Politica de confidențialitate

Privacy policy

The Association Development and Psychotherapy by Action carries out its activity in compliance with the requirements in the field of data protection, including those provided by the General Data Protection Regulation 2016/679/EU regarding the protection of natural persons with regard to the processing of personal data and the free movement of these data ("Regulation"), which is applicable from May 25, 2018.

 

The requirements in this document apply to the processing of personal data concerning natural persons, and not to the data concerning companies or other legal entities.

 

The Development and Psychotherapy by Action Association undertakes to any person who provides them with personal data that they ensure the confidentiality and security of personal data in accordance with the legal provisions applicable in this field.

 

In the performance of their day-to-day duties, when necessary, the employees of the Development and Psychotherapy by Action Association process data belonging to legal representatives, members of legal entities and service/utility providers with whom the Development and Psychotherapy by Action Association has concluded contractual relations, real beneficiaries, proxies, etc.

 

In order to ensure the highest standards of protection, the employees of the Development and Psychotherapy by Action Association who process personal data in order to fulfill their duties must at least comply with the main principles and obligations listed in this Policy.

 

The privacy and security policy for the protection of natural persons regarding the processing of personal data applies to all categories of persons whose personal data collected through the official website and which we process for various purposes: training trainers, sessions of training authorities, competition on children`s rights and slogans for the dignity bus, therapeutic activities, research activities, inter-institutional collaboration, volunteers, members of the organization, visitors, donors or sponsors, suppliers, participants in the events organized by the Development Association and Psychotherapy through Action.

 

 

 

 

DEFINITIONS

Personal data is the information that identifies a natural person or that makes them at least identifiable. Personal data is divided into general data (surname, first name, telephone, address, etc.) and sensitive data (serial and number of bulletin / passport, personal numerical code, health data, trade union membership data, etc.).

 

Processing is any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation (simple viewing/access), use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

 

The concerned person represents any natural person whose personal data is processed by or on behalf of the Development and Psychotherapy Association by Action.

 

PRINCIPLES CONCERNING THE PROCESSING OF PERSONAL DATA

Personal data must be processed in a legal, fair and transparent manner towards the data subject.

The data subject is the natural person whose personal data is processed.

In order to comply with the previously stated principle, in order to process personal data, employees must ensure that:

There is a legal basis on which the processing is based;

The processing does not affect the fundamental rights and freedoms of the data subjects;

The data subjects were provided with the minimum content of information regarding the processing activities.

Spot checks regarding compliance with the above requirements will be made by the employees who make the final decision regarding the necessity and method of carrying out the processing in relation to the intended purpose.

Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with these purposes

Personal data can only be processed in the following situations:

When the use of the data is necessary for the negotiation in order to conclude or for the execution of a contract with the data subject;

To comply with a legal obligation;

When the processing is necessary for the performance of a task serving a public interest, provided for in EU or national law;

To protect the vital interests of a natural person;

For the purpose of the legitimate interests of the Association Development and Psychotherapy by Action, unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, especially when the data subject is a child;

With the consent of the natural persons concerned.

To be valid, consent must be a free, specific, informed and unambiguous manifestation of the data subject`s will, whereby he accepts, by a statement or an unequivocal action, that the personal data that look to be processed.

Consent must be expressed for each processing purpose and requires adequate identification of the person who consented to the processing.

The personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The collected data must be really necessary for the provision of services and for the fulfillment of the employees` duties, the processing of data that does not fall under a real need for processing is prohibited, for example:

Collection of sensitive personal data, such as health data, for marketing campaigns, in the absence of an express legal requirement in this regard;

Generating reports (e.g., lists in Excel) in which more categories of data are included than those strictly necessary to achieve the purpose pursued by generating the report.

Also, the collected data will not be subjected to other processing activities additional to those initially established. To the extent that additional processing is intended, the data subject will be informed about the new processing activity, with a reasonable period of time before the actual start of the processing in question.

The personal data processed are accurate and, where necessary, updated.

All necessary steps must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is deleted or rectified without delay.

In this sense, employees must avoid storing documents containing personal data on personal stations and use data stored in centralized applications to avoid the risk of using inaccurate data.

Personal data must be kept in a form that allows the identification of the data subjects for a period that does not exceed the period necessary to fulfill the purposes for which the data are processed

In carrying out the processing activities, the Association for Development and Psychotherapy by Action must ensure that it complies with data storage requirements for the duration strictly necessary for the purpose of processing, including by referring to the archiving requirements imposed by specific legislation.

Personal data must be processed in a way that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures

In the data processing activity, the Development and Psychotherapy by Action Association must comply with the security requirements imposed by means of this policy.

 

THE RIGHTS OF THE PERSONS CONCERNED

The regulation recognizes several rights for data subjects. These rights must be respected and any request received by the employees of the Development and Psychotherapy by Action Association based on these rights must be handled according to the requirements of this Policy.

The right to information and the right of access refer to the right of data subjects to obtain:

Confirmation from the Development and Psychotherapy by Action Association that the personal data concerning it are processed or not and, if so;

Access to the respective data and to information regarding the manner in which the data are processed, the purpose for which the processing is done, the recipients or categories of recipients of the data, etc.

The right to data portability refers to the right to receive personal data in a structured, commonly used and machine-readable format and the right to have this data transmitted directly to another operator, if legal requirements are met and if this transmission is technically feasible.

The right to object – any data subject has the right to object:

At any time, for reasons related to her particular situation - that the data concerning her be processed in the legitimate interest of the Development and Psychotherapy Association by Action, except in cases where there are legal provisions to the contrary;

At any time, free of charge and without any justification, that the data concerning her be processed for direct marketing purposes.

The right to rectification refers to the correction without undue delay of inaccurate personal data. The rectification will be communicated to each recipient to whom the data were transmitted, unless this proves impossible or involves disproportionate efforts.

 

The right to data erasure (“the right to be forgotten”) refers to the right to request the erasure of personal data, without undue delay, if one of the following reasons applies:

They are no longer necessary to fulfill the purposes for which they were collected or processed;

If consent is withdrawn and there is no other legal basis for processing;

If the data subject objects to the processing and there are no overriding legitimate reasons;

If the personal data were processed illegally;

If personal data must be deleted to comply with a legal obligation.

The right to restrict processing can be exercised if the person disputes the accuracy of the data, for a period that allows the Development and Psychotherapy by Action Association to verify the correctness of the data.

The right not to be subject to an individual decision – any individual has the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects him to an extent significant, unless this processing:

It is necessary for the conclusion or execution of a contract between the concerned person and the Association for Development and Psychotherapy by Action;

It is authorized by Union law or national law that applies to the operator and that also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject or

It is based on the explicit consent of the person concerned.

The person concerned can request reconsideration of the decision taken in the 3 cases above.

All these rights can be exercised by the concerned persons through a request sent to the headquarters of the Association for Development and Psychotherapy by Action in Craiova, Strada Victor Gomoiu, no. 17, bl. S23, ap. 8, Dolj, or to the e-mail address: depsidpo@gmail.com.

The Association for Development and Psychotherapy through Action will respond to any request to exercise the rights of the persons concerned within a maximum of one month (as a rule), respecting the minimum content established by the Regulation.

Specifically, we will use your personal data as follows:

In order to carry out our activities, we may process your personal data, such as identification data, contact data, medical data, as well as other personal data that you can provide us directly;

If you are an applicant for a traineeship/internship/job, we use the personal data contained in the CVs we receive to assess the applicants` qualifications. We base our processing on the basis of your freely expressed consent for the potential conclusion and running of a practice/internship/employment contract.

We will not pass on your personal data to third parties for marketing purposes without your explicit consent.

 

TO WHOM WE TRANSMIT PERSONAL DATA

Within the Development and Psychotherapy by Action Association, the person in charge who processes your personal data is subject to confidentiality obligations regarding personal data.

The Development and Psychotherapy by Action Association will not transmit your personal information to third parties. If we transfer data to third parties, these situations will be the subject of special information, with strict compliance with the provisions of the Regulation and with the adoption of all technical and organizational measures necessary to secure your data during transfer.

But your personal data may be disclosed/disclosed to public authorities or to third parties, as follows:

To public authorities, tax authorities and/or law enforcement bodies, if this is required by applicable laws or if it is necessary to exercise our rights, including the terms of use, or to protect our legitimate interests (including the legitimate interests of to third parties) in accordance with applicable laws;

To partners and subcontractors, for justification purposes, for the execution of all contracts we conclude with you or on your behalf, in order to provide the services requested by you;

To external consultants (i.e. doctors, lawyers, auditors), for specific purposes, when necessary, with your prior information and based on your consent.

If we obtain your personal data from a third party, we will provide you with all relevant information about its processing, including the source from which we obtained it, as soon as possible, but no later than one month after obtaining it your personal data, or by e-mail, at the first communication, if we will use the personal data only for communication with you.

 

BREACH OF DATA SECURITY

A data security breach occurs when the data for which the Development and Psychotherapy Association is responsible suffers a security incident that leads, accidentally or illegally, to compromising the confidentiality, availability or integrity of personal data (e.g. ., destruction, loss, modification or unauthorized disclosure of personal data).

Security incidents can occur, e.g., as a result of cyber attacks, but also when a piece of equipment (e.g., phone, laptop, etc.) on which personal data is saved is lost, or when an email is accidentally sent e-mail that includes personal data of a person other than the intended recipient.

 

Any employee who becomes aware of a security incident that may lead to personal data being affected must immediately notify the management of the Development and Psychotherapy Association through Action.

The management of the Association for Development and Psychotherapy through Action, together with the IT manager, analyzes the incident, then establishes and implements the necessary measures to eliminate the consequences of that incident.

If the breach is likely to present a risk to the rights and freedoms of natural persons, the National Supervisory Authority for the Processing of Personal Data shall be notified within no more than 72 hours of becoming aware of the breach.

If the breach of data security poses a high risk to the natural persons affected, then all such persons must also be informed (unless effective technical and organizational safeguards or other measures have been applied to ensure that the risk is no longer likely to materialize).

The Development and Psychotherapy Association by Action, through the data protection officer, keeps a register of personal data security incidents, including the measures established and taken to remedy the consequences of these incidents.

 

CONTACT

If you have questions or uncertainties regarding the processing of your personal data by the website www.crescdemn.ro, if you wish to exercise one or more of your rights, you can contact us at the e-mail address depsidpo @gmail.com and/or in writing to the mailing address: Strada Victor Gomoiu, no. 17, bl. S23, apartment 8, Craiova, Dolj. Please do not disclose sensitive personal data (for example, information relating to racial or ethnic origin, political opinions, religious or other beliefs, health or trade union membership) when contacting us. Please periodically consult the page dedicated to the Privacy Policy to be up to date with new changes.

 

Material produced with the financial support of the EEA and Norwegian Grants 2014-2921. Its content (text, photos, video) does not reflect the official opinion of the Program Operator, the National Contact Point or the Office of the Financial Mechanism. The information and opinions expressed are the sole responsibility of the author.
For more details on the EEA and Norwegian Grants, as well as on the Program Operator, visit www.eeagrants.ro and www.frds.ro

Project implemented by :

In partnership with :

In collaboration with: :