on personal data processing.

The General Data Protection Regulation (GDPR) is a regulation of the European Union and, as of 25 May 2018, is applicable to all organisations collecting and processing personal data of EU citizens.

As a responsible and future-oriented organisation, CEMS EPC SA recognizes the need to comply with GDPR and makes sure that effective measures are in place to protect the personal data of our customers, employees and other stakeholders.

The commitment to personal data security is extended to all organisations in the group: AUTOMATICA SA, CEMS TEHNOLOGII SRL, BARTEC SAFETY ENGINEERING SRL, and will be proven by means of relevant policies and by supplying suitable resources for establishing and developing efficient controls on personal data protection and information security.

A security policy for personal data processing is available both in hard copy and in electronic format and will be provided within the organisation and to the interested third parties.

Likewise, we shall make sure that a systematic review of the performance of the compliance programme is constantly undertaken, in order to make sure that its objectives are fulfilled and that the main issues are identified and solved.

An impact analysis on personal data protection will be used when needed, in line with GDPR requirements and recommendations.

Risk management is implemented at several levels of the organisation, including:

• Risk identification and analysis on the processing of the personal data that we collect and process
• A regular analysis of information security risk in specific operational areas
• Risk analysis as a part of process management change

For any information on personal data processing, feel free to contact the appointed Personal Data Protection Officer, Ms Veronica Oprea, by e-mail: veronica.oprea@galexconsulting.ro or by phone: (004) 0744300969.