A. Controllers: Having regard to the provisions of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, we, Romanian-American Foundation, a corporation organized under the laws of the State of Delaware, United States of America and Fundația Româno-Americană, with headquarters in Bucharest, 6 Gina Patrichi Street, District 1, Romania (hereafter referred to as ,,we”, ,,us” and/or the ,,Foundation”), in our capacity as joint-data controller, hereby inform you on how, when and why we process your personal data, the conditions in which we can disclose your personal data to others and how we keep it safe.
B. We are processing your personal data for specific purposes.
Given your capacity as a legal representative, proxy or contact person, we process your personal datafor the following purposes:
a) performance of the contract concluded with the entity you represent/act for;
b) compliance with the rules, legal regulations, codes of conduct or guides that apply to us, or to enforce the law and cooperate with the competent authorities, including but not limited to tax and judicial authorities. We process your personal data for the performance of the contract (including the pre-contractual interactions) concluded with the entity that you represent/act for and for compliance with our legal undertakings as a contracting party.
c) In addition, we may process your personal data in light of our specific legitimate interests such as (for example): preventing, detecting and investigating crime, including fraud and moneylaundering or terrorist financing, and analyzing and managing commercial risks; OR in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations; OR managing and preparing reports for internal purposes, requesting feedback and taking part in surveys, conducting research and/or analysis for statistical, or other purposes for us to design our products, understand customer behavior, preferences and market trends, and to review, develop and improve our activity.
Whenever we rely on this legal basis to process personal data, we evaluate our interests to ensure that they do not prevail over your rights. In addition you have the right to object to this processing. For more information, see the “Your Rights” section.
C. We disclose your personal data to third parties.
In order to facilitate our activities for the purposes of processing detailed above, we communicate this data to third parties, including our affiliates and partners, such as:
– counterparties and their respective banks in relation to any fund transfers;
– third party service providers who provide operational services, such as courier services, telecommunications, information technology, payment, processing, training, storage, archiving, customer support investigation services;
– professional advisers such as auditors and lawyers;
– relevant government regulators, statutory boards or authorities and/or law enforcement agencies, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them.
Your personal data is transferred outside the European Economic Area, in the United States of America. These transfers take place in compliance with the legal provisions and applying appropriate protection measures.
D. Your Rights: We guarantee observance of your rights in what concerns your personal data.
Unless subject to an exemption provided by law, you have the following rights with respect to your
– right to access – you may ask us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information on the
– right to rectification – you may demand without undue delay the rectification of inaccurate data or the correction of incomplete data;
– right to erasure/right to be forgotten – you may ask the erasure of personal data concerning you whenever the personal data is no longer necessary in relation to the purposes for which they were collected or processed and there is no other legal ground for the processing, the personal data has been unlawfully processed or the personal data have to be erased for compliance with a legal obligation; we will analyze the request in accordance with the reasons justifying the request and return to the legal deadline with details of its implementation. As a general approach, on the expiry date of data retention periods as identified above, your data will be either deleted or anonymized. You may ask us to delete the personal data we hold about you
– right to restriction of processing where (i) you challenge the accuracy of the personal data; (ii) the processing is unlawful and you oppose the erasure of the personal data while you request the restriction of their use instead; (iii) the Foundation no longer needs the personal data for its purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims; (iv) you have objected to the processing pending the verification whether our legitimate grounds override your rights;
– right to object – you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data based on legitimate interest – point B letter c) above; we shall no longer process your personal data unless the Foundation demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
– right to data portability – the right to receive the personal data concerning you, which you have provided to the Foundation for the purposes indicated herein, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
– right to lodge a complaint with the supervisory authority;
– right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless is necessary for performance of the agreement or is authorized by law. We do not use automated means in order to process your personal data.
E. We keep the personal data for a limited period.
Your data shall be kept for the period of time necessary for complying with specific legal obligations applicable to our domain of activity or according to applicable statute of limitations (7 years following the termination of the contract) or for the time provided by archive law provisions (for example, for records and other financial and accounting documents).
F. We have implemented appropriate technical measures to ensure the security of personal data.
We will do everything that is necessary to protect your personal data or control by establishing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, alteration or disposal, as well as other similar risks.
G. Controller Contact details
If you have any questions about the way we process your personal data or you may exercise your rights by submitting a written request by post to our address: Fundația Româno-Americană, 6 Gina Patrichi Street, District 1, Bucharest, Romania or by email to firstname.lastname@example.org
H. Supervisory authority: also, if your request has not been resolved or you are still dissatisfied, you
may complain before the National supervisory authority for Personal data processing