Confidentiality policy

Studium Foundation – Central Offices
Târgu Mureș, Str. Gh. Avramescu, Nr. 11
Telephone: +40 265 250 773
E-mail: office@studium.ro
Web: studium.ro

1. General Information

This confidentiality policy defines the foundation’s directions regarding confidentiality. When accessing our webpage personal data are sent, stored and processed according to these rules of confidentiality. The data are stored and processed according to the provisions of current rules regarding personal data protection, complying with the provisions of Regulation 2016/679/EC on the protection and free movement of data during the processing of the personal data of natural persons.

These rules (“policy”) of confidentiality describe what personal data are processed, how are they used, what are the possibilities connected to this type of processing and how are the rules regarding the rights of data subjects met, including regulation 2016/67/EC (“GDPR”).

2. Who handles personal data?

These data are handled by our foundation, consequently the responsibility for data handling is on behalf of the foundation.

The controller, i.e. the Foundation, collects and processes the User’s data to the extent that it si necessary for the provision of services to the User.

3. Why are we processing your data?

Your data are processed so we can provide quality services. Personal data are processed only in legitimate, personal purposes in order to be able to ensure the handling services, requests made by you and of promotional materials.

Specifically, the processing of personal data is made for the following purposes:

  • improvement of services

  • offers management or processing the requests made through the webpage

  • economic decision-making

  • fast and accurate exchange of information with the clients

  • complying with legal requirements

  • in order to protect and respect our legitimate rights.

4. What type of personal data are processed?

The Foundation processes information that are necessary for providing quality and professional services, also complying with legal requirements.

The following personal data is processed:

Name and surname, address, telephone number, e-mail address, order number.

In case of legal entities and companies we request the following data: Trade Registry registration number (J), headquarters, telephone number, e-mail address, tax number, representative.

The processing of personal data is always carried out with the fulfilment of legal obligations, in this case based on your consent. Thus before accessing our services the User must accept the terms here within.

Regardless how the data is provided to us, we are responsible for the safe handling of personal data complying with our norms regarding data protection.

5. How long are the data stored?

Personal data are stored as needed, based on the internal procedures of data keeping, including archiving rules.

Personal data are kept until the relationship with the Foundation ceases to exist, except for cases when we assume the responsibility regarding the storage of the data for making them available for the authorities, e.g. fiscal authorities. The storage of data and their provision to authorities based on legal obligations is regulated by the provisions of art. 6, par. (1), letter c) of the GDPR.

The period during which the data are stored may be extended ]n cases when the handling of the data is necessary for the establishment or validation of claims, as well as in cases when they are needed for the defence against these claims, except for these cases only to the extent required by law. After the term for keeping the data expires the data are irrevocably deleted or made anonymous.

6. Safety and Confidentiality

To us it is very important for the personal data to be well protected. Thus we have taken all technical and organizational measures to protect personal data from loss or against any form of illegal processing. These measures are made up of both technical and organizational measures. Technical measures are as follows: physical and physical protection of the passwords. As far as organizational measures are concerned, these are related to limiting access, only authorised personnel has access and is bound by confidentiality. As far as risks and the nature of data protection are concerned the measures taken ensure a suitable level of security.

The users’ rights:

According to regulation 88/2004/EC on individual protection connected to the processing and free movement of personal data, as well as regulation 95/46/EC (general rules of data protection GDPR).

7. What kind of information must the controller/provider of personal data make available regarding the collection of data?

In cases when personal data are collected, the controller of the data must provide the following data:

  1. Data regarding the identification of the controller and contact details (where appropriate the representative operator);

  2. Contact details of the data protection officer (where appropriate – the person responsible with the security of personal data within the organisation);

  3. The purpose of processing (I) and legal base for the processing;

  4. In case the processing is done based on legitimate interests of the controller or of third parties, legitimate interests of the controller/administrator;

  5. Any other recipient of the personal data;

  6. In some cases the details of deliberate handovers to third party countries (other than members of the European Union) or international organisations, as well as the details of decisions and guaranties of conformity;

  7. The retention period (the duration for which the organisation keeps the data) or if this is not possible the criteria used for defining the retention period;

  8. The existence of the following rights:

    • Right of access

    • Right to rectification

    • Right to data erasure

    • The right to restriction of processing

    • The right to data transfer/portability

    • Right to object

Right of Access of the Affected Person (art 15., GDPR)

You have the right to request at all times to be informed regarding the use of your personal data. Moreover, at request, we also provide information regarding the purposes on which your data are used, what data categories do we use, how long are they stored, how they were provided to us, as well as to whom do we make them available.

The Right to Rectification (art. 16 and 19, GDPR)

If personal data are incomplete, the user has the right to modify them or to request their update, including other additional data.

The Right to Erasure (art. 17 and 19, GDPR)

Also known as the “right to be forgotten”.

The controller can erase the data without any unjustified delay if the following apply:

  1. The personal data are no longer needed in connection with the purpose of the collection or processing;

  2. If you withdraw your consent to the processing of the data and there is no other legal reason for the processing of the data;

  3. If you oppose the processing and there are no other compulsory legal reasons to further processing;

  4. If you do not consent to the processing and personal data a re directly processed;

  5. If the personal data have been illegally processed;

  6. If in order to comply the personal data must be erased;

  7. If the personal data have been collected in connection with an offer of the information society – service provided to children.

The Right to Portability (art. 20, GDPR)

In some cases you may have the right to receive the data you have provided to the controller in a structured machine-readable format which makes the reuse of the information easier in a new context and have the right to transmit those data to another controller without any hindrance.

When can we talk about data portability?

This right is only available if the personal data (provided by the affected person) have been processed in an automatised way, and you have consented to the processing or the processing has been done based on a contract between you and the data controller.

This right is valid only if it does not infringe the rights of other individuals.

The Right to Restriction of Processing (art. 18, GDPR)

You have the right to restrict the processing of personal data by the data controller. When the processing of data is restricted, the data controller may store the data, but other operations such as deletion are not possible without your consent.

The Right to Object (art. 21, GDPR)

You can object to the handling of personal data if their use is based on your consent or on the legitimate interest of the Foundation or of a third party. In these cases we cannot handle your personal data, except for when there is a legal basis that takes precedence over your rights, interests or freedom of decision, as well as in cases when the processing of data is needed for submitting, executing or protection of legal claims.

Your rights regarding the automated individual decision making process, including profiling (art. 22, GDPR)

You have the right to make a decision that is not based on the automated decision making process. The processing is “automated” if it is done without human intervention and has legal consequences or it influences you in a significant manner. The automated processing includes profiling.

Regarding personal data if the automated/automatic processing is permitted?

Automated processing is permitted only if it is needed for the fulfilment of a contract or for authorisation permitted by European or international law. We do not use methods of automated processing.

You can exercise these rights individually or cumulatively if you submit a request at our office in Romania: Targu Mures, Str. Gh. Avramescu, Nr. 11, or by mail at: office@studium.ro.

Moreover, if you think that your rights have been violated, you have the right to file a complaint at the National Supervisory Authority for Personal Data Processing, B-dul G-ral Gheorghe Magheru 28-30, Sector 1, Cod poștal: 010336, București, România, e-mail: anspdcp@dataprotection.ro.

Use of forms:

You can also reach us through our electronic contact form. The use of the form implies the provision of data necessary to contact the User and to respond to their requests. In order to facilitate contact and management of requests the User can provide additional data. Providing data marked as compulsory is needed in order for the requests to reach us and for us to be able to manage them, failure to provide them makes this process impossible.

In order to be able to identify the User that has submitted a request through this form – the legal basis for data management is the processing of data for provision of services (art. 6, par. (1) b of GDPR).

Incidents connected to data protection:

If notified, cases of data protection incidents shall be investigated by the general manager, the investigation is going to be led by the internal data protection officer, except for cases when the circumstances of the incident clearly shoe that this is in connection with the data protection officer, and the investigation cannot be done by that person. In his place the investigation is going to be led by the leader of the IT department. In order to be able to supervise the measures taken in connection with the incident, by the data protection officer the Organisation keeps a record that contains the data type, the number of affected individuals by the incident, the data, circumstances, effects of the data protection incident and the measures taken to solve the situation, as well as other data defined by law regarding data management.

In order to ensure the safe handling of personal data, the data Controller continuously makes risk assessments, thus ensuring that access to the data is granted only to authorised personnel and only to the extent needed for them to carry out their activities. The data Controller guarantees that the operations carried out with personal data are don only by authorised personnel.

Contact details of the Foundation:

You can write to us to the following e-mail address: office@studium.ro or by traditional mail to the address: Târgu Mureș, Str. Gh. Avramescu, Nr. 11.

The data Controller has appointed a data protection officer who can be contacted in all cases connected with personal data processing, by e-mail: office@studium.ro.

The Foundation reserves its right to modify the present CONFIDENTIALITY POLICY.

Studium Foundation – Central Offices
Târgu Mureș, Str. Gh. Avramescu, Nr. 11
Telephone: +40 265 250 773
E-mail: office@studium.ro