PRIVACY POLICY

 

PRIVACY POLICY

Introduction

This document contains information regarding the personal data gathered by Nu Am Timp SRL (named allyourtime.com), who is the Operator of the personal data which you (as the Interested Party) will distribute to us to activate the electronic trade by using our site allyourtime.com and other technologies and associated acts with the Allyourtime online presence.

In accordance with the General Data Protection Regulation (EU) 2016/679 regarding the protection of individuals concerning the processing of personal data and the free circulation of these data and the Directive 95/46/CE (General Data Protection Regulation) hereby repeal, in continuation: GDPR, we inform you that:

The privacy policy can be accessed on the allyourtime.com site

The modifications of the policy will come into force from the moment of the publication on the website mentioned above. 

Contact information of the data operator: 

Name of the company:
NU AM TIMP SRL

Headquarters:   

Tg. Mureș, str. M. Kogălniceanu, nr. 18, jud. Mureș

Business registration number:

J26/1273/10.06.2019

Fiscal code:  

41247068

E-mail:  

support@allyourtime.com

Web:                    

allyourtime.com

Phone number:           

+40757055591

Contact information of the Data Protection Officer:

The Data Protection Officer declares that is not responsible for data protection, while there is no incident of cases provided in the GDPR paragraph (1) art. 37.

Definitions;

  1. “personal data” is defined as any information relating to an identified or identifiable individual (“data subject”); an identifiable individual is a person who can be identified directly or indirectly through identification elements such as a name, an identification number, location data, an online identifier or one or more elements specific to their own physical, physiological, genetic, psychological, economic, cultural or social identity;
  2. “processing” is defined as any operation or set of operations that are performed on personal data or sets of personal data, with or without using automated processing such as gathering, registering, organizing, structuring, storing, adapting or modifying, extracting, consulting, utilizing, disclosing by transmitting, disseminating or making it available in any other form, aligning or combating, restricting, deleting or destroying;
  3. “operator” is defined as a natural or legal person, public authority, agency or organisation who alone or together-with others, establishes the purposes or means of the processing of the personal data; when the purposes and the means are established by the law of the Union or the national law, the operator or the specific criteria for the designation of it can be provided in the law of the Union or in the national law;
  4. “authorized person by the operator” is defined as a natural or legal person, public authority, agency or organisation who is processing data in the name of the operator
  5. “recipient” is defined as a natural or legal person, public authority, agency or organisation whose personal data is disclosed regardless of being a third party or not. However, public authorities are not considered recipients in case of an investigation conformed to the law of the Union or the national law; during the processing of the personal data public authorities are respecting the norms for protecting the personal data conformed to the purpose of the processing.
  6. “consent” of the data subject is defined as any manifestation of free will acceptance, specific, informative and unambiguous of the data subject by declaration or unequivocal action the personal data that will be processed;
  7.  “violationing the of security of the personal data” is defined as a form of security violation results in the accidental or illegal  destruction, loss, modification or unauthorized disclosure of transmitted personal data, stored or processed in other form, or unauthorized access to it;

Principles concerning the processing of personal data

Personal data is:

  1. processed legally, equitable and transparent concerning the data subject (“legality, equitability and transparency”);
  2. collected with determined, explicit and legitimate purposes, and is not processed after in incompatible form; processing is carried out for archiving purposes in public interest, for scientifical, historical or statistical purposes are not considered incompatible with initial purposes in accordance with paragraph (1) art. 89 (“limitations regarding the purpose”);
  3. adequate, relevant and limited and necessary to the purposes of processing the personal data (“ reducing the data to the minimum”)
  4. accurate when actualization is needed; in case of inaccurate personal data during processing the necessary action should be taken, deleting or rectification without delay (“accuracy”);
  5. stored in the form that allows the identification of the data subject for a period that is not overlapping the period necessary for the processing of the data; personal data can be stored for an extended period when processing is carried out for archiving purposes in public interest, for scientifical, historical or statistical purposes in accordance with paragraph (1) art. 89, subjected to adequate measurements of technical and organizational order foreseen by the regulation guaranteeing the rights and liberties of the data subject (“limitations regarding storing”)
  6. processing in the from that ensures adequate security of the personal data, including protection against unauthorized or illegal processing and against loss, accidental destruction or deterioration, by taking the necessary technical and organizational precautions (“integrity and security”)

The operator is responsible for respecting all the above and is allowed to demonstrate that he respected it (responsibility).

Processing

Registration

  1. Data collection, processed data and the purpose of the processing

Personal data 

Purpose of processing

Name, surname

Assures identification and safe log in to the user’s account.

E-mail address 

Staying in touch, sending notifications by the system, log in to the user’s account.

Password

Assures safe log in to the user’s account.

Phone number

Staying in touch, sending notifications by the system, log in to the user’s account.

Date of registration

Executing technical operations.

IP address from the moment of the registration

Executing technical operations.

Demographic information (postal code, age, gender, interests of the client)

For personalizing the messages, for making the commercialized messages relevant by using demographic information and interests as a criteria. 

Regarding the e-mail address is not necessary for this to contain personal data.

  1. Data subject: every individual registered on the webpage.
  2. Data processing time, data deletion term: it takes the request of a data subject to delete it. With the deletion of the registration the personal data of the applicant is also deleted. According to art. 19 of the GDPR, the data operator has to notify the data subject in electronic form about the deletion of any personal data provided by the data subject. In case if, the data subject requested the deletion of e-mail address, the operator will delete the address after the notification.
  3. Authorized people by the operator for the processing of the personal data, recipients of the personal data: Authorized people by the operator for the processing of the personal data are designated employees for this purpose according to the privacy policy.
  4. The process of informing data subjects about their rights regarding the processing of personal data:
  • The data subject has the right to request access to the personal data from the operator, as well as the rectification, deletion or restriction of processing the personal data; and
  • Can oppose to the processing of it, as well as
  • Has the right to the portability of it, and to withdraw their consent at any moment.
  1. The data subject can request to access the personal data, as well as the rectification, deletion or restriction of processing it, the portability of it, and to withdraw their consent at any moment by the following:
  • by post at the next address: Tg. Mureș, str. M. Kogălniceanu, nr. 18, jud. Mureș
  • by e-mailing to the next address: support@allyourtime.com
  • by phone: +40757055591
  1. Basis of processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force from Romania.
  2. We inform you that:
  • The processing of the data is based on your consent.
  • For registering you are obliged to provide us with personal data.
  • Not providing the data it is impossible to create an user account.

Processing of the necessary data for the functioning of the online shop (utilization of services)

  1. Data collection, processed data and the purpose of the processing

 

Personal data

Purpose of processing

Name, surname

Necessary for getting in touch, placing the order and  completing the receipt.

E-mail address

Staying in touch, confirmation.

Phone number

Staying in touch, quicker method of answering questions about completing the receipt, or delivery..

Date of birth

identification

Gender

identification

Billing address

The correct completing of the receipt, as well as the conclusion of the contract, establishing the content, modifying, servaling the execution of it, the billing of the derived taxes from these options, as well as the indessiment of the claims arising over the course.

Delivery address

Necessary for delivering to the home address.

Data of order/registration

Executing technical operations.

IP address from the moment of order/registration

Executing technical operations.

Regarding the e-mail address is not necessary for this to contain personal data.

  1. Data subject: every individual registered on/who ordered from the webpage.
  2. Data processing time, data deletion time: is available until the data subject requests the deletion. With the deletion of the registration, the personal data of the requestent is deleted. By Article 19 from the GDPR, the data operator notifies the data subject in electronic form about the deletion of any personal data provided by the data subject. If the data subject requested the deletion of the e-mail address, the operator will delete the address after the notification. Exceptions are the accounting documents that are kept for 8 years, provided by the hungarian legislation (paragraph 2, Article 169 from Law C. from the year 2000 regarding accountability).
  3. Authorized people by the operator for the processing of the personal data, recipients of the personal data: Authorized people by the operator for the processing of the personal data sales and marketing employees of the data operator according to the mentions above.
  4. The process of informing data subjects about their rights regarding the processing of personal data:
  • The data subject has the right to request access to the personal data from the operator, as well as the rectification, deletion or restriction of processing the personal data; and
  • Can oppose to the processing of it, as well as
  • Has the right to the portability of it, and to withdraw their consent at any moment.
  1. The data subject can request to access the personal data, as well as the rectification, deletion or restriction of processing it, the portability of it, and to withdraw their consent at any moment by the following:
  • by post at the next address: Tg. Mureș, str. M. Kogălniceanu, nr. 18,     jud. Mureș
  • by e-mailing to the next address: support@allyourtime.com
  • by phone:+40755116003
  1. Basis of processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.
  2. We inform you that:
  • The processing of the data is based on your consent.
  • For registering you are obliged to provide us with personal data.
  • Not providing the data it is impossible to process the order, as well as impossible to deliver the order.
  1. Data processing time, data deletion term is available until:
  • the data subject requests the deletion.
  • navigation on this website (we ask you to consult our cookie policy on this link). 
  • Maximum 1 year - requesting contract.
  • Maximum 2 years - restriction zone for the user registered/authenticated (maximum 2 years)
  • Maximum 2 years - collecting data for selecting personal.
  • Maximum 24 months - receiving newsletter or promotional information in e-mail.
  • Maximum 10 years - selling online.
  1. With the deletion of the registration the personal data of the applicant is also deleted. According to art. 19 of the GDPR, the data operator has to notify the data subject in electronic form about the deletion of any personal data provided by the data subject. In case if, the data subject requested the deletion of e-mail address, the operator will delete the address after the notification.
  2. Authorized personnel by the operator for the processing of the personal data, recipients of the personal data: Authorized people by the operator for the processing of the personal data are designated employees for this purpose according to the privacy policy.

Authorized personnel by the operator

Web-hosting service provider

  1. Service provided by the personnel authorized by the operator: web-hosting service provision.
  2. Name and contact information of the personnel authorized by the operator:
  3. Data collection, data processing: every personal data provided by the data subject
Name of the company: NU AM TIMP SRL

Headquarters: Tg. Mureș, str. M. Kogălniceanu, nr. 18, jud. Mureș

Business registration number: J26/1273/10.06.2019

Fiscal code: RO41247068

E-mail: support@allyourtime.com

Web: allyourtime.com

Phone number: +40757055591


  1. Data subjects: every person benefiting from the services provided on the web page, as well as every person registered on/ordering from the web page.
  2. Purpose of processing: accessibility, proper functioning of the web page / web-hosting service providing.
  3. Data processing time, term of data deletion: until the end of the collaboration between the Provider and the Web-hosting service provider, or until the request of the data subject addressed to the Web-hosting service provider regarding the deletion of the data.
  4. Basis of the processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.

Delivery

  1. Service provided by the personnel authorized by the operator: delivering products, transport.
  2. Name and contact information of the personnel authorized by the operator:

Name of the company:DELIVERY SOLUTIONS SA,

Headquarters: București, Sectorul 6, Splaiul Independenței, Nr. 319, Bloc Ob17c

Business registration number: J40/7031/2008

Fiscal code: 23743772

E-mail: office@sameday.ro      

Web: sameday.ro       

Phone number:021 – 637.06.60

  1. Data collection, processed data: name and delivery address, phone number, e-mail address.
  2. Data subjects: every person requesting home delivery.
  3. Purpose of processing: home delivery of the ordered product.
  4. Data processing time, term of data deletion: until the execution of the service.
  5. Basis of the processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.

Online payment

  1. Service provided by the personnel authorized by the operator: online payment.
  2. Name and contact information of the personnel authorized by the operator:

Name of the company: NETOPIA Payments SRL

Headquarters: Bd. Dimitrie Pompeiu nr 9-9A, Iride Business Park, cladirea nr. 24, camera 4C, et. 4, sector 2, 020335, BUCUREȘTI

Business registration number: J40/9170/2003

Fiscal code: RO15565496       

E-mail: gdpr@netopia.ro   

Web: netopia-payments.com

       

  1. Data collection, processed data: name and billing address, e-mail address.
  2. Data subject: every person who requested online payment.
  3. Purpose of processing: online payment executing, payment confirmation and executing fraud-monitoring to protect the users interests (abuse verification).
  4. Data processing time, term of data deletion: until the execution of the online payment.
  5. Basis of the processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.

Web page administration

  1. Service provided by the personnel authorized by the operator: web page administration (verification, technical updating, development of the security system, other developments, repair)
  2. Name and contact information of the personnel authorized by the operator:

Name of the company: SC Aprilred SRL

Headquarters: Targu Mures, Romania, str.Köteles Sámuel  nr. 8     

Fiscal code: RO 2954 5677

E-mail: hello@aprilred.com       

Web: aprilred.com

Phone number: +40 744 427 687 

  1. Data collection, processed data: any personal data provided by the data subject.
  2. Data subject: every person who beneficiated from the services provided on the web page as well as every person registered on/ordering from the web page. 
  3. Purpose of processing: web page administration (development, verification, reparation)
  4. Data processing time, term of data deletion: until the end of the collaboration between the Provider and the Web page administrator, or until the request of the data subject addressed to the Web page administrator regarding the deletion of the data.
  5. Basis of the processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.

Accounting, billing

  1. Service provided by the personnel authorized by the operator: Accounting, billing.
  2. Name and contact information of the personnel authorized by the operator:

Name of the company: I-TOM SOLUTIONS SRL

Headquarters: Bl. Mircea Voda, nr. 21D, et.7, ap. 7.5, Sector 3, București   

Business registration number: J40/3342/2006

Fiscal code: RO18430442   

E-mail: contact@itom.ro   

Web: fgo.ro       

  1. Data collection, processed data: Name, name and billing address.
  2. Data subject: every person who ordered from the web page.
  3. Purpose of processing: issuing the electronic bill/accounting.
  4. Data processing time, term of data deletion: 8 years, according to the legislation in force in Romania (Law of accounting nr. 82/1991 republished).
  5. Basis of the processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.

Utilization of “cookies”

  1. The utilization of “security cookies”, “session status cookies”, “permanent or saved cookies”, “internal or external cookies” does not require previous consent of the data subject.
  2. Data collection, processed data: IP address, connection data.
  3. Data subject: every person accessing the web page.
  4. Purpose of processing: identification of the users and tracking visitors.
  5. Data processing time, term of data deletion:

 

Cookie Type

Basis of processing

Processing time

Purpose of Processed data

PHPSESSID

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

Until the end of the utilization of the session in question.

.

Strictly Necessary

_fbp

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

3 month

Targeting/Advertising

_ga

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

2 year

Performance

_gat_gtag_xxxxxxxxxxxxxx

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Targeting/Advertising

_gid

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Performance

bannerslider_user_code_impress_slider1

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Targeting/Advertising

form_key

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Functionality

mage-cache-sessid

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

mage-cache-storage

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

mage-cache-storage-section-invalidation

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

mage-messages

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

mage-translation-file-version

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

mage-translation-storage

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

mage-translation-storage

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

product_data_storage

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

recently_compared_product

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

recently_compared_product_previous

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

recently_viewed_product

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

recently_viewed_product_previous

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

section_data_ids

point (f) (1) paragraph Article 6 form din General Data Protection Regulation (GDPR) regarding 

1 day

Marketing

 

  1. Authorized personnel for the processing of the personal data: because of the utilization of cookies the data operator does not process personal data.
  2. Informing the data subjects about their rights regarding the data processing: The data subjects have the possibility to delete the cookies in the browser settings, at the setting point called data protection. For instance, in the Google Chrome browser the Instruments meniu contains an option with which you can Delete the navigation data.
  3. Basis of the processing: in which case the purpose of the utilization of the cookies is transferring by electronic communication network, or the utilization is necessary for providing the requested services, the consent of the data subject is not necessary.

Complaints:

  1. Data collection, processed data and purpose of processing:

 

Personal data

Purpose of processing

Name, surname

Identification, staying in touch.

E-mail address

Staying in touch.

Phone number

Staying in touch.

Name and billing address

Identification, objections regarding the quality of the ordered products, questions and resolution of the problems.

  1. Data subjects: every person who ordered from the web page and made a complaint about the quality of the ordered product.
  2. Data processing time, term of data deletion: Copies of the minutes drawn up with the registration of the complaint, of the address and the response to the address will be kept for 5 years.
  3. Authorized personnel for the processing of the personal data, recipients of the personal data:  Authorized personnel for the processing of the personal data are the sales and marketing representatives of the data operator in concordance with the principles mentioned above.
  4. Informing the data subjects about their rights regarding the data processing:
  • The data subject has the right to request access to the personal data from the operator, as well as the rectification, deletion or restriction of processing the personal data; and
  • Can oppose to the processing of it, as well as
  • Has the right to the portability of it, and to withdraw their consent at any moment.
  1. The data subject can request to access the personal data, as well as the rectification, deletion or restriction of processing it, the portability of it, and to withdraw their consent at any moment by the following:
  • by post at the next address: Tg. Mureș, str. M. Kogălniceanu, nr. 18,     jud. Mureș
  • by e-mailing to the next address: support@allyourtime.com
  • by phone: +40755116003
  1. Basis of processing: consent of the data subject following point f) (1) paragraph Article 6 from Reg. (EU) 2016/679, as well as the legislations in force in Romania.
  2. We inform you that:
  • The processing of the data is based on your contractual consent.
  • The processing of the personal data is necessary for the conclusion of the contract.
  • For responding to your complaint you are obliged to provide us with personal data.
  • Not providing the data it is impossible to respond to your complaint.

Social media

  1. According to the legislation (Article 13 from the Reg. (EU) 2016/679), regarding the processing of personal data - concerning social media - are defined the following terms:
  1. data collection,
  2. data subject,
  3. purpose of processing,
  4. time of processing,
  5. authorized personnel for processing of the data,
  6. informing the data subjects about their rights regarding the processing of the data.
  1. Data collection, processed data: Name that is registered to social media platforms Facebook/Google/Twitter etc., as well as public profile photos of the User.
  2. Data subjects: Every person registered to social media platforms Facebook/Google/Twitter etc., and “liked” the Providers page or posts of the data operator.
  3. Purpose of processing: Sharing, following or popularizing the products, services, discounts of elements of the web page, or the web page itself, on the social media platforms.
  4. The data processing period, the data deletion period, the personnel authorized to the data processing and the informing of the data subjects about their data processing rights: information on the source, processing and transmission of data, and the basis of processing, are provided by the social media platform concerned. The data processing is carried out by the respective social media platforms, thus, regarding the period and the way of data processing, the possibilities of deletion and rectification of the data, the regulation of the web page in question applies.
  5. Basis of processing: consent of the data subject for the processing of their personal data on the social media platforms.
  6. For more information access:

Facebook social login: https://developers.facebook.com/docs/plugins

Twitter social login: https://support.twitter.com/articles/20170519

Google account login: https://www.google.com/policies/privacy

Customer support and others

  1. In case of questions or problems regarding the services provided by the data operator, the data subject can address to the data operator by the means mentioned on the web page (phone, e-mail, social media platforms etc.).
  2. E-mails, messages, data provided by phone, Facebook, will be deleted by the data operator within 2 years at most.
  3. About the cases of data processing not mentioned in the Privacy policy We will inform you at the moment of the registering the data.
  4. In certain cases provided by law, at the request of the competent authorities, respectively at the request of other bodies based on incidental legal norms in question, the Provider has the obligation to provide data and to hand over documents to these bodies.
  5. In these cases, the Provider transmits to the requesting bodies only the personal data, which is absolutely necessary in order to fulfill the requested purpose.

Rights of the data subject

  1. Right of access of the data subject

The data subject has the right to get confirmation from the operator that the personal data is being processed or not, as well as access to the respective data.

  1. Right to rectification:

The data subject has the right to get from the operator without any unjustified delay the rectification of the personal data. Having in account the purpose of the personal data processing, the data subject has the right to complete the uncompleted personal data, including a supplementary declaration.

  1. Right to deletion

The data subject has the right to obtain the deletion of the personal data from the operator without any unjustified delay, and the operator has the obligation to delete the personal data without any unjustified delay in cases mentioned in the regulation.

  1. “Right to being forgotten”

In case if the operator made public the personal data and is obligated to delete it, taking into the consideration the available technology and the cost of implementation, take reasonable measures, including technical measures for informing the operator who are processing the personal data because the data subject has requested any of the links containing the data or any of the copies or reproductions of this personal data.

  1. Right for restricting the process

The data subject has the right to obtain from the operator the restriction of the processing in the cases below:

  • the data subject contests the accuracy of the data, for this period the operator will verify the accuracy of the data;
  • the processing is illegal, also the data subject is opposing the deletion of the personal data, requesting instead the restriction of the utilization;
  • the operator does not need anymore the personal data for processing, also the data subject requests the establishment, accuracy or protection of a right in the court;
  • the data subject opposed the processing for the time in which is verified if the legitimate rights of the operator prevail above the data subject.
  1. Right of the portability of the data

The data subject has the right to get the personal data that is theirs and refused provide from the operator in structured form, in current form and can be read automatically and has the right to transfer the data to another operator, without any obstacle from the operator to whom the data was provided.

  1. Right to oppose

In any moment the data subject has the right to oppose, for reasons regarding the particular situation in which they are, processing the personal data, including profiling based on the dispositions.

  1. Right to oppose in case of direct marketing

When the purpose of the processing of the personal data is direct marketing, the data subject has the right to oppose at any time the processing of the personal data, including profiling related to direct marketing.

  1. Automated individual decision making, including creating a profile

The data subject has the right not to be subject to a decision based on automatic processing, including profiling, which produces legal effects concerning the data subject or similarly affects to a significant extent.

This provision does not apply to the next decisions:

  • is necessary for concluding and executing a contract between the data subject and data operator;
  • is authorized by the law of the Union or by the internal law that applies to the operator and that provides corespondent measures  for protecting rights, liberties and interests legitimated for the data subject;
  • has at the base the explicit consent of the data subject.

Deadline of measure taking

The operator provides the data subject with information on action taken following a request based on the rights of the data subject mentioned above, without unjustified delay and in any case within a month of the receiving the request.

This period can be extended by two months when necessary, taking into account the complexity and number of requests. The operator informs the data subject of extension within one month of receipt of the request, stating the reasons for the delay.

If the data operator does not take action against the data subject, the operator informs the data subject, without delay and no later than one month after receipt of the request, of the reasons for not taking action and of the possibility to make a complaint in the front of a supervisory authority and to introduce a judicial remedy.

Security of processing

Given the current state of development, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risk with different degrees of probability and gravity for the rights and liberties of individuals, the operator and his authorized personnel implements technical and organizational measures appropriate to ensure a level of security appropriate to that risk, including, as appropriate:

  1. pseudomynisasion  and encryption of personal data;
  2. capicity of securing confidentiality, integrity, disponibility and the continuous resistance of the systems and services processed;
  3. capacity to restore the disponibility of personal data and timely access to this in case of a natural or technical incident;
  4. a process for testing, evaluating and periodic assessment of the effectiveness of technical and organizational measures to ensure the security of processing.

Informing the data subject regarding the violation of the security of the personal data

If the violation of the security of personal data is likely to pose a high risk to the rights and liberties of individuals, the operator informs the data subject without unjustified delay about such violation.

The information provided to the data subject includes a clear description in plain language of the nature of the personal data violation, the name and contact details of the data protection officer or another contact point from which more information can be obtained; describe the likely consequences of the violation of personal data security; describe the measures taken or proposed to be taken by the operator to remedy the violation of the security of personal data, including, where appropriate, measures to mitigate any possible negative effects.

Information of the data subject is not required if any of the following conditions are met:

  1. the operator has implemented appropriate technical and organizational protection measures, and these measures have been applied to personal data affected by personal data violation, in particular measures to ensure that personal data become unintelligible to anyone who is not authorized to access them, such as encryption;
  2. the operator took measures to secure the high risk for rights and liberties of the data subject is not likely to materialize;
  3. can necessitate a disproportionate effort. In this situation, is carried out public informing or a similar measure in which the data subjects are informed in an effective manner.

If the operator has not already communicated the personal data violation to the data subject, the supervisory authority, after taking into account the likelihood that the personal data violation would pose a high risk, may ask the data subject to this thing.

Right to make a complaint

Every data subject has the right to make a complaint with a supervisory authority, in particular in the Member State in which they have their residence, place of employment or the violation took place that the processing of personal data concerning this Regulation. The competent authority in Romania is:

National Authority for Surveillance of the Processing of Personal Data

Web: https://www.dataprotection.ro/ 

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucuresti, Romania

Email:    anspdcp@dataprotection.ro , dpo@dataprotection.ro 

Telefon: +40.318.059.211, +40.318.059.212

Fax: +40.318.059.602

Here you can download the (EU) 2016/679 REGULATION  OF THE EUROPEAN PARLIAMENT AND COUNCIL from 27th of april 2016 regarding the protection of the natural person in accordance with the protection of the personal data and  regarding the free circulation of the data and repeal of the Decision 95/46/CE (General regulation regarding data protection)



Date updated: 27.04.2021