The “Privacy Policy” for the enforcement of Regulation (UE) 2016/679 – G.D.P.R.

I. OUR COMMITMENT WITH RESPECT TO YOUR PERSONAL DATA

Fundația Misericors - Trup pentru suflet is committed to implementing high standards of confidentiality and transparency regarding the personal data we collect and process in our activity.

This Privacy Policy relates to the personal data of our employees, potential employees/ collaborators with whom the foundation is in contact due to the activity carried out, bussiness partners and all those who visit and contact us, as well as of their representatives.

The Confidentiality Policy describes the categories of your personal data that we process, the manner in which we collect these data and the purpose for which we collect them, the manner in which we process the personal data, the period of time in which these data shall be stored, which are the situations in which we transfer these data, as well as the rights and options that the data subjects in this respect.

II. YOUR PERSONAL DATA OPERATOR

Our identification data in the relation we have with you are the following: Fundația Misericors - Trup pentru suflet with its headquarters in Bucharest, sector 2, 58 Ferdinand I Boulevard, entrance C, 1st floor, Bureau nr. 2, Room 2.

III. WHICH ARE THE CATEGORIES OF PERSONAL DATA THAT WE PROCESS

The categories of personal data that we process might include:

  • Identification data, such as: name and surname, nationality, date and place of birth, personal code, series and number of the identity card, respectively the number of the passport, the sex, data on the criminal record;
  • Contact information, such as: address of domicile/residence, professional address, telephone number, fax number and e-mail address;
  • Data related to your health state;
  • Data regarding the professional competencies;
  • Information communicated voluntarily by you depending on the activity carried out by you (ex: instructions granted, payments performed, requests);
  • Other personal data, if they prove relevant to the contractual relationships between us, such as the bank account.

IV. HOW DO WE COLLECT YOUR PERSONAL DATA

We can collect personal data related to you in circumstances such as:

  • The moment you or your company / institution requests an offer / information / clarification from Fundația Misericors;
  • The moment you or your company requests a service from Fundația Misericors;
  • The moment you apply or your company / institution requests to obtain an asset from Fundația Misericors;
  • The moment when you provide or offer to provide, or your company / institution provides or offers to provide, services for us;
  • The moment when we intend / request to buy / obtain an asset from you or from your company / institution;
  • The moment when we intend to conclude a labor or collaboration contract with you;
  • The moment you communicate to us or your company / institution voluntarily communicates us, for any reason, your personal data.

Also, it is possible that in certain circumstances we collect personal data with respect to you from a third party.

V. LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA

The personal data of the beneficiaries who need products or services provided free of charge by the foundation, such as the name, address, identity card serial number, personal numeric code, will be collected and processed to take the necessary steps to conclude or to execute a contract, as well as for the delivery of the products.

Special data, such as health status, will be processed based on the beneficiary's consent. Your consent regarding the data related to the health status is necessary in order to be able to benefit from mobility devices / apparatus / medical devices, received free of charge by the foundation from sponsors and charitable organizations to whom we have to demonstrate how we have used these goods.

Any processing of your personal data will be carried out on the basis of one of the legal bases below:

  • The processing is necessary to execute a contract to which you are a party or your company / institution is a party, or the processing is necessary to conclude a contract with you or your company / institution;
  • The processing is necessary for the observance of a certain legal requirement;
  • The processing is carried out on the basis of your prior and explicit consent;
  • Processing is necessary for the purposes of the legitimate interests of Fundația Misericors or a third party, unless your fundamental interests or rights and freedoms prevail over those interests;
  • The processing is necessary for the fulfilment of a request that serves a public interests;

In cases where the applicable legal provisions require your prior and explicit consent for the processing of special categories of data, we will process that data only on the basis of your prior and explicit consent.

In any moment you have the right to repeal your consent. The repealing of your consent shall not affect the legality of the data processing based on the previous consent. In order to repeal your consent for any processing for which you have provided your consent priory, please communicate an e-mail at fundatia@misericors.com or send us a notification at the address Bucharest, sector 2, 58 Ferdinand I Boulevard, entrance C, 1st floor, Bureau nr. 2, Room 2.

In case you withdraw your consent, Fundația Misericors shall not process your personal data and shall take all adequate measures in order to delete any records related to your personal data. However, in case the processing is strictly necessary in order to perform the activity engaged by Fundația Misericors and the processing could be based on other legal grounds provided by the legal requirements in force, Fundația Misericors shall proceed to the respective processing and shall inform you in this respect.

VI. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA

Your personal data will be used for the following purposes:

1. Providing the services you request: provision of services, offering of donations, undertaking of volunteering activities;

2. Validation, shipment and invoicing of orders / services to you or your company / institution;

3. Resolving cancellations or problems of any kind related to an order or a contract;

4. Communicating with you through means of communication such as mail, courier service, telephone, fax, e-mail;

5. Data processing as required by law;

6. Maintaining a contractual relationship with you or your company / institution at an appropriate level;

7. Concluding the donation, service or other type of contracts, depending on the nature of the requested service;

8. Preparation of payment documents;

9. Compliance with our legal obligations (such as keeping the various types of records);

10. Monitoring your or your company situation;

11. If you search for a job, we'll use the personal data contained in the CVs we receive to evaluate the applicants' qualifications for a position within Fundația Misericors, which will be kept for a period of up to 5 years.;

12. In order to fulfill the legal obligations that derive from our quality as an employer, issf you are an employee of Fundația Misericors;

13. For any purpose related / auxiliary to any of the above or any other purpose for which your personal data have been provided to us;

14. Also, the personal data of the foundation's supporters (donors, participants in events, etc.), such as names, first names, email and telephone addresses, photo / video images will be processed in order to inform them about the activities and actions undertaken by the foundation, by sending newsletters, invitations and personalized messages.

VII. SHARING YOUR PERSONAL DATA

Personal data collected and processed by the foundation may be transmitted to third parties if this is a legal obligation of the foundation, as a result of the request of the data subject or at the request of a public entity, in order to fulfill the specific tasks that are assigned to it by law.

Thus, your personal data may be requested and transmitted by the foundation to: County and National Employment Agencies, National Qualifications Authority, inspectors of the National Fiscal Administration Agency, judicial police bodies, courts, executors, as well as any other public institution or authority whose duties include requesting and obtaining documents containing personal data from legal persons under private law.

We can share your personal data in the following circumstances:

If you are a client/ provider, employee/collaborator of Fundației Misericors we can disclose your personal data to:

a) the outsourced services of the foundation, which ensures the smooth running of our activity;

b) public institutions, according to the obligations provided by the legislation in force;

c) lawyers, court executors, public notary, where sharing is required to defend our legitimate rights;

d) any third party to whom we assign / novate any rights or obligations;

e) the postal and courier services we collaborate with.

Fundația Misericors will retain control over your personal data and will use appropriate safeguards, in accordance with applicable law, to ensure the integrity and security of your personal data at the time of requesting by the respective service providers.

Otherwise, we will be able to disclose your personal data only if you give us your permission or when we are required by law or requests of the judicial or official bodies to do so.

VIII. PERSONAL DATA THAT YOUR PROVIDE TO US IN RESPECT OF OTHER NATURAL PERSONS

In case that you provide us personal data with respect to another natural person, you must make sure that you have the right to disclose to us these personal data and that, without taking any additional measures, we can collect, use, and disclose those personal data.

Most important, you have to make sure that the respective natural person knows about these aspects such as: our identity, the manner in which the person can contact us, the purposes for which we collect the data, our practices in view of disclosing personal data; the rights of the natural person with respect to the personal data and the right to file complaints with respect to the manner in which personal data are managed.

IX. MAINTAINING THE SECURITY OF YOUR PERSONAL DATA

At the level of Fundația Misericors technical and organizational measures were implemented in view of maintaining confidentiality and security of your personal data, in compliance with our internal procedures in respect of storage, disclosure and accessing of personal data. The personal data can be kept on our personal data technological systems and/or in printed form, in specially conceived spaces.

X. TRANSFER OF YOUR PERSONAL DATA ABROAD

We could transfer your personal data in countries located in EU, SEE or in any countries.

In these cases, we shall make sure that these international transfers are performed under the reserve of adequate or accurate protection measures, as imposed by the General Regulation on the protection of natural persons with regard to the processing of personal data (EU) 2016/679 or by other applicable laws.

XI. UPDATE OF PERSONAL DATA

In case that any of the personal data provided by you is amended, for example if you change your surname, your name or your e-mail address or if you wish to annul any type of request to us, or if you find out that we hold any incorrect personal data related to you, please notify us by submitting an email at the address fundatia@misericors.com.

In the same time, we shall take measures for the periodic update of our records with respect to your personal fata, but we shall not be responsible for any unforeseeable amendment of your personal data.

XII. HOW LONG WE KEEP YOUR DATA PERSONAL

Fundația Misericors implemented technical and organizational measures for the accurate development of the process and criteria provided for the deletion or elimination of your personal data.

We intend to keep your personal data both during the course of our contractual relations or, in the case of the employees, during the period of the employment relations and subsequently, in accordance with our internal policies and the legal obligations incumbent on us.

If the data is not collected in the context of a contract, this data will be kept for as long as is necessary to achieve the purpose of collecting the expected data.

If data that are no longer needed will be identified, they will be anonymised or deleted.

The data for which there is a legal basis for retention will be archived, in compliance with data security guarantees.

XIII. WHICH ARE YOUR RIGHTS IN RESPECT OF PROCESSING PERSONAL DATA AND HOW YOU COULD EXERCISE THESE RIGHTS

In compliance with the applicable regulations, you have the following rights:

  • To access: you could obtain information related to the processing of your personal data and a copy of these personal data;

However, your access to the processed data, could be exercised only to the extent to which the rights and freedom of other persons are not prejudiced;

  • To rectify: in case you consider that your personal data are inaccurate or incomplete, you can request the adequate modification of these personal data;
  • To erase: you can request the erasing of your personal data, to the extent provided by the legal provisions in force;

However, the personal data shall not be erased when the processing is necessary for:

- exercising the right to freedom of speaking and information;

- observance of a legal obligation that provides the processing of data based on the rights of the Union or of the internal right that is applied to the foundation or for the fulfilment of a task executed for public interest;

- for the acknowledgment, exercising or defense of a right in court.

In addition, when Fundația Misericors made public in any context the data for which the deletion is requested by you and you request also the deletion of data from any addressee, it shall be retained reasonably by means of adequate measures (including technical measures) to ensure the notification of addresses of data with respect to such a request.

  • To restrict: you could request the restriction of the processing of your personal data, respectively the limitation of this restriction strictly to the processing that you agree with and/or strictly to the processing that is necessary with the purpose of acknowledging, exercising or defending a right in court or for the protection of the rights of another natural or legal person on grounds of important public interest of the Union or of a member state;

The restriction shall be applied when:

- you challenge the exercising of data, for a period of time that allows us to verify the accuracy of the data;

- the processing is illegal, and you are against the deletion of the personal data, requesting in return the restriction of using these data;

- Fundația Misericors nu mai are nevoie de datele cu caracter personal în scopul prelucrării, dar dumneavoastră ni le solicitați pentru constatarea, exercitarea sau apărarea unui drept în instanță;

- v-ați opus prelucrării, în conformitate cu prevederile legale ce reglementează dreptul dumneavoastră la opoziie, pentru intervalul de timp în care se verifică dacă drepturile legitime ale noastre prevalează asupra celor ale dumneavoastră.

  • To be against the data processing: you can be against processing of personal data, based on grounds related to your particular situation, art. 6 para 1 letter e) and f) of the Regulation 679/2016, as well as, in case the data are processed with the direct marketing, in this last case, with no argumentation or justification;

In this situation, we shall not be able to process your personal data, except for the case in which we shall demonstrate you the existence of legitimate and imperious reasons that justify the processing and that prevail upon your interests, rights and freedoms or that the purpose of the processing is the acknowledgment, exercising or defense of a right in court.

  • The right to notify the addressees with respect to the rectification, deletion, or restriction of the personal data: the addressee to which your personal data were disclosed shall be informed with respect to any rectification or deletion of such data and with respect to any restriction of the processing performed;
  • The right to the portability of data: you have the right to request that the personal data that you provided us would be returned or, if possible, would be transferred to a third party, in case the following conditions are fulfilled cumulatively:

a) the processing is based on consent or it is necessary for the execution of an agreement that you are part of or for which you take steps upon your request prior to the conclusion of an agreement; and

b) can be performed with automated means (not in physical form/paper, but through automatized means).

  • The right of not being subject to automatized decision, including the profiling – you have the right that your personal data should not be processed in the context of taking automated decisions.

Data processing for automated decision making is allowed when:

- is necessary for the fulfillment of the object of activity of the company and / or the conclusion or execution of a contract between you and Fundația Misericors;

- is authorized by the European Union law or national law that applies to Fundația Misericors and also provides for appropriate measures to protect your legitimate rights, freedoms and interests; or

- you have expressly consented to such processing

In case you intend to exercise the rights listed above, please submit a notification to the address Bucharest, sector 2, 58 Ferdinand I Boulevard, entrance C, 1st floor, Bureau nr. 2, Room 2 or an e-mail at the following address fundatia@misericors.com.

We request you that with the purpose of identification and prevention of the unauthorized disclosure of data, to include a scan/ copy of your identity card.

In compliance with the applicable regulation, in cases in which you will acknowledge that your rights with respect to the personal data processing were breached, besides the above mentioned rights, you have the right to submit a claim at The National Supervisory Authority For Personal Data Processing– with its headquarters in 28-30 Bd. Gheorghe Magheru, Bucharest, Romania.

XIV. YOUR INFORMATION WITH RESPECT TO SECURITY BREACHES

We ensure you that we have proceeded to the training of persons involved in the data processing processes so that these persons will be able to identify the security breaches and bring those breaches to the attention of responsible persons in order to take all necessary measures for the review and limit of the consequences of the security breach and, as the case may be, for the notification of the supervision authority and data subjects.

Our foundation shall notify the security breaches the notification of which being mandatory (susceptible to generate a risk for the rights and freedom of the data subjects) to the supervisory authority for personal data processing.

In cases in which the notification of the authority is mandatory, this shall be made with no delay, as a general rule no later than 72 hours from the date at which the operator acknowledged the occurrence of the breach.

For the preparation of the notification, the operator shall have as purpose the protection of the confidentiality of information provided you, sense in which details shall be submitted to the authority with respect to the categories and number of persons affected, without compromising the confidentiality of the data received.

In case a security breach occurs, we shall proceed to informing you in order to be able to take protection measures, in general no later than 72 hours from the date at which we acknowledged the existence of the breach.

You shall be informed only if the security incident is susceptible of generating a high risk for your rights and freedoms.

If the actual circumstances do not claim a different approach, the information shall be made by means of a directly addressed communication, by means of an adequate communication means (electronic mail, SMS etc.).

As exception, only if direct contacting would imply an unproportionate effort, a public information could be performed.

We guarantee that you will be informed with respect to any new proceedings related to the incident and with respect to the measures that we shall take in respect of this incident, requesting you opinion in order to limit the consequences of the incident and to be able to prevent another occurrence of the incident.

With respect to any breach, we shall help you, in any way, that shall include the provision of sufficient information, as well as support in the investigations performed by the regulating activity, with the purpose of remedying and investigating the breach, to prevent the future incidents, to limit the impact of the incident upon the parties involved and/or to limit the prejudice produced to you, as a consequence of security breaching.

XV. CUM NE PUTEȚI CONTACTA

If you would like to contact us regarding any questions or requests, please send us an e-mail to fundatia@misericors.com or send us a letter to the address Bucharest, sector 2, 58 Ferdinand I Boulevard, entrance C, 1st floor, Bureau nr. 2, Room 2.

XVI. UPDATES OF CONFIDENTIALITY POLICY

The most recent update of this Confidentiality policy was performed on July 15, 2019. We reserve the right to periodically update and modify this Confidentiality policy, in order to reflect any amendments of the manner in which we process your personal data or any amendment of legal requirements. In case of any such amendment, we shall display on our internet page the modified version of the Confidentiality policy and/or we shall make it available for you in any other manner.

Most recent update: July 15, 2019