PRIVACY POLICY

This privacy policy tells you about how your personal data is being processed and what your rights are in relation to such processing.

Identity and contact details of the Controller:

Your personal data is processed by SEK INTERNAȚIONAL BUCUREȘTI Association, tax registration number 41727589, email: secretariat@sekbucuresti.ro, phone: 0734986797 (“SEK” or “us”), according to the provisions of the EU Regulation no. 679 of 2016 on the Protection of Personal Data (“GDPR”) and Law no. 190 of 18.07.2018, on measures for the implementation of GDPR in Romania.

Contact details of the Data Protection Officer:

The processing of personal data is performed under the supervision of a Data Protection Officer. Should you have any claim regarding your personal data processed by us, or wish to exercise one of your rights concerning your personal data, please address your request through the contact details given above or directly to the Personal Data Protection Officer via the email address secretariat@sekbucuresti.ro .

Categories of data subjects and types of data processed:

SEK processes the following categories of personal data, belonging to the following categories of people:

• persons who are representatives or contact persons of companies with SEK has or intends to have a contractual relationship;
• persons who may become, are or have been contractual or commercial partners of
• SEK;
• minors who are willing to participate, or have participated in forms of training, education or educational programs and / or related activities organized by SEK, as well as their parents and / or their guardians;
• parents or legal guardians of minors who may participate in forms of training, education or educational programs and / or related activities organized by SEK;
• employees and collaborators of SEK or candidates for job openings.

The personal data of the categories of people listed above can be collected directly from them, from the messages (sent by telephone, FAX, email or through instant messaging applications or social networks) through which we are asked about the educational services delivered. These data can also be collected during direct meetings between SEK representatives and potential beneficiaries of our activities that we carry out. Later contact details may be supplemented with other information related to the person’s identity, such as home address or residence address, job address, national identification numbers, health data, and other data with special character, depending on the necessities imposed by the commercial, financial law rules or by the norms governing the activities carried out for the benefit of the persons whose data we process.

Personal data can be in anonymous form (cannot identify the data subjects by such processing) and can also be automatically collected from those who visit the websites or the online services of SEK. Such data is used to optimize and adapt the content of online services, according to the requirements and interests of those accessing them.

Depending on the needs deriving from the legitimate interests or legal obligations, or obligations stemming from contractual relations of SEK, the types of personal data that we process are:

• Anonymous data associated with web traffic: IP address, computer system type (desktop, tablet, PC, smartphone), browser type, cookies modules;
• Identification data: Last name, first name, telephone or FAX number, email address, home address, residence address, or address used for delivery of documents, products or services.
• National identification numbers: Personal Identification Number (CNP) ID series and number, driving license number, passport number, health insurance number.
• Data of a special nature that allow the individualization of a natural person through profession, occupation, job, religious confession, health data, and criminal record data.

Purpose, duration and legal basis of the processing of personal data.

With respect to contractual partners of SEK and their representatives, we only process contact data in order to pursue legitimate interests derived from SEK‘s objectives. These interests may include processing for statistical purposes or direct marketing.

The duration of the processing of personal data by SEK shall not exceed that which is necessary in order for the legitimate interest of SEK to be achieved and its legal and contractual obligations observed.

In case of a contractual relationship between SEK and the data subject, we may also process contact details for identification or individualization purposes, as required by the legal rules governing the contractual relationship. Such data is typically processed for a period equal to the statute of limitation period for the legal obligations assumed (typically this period is 3 years) or the period required by law for certain categories of documents (for example, the retention period for the personnel file is 75 years).

The obligation to provide data:

When contacting us directly (by mail, email or telephone) for obtaining information, the provision of your data is not a legal or contractual obligation. On the other hand, however, please note that in the absence of such data, we will not be able to send you information about the activities of SEK for which you may express interest at a given moment and consent to such communication

When between you and SEK there is a contractual relationship or one is intended to be concluded, you will need to provide us with the data required by the legal rules governing the activities we carry out for your benefit in addition to contact data, as in the absence of such data, it may be impossible for us to provide you with the services or products requested.

Legitimate interests:

The data provided by you may be processed in order to meet the legitimate objectives of SEK regarding the activities it is authorized to carry out. These interests may include but are not limited to, contacting partners to promote our services or products, transferring personal data to entities that have a contractual relationships with us when their activity requires access to such data, preventing fraud, abusive use of our services and products, monitoring of premises in order to ensure their physical security, protection of IT systems and other assets, processing for historical, scientific and statistical purposes, processing for research purposes (including marketing studies).

The security of personal data processed by SEK:

SEK undertakes to apply all technical and organizational measures required under GDPR in order to ensure the protection of personal data that processed. Such data may be processed through computer and communications systems and other electronic systems and in any other forms, against threats and any actions that may affect the confidentiality, integrity, availability, authenticity of data, and non-interruption of processing operations, as well as preventing the impairment of the operation of computer systems, whether occurring accidentally or intentionally.

Data made available to third parties:

Your personal data processed by SEK can be made available to third parties such as intermediaries specialized in providing related or complementary services to our activities (such as by electronic payment services, courier services, accounting services, etc.). Any provision of personal data to a third party will be made only in accordance with the applicable law.

Transferring data to a third country or an international organization outside the European Union:

We process personal data together with our partners only in the European Union.

We do not transfer personal data to entities outside the EU except to the extent that those countries are on the list of countries considered by the EU as presenting adequate conditions for the protection of personal data or only with the fulfillment of the conditions described in Chapter V of the GDPR on transfers of personal data to third countries or international organizations.

Your rights regarding your personal data:

You may have a right of access to the personal data that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted.

You can withdraw your consent and we will no longer process your data on such basis. However, the processing occurred before the withdrawal of consent will not be affected.

You can object to our use of your personal data for direct marketing purposes at any time and you may have the right to object to our processing of some (restrict) or all of your personal data (and require them to be deleted) in some other circumstances.

In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider.

If you wish to exercise any of the rights referred to above, please contact us as at secretariat@sekbucuresti.ro.

You can also lodge a complaint about our processing of your personal data with the National Authority for the Supervision of Personal Data Processing, phone +40.318.059.211, email anspdcp@dataprotection.ro or through www.dataprotection.ro.