The European Union General Data Protection Regulation (no. 2016/679) became applicable on the 25th of May 2018. The regulation concerns personal data processing and the free movement of the personal data of natural persons. Personal data are information that directly identifies a natural person, such as surname, name, home address, e-mail, phone number, as well as other data that allow for the indirect identification of a person, such as, in some instances, a student’s identification number.
The General Data Protection Regulation is applicable to all legal entities that process personal data as part of their activity (employees, providers).
We are transparent with our collaborators and partners. As such, we are transparent about the type of personal data we collect, as well as the purposes for which we use personal data. We only use the personal data you send us and which is necessary for carrying out the business relationship, in order to inform you about the situation at school. Given the information above, we need your consent in order to handle and process personal data. As such, we will contact you to find out your decision.
S.C. Adservio Social Inovation S.R.L., with head offices in Iași, Bulevardul Socola, Numărul 3, Bloc D2, Scara B, etaj 4, Apartament 19, Județul Iași, registered with the Trade Register Office no. J22/1482/2009, tax reference number RO 26033834, as author, owner and administrator of the www.manual.adservio.ro website, complies with the privacy and security of personal data processing.
IDENTITY AND CONTACT INFORMATION OF THE DATA PROTECTION OFFICER (DPO)
Adservio designated a Data Protection Officer (DPO). Our DPO can be contacted at the following e-mail address: [email protected].
- ANSPDCP stands for The National Supervisory Authority for the Processing of Personal Data;
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
THE DATA SUBJECT’S RIGHTS
- The right of access entails the data subject’s right to receive conformation from the controller regarding whether they processes or not the data subject’s personal data, and, if yes, the right to access the data in question, as well as information on the way they are processed.
- The right to data portability means the right to receive the personal data in a structured format, that is currently in use and can be read automatically, as well as the right for the data to be sent directly to a different operator, where technically feasible.
- The right to object means the data subject’s right to object to personal data processing when the processing is necessary in order to fulfill a task serving a public interest or a controller’s legitimate interest. Especially when personal data are processed for direct marketing purposes, the data subject has the right to object the processing at any point.
- The right to rectification entails correcting stored personal data that are inaccurate, without undue delays. The rectification must be notified to each recipient to whom the data have been disclosed, unless this proves impossible or involves (demonstrable) disproportionate effort.
- The right to erasure (‘right to be forgotten’) entails the right of the data subject to request that their personal data be erased, without undue delays, for one of the following reasons: the data are no longer necessary to the purposes for which they have been collected or processed; the data subject withdraws their consent and there are no other legal grounds to process the data; the data subject objects to the processing and there are no overriding legitimate grounds; the personal data have been unlawfully processed; the data must be deleted to comply with a legal obligation; the personal data have been collected in relation to the offer of information society services.
- The right to restriction of processing can be invoked when the subject contests the accuracy of the data, for a period allowing to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but the data subject requests them for the establishment, exercise or defense of legal claims; the data subject has objected the processing pending verification whether the legitimate grounds of the controller override those of the data subject.
THE TYPES OF PERSONAL DATA WE COLLECT
- Name, e-mail address and website (when publishing a comment)
- Statistics regarding traffic
If you are a visitor, this blog will process the personal data you provide while using the Site, such as the data you provide when leaving a comment on an article. The www.manual.adservio.ro blog can collect your data automatically, among which the time and duration of the visit, the pages you accessed, the operating system and the IP address only for traffic and statistic purposes, through plugins such as Google Analytics, the data collection liability being conferred to this app.
WHY WE COLLECT YOUR PERSONAL DATA AND ON WHAT GROUNDS
It is necessary that we collect your personal data in order to comply with the legal contractual provisions. Under General Regulation 679/2016 regarding data protection, we identified the legal grounds on which we process your personal data. Your personal data are necessary to conclude, perform, modify or terminate the contract, to create accounts for data subjects on the Adservio platform, giving data subjects the possibility to access the data stored on the platform.
If you do not consent to the processing of your personal data, you have the right to not fill in the available forms and to not visit the www.manual.adservio.ro website.
When filling in the forms available on www.manual.adservio.ro, personal data will be collected and information will be provided regarding the purpose of collecting each type of required data.
Adservio processes the data subjects’ personal data on the grounds of legal requirements, the performance of the contract between Adservio and the data subject, and Adservio’s legitimate interest.
Personal data transfer
Adservio is bound by partnership agreements to transfer the personal data of data subjects.
HOW LONG WE STORE YOUR PERSONAL DATA
We store the personal data you provide for a reasonable amount of time that is necessary to fulfill the purposes detailed above and to comply with the legal requirements we are subject to. If the personal data are no longer necessary or useful, they are deleted.
The reasons why we store personal data entail complying with legal obligations in accordance with the Regulation and supporting our defenses in the case of legal actions brought to the competent courts.
REVEALING PERSONAL DATA
In the event that we are required to reveal your personal data by a court order or in order to comply with other legal requirements, we will notify you before providing these data, unless such a notification is prohibited. We will not sell, disclose or share your personal data without your consent and permission.
SECURING PERSONAL DATA
Adservio will not disclose the personal data collected through the Adservio platform, except with authorized employees and contractors/partners having the status of authorized persons.
Adservio, along with its collaborators, has taken on the responsibility to implement technical and organizational measures regarding the confidentiality and safety of personal data, as well as protections against unauthorized access and use, alteration or destruction of personal data in accordance with GDPR provisions as follows:
- All Adservio employees, collaborators and service providers who come into contact with personal data must act in accordance with the principles of policies and procedures regarding personal data privacy and security, signing confidentiality declarations and agreements applicable to these data.
- The computers on which the personal information database is accessed are protected by passwords, as well as antivirus, antispam and firewall solutions that are up to date.
All employees, collaborators and service providers who come into contact with personal data must act in accordance with the principles of policies and procedures regarding personal data privacy and security, signing confidentiality declarations and agreements applicable to these data. Furthermore, we have taken on the responsibility to implement adequate technical and organizational measures regarding the confidentiality and safety of personal data.
WHERE THE DATA IS STORED
Personal data is stored on the cloud, as well as in physical format, on Romanian territory, in full accordance with the legal requirements and under the utmost conditions of safety and protection.
CONTACT INFORMATION FOR THE NATIONAL SUPERVISORY AUTHORITY FOR THE PROCESSING OF PERSONAL DATA (ANSPDCP)
Address: B-dul G-ral Gheorghe Magheru 28-30, Sector 1, cod postal 010336, Bucharest, Romania
E-mail: [email protected]