provide us with your personal data, you declare that you are of legal age and that the information and personal data provided are correct, true, complete and up-to-date. In this regard, you assume responsibility for the veracity of all personal data you provide to us and you are obliged to periodically update this data so that it accurately reflects your real situation.

You also guarantee that, if you provide personal data of third parties, you have informed them in advance about the aspects related to the processing of their personal data, including the content of this Confidentiality policy. You also guarantee that you have obtained the express consent of these people to provide us with their personal data for the indicated purposes.

9. Links to third-party websites

Our website may include links to other websites, such as the LinkedIn platform, plug-ins and third-party applications. Accessing these links or activating these connections may allow third parties to collect or share data about you.

The processing of personal data by the owners of these third-party websites is not covered by this Confidentiality policy. Therefore, we have no responsibility and do not exercise any control over how these third parties collect, use or protect the information you provide through their websites

We recommend that you carefully read the confidentiality policies of all third-party websites you access to understand how your personal data is collected, used and shared.

10. Security measures

We process your personal data confidentially and comply with the obligation to ensure the confidentiality of your personal data. We always take appropriate technical and organizational measures to ensure the security of your data and to prevent any unauthorized access, use, disclosure, modification, loss or destruction.

These measures are implemented depending on:

• the current state of technology,
• the nature of the data processed,
• the risks to which they are exposed, and
• the purposes of the data processing.

Also, all our suppliers who process personal data on our behalf (processors), as well as us as processors (where applicable), conclude data processing agreements in accordance with art. 28 of the GDPR. Through these agreements, we ensure, to the extent possible, that third parties comply with the legislation in force on the protection of personal data.

11. Updating the Confidentiality policy

We may update this Confidentiality policy as a result of legislative changes, recommendations issued by competent authorities or changes in the way we process your personal data.

Whenever we make such updates, you will be able to review the most recent version of the Confidentiality policy on this page.