PERSONAL DATA PROCESSING POLICY

1. BASIS FOR THE PROCESSING

  1. In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), Asociația Centrul Cultural Clujean (Cluj Cultural Centre Association) is bound to process the personal data collected through the online platform www.ecca.ro securely and only for the purposes specified below.

2. PURPOSE OF THE PROCESSING

  1. The Cluj Cultural Centre Association processes personal data collected directly from users/visitors through automated means.
  2. The personal data will be processed for the following purposes:
    • To obtain the information required for the enrolment of the applicants in the various programs that the Cluj Cultural Centre will develop/exhibit/promote through the website www.ecca.ro;
    • To send communications to the e-mail address provided or to the telephone number provided; such communications concern administrative matters, the ECCA Project and the activities within this Program;
    • To verify the validity and accuracy of the data entered in the application for joining the program.

3. THE DATA PROCESSED

  1. When accessing, using and browsing the website www.ecca.ro, the device used for access may automatically send information to the server hosting the web platform. In this way, the following personal data categories may be collected automatically:
    • The IP address of the device used to access the website;
    • The date and time of the visit;
    • The website that redirected the user to the web page www.ecca.ro;
    • The browser used, the operating system of the device used, as well as the name of the access provider.
  2. Personal data may also be collected directly from users/visitors if they use the application forms of the programs/events, as well as if they use the contact form found on the platform www.ecca.ro. In this way, the following personal data categories may be collected:
    • Last name and first name;
    • E-mail address;
    • Telephone number;
    • Address;
    • Data and information regarding ideas, concepts, services, products, affiliates etc.;
    • Furthermore, in the event that the applicant sends to the Organizer one or more links to specialized websites (e.g. Facebook, LinkedIn etc.) where details about the applicant’s activities may be viewed, the Organizer will also collect this type of personal data.

4. TRANSMISSION OF PERSONAL DATA

  1. The information processed in the ways listed above is intended for use by the Cluj Cultural Centre Association for the purposes specified in Art. 2 and may only be shared with the following recipients and in the following cases:
    • Public or private entities involved in the control, oversight and coordination of the business of the Organizer, as well as public entities entitled to control and oversee the activities carried out and which may claim access under the law;
    • The Organizer’s partners involved in the development of the programs/events promoted through the website;
    • The IT service provider that ensures the functionality of the website www.ecca.ro;
    • When you have given your express consent, in accordance with Art. 6 (1)(a) of the General Data Protection Regulation (EU) 2016/679;
    • When the disclosure is necessary for compliance with a legal obligation to which the Cluj Cultural Centre is subject;
    • When disclosure is necessary to defend the legitimate interests pursued by the Cluj Cultural Centre, unless the interests or fundamental rights and freedoms of the data subject prevail, requiring the protection of personal data, especially when the data subject is a child.

5. RIGHTS

  1. The General Data Protection Regulation recognizes a number of rights in relation to personal data, including:
    • The right to information: The data subject may request information on the processing of personal data, on the identity of the controller and of their representative or on the recipients of the data collected;
    • The right to rectification: Inaccurate personal data can be rectified or completed;
    • The right to data erasure: The data subject may obtain the deletion of their personal data if the personal data has been unlawfully processed or in other cases provided for by the law;
    • The right to restriction of processing: The data subject may request the restriction of the processing if the accuracy of the personal data is contested, as well as in other cases provided for by the law;
    • The right to object: The data subject may object to the data processing that is based on the legitimate interest of the Controller;
    • The right to data portability: The data subject may request the personal data that they have provided, in a machine-readable format, or they may request that the data in question be transmitted to another controller;
    • The right to lodge a complaint and to petition the courts of law: The data subject may lodge a complaint related to the personal data processing with the National Supervisory Authority for Personal Data Processing, and/or they may file a suit with the competent courts of law;
    • The right to withdraw consent: Where the processing is based on the consent of the data subject, they may withdraw such consent at any time. The withdrawal of their consent shall only be effective in the future; any processing carried out prior to the withdrawal shall remain valid;
    • The right not to be subject to additional automated decisions or profiling related to automated decision-making: The data subject may request and obtain human intervention regarding the processing or may express their point of view on that type of processing.

6. FINAL PROVISIONS

  1. Access to personal data shall only be granted to authorize personnel and solely for the performance of specific duties in order to fulfil the aforementioned purposes; such personnel shall be legally bound to maintain data confidentiality.
  2. The Organizer together with the owner of the server that hosts the platform www.ecca.ro shall implement electronic and administrative physical procedures to protect the personal information that is collected in accordance with this section. The owner of the website and the web hosting platform shall ensure that all personal data is only accessible with a password. Furthermore, the owner of the website shall ensure the implementation of appropriate methods to enhance the security of the website (measures to prevent brute-force login attacks, SSL certificates, strong passwords etc.).
  3. In the event of a personal data breach, the Organizer undertakes to comply with the legislation in force, notifying both the affected data subjects and the National Supervisory Authority for Personal Data Processing of the breach within 72 hours from its occurrence.
  4. For further details regarding this Personal Data Processing Policy, as well as to exercise any of the rights listed in Art. 5, please send a written notification to the e-mail address office@cccluj.ro or the postal address 3 Fluierașului St., Cluj-Napoca; the Data Protection Officer is Alexandru Jurcan (alexandru.jurcan@cccluj.ro).