Information regarding the policy for Personal Data Protection at CLUJ INNOVATION DAYS 2022

  1. Preamble and general statements

The International Conference CLUJ INNOVATION DAYS 2022  is organized by followers partners:

  1. CLUJ IT – is a non-profit organization with headquarters in Cluj-Napoca, 28 Memorandumului Street, Cluj county, fiscal registration code 30866506, registered in the Registry of Associations and Foundations of the Cluj-Napoca Court under no 174/2012 and in the National Registry of NGOs under no. 2998/A/2012 legally represented by the President Stelian Brad, hereinafter referred to as ” CLUJ IT” the data controller,

  2. Today Software Solutions, a company with headquarters in Cluj-Napoca, 75 Plopilor Street, Cluj County, Romania, fiscal registration code RO29893671, Registered in the Chamber of Commerce registry under no. J12/658/2012, legally represented by Ovidiu Matan, hereinafter referred to as the data processor, 

  1. In view of the provisions of the legislation on the protection of personal data, in particular the General Data Protection Regulation (EU Regulation 679/2016, known as the GDPR) and the rules issued for its enforcement by the authorized entities,

  1. We hereby confirm that we as a legal entities and all the natural persons working under our aegis as well as any other person with whom we cooperate, have a particular interest in the protection of personal data relating to individuals who are participating in the events organized by us, the employees or collaborators of the entities with whom we work, their legal representatives or their contractual partners, as well as our suppliers, volunteers or other contractual partners.

  1. The aim of this notice is to explain the method and purpose for which your personal data are processed and how we make sure that your rights are respected and we reduce to minimum the risks of unauthorized access or use of these data. Please read this notice carefully.

  1. We hereby declare that, in this respect, we comply with all legal provisions on the protection of personal data as a personal data controller, or sometimes as the data processor authorized by the personal data controller or associated data controller, and we are implementing technical measures (such as cybersecurity, physical security of the headquarters and of communications), legal measures (specific clauses in contracts with suppliers and other entities) and organizational measures (training and verification of persons, limiting access rights on a need to know basis, regulation of working procedures with personal data etc.) in order to protect all operations related directly or indirectly to personal data, that prevent unauthorized or unlawful processing and accidental or unlawful data loss or destruction regardless of their format or storage media.

  1. We hereby confirm that we carry out personal data processing in compliance with the principles set out in Article 5 of the GDPR, namely: the processing is characterized by lawfulness, fairness and transparency; collection is limited to specified, explicit and legitimate purposes, and it regards only appropriate, relevant and limited data that are necessary, accurate and up-to-date; the data is promptly attributable to the subject; processing is made with appropriate technical and organizational measures to safeguard the rights and freedoms of the data subject, ensuring integrity and confidentiality, and everything based on accountability.

  1. Categories of data subjects

We are currently processing personal data of the following categories of natural persons:

  1. current, potential or former participants to our events

  2. our own staff – employees, volunteers, subcontractors that are natural persons, and the staff and representatives CLUJ IT CLUSTER and it’s member organizations, beneficiaries, collaborators and suppliers who are legal entities or associative entities without legal personality;

  3. representatives of public authorities, the media and other entities with which CLUJ IT interacts;

  4. other individuals with whom CLUJ IT come into contact.

  1. Categories of processed data

    1. Your surname and first names, job, position, rank and professional specialization, bank account, so that we can provide you with the services you contracted with us and for the fulfilment of legal obligations related to the records of payments (where applicable);

    2. Your surname and first names, telephone number and email address, for efficient communication regarding the organization of the event in which you chose to participate. We can send you information about the location, program, accommodation facilities, related social events etc. but also related to the recording of summaries, about the guests who confirmed their attendance and about the deadlines specific to such events. We may also send your surname, first name and email address to the other participants at the conference if you choose this option when you register.

    3. Your surname and first names and meal preferences if you communicate us such specific needs, these data are processed only temporarily and have the unique purpose of adequate offer of contracted services;

    4. Your surname and first names, studies, qualifications, academic, scientific or professional titles, occupation, workplace, position, professional achievements and rewards if you are a speaker or moderator at our conference for the purpose of informing the participants about the speech;

    5. Your surname and first names and information regarding your knowledge of foreign languages – since the official language of the entire event will be English we will presume you speak and understand English; In exceptional cases, prior set between organizers and speakers, we provide a translator from Romanian to English.

    6. Photo and video images of events we organize for the fulfillment of our contractual obligations towards the participants and the professional companies with which we collaborate in organization of the event;

    7. Your username for social media platforms will be revealed to us if you choose to interact with us by such means;

  1. Purposes of the processing

The purpose of the processing may include, as the case may be:

  1. For the purpose of conclusion and performance of the contract on the basis of which we provide the services related to participation in events (co-)organized by us (by virtue of article 6 paragraph 1 letter b) of the GDPR – conclusion and performance of contract);

  2. For the purpose of compliance with a legal obligation (by virtue of article 6 paragraph 1, letter c) of GDPR – fulfillment of legal obligations);

  3. For the purpose of informing you about other similar events we organize and for the permanent improvement of the quality of services offered (art. 6 paragraph 1 letter f) of the GDPR- legitimate interests). In principle, CLUJ IT do not process personal data such as those that imply obtaining of consent of Data subjects.

  1. Duration of the processing

The personal data will be stored as long as it is objectively necessary for the purposes mentioned above. For example, for observing the legal provisions the invoice, bank statements, and other such financial documents must be kept for 5 years, and the contract documents and proofs for fulfillment of obligations undertaken must be kept for the period of contract fulfillment and for the prescription period that is, in principle, 3 years.

These data will be stored according to the legislation in force and we apply technical and organizational measures for the protection of all operations regarding personal data directly or indirectly, which prevent unauthorized or illegal processing, and the accidental or illegal losses or destruction.

  1. What happens to the date at the end of the processing

We periodically review the collected data, analyzing to what extent its retention is still necessary for the aforementioned purposes and the interests of the subject and it decides to stop the processing for data that is no longer required to be retained. At the end of the processing period, that particular document, incorporating personal data, shall be returned to the data subject or entity that transmitted the data, or to the National Archives or other authority or institutions legally empowered, or it is destroyed or made anonymous as appropriate.

  1. Recipients and warranties

For the purposes mentioned above the personal data are processed not only by our staff (employees or volunteers), but can be transmitted to our providers of services such as those related to Information Technology (IT), marketing, photo / video, security and protection, accounting etc. Google, Microsoft, Apple, Dropbox, Facebook, YouTube, Zoom). Since these providers are professionals and provide services based on their own terms and conditions, including those related to personal data protection, they too act in the capacity of associated data controller and share with CLUJ IT the responsibility for protecting and lawfully handling your personal data, as legal persons based in the EU and / or processing data of EU citizens and thus legally bound to the GDPR and / or voluntary submitted to comply to the GDPR under the ”EU-US privacy shield”.

Of course, in our capacity of personal data controller we always make sure that we give adequate guarantees for the protection of your personal data, including when they are transmitted to third parties whether they have in relation with us, the capacity of processor or joint controller or another capacity set out by the law.

We want to assure you that the personal data collected and processed by our association is NOT transmitted to third parties for marketing purposes or any purposes other than those for which they were collected.

We do NOT process your personal data by an automated decision-making process and do NOT create profiles.

The personal data collected and processed by us can be considered as the object of a transfer to a third country (outside the EU) because we use the data storage service ”cloud” offered by Google, and sometimes we also use platforms and software that uses own clouds / remote servers, but all offers high security and confidentiality guarantees recognized by the European Union as adequate based on the system known as ”EU-US privacy shield”.

  1. The rights of data subjects

  1. the right to be informed – you can ask if, when and how we process your personal data.

  2. the right of access to personal data – you can request the access to your personal data that is processed by us.

  3. the right to rectification – you can correct the inaccurate personal data or you can have incomplete personal date completed

  4. the right to erasure (‘right to be forgotten’) – you can request the erasure of your personal data if their processing is no longer necessary, was not or is no longer legitimate or in other cases provided by the law.

  5. the right to withdraw your consent – in the cases when the processing is based on your consent, you can withdraw your consent anytime. The withdrawal of your consent will have effects only for the future, the processing performed before the withdrawal will continue to be legitimate.

  6. the right to restrict processing – you can request and obtain the restriction of processing of your personal data if you challenge the accuracy of data, the legitimacy of their holding or in other cases set out by the law.

  7. the right to data portability – you can receive under the legal conditions, the personal data you provided to us, in a format which can be automatically read and you can request that those data are transferred to another controller.

  8. the right to object – you can object especially to the processing of data which is founded on our legitimate interest;

  9. the right to lodge a complaint with our entity or with the competent supervisory authority for data protection (ANSPDCP – www.dataprotection.ro).

  10. the right to go to court.

  1. How you can exercise the rights mentioned above

For the exercise of your rights mentioned above, and for any further questions regarding this Notice or in connection with the use by our association of your personal data, please contact our Data Protection Officer. The contact data of the Data Protection Officer from CLUJ IT is: gdpr@clujit.ro;

If you want to exercise the right to lodge a complaint to the competent state authority, this is the National Authority for Supervision of Personal Data Processing (ANSPDCP – www.dataprotection.ro) which has the right to investigate by administrative means the situation reported and to order measures for the adequate resolution of your dissatisfaction including filling a legal action in court in your name if the legal action is required and you do not do it directly (according to the provisions of Law no. 129/2018)

  1. Amendments to this notice

The personal data protection legislation is in full dynamics, and although CLUJ IT has properly implemented GDPR, it is very likely that regular adjustments of the privacy policy and personal data protection policy are required to keep up with legislation and good practices under evolution, and with the development of our organization and technologies and practices on the market, so that this notice will suffer changes that we will display on our website https://clujinnovationdays.com/ .

GDPR Notice  July 2022