The ASSOCIATION TĂȘULEASA SOCIAL, as a personal data controller, assures you that it treats the protection of your data with the utmost seriousness. We do not provide information to third parties without informing you and without having a legal basis for doing so. We do not make exclusively automated decisions with a significant impact on you. This document forms the basis of the information about the data processing we do, and if you would like more specific information please contact us.
TĂȘULEASA SOCIAL ASSOCIATION, Village Piatra Fântânele, Str. Obcioara nr.97, Comuna Tiha Bârgăului, 427363, jud. Bistrița-Năsăud, Romania, Fiscal Code: RO13681966, email [email protected] is responsible for processing your personal data that we collect directly from you or from other sources and is a personal data controller.
According to the law, you are the natural person receiving our services or the person in any kind of relationship with our company, hereinafter referred to as "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller and the data subject.
We are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016, also known as GDPR and the following principles:
Lawfulness, fairness and transparency
We process your data lawfully and fairly. We are always transparent about the information we use and you are properly informed.
Collecting data for specified, explicit and legitimate purposes
We use data only for the purposes described at the time of collection or for new purposes compatible with the original purpose. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up to date.
We process only the data we need and do not collect excessive data.
Accuracy and updating of data
We give you control to correct personal data so that it is always up to date.
We only process personal data for as long as necessary to fulfil the purposes for which it was originally collected. Thereafter personal data is destroyed or de-personalised completely.
We have implemented reasonable security and encryption measures to protect your personal information to the best of our ability. However, please note that no website, no application and no internet connection is completely secure.
If you have any questions or concerns about the processing of your data or wish to exercise your legal rights in relation to the data we hold, or if you have any concerns about the way we handle any privacy issue, you can write to us at: [email protected]
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
THE SOCIAL TUSCAN ASSOCIATION processes the data of employees, volunteers, collaborators and business partners and website visitors under its own control.
Therefore, when you send us a request by e-mail or contact us for any other purpose and on any other communication channel, you may communicate the following personal data, which we collect directly from you or from other sources, such as:
The basis for processing is our legitimate interest in being able to respond to your requests or queries.
In addition to the information indicated above, we may also collect the following information, depending on the circumstances:
TThe basis of processing is the legitimate interest in ensuring the activities of our association.
If you are an employee (former, current or future), certain information relating to the performance of your employment contract will be collected. This may include, for example
The basis of the processing is the contractual relationship and the legal obligations related to it.
When you enter into a contractual relationship with us (whether you are a business partner or a volunteer acting in various projects coordinated by us) we will process the following data (by way of example):
The basis of the processing is the performance of the contractual relationship and the legal obligations related thereto.
When you purchase products through our online shop (shop.viatransilvanica.com) we process the following data (by way of example):
The basis of the processing is the contractual relationship and related legal obligations.
When you pay an invoice, we will process your data (name, surname, address, bank account or card number) for the purpose of preparing accounting documents (invoices and receipts).
The basis for the processing is the contractual relationship and related legal obligations.
When we are defending our rights in court for the recovery of sums due or when we are protecting our interests against claims/claims, we will process your data necessary for the formulation of court actions, other specific requests and documents.
It is possible in some situations that we may transfer your data to third parties in a contractual relationship with us for the recovery of amounts.
In these situations we will use as a basis for processing our legitimate interest in recovering amounts owed to us.
Where we are obliged by law to do so, we will provide the competent authorities and institutions with the data we hold that have been lawfully and justifiably requested.
We will use the legal obligation as a basis for processing.
For marketing services (sending offers, filling in satisfaction forms), tracking your behaviour to provide better services will be collected on a consent basis:
For the services of monitoring behavior within the website through various monitoring scripts or cookies we will use your consent taken on each individual item.
If you choose to create a user account within the online shop, this is done on the basis of your consent.
Consent can be withdrawn at any time.
We may also receive your data from partner companies, in which case the basis for processing is the fulfilment of a contractual relationship.
We collect personal information for the following purposes:
We may use the following legal grounds, depending on the specific case:
The processing is necessary for the conclusion or performance of a contract between you and us
The processing is necessary for our or another party's legitimate interests, unless your interests, rights or freedoms prevail
Where we use legitimate interest, we perform a legitimate interest analysis (balancing test) whereby we can balance our interest against your interests Where our interests prevail, we will use legitimate interest. If your interests prevail, we will not use the legitimate interest, and to the extent that we are unable to identify another correct legal basis, we will not carry out the processing activity.
The processing is necessary for the fulfilment of legal obligations (such as compliance with tax legislation which requires us to keep accounting records for a period of 10 years or to provide certain information to the relevant public bodies and institutions).
In some situations, processing may be necessary to protect the vital interests of you or another natural person.
Please note that obtaining consent is not mandatory and we will only proceed to obtain consent from you in situations where we fail to use another legal basis.
Consent to the processing of personal data
However, please note that where you are a collaborator of ours, we may send promotional messages (direct marketing) about similar goods and services without the need for your consent, pursuant to Article 12 para. (3) of Law no. 506/20014 in certain specific situations regulated by law.
However, in all cases, you may object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions ("un-subscribe") in each email or by sending a written request to [email protected].
We collect most information directly from you (e.g. by filling in a form on the website or on arrival at our premises). Most of the information is as described above, but there may be situations where we collect data from third parties (i.e. partners, advertising platforms), such as information on purchases and interests.
THE SOCIAL TUSCAN ASSOCIATION also processes personal data arising from contracts with employees, as well as those arising from contracts with partners and other service providers.
SOCIAL TEA ASSOCIATION will not collect or process personal data when providing the company's information services directly to children under the age of 18 - or under a younger age - unless with parental consent, in accordance with applicable local law. If we become aware of the accidental collection of a child's personal data, we will delete that data immediately.
We store your personal data only for as long as necessary to fulfil our purposes, but no longer than 10 years after the termination of the contract or the last interaction with us.
Data processed through cookies is stored for a maximum period of 2 years.
After the end of the period, personal data will be destroyed or deleted from computer systems or anonymised for use for scientific, historical or statistical research purposes.
Please note that in certain expressly regulated situations, we store data for the period required by law.
We may disclose your data, subject to applicable law, to business partners or other third parties. We make reasonable efforts at all times to ensure that these third parties have appropriate safeguards and security measures in place. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate, based on your consent or other legal basis.
For example, we may provide your data to other companies, such as IT or telecommunications service providers, accountants, legal services, transport and courier service providers and other third parties with whom we have a contractual relationship (marketing service providers, security experts, etc.). These third parties are selected with great care so that your data is processed only for the purposes we indicate.
We may also share your data with business partners as part of a joint effort to provide a product or service.
We also share your data with authorized institutions or other partners in order to obtain approvals, opinions, submit technical supporting documentation in accordance with applicable regulations.
Although unlikely, we may in the future sell the business or part of the business, which will include the transfer of your data.
We may also transfer data to other parties with your consent or as instructed by you, for example, if you exercise a portability request.
We may also provide your personal information to prosecutors, police, courts and other authorised state bodies, based on and within the limits of legal provisions and following specific requests.
The collected data transferred electronically to the recipients use online solutions from the European Economic Area, subject to additional security measures (data encryption in REST and TRANSIT).
THE SOCIAL TUSCAN ASSOCIATION does not provide services/sell products to persons under the age of 18.
To the extent that we have obtained your prior consent we may use direct marketing and targeted advertising technologies, using information collected about you regarding interests, preferences, purchases, age, location, etc. For example, we may send you emails, display advertisements within our website or on social media, or place advertisements on third-party websites, in apps or on other internet-connected devices.
In order to conduct direct marketing or targeted advertising activities, we may use the following information:
Our marketing partners, such as Facebook, Google and/or other agencies help us to deliver marketing to you based on information they have collected directly from you and with your consent In some cases, we even share information we have collected from you ourselves We ensure, in all cases, that these transfers are legal as explained in 8.6.
You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email ("unsubscribe" or "unsubscribe") or by sending a request to [email protected].
Your rights under the GDPR Regulation are as follows:
You may withdraw your consent to the processing of your data at any time by sending a request to this effect to [email protected]. Please note, however, that to the extent that we have identified another lawful basis for processing your data, we will continue to process your data on the basis of that lawful basis. We have the legal possibility to use one or more of the following grounds for processing your data
You have the right to obtain confirmation from us as to whether or not personal data relating to you are being processed and, if so, access to that data and to the information referred to in Article 15(1)(b). (1) of the GDPR.
You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.
In the situations set out in Article 17 of the GDPR, you have the right to request and obtain the erasure of personal data.
In the cases set out in Article 18 of the GDPR, you have the right to request and obtain restriction of processing.
In the cases set out in Article 20 of the GDPR, you have the right to request and obtain data portability.
In the cases set out in Article 21 of the GDPR, you have the right to object to the processing of your data.
Please note that:
In particular, we have implemented the following technical and organisational measures to ensure the security of personal data:
Adoptăm și ne revizuim practicile și politicile de prelucrare a datelor clienților noștri și ale altor persoane, inclusiv măsurile fizice și electronice de securitate, pentru a ne proteja sistemele de acces neautorizat și alte posibile amenințări la securitatea acestora. Verificăm constant modul în care aplicăm propriile politici de protecţie a datelor cu caracter personal şi în care respectăm legislaţia protecţiei datelor.
We have ensured that the personal data we process is limited to that which is necessary, appropriate and relevant for the purposes stated in this notice.
We strictly restrict access to the personal data we process to employees, collaborators and others who need to access it in order to process it for us. All these companies and individuals are subject to strict confidentiality obligations and we will not hesitate to hold them accountable and terminate our collaboration with them if they do not treat the protection of your and other people's data with the utmost seriousness.
We use technologies within the SOCIAL TUSCAN ASSOCIATION to assure data subjects that the security of their data is protected.
We include in the contracts with those who process for us (processors) or with us (other operators - associated operators) clauses to ensure the protection of the data we process; this protection goes at least to the minimum required by law.
Although we take all reasonable steps to ensure the security of your data, THE SOCIAL TUSCAN ASSOCIATION cannot guarantee the absence of any breach of security or the impossibility of penetrating security systems. In the unfortunate and unlikely event that such a breach occurs, we will follow legal procedures to mitigate the effects and inform the data subjects.
Our respect for your data includes giving it the necessary human attention through our staff. Under the current conditions, as a user of our services, you will not be subject to a decision by us based solely on automated processing of your data (including profiling) that produces legal effects concerning you or similarly affects you to a significant extent.
Personal Data Processing Supervisory Authority: an independent public authority which, under the law, has powers relating to the supervision of compliance with personal data protection legislation. In Romania, this supervisory authority for the processing of personal data is the National Supervisory Authority for Personal Data Processing (ANSPDCP).
Special categories of personal data (sensitive personal data/sensitive data): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data; biometric data for the unique identification of a natural person; data concerning the health, sex life or sexual orientation of a natural person.
Collaborators: natural or legal persons who have entered into a collaboration contract with us and who provide services to our clients.
Personal data: any information relating to an identified or identifiable natural person ("data subject"). A natural person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier, e.g. name, identification number, location data, online identifier, one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity. Thus, for example, the following are included in the notion of personal data: first and last name; home or residence address; email address; telephone number; personal identification number (CNP); established diagnosis (this is sensitive data); genetic data (this is sensitive data); biometric data (this is sensitive data); geolocation data. The categories of personal data about you that we process are listed above.
Controller: the natural or legal person who decides why (for what purpose) and how (by what means) personal data are processed. According to the law, the primary responsibility for compliance with personal data legislation lies with the controller. In our relationship with you, we are the controller and you are the data subject.
Processor: any natural or legal person who processes personal data on behalf of the controller, other than employees of the controller.
Data Subject: the natural person to whom certain personal data refer (to whom they "belong"). In relation to us (the controller), you are the data subject.
Processing of personal data: any operation/set of operations which is/are performed upon personal data or sets of personal data, whether or not by automatic means; for example: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of such personal data/sets of personal data. These are only examples. Basically, processing means any operation on personal data, whether by automatic or manual means.
Third State: a State outside the European Union and the European Economic Area.
Declaration of conformity
THE SOCIAL TEA ASSOCIATION declares on its own responsibility that it has taken all the measures it considered necessary in order to comply with the instructions of Regulation EU 2016/679 (GDPR) on the collection, use and storage of personal data in the member countries of the European Union.
THE SOCIAL TUSKER ASSOCIATION certifies that it adheres to the notification, opt-in, transfer, data security and integrity, access and enforcement requirements of the instructions of Regulation EU 2016/679 (GDPR) on the collection, use and storage of personal data in the member countries of the European Union.