Compliance with the right to personal data protection and the right to privacy is one of the fundamental assignments of RIG Energy Consultants SRL (RIG), so that we undertake to be transparent about the manner in which RIG collects and uses your personal data and we fulfill the personal data protection obligations as a controller.

Thus, we take all the necessary steps in order to process your personal data in compliance with the principles set in the applicable data protection law in Romania, including the (EU) Regulation 2016/679 of the European Parliament and Council as of April 27th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (“GDPR”).

Personal data means any information about an identified or identifiable individual (“the data subject”); an identifiable natural person is a person who can be directly or indirectly identified, in particular in reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or several specific elements, of their own physical, physiological, genetic, psychic, economic, cultural or social identity.

We understand the obligation that we have towards you to inform you and help you understand how and why we process your personal data. By this policy, we want to inform you about how RIG Energy Consultants SRL and the affiliates thereof (“RIG” or “We”) collect and use your data in connection with your use of the RIG website, and your interactions with RIG within the running of the business relations, and in the context of the employment process.


If you are a user of our website (

We collect the time and date of accessing the website and the IP address from which our website was accessed.

If you are a potential employee

We need certain data and information about: your education, past experience and professional training, the job that you apply for, your contact data, certifications and personal skills.

You may also choose to provide us with other pieces of information, documents or data (i.e. resumes, references, etc.) that we shall use for the same purpose.

If you are a visitor within our premises

We collect the surname, first name and access time, in order to provide the security of our premises, property and staff.

If you are a representative or contact of our providers or business partners

We collect the surname, first name, title, as well as any other data provided by you or the company that you represent.

If you are an employee or a personal collaborator

Please read the Privacy Policy for the employees or collaborating staff, communicated to you upon the employment or the conclusion of the collaboration agreement and available at any time at the Human Resources Department.


We protect the confidentiality of the data obtained from children below the age of 16. If you are below the age of 16, you must obtain the consent or authorization of the parent or legal guardian in charge for any personal data supply.


The “sensitive data” term refers to racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership of trade unions, and the processing of genetic, biometric, health-related data or data on the sex life or sexual orientation.

In general, we do not collect sensitive information, unless you want to provide it to us.

To the extent the information that you provide contains details of racial or ethnic origin; political opinions or affiliations; religion; membership in a political party; health or physical or mental condition; sexual orientation; perpetration or alleged perpetration a criminal offense or a related procedure; workplace assessments, you expressly authorize RIG to process these details in compliance with this policy.


If you are a user of our website (

Goal: traffic monitoring in order to identify errors and/or any other website malfunction

Ground: in this data processing activity, we rely on our legitimate interest, namely providing you with a fully functional website by repairing any error, and the continuous improvement thereof.

If you are a potential employee

Goal: in order to assess your qualification for a position within RIG, as well as to keep a correspondence for this purpose.

Grounds: conclusion of a contract.

At the same time, if your profile does not meet the RIG requirements in the recruitment process, we shall keep, with your consent, your information and personal data, in order to run a new recruitment process for future positions within the company.

If you are a visitor within our premises

Goal: we process your personal data in order to provide the security of our premises, property and staff.

Ground: our legitimate interest to provide both the protection of individuals and the protection of the assets of the partners /of the employed or collaborating staff.

If you are a representative or contact of our providers or business partners

Goal: development of the contractual relations with our providers or business partners, as well as for correspondence kept for this purpose.

Grounds: performance of a contract.

If you are an employee

Please see the employee privacy policy, communicated to you upon employment, and available at any time at the Human Resources Department.

For all of the aforementioned categories of people, we can also process your data in the context of the following activities:

  1. Restructuring or internal reorganization or sale of assets or shares:

Goal: We process your data for the performance of the aforementioned operations Grounds: the legitimate interest to perform the operations, especially if they were impossible to carry out without the processing of your data. Nevertheless, we assure you that this eventual processing shall be carried out in compliance with this policy and the implementation of measures to provide the confidentiality of your data.

  1. Security:

Goal: We process the personal data for the security of the property and the physical integrity of the individuals.

Ground: we rely on our legitimate interest to provide the protection of your property and of RIG, as well as the protection of the people within our premises.

  1. Legal grounds:

Purpose: In some cases, we must process the provided information, which may include personal data, in order to resolve the legal disputes or complaints, for the investigations and compliance with applicable legal regulations, in order to implement an agreement or comply with the requests from the public bodies, to the extent such requests meet the conditions imposed by law.

Grounds: The reasons for the processing may be represented by the legal obligation (if we have a legal obligation to disclose certain personal data to the public authorities) or our legitimate interest in resolving any disputes and/or complaints.


RIG may send your information within the company or to the affiliates thereof, related to the recruitment or employment, or for the fulfillment of obligations or compliance with legal requirements or in order to respond to requests from public and governmental authorities in your country of residence.

The confidentiality of your data is important to us, which is why, where possible, the transmission of personal data in compliance with the aforementioned is done only in virtue of a non-disclosure commitment from the recipients, guaranteeing that these data are kept safe and that the supply of this information is made in compliance with the applicable law and the applicable policies. In any case, we shall send to the recipients every time only the information strictly necessary to achieve such purpose.


Taking into account that the RIG affiliates are Romanian and foreign legal entities, your data may also be sent outside the EU/ EEA.

We may also transfer your data to our service providers and other third parties that may be based in countries other than your country of residence.

Although the data protection laws in these countries may differ from those in your country, we shall take the necessary steps in order to ensure that your personal data is processed according to this policy and in compliance with the applicable law.


If you provide us with the personal data of other individuals, please obtain their consent before providing us with their personal data and inform them about the manner in which they are going to be processed, as described in this privacy policy.


Your personal data is retained throughout the accomplishment of the purposes detailed in this policy, unless a longer period of retention is required or allowed by the applicable law.

Nevertheless, insofar as you do not agree with RIG processing the personal data for the purpose of conducting a recruitment process for future positions within the Company, within 2 years or upon request, we shall erase any data that we hold related to the recruitment application.

We constantly review the need for your personal data to be retained and, to the extent the processing is no longer required and there is no obligation to retain the data, we shall destroy your personal information as soon as possible and in such a way that it cannot be recovered or restored (for instance, we shall delete/destroy all data of the people not having not been employed following the interviews, unless there is a serious prospect of future employment).

If the personal information is printed on paper, it shall be destroyed in a safe way, in a shredder, and if it is stored on electronic media, it shall be erased by technical means, in order to ensure that the information can no longer be recovered or subsequently restored.


As a data subject, you benefit from the following rights stipulated by GDPR:

  1. Right of access: you may request to us (i) a confirmation that the personal data are processed or not, and, if so, access to, and information about, such data and (ii) a copy of your data personal data that we hold (art. 15 in GDPR);
  2. Right to rectification: you can inform us about any change of your personal data or you may ask us to correct the personal data that we hold about you (art. 16 in GDPR);
  3. Right of deletion (“the right to be forgotten”): in certain circumstances (such as (i) the data having been illegally collected, (ii) the deadline for the data storage has expired, (iii) you have exercised your right of opposition, or (iv) the processing of the data was done in virtue of the consent and you have withdrawn your consent, you may ask us to delete the personal data that we hold about you (art. 17 in GDPR);
  4. The right to restrict processing: in certain circumstances (such as when you challenge the accuracy of such data or the lawfulness of the processing), you may ask us to restrict the processing of your data for a certain period (art. 18 in GDPR);
  5. The right to data portability: ask us to send your personal data to a third party or directly to you (art. 20 in GDPR);
  6. Right to opposition: In certain situations (such as processing having as legal grounds the legitimate interest), you may ask us to no longer process your data (art. 21 in GDPR);

If we use your personal data based on your consent, you are entitled to withdraw this consent at any time. In this case, your data shall no longer be processed by us, unless a legal provision forces us to keep and archive them. In any case, we shall inform you if there is such a legal provision and we shall expressly indicate it.


We take your personal security seriously, so that we take important security measures, necessary for the protection against unauthorized access to the data or unauthorized amendment, disclosure or destruction. This requires internal reviews of the data collection, storage and processing practices, and of the security measures, as well as physical security measures for the protection against unauthorized access to the systems where we store the personal data.

We also request to our service providers and business partners to take all the necessary measures for the protection against unauthorized access to the data or unauthorized data amendment, disclosure or destruction.


Our website contains links to third websites. Please note that we do not undertake liability for the collection, use, storage, sharing or disclosure of the data or information by such third parties. If you use or provide information on websites of third parties, the terms and privacy policy of such sites are applied. We advise you to read the privacy policy of the websites that you visit before sending personal data.


If you have any questions or concerns related to the processing of your personal data or if you wish to exercise any of the aforementioned rights, you are welcome to contact our Personal Data Protection Officer sending an e-mail to the following address: , and we shall reply to you within 30 days of receipt of the request.

Insofar as you do not have electronic means or do not wish to use them, you can also file a written request that you submit to the address: 14 , Gheorghe Grigore Cantacuzino Street, 100010 Ploiesti, Romania. For any further information, you may call us at +40 739 855 200.

Insofar as you are not satisfied with the manner in which your application has been solved, you may also file a complaint with the National Supervisory Authority for Personal Data Processing.


This privacy policy can be amended in compliance with the amendments to the data policy law or in virtue of changes to our services or organizational arrangements. If we make any material amendments thereto, we shall publish a link to the revised policy on the main page of our website. If we make significant amendments that shall impact on your rights and freedoms (for example, when we begin processing your personal data for purposes other than those specified above), we shall contact you before this processing begins.

In order to help you track the most important changes, we shall include below a history of amendments, in order to recognize the amendments brought to this policy.

Last update: 08 April 2019