As of May 25th, 2018, European Regulation no. 697/2016 for the Protection of Personal Data shall be applicable. The Regulation regards the processing of personal data and the free movement of personal data of natural persons. Personal data represent those data which directly identify a natural person, such as name, surname, home address, email, or phone number, but also any other data which allows the indirect identification of these, namely, in certain cases, student identification number.
The Regulation regarding the protection of personal data is applicable to each legal body which processes personal data in their activity (employees, suppliers).
We are transparent regarding our collaborators and partners, thus, confirming that the personal data that we collect are known and which are the purposes for which we use the personal data. We use only the personal data that you send us, which arise from the carrying out of the business relationship in order to inform you regarding the monitoring of the academic records. Taking into consideration the above-mentioned, for the purpose of processing the personal data, you consent is necessary. For this purpose, we shall contact you in order to notify the decision taken.
S.C. Adservio Social Inovation S.R.L. with registered office in Iași Municipality, 3 Bulevardul Socola Street, Bl. D2, Entrance B, 4th floor, Apartment 19, Iași County, registered with the Trade Registry under no. J22/1482/2009, with Unique Registration Number RO 26033834 as author, owner and administrator of website www.adservio.ro complies with the confidentiality and security of personal data.
IDENTITY AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO) OR (IN ROMANIAN RPD)
Adservio has appointed a Data Protection Officer ("DPO"). Our DPO can be contacted on the following email address: firstname.lastname@example.org.
- • ANSPDCP represents the National Supervisory Authority for the Protection of Personal Data;
- • "Personal data" represent any information regarding a natural person identified or identifiable (”person in question”); a natural identifiable person is a person who can be identified, directly or indirectly, especially by reference to an identification element, such as a name, identification number, location details, on-line identifier, or to one or more elements specific to his/her own physical, physiological, genetic, mental, economic, cultural or social identity;
- • "Processing" represents any operation or set of operations carried out on the personal data or on sets of personal data or with or without the use of automatic means, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or making available in any other manner, lining or combination, restriction, removal or destruction;
- • "Processing restriction" represents the marking of the personal data stored with the purpose of limiting their future processing;
- • The "operator" represents the natural or legal person, public authority, agency or another body which, alone or together with others, sets the purposes and means of processing personal data; when the purpose and means of processing are set in compliance with the Union law or the domestic law, the operator or the criteria specific for the his/her appointment can be laid down in the Union law or in the domestic law;
- • The "operator’s proxy" is the natural or legal person, public authority, agency or another body which processes the personal data on behalf of the operator;
- • The "recipient" is the natural or legal person, public authority, agency or another body to whom the personal data are disclosed, regardless of whether it is a third party or not. Nonetheless, public authorities to whom personal data can be notified in an investigation in compliance with the Union law or domestic law are not considered recipients; the processing of personal data by those public authorities shall comply with the rules applicable regarding data protection, in compliance with the purposes of the processing;
- • The "consent" of the person in question represents any free will manifestation, specific, informed and lacking the ambiguity of the person in question, through which he/she accepts, by a statement or by a clear action, that the personal data regarding him/her may be processed.
RIGHTS OF THE PERSON IN QUESTION
- • The right to access represents the right of the person in question to obtain confirmation from the operator that he/she is or is not processing the personal data concerning him/her (the person in question) and, if affirmative, access to those data and to the information regarding the manner in which the data are processed.
- • The right to data portability refers to the right to receive personal data in a structured format, in current use and which can be read automatically and to the right to have the data directly transmitted to another operator, if this is technically feasible.
- • The right to oppose aims at the right of the person in question to oppose the processing of personal data when the processing is necessary in order to meet a task which serves a public interest or when it aims at a legitimate interest of the operator. When the processing of personal data has as a purpose direct marketing, the person in question notably has the right to oppose the processing at any time.
- • The right to rectify refers to the correction, without unjustified delays, of the personal data inaccurately stored. Rectification must be notified to each recipient to which the data were transmitted, with the exception of the cases in which this proves to be impossible or entails disproportionate efforts (provable).
- • The right to remove the data ("the right to be forgotten") represents the right of the person in question to request that the personal data be removed, without unjustified delays, if one of the following reasons apply: these are no longer necessary for the complying with the purposes for which they were collected or processed; he/she retracts the consent and there is no other legal grounds for processing; he/she opposes the processing and there is not other legal grounds to prevail; the personal data were illegally processed; the personal data must be removed in order to comply with a legal obligation; the personal data were collected regarding the tendering of services of the information company.
- • The right to restrict the processing can be exercised if the person challenges the accuracy of the data, for a period which allows the checking of the accuracy of teh data; processing is illegal and the person opposes the removal of the personal data, requesting in exchange restriction; if the operator does not need the personal data for the purpose of processing, but the person requests them for acknowledging, exercising or defending a right before a court of law; if the person has opposed the processing for a period of time in which it shall be verified if the operator’s legitimate rights prevail over those of the person in question.
WHAT TYPES OF PERSONAL DATA SHALL WE COLLECT
We collect personal data in order to create user accounts on the Adservio platform and so that the persons in question (we do not limit ourselves to the data in the parents’, student’s or professors’ Identity Cards), to have access to the information offered on the Adservio platform.
- • Name, surname, PIN, personal e-mail, contact person details in case of emergency (name and phone number).
- • SeriaSeries and number of the Identity Card, home address (residence), postal code, country, phone number or mobile phone number, date of birth, job.
- • FotografiiPhotographies (upon the request of the person in question).
- • Data necessary for the conclusion of a form of collaboration or employment, in line with the Employment Code or the Civil Code.
WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT IS THE LEGAL GROUNDS FOR THE COLLECTION
It is necessary to collect your personal data in order to comply with the legal contract provisions. In line with Regulation no. 697/2016 regarding the protection of personal data, we have identified legal grounds based on which we process your personal information. The personal data that we collect are necessary for the conclusion, execution, modification or termination of the contract, for the creation of accounts for the persons in question on the Adservio platform, the latter having the possibility to access the information stored on the platform.
If you do not agree with the processing of your data, you have the right and the freedom to not fill in the forms available and to not access the www.adservio.ro website.
When filling in the forms available of www.adservio.ro, personal data shall be collected, offering information regarding the purpose for the collection of each personal data that is requested.
Adservio can also receive and register, on its servers, information regarding the IP address and cookies of the website requested. You have the option to set the internet browser so that it rejects certain cookies. In this case, a negative impact on your navigation of the Adservio website shall exist. The Adservio policy regarding cookies can be consulted here.
Adservio processes the personal data of the persons in question based on legal obligations, the performance of the contract between Adservio and the person in question and the legitimate interest of Adservio.
Personal data transfers
Adservio is under the obligation by partnership contract to transfer the personal data of the persons in question.
FOR HOW LONG DO WE KEEP THE PERSONAL DATA
We keep the personal data supplied by you for a reasonable period of time, as long as it is necessary to meet the purposes described above and in order to meet the legal obligations that we must comply with. If the personal data are no longer necessary and useful, these shall be removed.
The reasons for which we keep the personal data have as a basis the compliance with legal obligations in compliance with the Regulation and in order to support the defences for potential actions before the competent courts of law.
If we are under the obligation to disclose your personal data by a judicial order or in order to comply with other legal requirements, by a notification, we shall notify you prior to supplying these data, with the exception of the case in which this disclosure is prohibited. We shall not sell, disclose, distribute your personal data without obtaining your consent and permission.
Adservio shall not disclose the personal data collected through the Adservio platform with the exception of authorised employees and contractors/partners who have the competence of proxies.
Adservio, together with its collaborators, has undertaken the responsibility to implement appropriate technical and organisational measures regarding the protection of the confidentiality and security of personal data, respectively for the protection against unauthorised access, of the use, modification or destruction of personal data in line with the RGPD provisions, as follows:
- • The users who have access to the database for the personal information are only those who created an account of the Adservio platform, each of them accessing the database with their own account name and password.
- • All employees, collaborators and service providers of Adservio, who shall come in contact with personal data, must act in compliance with the principles of the personal data confidentiality and security policies and procedures, by signing confidentiality statements and agreements regarding these data.
- • Users access personal data only for the monitoring of academic records and only in compliance with the purpose stated for the collection of data.
- • The computers from which the database for the personal information are accessed are password-protected, antivirus, antispam protection solutions have been implemented and have been daily firewall updated.
All employees, collaborators and service providers, who shall come in contact with personal data, must act in compliance with the principles of the personal data confidentiality and security policies and procedures, by signing confidentiality statements and agreements regarding these data. At the same time, we have taken the responsibility for the implementation of appropriate technical and organisational measures for the protection of personal data confidentiality and security.
Personal data are stored on the cloud, and in physical format, in Romania, in full compliance with the legal requirements and in maximum safety and protection conditions.
THE CONFIDENTILITY POLICY MAY BE MODIFIED
We have the right to modify, complete the Confidentiality Policy at any time, by display the modified Confidentiality Policy on adservio.ro/en/terms-and-condition
CONTACT DETAILS FOR THE NATIONAL SUPERVISORY AUTHORITY FOR PERSONAL DATA PROCESSING
Address: 28-30 B-dul G-ral Gheorghe Magheru, Distirct 1, postal code 010336, Bucharest, Romania