We constantly strive to ensure the confidentiality and security of your personal data.
The legality, transparency and fairness of any processing operation is a priority for us, thereby we invite you to read carefully and in full our policy in this regard.
Data on the personal data controller
The operator who processes personal data through the web page „Adoptă un copac!” is VIITORPLUS – asociația pentru dezvoltare durabilă (hereinafter referred to as “VIITORPLUS”), based in Str. Round No. 24, attic room 2, Bucharest, Sector 2, Fiscal Code: 18654032, registered with no. 10134/14.10.2016 at the District 2 Court. The data operator can be contacted at the e-mail address: [email protected].
What is “processing” according to European Regulation no. 679/2016 (GDPR)?
“Processing” means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.
Data collected by VIITORPLUS, depending on the method and purpose of the communications received
Access to and consultation of this website is not conditioned by the provision of personal data by Users (data subjects).
The provision of personal data is only necessary if users wish to make donations to VIITORPLUS, financially supporting afforestation activities.
Any collection and processing of personal data is done with the implicit consent of the user who creates a user account and/or makes any subsequent communications to/through/on the platform.
Any user who does not agree with the processing methods detailed below is requested not to take any of the actions that necessarily involve the prior collection and processing of his data.
VIITORPLUS collects, based on the voluntary provision of the data subject, personal data related to the registration of a user account. The types of data processed depend on how the data subject understands to use the platform / application, the ways and purposes in which he contacts the operator:
Purpose of data collection and processing:
The data provided by the data subject in accordance with points 1 and 2 above shall be used to establish minimum premises for the veracity of contributions of any kind to the platform. The data will be associated with a single user account, and may facilitate the response to requests/notifications of any kind of the user in question, preventing the integration in any way in the platform/application of content not permitted by law or the document entitled Terms and Conditions (by restricting the access of a user who does not act honestly and in good faith, censoring communications to/on/through the platform of a particular user and other such measures), to allow users to share any activity on the platform or their relevance within platform in other web spaces of any kind. The processing of such data may also facilitate the prevention of criminal acts or that harm/harm in any way the legitimate rights and interests of VIITORPLUS, users of the platform/application or third parties (for example, in the case of spreading unrealistic defamatory the address of a competitor in the fields of activity aimed at the purposes of the platform).
The data provided according to points 3 and 4 above will be used to communicate a response to the request addressed/to schedule a pre-employment interview or to establish relationships based on a Volunteer Agreement through:
The data provided by the data subject according to point 5 above will be processed for the purposes and conditions detailed in the Cookies Policy, available on this platform/application.
The data provided on the data subject in accordance with point 6 above shall be used to confirm his identity in an appropriate and reasonable manner, to carry out checks, to take appropriate measures, etc. and for providing a response/ensuring adequate information to the data subject, under the terms of the section – Requests/complaints/notifications regarding personal data – management, settlement, communication and cooperation, of this document.
In the event of a negative feedback from an individual, VIITORPLUS will make every reasonable effort to investigate and, if necessary, remedy the situation, and will send an appropriate response to the data subject. Processing in order to send a response is subject to the legitimate interest of the operator to ensure the optimal functionality of the platform/application, to collaborate effectively with its customers/potential customers through the platform/application, to maintain its good reputation and image, check how the employees, its representatives, the volunteers who carry out activities on behalf of the association, respect in the relations with third parties the legal norms, the internal Regulation of the operator, its policies regarding the personal data, good morals and good manners.
At reasonable periods of time, as a rule, every 6 months, or at other times in relation to certain specific circumstances such as (unlimited) the provision of new services/the hiring of new staff/the recruitment of new volunteers or events in connection with the platform/application leading to the conclusion that there is a need in this regard, the operator may invite users to provide feedback on any aspect related to the services/products offered/how to provide and make proposals to improve services.
Bases of data processing by the Operator
VIITORPLUS processes the personal data provided through the „Adoptă un copac!” platform for the following purposes and legal grounds:
Personal data collected through the platform/application, processed by VIITORPLUS or VIITORPLUS partners are retained for a specified period, depending on the purpose of collection:
The rights of the data subject. Ways of exercise. VIITORPLUS Measures and Guarantees
Any data subject has the following rights in relation to the personal data controller:
In the situation where it is considered that the rights recognized by Regulation no. 679/2016 have been violated, any data subject has the opportunity to address the National Authority for Supervision of Personal Data Processing (A.N.S.P.D.C.P.) by filing a complaint.
The contact details of the A.N.S.P.D.C.P. are the following:
In the processing of personal data, VIITORPLUS and any VIITORPLUS partner will act in a legal, fair and transparent manner, respecting all the principles imposed by the legislation in force. Data processing is performed for specific, explicit and legitimate purposes. The processing of data is adequate and limited, only in relation to the need to achieve the purpose for which they were collected. Personal data will be retained only for the time necessary to fulfill the purposes for which they are processed, and the processing will be carried out in an appropriate manner to ensure the security and integrity of the data.
VIITORPLUS will not transfer the data collected through the site outside the territory of Romania. Access to this data will be allowed to the external IT service provider, and to any external contracted service providers in order to ensure the optimal operation and security of the platform/application or for marketing purposes.
In order to ensure the legality of the processing of personal data, VIITORPLUS assumes responsibility for implementing appropriate technical and organizational measures to protect against unauthorized access, use, alteration or destruction of personal data in accordance with international and national legal provisions on personal data protection. personal.
These security measures include (but are not limited to) – securing physical/digital data storage spaces (keys, passwords, security alerts, system access notifications, antivirus), limiting access to data strictly to those in charge specific in relation to the purpose of processing, information, accountability and appropriate guidance of employees, partners, collaborators who are allowed access to data, establishing specific responsibilities in contracts and job descriptions of employees, concluding confidentiality agreements with external collaborators/departments outsourced/ service providers and any other persons who are allowed to access or transfer data, ensuring that no data related to the user account is disclosed at the time a user makes any type of communication to/through the platform/application and prior verification of communications to/through the platform/application to ensure c do not disclose personal data. The user who transmits the content subject to censorship in the light of GDPR, cannot oppose to VIITORPLUS his freedom of expression. Any user understands and accepts that any disputed situation underlying the disclosure in the content of his communications of personal data must be made by the competent authorities.
VIITORPLUS will not disclose personal data collected in the manner detailed above, except for authorized employees, authorized persons of VIITORPLUS or VIITORPLUS partners who are required to process such data on behalf of VIITORPLUS (provision of services, provision of complete and accurate information of the data subjects, transmission of marketing communications, etc.) or if the disclosure obligation represents a legal obligation or a legitimate request of a competent authority in charge of VIITORPLUS and / or of its partners, collaborators, employees.
Requests/complaints/notifications regarding personal data and Security breaches – management, settlement, communication and cooperation
Any requests/complaints/notifications regarding personal data will be addressed to the operator in writing, in one of the contact ways available on the site and, with the provision of a contact address to which the answer/information related to it can also be communicated in writing. The same procedure will be followed in the case of requests/communications related to previous requests/complaints/notifications.
When addressing any request/complaint/notification, the applicant identifies you accordingly, in order to prevent compromising the confidentiality of data, taking measures at the request of unjustified/unauthorized persons or endangering/violating in any way the rights and legitimate interests of persons in relation to the dates on which the request is made.
In the case of requests made through a proxy, the proxy will be properly identified and its quality will be verified (including directly from the data subject).
Requests sent by telephone or requests in which the only available contact date is the telephone number of the data subject will not be considered until they are sent in writing, under the conditions specified above. Likewise, if the request is made in conditions that raise a suspicion of the operator regarding the identity of the applicant or regarding the legal nature of the request the operator could suspend your settlement until providing reasonable additional information/ data to confirm the identity and or quality applicant.
We make these requirements subject to our legal obligation and our legitimate interest in proving your rights under the GDPR and all legal data protection rules.
Any request will be resolved within 30 days of receiving it.
The response to the request and/or any communications related to its specificity will be sent in writing to the person concerned or his authorized person, in the manner in which the operator received the request (example – for the request sent by e-mail will be answered by e-mail, the request by physical correspondence shall be answered by physical correspondence), or in another express and reasonable written request requested by the data subject/treir proxy.
Security breach is a violation of the security of personal data, for example – unauthorized processing in any of the ways listed in the definition of processing above.
In the event of a security breach, the operator shall notify ANSPDCP without undue delay and, if possible, within a maximum of 72 hours from the date on which it became aware of it, unless it is unlikely to pose a risk to the rights and freedoms of individuals.
If the security breach is likely to pose a high risk to the rights and freedoms of individuals, the operator shall inform you in an appropriate and lawful manner, including the data subject, without undue delay.
Exceptionally, the information of the data subject in case of a breach will not be provided to you if:
In the phase prior to the settlement of any request/complaint/notification and during its settlement, as well as in the case of any possible security breach, the relations between the operator with the data subject and the Supervisory Authority will be characterized by transparency and openness to cooperation by the operator.
If a change to these privacy rules is required, VIITORPLUS will publish those changes to ensure accurate and complete information about the data collected and how it is used.
Version published in June 2020
2020 Copyright VIITORPLUS