Terms and conditions regarding personal data processing

1.  Personal data processing for website visitors.

Personal data are processed by the SCHOOL OF VALUES Association – a non-profit organisation registered in the Associations and Foundations Register with no. 27/04.03.2010, with the tax identification number / CUI 26781002, headquarters at str. Soldat Neagu Florea nr.7, etaj 2, interfon 3, Bucureşti, România, phone number + (40) 730135599, email office@scoaladevalori.ro; mail address: Occidentului Street, 30, Popești-Leordeni, Ilfov County, Romania -, according to the regulations of the EU Regulation no. 679 from 2016 regarding Personal Data Protection (GDPR) as well as Law no. 190 from 18.07.2018 regarding the measures of GDPR implementation in Romania and the other legal norms that regulate personal data processing.

2. Contact details of the person responsible with data protection.

Processing of personal data takes place under the coordination of a designated person responsible for data protection. Any request about the rights you have regarding personal data processing can be transmitted directly to the association, using the contact address mentioned before, or directly to the person designated for the data protection role, through this email address: date@scoaladevalori.ro .

3. Natural persons categories which are subject to personal data processing

Personal data processing is targeted towards the following categories of people:

–    Natural persons that represent an existing organisation, could exist or are being prepared a partnership  about the activities we carry out.

–  The natural person that can become, that are or that have been contracting or commercial partners of the organisation.

–     Natural persons that express their intention to participate, that are actively participating or that participated to training sessions, scolarisation or similar educational activities, promoted through the website.

–        Parents or other legal representatives of minors who can participate in training sessions, scolarisation or similar educational activities, promoted through the website.

4. What type of data we process and how we obtain it

We collect your personal data (surname, first name, email address, phone number) through the contract forms or application forms on our website, or from messages when you contact us for details about the activities promoted through the website. Also, this data can also be collected from direct meetings or contact information through direct meetings or through the contact information made public on purpose by the stakeholders mentioned above.

Contact data can be filled in along with other information regarding personal identity, such as home addresses, workplace address, national identification, health data, as well as other special data, depending on the needs arisen from legitimate interests, or imposed through commercial and financial rights through which the Beneficiary of this contract benefits from. We obtain this data directly from you, with your consent and will inform you about the purpose for this, the duration as well as about the way we process it.

When you participate in activities organised by us, we may collect photographic-videographic-audio data which we then promote through the websites of the organisation or through social media platforms (Facebook, Twitter, Youtube, etc.) managed by the School of Values Association. Sometimes, such processing is required and imposed on us by the partners with whose help, sometimes, we provide – through sponsorship – the logistical support of our activities. We will always inform you in advance about such processing, so that you can act accordingly regarding the processing of this data. As well as this, you can always change your mind later and you can request the restriction of data collection and data processing of such.

Also, anonymous personal data can be collected automatically from the visitors of the growedu.ro website. This way, such data (like IP address, type of browser, cookie mode) are used to optimise and adapt the content of our online services, depending on the needs and interests of the website visitors.

Any data collection happens in accordance with the principle of „legality, equality and transparency” as it is described in art. 5 from GDPR, informing the people from which data is taken about all legal aspects of data processing, as well as the ways in which they can use their rights.

5. The purpose, the duration and the juridical reasoning of personal data processing

Anonymous data, associated with web traffic (like IP address, location data, type of IT system (desktop, PC tablet, smartphone), browser type, cookie mode) can be collected in the interest of adaptation, optimisation and security of the growedu.ro website, depending on the interests of the website visitors in relation to the activities promoted. This data will be erased in a maximum of three years from the last day of accessing the website or our online services.

Identification data (such as first name, surname, birth date) or other contact data. (phone number, email address, home address or address used for delivery of certain products or services) can be processed both in the legitimate interest derived from the need to promote our activities, for the preparation or development of partnerships or as a result of legal obligations that may result from partnerships. The duration of storing such type of data is identical with the duration in which the Association maintains its legal status, but not more than 20 years from the moment of the data processing or until the exercise of a right requiring the deletion or restriction of processing.

 National identification numbers (such as CNP, series and the number of the identity card, number of driving license, bank accounts etc.) will be processed only in the situation in which, through the relationship of partnership we have the legal obligation to collect such data. Here are some examples of situations which will require processing of such data (but not exclusive to): the organisation of activities that involve travelling or accommodation, the commercialisation of some products or services of the partners we are working with, the identification of contracting sides etc. In such situations, the juridical norms which impose the processing of such data set the duration of processing as well. For example, the period of processing the majority of commercial contracts is 3 years from the end of all obligations, while at the opposite pole, the period in which we have to store the personal data of employees is 75 years old.

Sometimes, we process special data, which allows the individualisation of a natural person, through their race origin, ethic, political opinions, religious beliefs, philosophical beliefs, health data or data regarding sexual life or sexuality, police records, when we have this legal obligation or when we organize activities that, by their nature (accommodation, food insurance, transport), require the collection of such data to ensure their proper conduct. The duration of processing of such data is strictly reduced to the legal period in which the activity takes place.

The data collected through photographic-video-audio means are used for the promotion of activities organised by the School of Values, throughout the whole duration of the activity identical or similar to the one promoted and ultimately, for a period of 5 years after the end of that activity.

5.  The obligation to provide data

When you contact us directly (by email or by phone) in order to obtain some information, you do not have the legal obligation to provide data to anyone or any obligation to close a contract. However, we kindly ask you to consider that without this data, it is difficult for us to transmit information to you regarding the activities that you expressed interest in at any point.

In the moment in which between you and the School of Values there will be a relationship of partnership reglemented by juridic powers, it will be necessary that you provide to us data such as contact data, as well as data needed for the facilitation of the activities we will run for your benefit. Without this data, it would be extremely difficult to provide the services or products requested.

6. Legitimate interests

The data provided by you is processed in order to meet the objectives pursued by the SCHOOL OF VALUES Association regarding the activities it is authorized to carry out. These interests can include, but are not limited to, contacting our partners for the promotion of our services or products, the transfer of personal data to organizations with which we have partnerships contracts with, when their activity requires access to such data, the prevention of fraud, the prevention of abusive utilisation of our services and products, keeping track of the security of headquarters in order to ensure the physical security of these centres, the protection of personal IT systems, the data processing for historical, scientific and statistical purposes, the processing for research purposes (including marketing case studies).

7. The security of processed personal data

The school of Values Association has the obligation to apply all technical and organisational measures in order to ensure the protection of personal data which is processed by IT systems and by other electronic systems, as well as of the data processed in other ways, against the threats and against any actions that can damage the confidentiality, integrity and availability of data, as well as minimise the functionality of IT systems, regardless of whether this happens incidentally or not.

This way, we have implemented different procedures, technical and organisational measures through which we ensure the main elements which contribute to the security and protection of data:

–        The control of the physical access to the spaces where personal data is stored or to the IT systems that process this data

–        The management of identity and the authentication of authorised personnel to access the areas and equipment used for personal data processing

–        Monitoring the access to the electronic systems of personal data processing

–        The control of personal data transmission/transfer

–        Ensuring the availability and integrity of personal data.

 8. Data available to the third parties

Personal data processed through activities regarding natural persons will not be given to any third parties, for their use in other ways other than the ones described.

Strictly referring to the purposes for personal data processing, the personal data processed by the School of Values Association can be given to third parties specialised in certain services connected or complementary with the activities we run (such as educational services, electronic payment services, courier services, accountancy services etc.). Making data available to third parties will only happen in the context of a legal agreement in which the juridical person empowered by the School of Values Association to process personal data, takes the obligation to agree to the GDPR norms as well as internal laws regarding this issue.

9. The transfer of data to third parties or an international organisation outside the European Union

Sometimes we process your data along with European Union partners, which, as we do, have the same GDPR rules.

We do not directly transfer data to entities outside the EU, unless that entity is located in a country on the list approved by the EU in terms of data protection measures and conditions, or only if they meet the conditions written in Chapter V of the GDPR regarding the transfer of personal data to third parties or international organisations. There will be the same protection guarantees as the ones imposed through GDPR by EU members.

Any transfers of data outside the EU or to countries that are not on the list approved by the EU will only happen when strictly necessary and only with your approval in advance, when we will also inform you about the risks this transfer brings as a consequence of the level of protection and of some appropriate measures.

 10. The rights of persons in question of personal data processing

The School of Values association gives all rights mentioned in the art. 13 – art. 22 of GDPR to the natural persons targeted by data processing:

a.      The right to information and access to the processed personal data.  In the moment in which personal data is stored, or in a maximum of  30 days after that, if the data is obtained indirectly, the natural person in question of data processing is informed regarding the identity and contact details of the organisation, the contact details of the person responsible with data processing, the purposes and the legal means in which the personal data is processed, the destinations or categories of destinataries of personal data, the intention to transfer data to a third party or to an international organisation (if it’s the case), the duration of  personal data storage or the criteria used to determine this period, the existence of a decising automated process including generating profiles, as well as, at least in some cases, information regarding the reasoning behind data collection and the importance and consequences of such processing.

b.      The right to access personal data. Natural persons in question of data processing have the right to obtain a confirmation from us regarding which data is being processed as well as access to that data and to the data described at point a.

c.      The right to modification or data erase. The natural persons in question of data processing have the right to obtain from the School of Values Association, with no unjustified delays, the modification of personal data. Bearing in mind the purposes of data processing, the person in question has the right to complete data that is incomplete, including providing an additional declaration. Also, the natural persons in question of data processing, have the right to obtain from us the erasal of personal data, if the erasal is regarding the art. 17 al (1) of GDPR.

d.  The right to restrict processing. The natural persons in question of personal data processing have the right to obtain from the School of Values Association the restriction over their personal data processing in the cases described in art. 18 of GDPR.

e. The right to oppose data processing. The natural persons in question of data processing by the School of Values have the right to oppose, due to particular reasons to the given situation, regarding marketing purposes, profile creation, or to be the subject of a decision based exclusively on automatic processing and producing legal effects concerning the  natural persons in question or similarly affecting him to a significant extent.

In regards with the anonymous personal data processing stored automatically when accessing our online services, you can oppose to this type of processing anytime, by changing the settings of confidentiality of your browser, or by choosing an application that allows the anonymous browsing on the web.

Regarding cookies, you can also, through the settings provided by your application that you use to browse the Internet, view these modules, delete them, and block the saving of these modules on the computer system used.

Keep in mind, however, that most websites often use these cookies to optimize the content of the site you visit based on your preferences and settings when you first visit the site.

Thus, on subsequent visits, it will no longer be necessary to restore these settings. By deleting or blocking cookies, whenever you revisit a website, you may be prompted to set how your content is displayed. More details about cookies are presented below, at point 11.

f. The right to data portability. When personal data has been provided by a natural person in a structured format commonly used and automatically readable in order to be processed by the School of Values, the natural person in question has the right to transmit these data to another operator, with no obstacles from the School of Values, as stated in the art. 20 of GDPR.

g. The right to remove consent at any moment, without affecting the legality of data processed already.

h. The right to make a complaint to the National Authority Of Surveillance of Personal Data Processing, when the natural person in question is concerned by the processing of personal data by the SCHOOL OF VALUES and considers that his rights have been violated. The National Authority Of Surveillance of Personal Data Processing can be contacted at phone number  +40.318.059.211, email anspdcp@dataprotection.roor through the website www.data protection.ro.

i. If the provision of personal data is a legal or contractual obligation or an obligation necessary for the conclusion of a contract, then the natural person in question has the right to know the possible consequences of non-compliance with this obligation.

Using any of these rights mentioned at points a-i is possible by making a request to the contact details presented at point 1 or using the contact information presented on the website http://growedu.ro.

11. Cookies

What are cookies? What is a cookie?

Cookies are small files saved on the users’ computer. These are made in order to store a small quantity of data specific to a certain visitor of the website, being accessible to the person owning the device which accessed the website, as well as to the website the cookies were sent from. This type of processing allows the server to create a page adapted to a user or to transmit information from a website visit to a similar website with the same owner.

 Are cookies activated on my browser?

In order to check if your browser allows cookies, you need to search within the settings of your browser, within the section dedicated to cookies, usually located under the title „confidentiality and security options”. Within this section you can also find information about how to activate or deactivate cookies, as well as the erasal of cookies. You can also view the content of these files.

What type of data can be found in the Cookie mode?

Any type of cookie file is in reality a small table which contains a pair of values (keyes, data) – for example (first name, John) (surname, Smith). Once the cookie file has been read by the code from the client server or computer, the data can be processed and used in order to personalise the web page accordingly.

When are cookies created?

The cookies are usually written when the information is transmitted to a website accessed – for example, after you press a button such as ‚submit’, the page that controls data can be used in order to store values in a cookie. If the user has chosen to deactivate cookies, the writing process is going to fail and the following website visits which could extract information already transmitted through the cookie modules, will function according to the algorithm set for new users, or the user will be requested to transmit the previous information again, the information which would have been stored in the cookies.

Why are cookies used?

Cookie files make up an efficient means of associating information with the usage of a website, without the need for a great amount of data about every user to be stored within the website. Moreover, the data stored on the server without the usage of cookies would impose the recognition of each user only through their log in, on the basis of user and password. Last, but not least, through the usage of cookies, the quantity of personal data processed in personal devices of operators is reduced, given the fact that cookies save within the IT system owned by the natural person in question of such processing.

Which is the duration of processing of a cookie?

The expiry date of a cookie mode can be set when the cookie is created. Automatically, the cookie is destroyed when the browser window is closed, but it can persist for a longer period of time after accessing a website.

Who can access the cookies?

When a cookie is created, it is possible that visibility of that cookie is controlled through the principal domain of the website that uses that cookie. Then, this file can be accessible to any website part of that domein. For example, the domain can be set as “numedomeniuprincipal.ro”, and the cookie can be available for the website “numedomeniuprincipal.ro”   or “xyz.numedomeniuprincipal.ro” .This can be used in order for the websites to “communicate” between each other.

How safe are cookies?

There are many concerns regarding internet safety and privacy. Cookie files are not a threat to this confidentiality, because these can be used only in order to store information that the user has given voluntarily, or which the web server already has. Even though it is possible that this information is exposed to certain websites and third parties, this does not represent an additional risk. If you are concerned about the fact that the data you provide to a web server will not be treated as confidential, then you should ask if indeed you need to provide that information or not.

What are tracking cookies?

Some commercial websites include promotion materials incorporated into the website, which are given by a third party website and it is possible that such ads store cookies for that specific website. In this cookie there will be information that includes the name of the website, some products visited, visited pages etc. When the user visits another website later that contains a similar ad incorporated from the same third party website, the publicity agent will be able to read the cookie module and to use it in order to determine some information about the navigation history of the user. This action allows the editors to spread ads directed towards the interests of a user, so that in theory they have a higher chance of being relevant to the user. However, a lot of people see these „tracking cookies” as an invasion of confidentiality, because they allow a publicity agent to build a profile of users without their consent.

How can cookies be administered or erased?

When a site does not offer the mechanisms of acceptance or disapproval of cookies, the storage of these on your computer can be changed from the option of your browser that allows you to dismiss cookies from your computer or to allow cookies from specific sites. This way, through the browser settings you can opt for the cookie files not to be approved or you can let the browser approve cookies only from certain websites. You have to be aware of the fact that the erasal of cookies or dismissing cookies can affect negatively or limit the functionality of a website.

To control how you accept cookies from your browser, follow the steps below, depending on the browser used:

Google Chrome

–       Click on the menu button with three horizontal lines, located in the top left of your browser and select Settings

–        Select the option Advanced and then Content settings

–        Click on the first option Cookies and then „Allow websites to save and read your cookie data.”

Mozilla Firefox

–        Click on the button „Open menu with three horizontal lines, located in the top right of your browser

–       Select the menu Options and then the option Protection and Security

–       Locate the title Block cookies and data from website

Microsoft Internet Explorer 11 (Windows 10)

–        Select the Settings option located in the top right corner of your browser and select Internet options and then click on Data protection

–        Select the Confidentiality option

–        Under the settings, select Complex and choose if you wish to agree to / dismiss the original cookies and the cookies from a third party.

Safari

–       Click on Safari in the top right corner on the top

–       Click on Data protection

–       Select the option Allow from the websites I visit

Opera

–        Click on Settings And then select Preferences -> Advanced-> Cookies

–        Select one of the following options:

§  Accept

§  Accept the cookies from the website I visit

§  Don’t accept cookies

§   Administrate cookies

Edge

–      In Microsoft Edge, access More > Settings

–       Select Advanced Settings

–       Under Confidentiality and services > Cookie mode, choose the option appropriate for you

§  Block all cookies does not allow any website to save cookies on your computer.

§  Block only cookies from third parties allows cookies only from the website you have open, however it blocks the cookies from external web services, for example from the advertisements incorporated into the page you are visiting.

Erasing cookies

For information about erasing cookies, you can access the following links:

Google Chrome( https://support.google.com/chrome/answer/95647?hl=en-GB)

Mozilla Firefox   ( https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectlocale=en-US&redirectslug=delete-cookies-remove-info-websites-stored)

Internet Explorer  ( https://support.microsoft.com/ro-ro/help/17442/windows-internet-explorer-delete-manage-cookies)

Safari( https://support.apple.com/ro-ro/guide/safari/sfri11471/mac)

Operahttps://help.opera.com/en/latest/security-and-privacy

Edge   https://support.microsoft.com/ro-ro/help/4468242/microsoft-edge-browsing-data-and-privacy