As from 25 May 2018, the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) are applicable.
The protection of natural persons in relation to the processing of personal data is a fundamental human right, provided for in Article 8(1) of the Charter of Fundamental Rights of the European Union and Article 16(1) of the Treaty on the Functioning of the European Union.
The European Institute of Romania is aware of the importance of your data and undertakes to protect their confidentiality and security. For this reason, it is important for us, as a controller of personal data, to provide you, in an integrated and practical manner, with information relating to the processing of your personal data as data subjects.
The European Institute of Romania, having its registered office in Bd. Regina Elisabeta nr. 7-9, Sector 3, Bucharest, collects and processes personal data in order to fulfil its tasks and objectives:
- a) To support the substantiation and implementation of the policies of the Government of Romania in the field of European affairs;
- b) To increase the level of knowledge and competence of the civil servants and other socio-professional categories in the field of European affairs;
- c) To improve the access to European Union law, to the case-law of the European Court of Human Rights and to Romanian law relevant to the field of European affairs, as well as their understanding and implementation;
- d) To contribute to the development of the European spirit and values.
We collect and process the following types of data: name and surname, date of birth, home address, e-mail address, data related to the identity card, personal name record (CNP in Romania), financial/fiscal identification data.
Terms within the meaning of Regulation (EU) No 679/2016:
- Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
- Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Principles underlying the processing of personal data:
- Good faith, authorisation and accountability for the processing of personal data;
- Collection of data only for specified, explicit and legitimate purposes;
- Adequate and not excessive collection of personal data in relation to the purposes for which they are collected and processed;
- Confidentiality on the processing of personal data;
- Respect for the rights of the data subjects of the processing of personal data.
Personal data are collected and processed in order to carry out the following types of activities in the field of European affairs:
- Support activities specific to carrying out day-to-day activities, such as those specific to the fields of human resources, finance and accounting, etc.;
- Research and development activities, by conducting studies and analyses, elaborating and disseminating externally the periodical publications Romanian Journal of European Affairs, Newsletter;
- Short-term and long-term activities and programmes for ongoing professional training and development;
- Translation into Romanian, English or French languages, as well as linguistic and legal revision;
- Public communication activities in the field of European affairs, by organising public conferences, seminaries, round tables, debates, etc.;
- Implementation of projects based on non-refundable financing.
Data storage arrangements
For the electronic/digital data storage, we use the following services: Google Apps/Drive, MailChimp. The collected data are stored on the server of the institution and protected at high standards of security.
Storage is also made on paper. It should be noted that these documents are handled by persons appointed for this purpose and they are archived in accordance with the applicable legislation.
Storage of data is made strictly for the purpose for which the consent was given, and access to these data is given only to persons who have responsibilities in those fields.
Communication of the data to other persons
In order to provide services as highly competitive as possible, to fulfil our legal obligations or other legitimate purposes, it is possible that we may submit your personal data to public authorities, judicial bodies and other categories of recipients, from Romania or from abroad or the European Union, always ensuring that we establish adequate safeguards to protect your data (for example, standard contractual clauses, etc.).
Any person may refuse the processing of their personal data, for serious and legitimate reasons.
The persons who consented in advance to have their data collected and processed shall have the following rights:
- Right to information – they may request information on the processing of personal data, namely: the identity of the controller, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or are to be disclosed;
- Right to rectification – they may rectify inaccurate personal data or they may request to have them completed;
- Right to erasure (“right to be forgotten”) – they may request the erasure of their data, if they are no longer necessary in relation to the purposes for which they were collected or otherwise processed, when data have been unlawfully processed or any other cases prescribed by law;
- Right to restriction of processing – they may request the restriction of processing where the accuracy of the data is contested (restriction of processing lasts for a period enabling the controller to verify the accuracy of the data), and in other cases prescribed by law;
- Right to object – they may object, in particular, to processing of the data based on their legitimate interest (Article 6(1) of GDPR 679/2016);
- Right to data portability – they may receive, under certain conditions, personal data which they provided, in a structured, commonly used and machine-readable format or may require that such data are transmitted to another controller;
- Right to lodge a complaint – they may lodge a complaint against the modality of processing personal data with the National Supervisory Authority for Personal Data Processing in order to defend the rights guaranteed by the GDPR that they consider to have been infringed by our institution;
- Right to withdrawal of consent – where the processing is based on his/her express consent, the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent produces only future effects, the processing made before the withdrawal remaining valid;
- Right not to be subject to a decision based solely on automated processing, including profiling – they have the right to request and obtain human intervention on such processing, to express their point of view and to contest the decision. Exempted from these are cases where such processing is necessary for entering into, or performance of, a contract, when authorised by Union law or the national law or when the consent of the data subject has been obtained.
By reading this, you are aware that you are guaranteed the rights provided for in Regulation (EU) No 679/2016 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), namely the right to information, the right of access to data, the right to obtain intervention, the right to object, the right not to be subject to individual decisions, the right to rectification, the right to erasure, the right to data portability, the right to withdrawal of consent, the right to contest processing by lodging a complaint with the National Supervisory Authority for Personal Data Processing.
In order to exercise these rights, or in case any of your personal data are inaccurate and you want them rectified, you may submit a written request to our institution’s address or email: email@example.com.