Privacy policy

General

Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or GDPR) was adopted by the European Parliament and the Council of the European Union on 27 April 2016 and its provisions are directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons in the European Union. From a substantive point of view, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons, and in particular to undertakings having legal personality, including the name and type of legal person and the contact details of the legal person.

Personal data are defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Identity of the controller

With the clarification that the Regulation does not apply to the processing of personal data carried out by a natural person in an exclusively personal or domestic context, the controller processing personal data through this website is residing in Romania, identified by ROU0161399, with contact details: mzz[at]utilajeterra.ro .

Recital 18 of the GDPR states that personal or domestic activities should not be related to professional or commercial activity. Personal or household activities may include correspondence and address book or social networking activities and online activities carried out in the context of those activities.

Obtaining Consent

In order for the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject’s prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has given his or her consent to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions laid down in the GDPR.

Consent must be given by an unequivocal statement or action which constitutes a freely expressed, specific, informed and clear expression of the data subject’s consent to the processing of his or her personal data. Where the data subject’s consent is given in the context of a statement, in electronic or written form, which also relates to other matters, the request for consent must be presented in a form which clearly distinguishes it from other matters and may even be made by ticking a box. For the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject’s prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has given his or her consent to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions laid down in the GDPR.

Cookies

Cookies are used on this site. They do not harm your computer and do not contain viruses, but are intended to help make the site easier, more efficient and safer to use. They are small text files that are stored on your computer and saved by the browser you are using.

Many of the cookies used are called “session cookies”, which are automatically deleted after visiting this site. Others remain in the memory of your computer until you delete them, making it possible to recognise your browser on a subsequent visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be set to automatically accept cookies under certain conditions or to always reject cookies or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you want to use (such as shopping cart) are stored in accordance with the provisions of Article 6 (1) (f) of the GDPR, according to which processing is lawful only if and to the extent that it is necessary for the legitimate interests pursued by the controller or a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies in order to ensure technical error-free optimization. Other cookies (such as, for example, those used to analyse your browsing behaviour) are also stored and will be dealt with separately in this document.

Contact form

If you send us questions via the contact form, we will collect the data entered in the form, including the contact details you provide, in order to respond to your questions and subsequent questions. We do not transmit this information without your permission. We will therefore only process any data you enter into the contact form with your consent. [You can revoke your consent at any time, an informal e-mail to this effect is sufficient. Data processed prior to receiving your request may be processed lawfully. We will keep the data you provide on the contact form until:

you request deletion of the data;

you revoke your consent to their storage or if

the purpose for its storage is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contact by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request, including any personal data you provide, will be stored and processed by us for the purpose of dealing with your request, based on your consent.

Therefore, we will process all the data you provide under the following legal provisions in the GDPR respectively:

only with your consent – in accordance with the provisions of Article 6 para. 1 lit. a) GDPR

for the performance of a contract or at the pre-contractual stage – in accordance with the provisions of Art. 6 para. 1 lit. b) GDPR

for the fulfilment of the purpose and legitimate interest pursued by us, i.e. the efficient processing of requests submitted by you – in accordance with the provisions of Art. 6 para. 1 lit. f) GDPR.

We will keep the data you provide in this way until:

you request deletion of the data;

you revoke your consent to their storage or if

the purpose for its storage is no longer valid, in all cases except for mandatory data retention periods.

Registration on the website

You can register on this website to access additional features and services offered by our company. In this regard, the data entered by you will be used and processed for the purpose of using the respective service or function for which you have registered. The mandatory data requested at registration must be provided by you in full, otherwise the registration operation will be rejected.

In order to inform you about important changes, such as those in the scope of our website or technical changes, we will use the email address you specified at the time of registration.

The processing of personal data, provided in the registration procedure, is done only with your consent and in compliance with the provisions of Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time, an informal e-mail to this effect being sufficient. We will continue to store data collected during registration for as long as you remain registered on this

User rights

Your rights concerning personal data and the means to exercise them are: Right of information, Right of access, Right to rectification, Right to erasure of data, Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated processing, Right to lodge a complaint and to apply to the courts, Right to withdraw consent.

Right to information – you can request information on the activities of processing of your personal data, on the identity of the controller and its representative or on the recipients of your data;

Right of access – you can obtain confirmation from the controller whether or not personal data relating to you are being processed and, if so, access to that data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations ; where possible, the period for which the personal data are expected to be stored or, if this is not possible, the criteria used to determine this period ; the right to request the controller to rectify or erase the personal data or to restrict the processing of the personal data or the right to object to the processing, etc.

Right to rectification – you can rectify inaccurate personal data or complete them;

Right to erasure of data – you can obtain erasure of data if the processing was unlawful or in other cases provided for by law;

Right to restriction of processing – you can request restriction of processing if you contest the accuracy of the data and in other cases provided for by law;

Right to data portability – you can receive, under certain conditions, the personal data you have provided to us, in a machine-readable format or you can request that those data be transferred to another controller

Right to object – you can object in particular to data processing based on the legitimate interest of the controller.

Obligations of the data controller

The personal data registered on this website are stored on our own servers. The processing of the data provided and stored complies with the following legal provisions:

Art. 6 para. 1 lit. a) GDPR – the processing of personal data is based on your consent, obtained after correct and complete information;
Art. 6 para. 1 lit. f) GDPR – data processing is carried out for the purpose of the legitimate interests pursued by us.
Data encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you by the lock window (“lock icon”) that appears in the browser bar and by changing the address of the respective browser from http:// to https://. Once encryption of this type is activated, the transmitted or transferred data will not be able to be seen by third parties.

According to the GDPR, if the breach of the security of personal data is likely to generate a high risk for your rights and freedoms, the operator of this website will inform you, without undue delay, about this breach, unless the supplementary provisions become relevant from the same Regulation (art. 34 paragraph 3).

The data protection officer
As the provisions of the GDPR regarding the obligation to appoint a data protection officer are not applicable (art. 37 paragraph 1 – according to which the Operator and the person authorized by the operator appoint a data protection officer whenever:

the processing is carried out by a public authority or body, with the exception of courts acting in the exercise of their jurisdictional function;
the main activities of the operator or the person authorized by the operator consist of processing operations which, by their nature, scope and/or purposes, require a periodic and systematic monitoring of the persons concerned on a large scale; or
the main activities of the operator or the person authorized by the operator consist in the large-scale processing of special categories of data under Article 9 or of personal data relating to criminal convictions and offences, referred to in Article 10)
for any information or clarifications regarding the operation of this website, please contact us on the following dates:

E-mail: mzz[at]utilajeterra.ro
Records of processing activities
According to the GDPR Regulation, the operator or the person authorized by the operator should keep, for a reasonable period, records of the processing activities under his responsibility. Thus, these records will include the following information:

the name and contact details of the operator
the purposes of the processing;
description of categories of data subjects and categories of personal data;
the categories of recipients to whom the personal data were or will be disclosed;
if appropriate:
transfers of personal data
the expected deadlines for the deletion of different categories of data
a general description of technical and organizational security measures
The obligation detailed above does not apply to an enterprise or organization with less than 250 employees, unless the processing it carries out is likely to generate a risk for the rights and freedoms of the data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Adequate technical and organizational measures
Taking into account the current state of technology, the context and purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the operator implements appropriate technical and organizational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing.

Notification of the supervisory authority in case of personal data security breach
According to art. 33 para. 1 of the GDPR, if there is a breach of personal data security, we will notify the National Authority for the Supervision of the Processing of Personal Data without undue delay and, if possible, within 72 hours at most from the date we became aware of it, unless it is unlikely to generate a risk for the rights and freedoms of natural persons.

Informing the data subject about the data security breach of personal data
Related to the provisions of art. 34 of the GDPR, if the breach of the security of personal data is likely to generate a high risk for the rights and freedoms of natural persons, we will inform the data subject without undue delay about this breach, except in situations where:

appropriate technical and organizational safeguards have been implemented and these measures have been applied to personal data affected by the personal data breach, in particular measures to ensure that the personal data becomes unintelligible to anyone who does not is authorized to access them, such as encryption;
further measures have been taken to ensure that the high risk for the rights and freedoms of the previously mentioned data subjects is no longer likely to materialize;
it would require a disproportionate effort. In this situation, a public information is carried out instead or a similar measure is taken by which the persons concerned are informed in an equally effective way.
Newsletter
To receive a newsletter, it is necessary to indicate a valid e-mail address, along with specific information that can identify the owner of this address. Also, your consent is required for sending the newsletter and, therefore, we inform you that any other personal data will be collected and stored only based on your consent. The data thus collected are processed only for the purpose of sending the newsletter and will not be transmitted to third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of art. 6 para. 1 lit. of the GDPR.

Plugins and Tools
Google reCaptcha
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether data entered on our site (for example, information entered in a contact form) is provided by a human user or an automated program. To determine this, reCAPTCHA analyzes the behavior of website visitors based on a variety of parameters. This analysis is automatically triggered as soon as the website visitor enters the website. For this analysis, reCAPTCHA evaluates a variety of data (eg IP address, time the website visitor spent on the website or user-initiated cursor movements). The data tracked during these analyzes is sent to Google. reCAPTCHA analyzes run entirely in the background. Site visitors are not alerted that an analysis is in progress. The data are processed based on art. 6 para. 1 lit. f) GDPR. Website operators have a legitimate interest in protecting the operator’s web content against misuse by automated industrial espionage systems and against SPAM.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Google reCatpcha uses Standard Contractual Clauses as an adequate data protection guarantee, in accordance with the level of protection guaranteed by the GDPR. For more information, see Google’s Data Privacy Statement available here: https://policies.google.com/privacy and here https://policies.google.com/terms?hl=en

This policy regarding the processing of personal data is generated in accordance with the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, but also with the other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy regularly for correct and up-to-date information regarding the processing of personal data.

For more details regarding this GDPR Policy, as well as to exercise any of the aforementioned rights, a written notification can be sent to the contact details indicated above.