Data Protection Statement of ORIGINATOR AG S.R.L.


1. Name and Address of the Data Controller

In accordance with the General Data Protection Regulation (GDPR) and other national data protection laws in member states, as well as other data protection regulations, the Data Controller is:


ORIGINATOR AG S.R.L.

Address: STR. MIHAI VITEAZU, NR. 104, SAT ŞELIMBĂR COM. ŞELIMBĂR

Sibiu, Romania

Phone: +40725221761

The Data Controller has appointed the following person as the Data Protection Officer:


Vasiu Adrian

Administrator of ORIGINATOR AG S.R.L.

Phone: +40725221761

Email: office@fishtec-europe.eu


1. General Information about Data Processing


1. Scope of Data Processing

We only collect and use personal data of our users to the extent necessary to provide a functional website, content, and services. We collect and use personal data of our users only with the user's consent. An exception applies in cases where obtaining consent is not possible for factual reasons and the processing of data is permitted by law.


2. Legal Basis for Data Processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6(1)(d) of the GDPR. Finally, processing operations could be based on Article 6(1)(f) of the GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. They considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).


3. Data Erasure and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.


Data that we store includes, among other things:

- Log files for a maximum period of 14 days

- Databases for logins during the existence of an account.


**Data Protection Statement of ORIGINATOR AG S.R.L.


1. Provision of the Website and Log File Generation


1. Description and Scope of Data Processing

Our system automatically collects data and information from the computer system of each user each time a user visits our website. The following data is collected:

(1) Information about the type of browser and version used

(2) The user's operating system

(3) The user's internet service provider

(4) The user's IP address

(5) Date and time of access

(6) Websites from which the user's system reaches our website

(7) Websites accessed by the user's system via our website

(8) Duration of the user's visit

(9) User's country of origin

(10) User's preferred language

(11) Time of the user's first visit and the most recent visit

This data is saved in our system's log files. We do not store this data together with other personal data of the user.


2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.


3. Purpose of Data Processing

The temporary storage of the IP address by our system is necessary to deliver the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Data is also used to optimize the website and to ensure the security of our information technology systems. These purposes represent our legitimate interest in data processing within the meaning of Article 6(1)(f) of the GDPR.


4. Data Retention Period

Data is deleted as soon as it is no longer necessary for the purpose for which it was collected. When data is collected for the purpose of operating the website, this is the case when the respective session is ended. In the case of data stored in log files, this is the case after a maximum of 14 days. Data may be stored for longer periods in certain cases. In this case, the user's IP addresses are deleted or shortened, so that it is no longer possible to associate them with the accessing client.


5. Right to Object and Lodge a Complaint

The collection of data for the provision of the website and the storage of data in log files are absolutely essential for the operation of the website. This means that users cannot object to these data collection and storage processes.


2. Use of Cookies


1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.

**Use of Cookies**


1. Description and Scope of Data Processing

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable even after leaving our page. Cookies store and transmit the following data:

(1) Items in a shopping cart

(2) Login information

(3) Conversation information

(4) Security mechanisms for forms (XSRF - Cross-Site Request Forgery)

(5) Items on a wish list

(6) Google Analytics services

(7) General Facebook Pixel tracking

(8) Google Maps integration

(9) Universal Messenger data for a user group-oriented website experience

(10) YouTube video integration

Our website also uses cookies that allow an analysis of the user's browsing and website usage. The following data may be transmitted:

(1) Search terms entered

(2) Page views

(3) Use of website functions

User-related data collected through cookies is pseudonymized using technical methods. This means that the data can no longer be traced back to the user who accessed it. The data is not merged with other personal user data.


When users access the website, they are informed about the use of cookies for analytical purposes via an informative banner that also references this data protection statement. It includes information on how cookie placement can be prevented by adjusting browser settings.


2. Legal Basis for Data Processing

The legal basis for data processing involving the use of cookies is Article 6(1)(f) of the GDPR.


3. Purpose of Data Processing

The purpose of using strictly necessary cookies is to make the website more user-friendly. Some functions offered on our website may not be available if cookies are deactivated. These functions depend on the browser being recognized after the user has left the website.


The use of cookies is necessary for the following applications:

(1) Shopping functions (e.g., shopping cart)

(2) Tracking functions (e.g., user's country of origin)

User-related data collected through strictly necessary cookies is not used to create user profiles. Analytical cookies are used exclusively for the purpose of improving the quality of our website and its content. Analytical cookies provide us with information on how the website is used and how we can continuously improve our services.


These purposes represent our legitimate interest in data processing in accordance with Article 6(1)(f) of the GDPR.


4. Data Retention Period, Right to Object, and Contesting a Decision

User computers store and transmit cookies to our website. This means our users have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your internet browser settings. Existing cookies can be deleted at any time, and this can be set to occur automatically. If you disable cookies, you may not be able to use the full range of functions offered on our website.

**Newsletter Subscription**


1. Description and Scope of Data Processing

Our website provides users the option to subscribe to a free newsletter. The data entered into the registration form will be transmitted to us. During registration, the following data is collected:

(1) The IP address of the computer from which the access is made

(2) The date and time of registration

Your agreement to data processing is obtained during the registration process, which also references this Data Protection Statement.


If you provide us with your email address when purchasing goods or services through our website, we may subsequently use this data to send a newsletter. In this case, the newsletter will only contain direct advertising for products or services offered by our company.


Data will not be disclosed to third parties as part of data processing for newsletter dispatch. The data is used exclusively for newsletter delivery.


We also use newsletter tracking, which means that emails sent by us contain small image files, also known as web beacons or tracking pixels. These are included in the emails but are not directly contained within them; rather, they are linked to a web address. These images are downloaded from an external server through the webmail application running in the browser. Information regarding the call, IP address, and client information are collected.


2. Legal Basis for Data Processing

The legal basis for processing data after the user has subscribed to the newsletter and given consent for their data usage is Article 6(1)(a) of the GDPR. Newsletter tracking is also based on Article 6(1)(f) of the GDPR.


3. Purpose of Data Processing

Collecting the user's email address serves the purpose of newsletter delivery. Newsletter tracking serves to perform statistical analysis to determine the number of emails that are read and how often the links are clicked. In this case, use does not allow inferences about individuals. The information is used for optimizing newsletter content or for better tailoring the newsletter to the email clients used by recipients.


Collecting other personal data during the registration process serves to prevent misuse of the services or the email addresses used.


4. Data Retention Period

Data is deleted as soon as the purpose of its collection is fulfilled. Consequently, the user's email address is stored for as long as the user remains subscribed to the newsletter. Data for analysis is deleted after three months. Any other personal data collected during the registration process is typically deleted after seven days.


5. Right to Object and Contesting a Decision

Newsletter subscriptions can be canceled (unsubscribed) by the user at any time. All newsletters contain an unsubscribe link. This provides the user with the option to withdraw their consent regarding the storage of personal data collected during the registration process.


**Registration**


1. Description and Scope of Data Processing

**User Registration**


1. Description and Scope of Data Processing

Our website allows users to register by providing their personal data. The data is entered into a form, transmitted to us, and then stored by us. The data is not disclosed to third parties, except when a payment processing service is involved in an e-commerce transaction. During the registration process, the following data is collected:

(1) First name

(2) Last name

(3) Email address

(4) Password

(5) Address

(6) Postal code

(7) City

(8) Date of birth

(9) Phone number

(10) Fax number

(11) Tax code

(12) Company

(13) Company website


During registration, the following additional data is stored:

(1) Date and time of registration

(2) Date and time of registration confirmation

(3) Date and time of consent for the Data Protection Statement

(4) Website where the registration was completed


User consent for processing this data is obtained during the registration process. This data is collected during an e-commerce transaction as well.


2. Legal Basis for Data Processing

The legal basis for data processing with user consent is Article 6(1)(a) of the GDPR.

In cases where registration serves the execution of a contract with the user or the implementation of pre-contractual measures, the legal basis for data processing is also Article 6(1)(b) of the GDPR.

Data processing during an e-commerce transaction is based on Article 6(1)(b) of the GDPR as well.


3. Purpose of Data Processing

User registration is necessary to provide certain content and services on our website. Users may also be asked to register for the execution of a contract with them or for the implementation of pre-contractual measures.


4. Data Retention Period


Data is deleted as soon as the purpose of its collection is fulfilled. For data collected during the registration process, this occurs when the registration on our website is canceled or modified.

Data necessary for the execution of a contract or for the implementation of pre-contractual measures may also be deleted when the data is no longer needed for contract execution. It may be necessary to store the personal data of a contractual partner for a longer period than necessary for the conclusion of a contract in order to fulfill contractual or legal obligations. This means that, as soon as a user requests the deletion of their account, the data specified in F.1. will be deleted, unless this contravenes a law that requires ORIGINATOR AG S.R.L. to retain the data (mandatory retention periods under the law).

**User Rights and Contact Form**


**User Rights and the Right to Object and Object to a Decision**


Users can cancel their registration at any time. You can request the modification of your data stored by us. You can update your profile data at any time within ORIGINATOR AG S.R.L. (if creating an account is allowed). If data is necessary for the execution of a contract or for the implementation of pre-contractual measures, early deletion of data may only be possible to the extent that such deletion does not contravene legal requirements.


**Contact Form and Contact by Email**


**Description and Scope of Data Processing**

Our website provides a contact form that can be used to send us electronic correspondence. The data entered into this form will be transmitted to us and stored by us. These are the data displayed in the input mask. At the time of sending the form, the following additional data is stored:

(1) User's IP address

(2) Language and URL of the accessed page

(3) User's browser and operating system

(4) User's referrer page

(5) Date and time of contact


Regarding the processing of this data, users are referred to the Data Protection Statement at the time of sending the form and must declare and confirm their agreement with the Data Protection Statement.


As an alternative, users can contact us via the provided email address. In this case, the personal data of the user transmitted via email will be stored.


The data is not disclosed to third parties in this context.


**Legal Basis for Data Processing**


The legal basis for processing data transmitted through the contact form with user consent is Article 6(1)(a) of the GDPR.


The legal basis for processing data transmitted by email is Article 6(1)(f) of the GDPR. If the objective of contact by email is to conclude a contract, such as placing an order for service, the data processing is also based on Article 6(1)(b) and (c) of the GDPR.


The legal basis for storing information about course participants is Article 6(1)(f) of the GDPR.


**Purpose of Data Processing**


We exclusively process the personal data transmitted through an online form for the purpose of processing user requests. In the case of contact by email, this includes the legitimate interest necessary in the context of data processing. If you register for a training course, the personal data transmitted by you will be used for the implementation and organization of training courses. Any other personal data processed during the sending process aims to prevent improper use of the contact form and to protect the security of information systems.


**Data Retention Period**


Data is deleted as soon as the purpose of its collection is fulfilled. Personal data entered into the online form is not stored on our servers. Data sent by email is deleted once the respective correspondence with the user has concluded. Correspondence is considered concluded if circumstances indicate that the relevant request has been finally resolved.

**Right to Object and Appeal of a Decision**


The user can revoke their consent to the processing of personal data at any time. Users who contact us via email can withdraw their consent to store their personal data at any time. In the case of withdrawing consent, correspondence with the user will be terminated.


In this case, all personal data stored during contact will be deleted.


**Website Analytics Services**


**Description and Scope of Data Processing**


This site uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses cookies, which are text files stored on your computer and used to analyze your use of this website. The information generated by the cookie about your use of this website is typically transmitted to a Google server in the USA and stored there.


We would like to point out that this site uses Google Analytics with the "_anonymizeIp()" extension, which means that only truncated IP addresses are processed to exclude any direct reference to an individual. Your full IP address is only sent to a Google server in the USA and truncated there in exceptional cases.


**Legal Basis for Data Processing**


The legal basis for the processing of personal data through the use of the Google Analytics service is Article 6(1)(f) of the GDPR.


**Purpose of Data Processing**


The purpose of data processing is the sustainable improvement of the website and user experience. Google uses this information on behalf of the operator of this website to evaluate your use of this website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. For this purpose, our company has entered into a data processing agreement with Google, in accordance with Article 28 of the GDPR.


**Data Retention Period**


Data is deleted as soon as the purpose of its collection is fulfilled.


**Right to Object and Appeal of a Decision**


The IP address sent from your browser as part of the Google Analytics service is not merged with other Google data. You can adjust your browser settings to prevent the storage of cookies on your computer. Please note that in this case, you may not be able to use all the functions offered on this website. You can prevent the collection of data about your website usage (including your IP address) generated by the cookies and their processing by Google by downloading and installing the browser plugin available at the following link: [Google Analytics Opt-out Browser Add-on](https://tools.google.com/dlpage/gaoptout).


1. **Rights of the Data Subject**


If your personal data is processed, you are a data subject within the meaning of the GDPR. You have the following rights towards the data controller:


   - **Access to Information**: You have the right to ask the data controller to confirm whether your personal data is being processed. If so, you have the right to request the data controller to provide you with the following information:

       1. The purposes of the processing of personal data.

       2. The categories of personal data being processed.

       3. The recipients or categories of recipients to whom your personal data have been or will be disclosed.

       4. The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

       5. The existence of the right to request rectification or erasure of your personal data, a right to restrict processing by the data controller, and a right to object to such processing.

       6. The existence of a right to lodge a complaint with a supervisory authority.

       7. All available information concerning the source of the personal data if it was not collected from the data subject.

       8. The existence of automated decision-making, including profiling, referred to in Articles 22(1) and 22(4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.


   - You also have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this regard, you can request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR concerning the transfer.


2. **Right to Rectification**: You have the right to request the data controller to correct or complete your data if your personal data is incorrect or incomplete. The data controller must rectify the data without undue delay.


3. **Right to Restrict Processing**: You have the right to restrict the processing of your personal data under the following conditions:

   - You contest the accuracy of your personal data, and you allow the data controller sufficient time to verify the accuracy of your personal data.

   - The processing of data is unlawful, and you oppose the erasure of your personal data and request the restriction of their use.

   - The data controller no longer needs your personal data for the purposes of the processing, but you require the data for the establishment, exercise, or defense of legal claims.

   - You have objected to processing pursuant to Article 21(1) of the GDPR, and it has not yet been determined whether the legitimate grounds of the data controller override your interests.


4. **Right to Erasure (Right to Be Forgotten)**


   a) **Obligation to Erase Data**: You can promptly request the data controller to erase your personal data, and the data controller is obliged to erase your data without undue delay if one of the following grounds applies:

   - Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

   - You withdraw your consent upon which the processing is based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal ground for the processing.

   - You object to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

   - Your personal data have been unlawfully processed.

   - Erasure of your personal data is necessary to comply with a legal obligation under Union or Member State law to which the data controller is subject.

   - Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.


   b) **Subsequent Notification to Third Parties**: Where the data controller has made your personal data public and is obliged to erase the personal data pursuant to Article 17(1) of the GDPR, they shall take reasonable steps, including technical measures, to inform other data controllers processing the personal data that you, as the data subject, have requested the erasure by such data controllers of any links to or copy or replication of those personal data.


   c) **Exceptions**: You do not have the right to erasure to the extent that processing is necessary:

   - For exercising the right of freedom of expression and information.

   - For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

   - For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR.

   - For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or to the extent that it is likely to seriously obstruct that achievement.

   - For the establishment, exercise, or defense of legal claims.


5. **Right to Notification**: If you have exercised your right to rectify or erase your data or to restrict the processing against the data controller, the data controller must communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients by the data controller.


6. **Right to Data Portability**:

7. **Right to Object**


   You have the right to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling. The data controller shall no longer process your personal data unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.


   Your personal data will no longer be processed for direct marketing purposes if you object to the processing. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.


8. **Right to Withdraw Consent under Data Protection Law**


   You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.


9. **Automated Individual Decision-Making, Including Profiling**


   You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if the decision:

   - is necessary for entering into or the performance of a contract between you and the data controller,

   - is authorized by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

   - is based on your explicit consent.


   Where the decision is necessary for entering into or the performance of a contract between you and the data controller or it is based on your explicit consent, the data controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.


10. **Right to Lodge a Complaint with a Supervisory Authority**


   Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement if you consider that the processing of your personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.


If you wish to object to the collection, processing, or use of your data by ORIGINATOR AG S.R.L. in accordance with this Data Protection Declaration as a whole or for individual measures, you can send your objection by email or regular mail using the contact information provided.


The data protection officer at ORIGINATOR AG S.R.L. is:

Vasiu Adrian

Administrator ORIGINATOR AG S.R.L.

+40725221761

office@fishtec-europe.eu