We constantly strive to ensure the confidentiality and security of your personal data.
The legality, transparency and fairness of any processing operation is a priority for us, thereby we invite you to read carefully and in full our policy in this regard.
Data on the personal data controller
The operator who processes personal data through the web page „Adoptă un copac!” is VIITORPLUS – asociația pentru dezvoltare durabilă (hereinafter referred to as “VIITORPLUS”), based in Str. Round No. 24, attic room 2, Bucharest, Sector 2, Fiscal Code: 18654032, registered with no. 10134/14.10.2016 at the District 2 Court. The data operator can be contacted at the e-mail address: [email protected].
What is “processing” according to European Regulation no. 679/2016 (GDPR)?
“Processing” means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.
Data collected by VIITORPLUS, depending on the method and purpose of the communications received
Access to and consultation of this website is not conditioned by the provision of personal data by Users (data subjects).
The provision of personal data is only necessary if users wish to make donations to VIITORPLUS, financially supporting afforestation activities.
Any collection and processing of personal data is done with the implicit consent of the user who creates a user account and/or makes any subsequent communications to/through/on the platform.
Any user who does not agree with the processing methods detailed below is requested not to take any of the actions that necessarily involve the prior collection and processing of his data.
VIITORPLUS collects, based on the voluntary provision of the data subject, personal data related to the registration of a user account. The types of data processed depend on how the data subject understands to use the platform / application, the ways and purposes in which he contacts the operator:
- creating a user account followed or not by communications to/on/through the platform/application;
- request for information of any type – punctual or periodic request for offers – transmission of offers – transmission of CV for recruitment;
- requests/complaints/notifications regarding their personal data – feedback for the services provided to them through the platform/application, regarding irregularities regarding the communications of other users, regarding the conditions of collaboration and any contact with employees/representatives/collaborators of VIITORPLUS (strictly in terms of those interested in VIITORPLUS and the activity on the platform).
- By creating a user account after registration via the form, the data subject provides: name (required), first name (required), e-mail address (required), telephone number (required), date of birth (optional).
- By any queries of the platform/by pre-selection of some selection criteria in view of the relevance of the data available in the platform for the user.
- By sending messages of any kind or making telephone calls to the contact addresses available on the platform/application, the data subject shall provide: his contact details relating to the chosen mode of communication and possibly other data, such as gender or year of birth, and (to the extent implicit in the name or e-mail address), any data provided in the message itself, the optional first and last name, except for the transmission of CVs, and requests/complaints/ notifications regarding personal data, requests/complaints/notifications that require adequate prior identification, in accordance with this policy.
- By sending CVs to the displayed contact addresses, the data subject provides: name, surname, sex, age, telephone number (optional) and e-mail address (optional in cases where the CV is physically sent , at the company’s headquarters, and indicate a contact telephone number), address (optional), names/names of former employers and position held, studies followed. Any data in addition to those specified above shall be transmitted strictly at the initiative of the data subject.
- By activating the marketing cookies used by our site, in order to receive offers and information on new services and products/promotions, etc. (newsletter), the data subject provides the data specified in the document entitled Cookies Policy, available on the site – In this case, please consult the Cookies Policy.
- By sending requests/complaints/notifications regarding his data, directly or through a proxy, the data subject provides the name, surname, contact details related to the chosen method of communication or other contact details (if they wish to receive the information related to the request/complaint/other data that can be deduced from the first name and e-mail address, and another identification attribute/proof of the quality of the proxy and its identification attributes (only under the conditions described below, in the section Requests/complaints/notifications regarding personal data – management, settlement, communication and cooperation).
Purpose of data collection and processing:
- to respect and ensure the effective exercise of all legitimate rights and interests of data subjects;
- to ensure the optimal operation of the platform in terms of its purposes, as specified in the document entitled terms and conditions, available on this platform/application and to ensure, as far as objective and reasonable possibilities, the veracity and relevance of any information and data available on platform/application;
- for the management and settlement of any requests/notifications/complaints/offers received through the contact forms and at the communication addresses displayed, including to respond to them according to their nature and to fulfill the obligations of the operator, including those established by gdpr, national legislation data and by the supervisory authority;
- to communicate our service offers, to make known the locations where we carry out our activity, to initiate collaborations in the fields targeted by the goals of the platform/application, and to ensure the visibility of the campaigns and promotions organized by VIITORPLUS;
- to continuously improve our products and services, conducting collaborations of any kind, security and privacy measures and policies;
- for filling vacancies, recruiting volunteers and collaborators of any kind.
The data provided by the data subject in accordance with points 1 and 2 above shall be used to establish minimum premises for the veracity of contributions of any kind to the platform. The data will be associated with a single user account, and may facilitate the response to requests/notifications of any kind of the user in question, preventing the integration in any way in the platform/application of content not permitted by law or the document entitled Terms and Conditions (by restricting the access of a user who does not act honestly and in good faith, censoring communications to/on/through the platform of a particular user and other such measures), to allow users to share any activity on the platform or their relevance within platform in other web spaces of any kind. The processing of such data may also facilitate the prevention of criminal acts or that harm/harm in any way the legitimate rights and interests of VIITORPLUS, users of the platform/application or third parties (for example, in the case of spreading unrealistic defamatory the address of a competitor in the fields of activity aimed at the purposes of the platform).
The data provided according to points 3 and 4 above will be used to communicate a response to the request addressed/to schedule a pre-employment interview or to establish relationships based on a Volunteer Agreement through:
- contacting by e-mail or, as the case may be, by telephone;
- if the only contact information provided by the data subject is his address, by correspondence;
- if the only contact date provided is the telephone number and the request is complex in nature, requires extensive communication and could not reasonably be transmitted by telephone, VIITORPLUS may request by telephone including the provision of an e-mail address, at the free choice of the applicant to provide it or not, without the non-provision being conditional on the provision of that information which can be transmitted, under reasonable conditions, also by telephone.
The data provided by the data subject according to point 5 above will be processed for the purposes and conditions detailed in the Cookies Policy, available on this platform/application.
The data provided on the data subject in accordance with point 6 above shall be used to confirm his identity in an appropriate and reasonable manner, to carry out checks, to take appropriate measures, etc. and for providing a response/ensuring adequate information to the data subject, under the terms of the section – Requests/complaints/notifications regarding personal data – management, settlement, communication and cooperation, of this document.
In the event of a negative feedback from an individual, VIITORPLUS will make every reasonable effort to investigate and, if necessary, remedy the situation, and will send an appropriate response to the data subject. Processing in order to send a response is subject to the legitimate interest of the operator to ensure the optimal functionality of the platform/application, to collaborate effectively with its customers/potential customers through the platform/application, to maintain its good reputation and image, check how the employees, its representatives, the volunteers who carry out activities on behalf of the association, respect in the relations with third parties the legal norms, the internal Regulation of the operator, its policies regarding the personal data, good morals and good manners.
At reasonable periods of time, as a rule, every 6 months, or at other times in relation to certain specific circumstances such as (unlimited) the provision of new services/the hiring of new staff/the recruitment of new volunteers or events in connection with the platform/application leading to the conclusion that there is a need in this regard, the operator may invite users to provide feedback on any aspect related to the services/products offered/how to provide and make proposals to improve services.
Bases of data processing by the Operator
VIITORPLUS processes the personal data provided through the „Adoptă un copac!” platform for the following purposes and legal grounds:
- based on the implicit and undoubted express consent of the user in the sense of creating a user account, of making any queries in or communications of any kind on/to/through the application/platform;
- based on the express consent of users, for marketing purposes, for sending periodic information, e-mail notifications;
- based on its legitimate interest of the operator to present its products and services, including in the online environment, to honor requests of any kind submitted by data subjects, to maintain its good reputation and image, subordinated to the best interests of consumers end users of the platform/application to be correctly informed and to benefit from quality products and services;
- the legal obligations of the operator, in relation to the specifics of the activity carried out in the online environment, in relation to its object of activity and according to GDPR.
Personal data collected through the platform/application, processed by VIITORPLUS or VIITORPLUS partners are retained for a specified period, depending on the purpose of collection:
- data collected involuntarily by the operator for a period of 3 years from the time of collection;
- the data collected through any communications sent by the data subjects to the contact data provided on the site / through the application, for a period of 5 years from the moment of collection;
- data related to CVs submitted for recruitment, for a period of 1 year from the date of collection; as an exception, for the CVs of the employed persons, they will be attached to their personal files, and will be kept for the purpose of the contract, and after the termination of the employment contract in any way, they will be kept for a period of 75 years according to the term provided by Law no. 16/1996 of the national archives, republished.
- the data related to the CVs sent in order to conclude a Volunteer Contract, for a period of 1 year from the date of their receipt, except when the contract is concluded. In the latter case, the data will be kept for the entire duration of the contract and for a period of 3 years from its termination in any way.
- data processed for marketing purposes on the basis of consent, until the withdrawal of the consent of the data subjects.
- the data related to the documents through which the operator can prove before ANSPDCP the way of solving the notifications/complaints/requests of the data subject, made personally or by proxy, obtaining the consent, etc., will be kept for at least 3 years, regardless of the established duration. for processing, strictly in view of the possibility of the operator to prove before ANSPDCP the development of a compliant processing and the observance of the rights of the data subject.
The rights of the data subject. Ways of exercise. VIITORPLUS Measures and Guarantees
Any data subject has the following rights in relation to the personal data controller:
- Right of access means the data subject’s right to obtain confirmation from VIITORPLUS that personal data concerning the person concerned are being processed or not, and if so, access to that data and information on how they are processed may be obtained. data.
- The right to data portability refers to the right to receive personal data in a structured, commonly used and automatically readable format and to the right to have this data transmitted directly to another controller, but only if this is feasible from technically.
- The right to object concerns the right of the data subject to oppose the processing of personal data when the processing is necessary for the performance of a task which serves a public interest or where he considers a legitimate interest of the controller. When the processing of personal data is aimed at direct marketing, the data subject has in particular the right to object to the processing at any time.
- The right to rectification refers to the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each recipient to whom the data was transmitted, unless this proves impossible or involves disproportionate efforts on the part of VIITORPLUS.
- The right to erasure of data (“right to be forgotten”) means the right of the data subject to request the erasure of personal data, without undue delay, if one of the following reasons applies: they are no longer necessary for the fulfillment the purposes for which they were collected or processed; the person concerned decides to withdraw his consent and there is no other legal basis for the processing; the person concerned opposes the processing and there are no legitimate reasons prevailing; personal data have been processed illegally; personal data must be deleted in order to comply with a legal obligation; personal data were collected in connection with the provision of information society services.
- The right to restrict the processing may be exercised if the accuracy of the data processed by VIITORPLUS is contested, for a period that allows the verification of the correctness of the data; the processing is illegal and the person concerned opposes the deletion of personal data, instead requesting the restriction; if VIITORPLUS no longer needs personal data for the purpose of processing, but the person concerned requests them for the establishment, exercise or defense of a right in court; if the person has objected to the processing for the period during which it is verified whether the legitimate rights of VIITORPLUS prevail over those belonging to the data subject.
- The right to submit a complaint to the National Authority for the Supervision of Personal Data Processing.
In the situation where it is considered that the rights recognized by Regulation no. 679/2016 have been violated, any data subject has the opportunity to address the National Authority for Supervision of Personal Data Processing (A.N.S.P.D.C.P.) by filing a complaint.
The contact details of the A.N.S.P.D.C.P. are the following:
- Address: Bucharest, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336;
- Telephone: + 40.318.059.211 / + 40.318.059.212;
- Fax: +40.318.059.602;
- E-mail: [email protected]; Web page: dataprotection.ro.
In the processing of personal data, VIITORPLUS and any VIITORPLUS partner will act in a legal, fair and transparent manner, respecting all the principles imposed by the legislation in force. Data processing is performed for specific, explicit and legitimate purposes. The processing of data is adequate and limited, only in relation to the need to achieve the purpose for which they were collected. Personal data will be retained only for the time necessary to fulfill the purposes for which they are processed, and the processing will be carried out in an appropriate manner to ensure the security and integrity of the data.
VIITORPLUS will not transfer the data collected through the site outside the territory of Romania. Access to this data will be allowed to the external IT service provider, and to any external contracted service providers in order to ensure the optimal operation and security of the platform/application or for marketing purposes.
In order to ensure the legality of the processing of personal data, VIITORPLUS assumes responsibility for implementing appropriate technical and organizational measures to protect against unauthorized access, use, alteration or destruction of personal data in accordance with international and national legal provisions on personal data protection. personal.
These security measures include (but are not limited to) – securing physical/digital data storage spaces (keys, passwords, security alerts, system access notifications, antivirus), limiting access to data strictly to those in charge specific in relation to the purpose of processing, information, accountability and appropriate guidance of employees, partners, collaborators who are allowed access to data, establishing specific responsibilities in contracts and job descriptions of employees, concluding confidentiality agreements with external collaborators/departments outsourced/ service providers and any other persons who are allowed to access or transfer data, ensuring that no data related to the user account is disclosed at the time a user makes any type of communication to/through the platform/application and prior verification of communications to/through the platform/application to ensure c do not disclose personal data. The user who transmits the content subject to censorship in the light of GDPR, cannot oppose to VIITORPLUS his freedom of expression. Any user understands and accepts that any disputed situation underlying the disclosure in the content of his communications of personal data must be made by the competent authorities.
VIITORPLUS will not disclose personal data collected in the manner detailed above, except for authorized employees, authorized persons of VIITORPLUS or VIITORPLUS partners who are required to process such data on behalf of VIITORPLUS (provision of services, provision of complete and accurate information of the data subjects, transmission of marketing communications, etc.) or if the disclosure obligation represents a legal obligation or a legitimate request of a competent authority in charge of VIITORPLUS and / or of its partners, collaborators, employees.
Requests/complaints/notifications regarding personal data and Security breaches – management, settlement, communication and cooperation
Any requests/complaints/notifications regarding personal data will be addressed to the operator in writing, in one of the contact ways available on the site and, with the provision of a contact address to which the answer/information related to it can also be communicated in writing. The same procedure will be followed in the case of requests/communications related to previous requests/complaints/notifications.
When addressing any request/complaint/notification, the applicant identifies you accordingly, in order to prevent compromising the confidentiality of data, taking measures at the request of unjustified/unauthorized persons or endangering/violating in any way the rights and legitimate interests of persons in relation to the dates on which the request is made.
In the case of requests made through a proxy, the proxy will be properly identified and its quality will be verified (including directly from the data subject).
Requests sent by telephone or requests in which the only available contact date is the telephone number of the data subject will not be considered until they are sent in writing, under the conditions specified above. Likewise, if the request is made in conditions that raise a suspicion of the operator regarding the identity of the applicant or regarding the legal nature of the request the operator could suspend your settlement until providing reasonable additional information/ data to confirm the identity and or quality applicant.
We make these requirements subject to our legal obligation and our legitimate interest in proving your rights under the GDPR and all legal data protection rules.
Any request will be resolved within 30 days of receiving it.
The response to the request and/or any communications related to its specificity will be sent in writing to the person concerned or his authorized person, in the manner in which the operator received the request (example – for the request sent by e-mail will be answered by e-mail, the request by physical correspondence shall be answered by physical correspondence), or in another express and reasonable written request requested by the data subject/treir proxy.
Security breach is a violation of the security of personal data, for example – unauthorized processing in any of the ways listed in the definition of processing above.
In the event of a security breach, the operator shall notify ANSPDCP without undue delay and, if possible, within a maximum of 72 hours from the date on which it became aware of it, unless it is unlikely to pose a risk to the rights and freedoms of individuals.
If the security breach is likely to pose a high risk to the rights and freedoms of individuals, the operator shall inform you in an appropriate and lawful manner, including the data subject, without undue delay.
Exceptionally, the information of the data subject in case of a breach will not be provided to you if:
- a) adequate technical and organizational protection measures have been adopted regarding the data concerned by the breach, whereby these data have become unintelligible to any person who is not authorized to access them;
- b) the operator has ensured, through appropriate subsequent measures, that the high risk to the rights and freedoms of the data subjects is no longer likely to materialize;
- c) information would require a disproportionate effort. In this situation, you will be informed publicly – through the operator’s website and possibly in another way that you deem necessary by the A.N.S.P.D.C.P or that would provide an equally effective way of informing the data subjects.
In the phase prior to the settlement of any request/complaint/notification and during its settlement, as well as in the case of any possible security breach, the relations between the operator with the data subject and the Supervisory Authority will be characterized by transparency and openness to cooperation by the operator.
If a change to these privacy rules is required, VIITORPLUS will publish those changes to ensure accurate and complete information about the data collected and how it is used.
Version published in June 2020
2020 Copyright VIITORPLUS