The scope reflects on the processing of personal data, carried out wholly or partially by automated means, as well as the processing by other means than those automated of personal data which form part of a data record system or are intended to form part of a data record system.
Law no. 190/2018 regarding measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
REGULATION (EU) No 679 of 27 April 2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR).
- processed lawfully, fairly, and transparently to the data subject (lawfulness, fairness, and transparency);
- collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes, in accordance with Article 89(1) (purpose limitation);
- adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimization);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy);
- kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (storage limitation);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by appropriate technical or organizational measures (integrity and confidentiality).
- To charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested;
- To refuse to act on the request.
- Identification data of the person submitting the request/complaint (name, surname, and ID number);
- Capacity of the person submitting the request/complaint;
- Subject of the request, including a complete description of the information/modifications requested;
- Contact details (mailing address and email address) for sending the response;
- Date of submission;
- Signature of the person submitting the request/complaint.
- Identity and contact details of the controller; purposes for which the personal data are processed, as well as the legal basis for the processing; categories of personal data processed; recipients or categories of recipients of the personal data, if applicable; where possible, the period for which the personal data will be stored or, if not possible, the criteria used to determine this period; source of the data collection and the data subject’s rights regarding: rectification, erasure, restriction, objection, and the right to lodge a complaint with the ANSPDCP (in the case of a request for access to personal data);
- Information on the reasons for rejecting the request (if applicable);
- Measures taken under Articles 15-22 and 34 of the GDPR to address the request (depending on the subject of the request: rectification, erasure, restriction, data portability, etc.).
- In physical format to the mailing address of the data subject, as specified in the request;
- Scanned, via email, to the email address specified by the data subject in the request.
- Right of access to processed personal data: You have the right to obtain confirmation of whether your personal data are being processed, and if so, access to the type of personal data and the conditions of their processing, by submitting a request to the data controller.
- Right to request rectification or erasure of personal data: You have the possibility to request, by submitting a request to the data controller, the rectification of inaccurate personal data, supplementation of incomplete personal data, or erasure of your personal data in situations where: (i) personal data are no longer necessary for their initial purpose (and there is no new legal basis for processing), (ii) the legal basis for processing is the data subject’s consent, and the data subject withdraws their consent, and there is no other legal basis for processing, (iii) the data subject exercises the right to object and the data controller does not have compelling legitimate grounds for further processing, (iv) personal data have been unlawfully processed, (v) erasure is necessary for compliance with EU or Romanian law, or (vi) personal data have been collected in connection with the offer of information society services to children (if applicable), for which consent is governed by special rules.
- Right to request restriction of processing: You have the right to obtain restriction of processing in situations where: (i) you believe that inaccurate personal data are being processed, for a period allowing the controller to verify the accuracy of your personal data; (ii) processing is unlawful, but you do not wish to delete your personal data, requesting only restriction of their use; (iii) where the controller no longer needs your personal data for processing purposes mentioned above, but you request the data for the establishment, exercise, or defense of a legal claim in court, or (iv) you have objected to processing, for the period while it is verified whether the legitimate grounds of the controller override the data subject’s rights.
- Right to withdraw consent for processing, when processing is based on your consent, without affecting the legality of processing carried out before the withdrawal of consent;
- Right to object to processing of personal data for reasons related to your particular situation, when processing is based on legitimate interest, and to object at any time to processing of personal data for direct marketing purposes, including profiling;
- Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
- Right to data portability, namely the right to receive your personal data provided to the controller in a structured, commonly used, and machine-readable format and the right to transmit this data to another controller, where processing is based on your consent or the performance of a contract and is carried out by automated means;
- Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) and the right to address competent courts.
All these rights can be exercised through a written, signed, and dated request, sent to our headquarters or to the email address: gdpr@umfcluj.ro
Email address: ovidiu.andreies@umfcluj.ro; gdpr@umfcluj.ro