regarding the policy for
1.1 CLUJ IT – organizer of the International Conference CLUJ INNOVATION DAYS 2019 is a non profit organization with headquarters in Cluj-Napoca, 28 Memorandumului Street, Cluj county, fiscal registration code 30866506, registered in the Registry of Associations and Foundations of the Cluj-Napoca Court under no 174/2012 and in the National Registry of NGOs under no. 2998/A/2012 legally represented by the President Stelian Brad, hereinafter referred to as “CLUJ IT“,
1.2 In view of the provisions of the legislation on the protection of personal data, in particular the General Data Protection Regulation (EU Regulation 679/2016, known as the GDPR) and the rules issued for its enforcement by the authorized entities,
1.3 We hereby confirm that we as a legal entity and all the natural persons working under our aegis as well as any other person with whom we cooperate, have a particular interest in the protection of personal data relating to individuals who are participating in the events organized by us, the employees or collaborators of the entities with whom we work, their legal representatives or their contractual partners, as well as our suppliers, volunteers or other contractual partners.
1.4 The aim of this notice is to explain the method and purpose for which your personal data are processed and how we make sure that your rights are respected and we reduce to minimum the risks of unauthorized access or use of these data. Please read carefully this notice.
1.5 We hereby declare that, in this respect, we comply with all legal provisions on the protection of personal data as a personal data controller, or sometimes as the data processor authorized by the personal data controller or associated data controller, and we are implementing technical measures (such as cybersecurity, physical security of the headquarters and of communications), legal measures (specific clauses in contracts with suppliers and other entities) and organizational measures (training and verification of persons, limiting access rights on a need to know basis, regulation of working procedures with personal data etc.) in order to protect all operations related directly or indirectly to personal data, that prevent unauthorized or unlawful processing and accidental or unlawful data loss or destruction regardless of their format or storage media.
1.6 We hereby confirm that we carry out personal data processing in compliance with the principles set out in Article 5 of the GDPR, namely: the processing is characterized by lawfulness, fairness and transparency; collection is limited to specified, explicit and legitimate purposes, and it regards only appropriate, relevant and limited data that are necessary, accurate and up-to-date; the data is promptly attributable to the subject; processing is made with appropriate technical and organizational measures to safeguard the rights and freedoms of the data subject, ensuring integrity and confidentiality, and everything based on accountability.
We are currently processing personal data of the following categories of natural persons:
– current, potential or former participants to our events
– our own staff – employees, volunteers, subcontractors that are natural persons, and the staff and representatives of CLUJ IT’s member organisations, beneficiaries, collaborators and suppliers who are legal entities or associative entities without legal personality;
– representatives of public authorities, the media and other entities with which CLUJ IT interacts;
– other individuals with whom CLUJ IT comes into contact.
3.1. Your surname and first names, job, position, rank and professional specialization, bank account, so that we can provide you with the services you contracted with us and for the fulfilment of legal obligations related to the records of payments;
3.2. Your surname and first names, telephone number and email address, for an efficient communication regarding the organization of the event in which you chose to participate. We can send you information about the location, program, accommodation facilities, related social events etc. but also related to the recording of summaries, about the guests who confirmed their attendance and about the deadlines specific of such events. We may also send your surname, first name and email address to the other participants at the conference if you chose this option when you registered.
3.3. Your surname and first names and meal preferences if you communicate us such specific needs, these data are processed only temporarily and have the unique purpose of adequate offer of contracted services;
3.4. Your surname and first names, studies, qualifications, academic, scientific or professional titles, occupation, workplace, position, professional achievements and rewards if you are a speaker at our conference for the purpose of informing the participants about the speech;
3.5. Your surname and first names and information regarding your knowledge of foreign languages – since the official language of the entire event will be English we will presume you speak and understand English;
3.6. Photo and video images of events we organize for the fulfillment of our contractual obligations towards the participants and the professional companies with which we collaborate in organization of the event;
3.7. Your username for social media platforms will be revealed to us if you choose to interact with us by such means;
The purpose of the processing may include, as the case may be:
– For the purpose of conclusion and performance of the contract on the basis of which we provide the services related to participation in events (co-)organized by us (by virtue of article 6 paragraph 1 letter b) of the GDPR – conclusion and performance of contract);
– For the purpose of compliance with a legal obligation (by virtue of article 6 paragraph 1, letter c) of GDPR – fulfillment of legal obligations);
-For the purpose of informing you about other similar events we organize and for the permanent improvement of the quality of services offered (art. 6 paragraph 1 letter f) of the GDPR– legitimate interests );
In principle, CLUJ IT does not process personal data such as those that imply obtaining of consent of Data subjects.
The personal data will be stored as long as it is objectively necessary for the purposes mentioned above. For example, for observing the legal provisions the invoice, bank statements, and other such financial documents must be kept for 5 years, and the contract documents and proofs for fulfillment of obligations undertaken must be kept for the period of contract fulfillment and for the prescription period that is, in principle, 3 years.
These data will be stored according to the legislation in force and we apply technical and organizational measures for the protection of all operations regarding personal data directly or indirectly, which prevent unauthorized or illegal processing, and the accidental or illegal losses or destruction.
We periodically review the collected data, analyzing to what extent its retention is still necessary for the aforementioned purposes and the interests of the subject and it decides to stop the processing for data that is no longer required to be retained. At the end of the processing period, that particular document, incorporating personal data, shall be returned to the data subject or entity that transmitted the data, or to the National Archives or other authority or institutions legally empowered, or it is destroyed or made anonymous as appropriate.
For the purposes mentioned above the personal data are processed not only by our staff (employees or volunteers), but can be transmitted to or accessed by the following categories of recipients, as applicable:
– The University of Medicine and Pharmacy “Iuliu Hațieganu” Cluj-Napoca – co-organizer of he event, in her capacity as associated data controller
– Our providers of services such as those related to Information Technology (IT), marketing, photo/ video, security and protection, accounting etc. (including Xing platform used for registration, Google, Microsoft, Apple, Dropbox, Facebook). Since these providers are professionals and provide services based on their own terms and conditions, including those related to personal data protection, they too act in the capacity of associated data controller and share with CLUJ IT the responsability for protecting and lawfully handling your personal data, as legal persons based in the EU and / or processing data of EU citizens and thus legally bound to the GDPR and / or voluntarly submitted to comply to the GDPR under the ”EU-US privacy shield”. See for example the personal data protection notice of XING: https://privacy.xing.com/en/privacy-policy/printable-version
Of course, in our capacity of personal data controller we always make sure that we give adequate guarantees for the protection of your personal data, including when they were transmitted to third parties whether they have in relation with us, the capacity of processor or joint controller or another capacity set out by the law.
We want to assure you that the personal data collected and processed by our association is NOT transmitted to third parties for marketing purposes or any purposes other than those for which they were collected.
We do NOT process your personal data by an automated decision-making process and do NOT create profiles.
The personal data collected and processed by us can be considered as the object of a transfer to a third country (outside the EU) because we use the data storage service ”cloud” offered by Google, and sometimes we also use platforms and software that uses own clouds / remote servers, but all offers high security and confidentiality guarantees recognized by the European Union as adequate based on the system known as ”EU-US privacy shield”.
8.1 the right to be informed – you can ask if, when and how pe process your personal data.
8.2 the right of access to personal data – you can request the access to your personal data that is proccessed by us.
8.3 the right to rectification – you can correct the inaccurate personal data or you can have incomplete personal date completed
8.4 the right to erasure (‘right to be forgotten’) – you can request the erasure of your personal data if their processing is no longer necessary, was not or is no longer legitimate or in other cases provided by the law.
8.5 the right to withdraw your consent – in the cases when the processing is based on your consent, you can withdraw your consent anytime. The withdrawal of your consent will have effects only for the future, the processing performed before the withdrawal will continue to be legitimate.
8.6 the right to restrict processing – you can request and obtain the restriction of processing of your personal data if you challenge the accuracy of data, the legitimacy of their holding or in other cases set out by the law.
8.7 the right to data portability – you can receive under the legal conditions, the personal data you provided to us, in a format which can be automatically read and you can request that those data are transferred to another controller.
8.8 the right to object – you can object especially to the processing of data which is founded on our legitimate interest;
8.9 the right to lodge a complaint with our entity or with the competent supervisory authority for data protection (ANSPDCP – www.dataprotection.ro).
8.10 the right to go to court.
For the exercise of your rights mentioned above, and for any further questions regarding this Notice or in connection with the use by our association of your personal data, please contact our Data Protection Officer. The contact email of the Data Protection Officer from our company is firstname.lastname@example.org
If you want to exercise the right to lodge a complaint to the competent state authority, this is the National Authority for Supervision of Personal Data Processing (ANSPDCP – www.dataprotection.ro) which has the right to investigate by administrative means the situation reported and to order measures for the adequate resolution of your dissatisfaction including filling a legal action in court in your name if the legal action is required and you do not do it directly (according to the provisions of Law no. 129/2018)
GDPR Notice version 2.0 / 22.04.2019