DONATE
donează
logotype

Contact

Strada Argeșului Nr. 127, Oltenița, Călărași

office@asociatiasolidara.ro

0746900700

0724500698

PRIVACY POLICY

INFORMATION NOTICE

Purpose of the Privacy Policy

The Plus Solidara Association places great importance on its relationships with volunteers, sponsors, donors, partners, suppliers of products and services, employees, job applicants, event participants, and other stakeholders. The Association aims to provide an adequate level of protection for the processing of personal data to maintain and enhance its partnerships, trust, and reputation.

The privacy policy adheres to the principles of the European Union’s General Data Protection Regulation (GDPR) concerning the processing of personal data and the free movement of such data, Regulation 679/2016 (hereinafter referred to as “GDPR”). The regulation aims to protect the fundamental rights and freedoms of individuals within the EU in the context of the globalization of the economy and the digitization of communications, particularly their right to the protection of personal data. The GDPR emphasizes transparency and the legality of processing as key principles, providing individuals with the information and control they need when their personal data is being processed.

The privacy policy seeks to provide an internationally applied framework within the Association to achieve an adequate level of personal data protection, benefiting all parties involved.

2. Scope of This Policy

This policy applies to the processing of personal data by the Plus Solidara Association. Personal data refers to any information relating to an identified or identifiable natural person, such as biographical information (name, date of birth, etc.), employment data (addresses, position, phone numbers, and email addresses, etc.), online identifiers (IP address), or one or more elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

This policy encompasses generally accepted principles of data protection without replacing the existing legal framework. The policy is aligned with European and national law concerning the processing of personal data and applies to the operations within the Plus Solidara Association. The Association is committed to ensuring that this policy fully complies with applicable national and European laws regarding the protection of personal data and the free movement thereof.

This policy does not apply to the identification data of legal entities, such as companies or other organizations with legal personality. This policy does not apply to anonymous data, such as statistical data. However, the mere absence of a name does not imply that the data is anonymous; it should be impossible to directly or indirectly identify an individual.

This policy may be amended under the coordination of the association’s data protection team. You can find the latest version of this policy on the website asociatiasolidara.ro.

3. Definitions

Recipient: A natural or legal person, public authority, agency, or another body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a specific inquiry in accordance with Union or national law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Controller: A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or national law, the controller or the specific criteria for its nomination may be provided for by applicable law.

Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Personal Data: Any information relating to an identified or identifiable natural person (“data subject”).

Special Categories of Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, and data concerning a natural person’s sex life or sexual orientation.

Data Subject: An identified or identifiable natural person whose personal data is being processed. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

4. Identification of the Controller

PLUS SOLIDARA ASSOCIATION
Contact Address: Strada Argeșului nr. 127, Oltenița, Călărași
C.I.F: 49242546
Website: asociatiasolidara.ro
E-mail: office@asociatiasolidara.ro

5. Principles Regarding the Processing of Personal Data

5.1 Legality and Fairness

Personal data must be processed lawfully and fairly in relation to the data subject. Any processing of personal data will be lawful only to the extent that the processing is based on a processing ground provided by law. When special categories of personal data are processed, this will only be done when one of the derogation conditions specified by law applies.

5.2 Transparency

The controller shall take appropriate measures to provide the data subject with any information related to the processing of personal data in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. Information is provided in writing or by other means, including, where appropriate, electronically.

5.3 Purpose Limitation

The purposes for which personal data are processed must be explicit and legitimate and must be determined at the time of collection. Personal data cannot be processed in a manner incompatible with these purposes.

5.4 Data Minimization

Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

5.5 Data Accuracy

Personal data must be accurate and, where necessary, kept up to date. Reasonable steps must be taken to ensure that personal data that are inaccurate, considering the purposes for which they are processed, are erased or rectified without delay.

5.6 Data Storage Limitation

Personal data must not be processed for a period longer than necessary for that processing. Once personal data are no longer necessary for the purpose of processing, they must be anonymized or deleted. Personal data may be stored for longer periods to the extent that they will be processed exclusively for public interest archiving, scientific or historical research, or statistical purposes.

5.7 Data Integrity and Confidentiality

The processing of personal data must be carried out in a way that ensures their security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage. Confidentiality agreements are established with employees, consultants, and other parties who have access to personal data. Additionally, a password-based access restriction system must be implemented to ensure that individuals can only access personal data necessary for performing their duties.

5.8 Data Responsibility

PLUS SOLIDARA ASSOCIATION must be able to demonstrate compliance with the principles of legality, fairness, transparency, minimization, purpose limitation, storage limitation, integrity, and confidentiality of personal data processing. Data protection policies, controls, procedures, checklists, and other measures constituting the data protection framework are systematically documented.

5.9 Data Protection by Design and by Default

Control elements and the manner of complying with the principles related to the processing of personal data are proactively developed from the design and development phase of processing operations. The strictest privacy settings (concerning the amount of data collected, the scope of processing, the storage period, and accessibility) must be applied by default to any processing. Adherence to the principle of data protection by design and by default is a functional requirement throughout the life of PLUS SOLIDARA ASSOCIATION’s operations involving the processing of personal data.

6. Informing Data Subjects about the Processing of Personal Data

6.1. Management of the Recruitment, Evaluation, and Selection Process for Participants in PLUS SOLIDARA ASSOCIATION

Purpose: Conducting recruitment, evaluation, and selection activities for candidates.
Legality: Steps towards signing the participation contract.
Personal Data:

  • Identification data: full name, date of birth, gender, domicile/residence, citizenship;
  • Contact details: phone number and email address;
  • Educational background and qualifications obtained;
  • Previous professional experience;
  • Data resulting from the selection process, data provided from the Romanian language grammar test;
  • Identification data of the person making the recommendation (name, surname, place of work, position, phone, email);
  • Additional data voluntarily provided by you in your CV or for the conclusion of the employment contract (e.g., photograph, hobbies, data regarding possession of a driver’s license, residence permit, registration certificate, marital status, etc.).
    Processing duration: the duration of the recruitment and selection process plus one year after its completion to defend the association against any complaints made by candidates – art. 20 corroborated with art. 8 of ordinance 37/2000 regarding the prevention and sanctioning of all forms of discrimination.

6.2. Management of Marketing Activities and Event Organization

Purpose: Promoting the model (values, skills, competencies, specific intervention, objectives) and image of PLUS SOLIDARA ASSOCIATION.
Legality: Art. 6.1 a – consent of the data subjects.
Data Subjects: children, parents, students, authorized persons from sponsors, individual donors, other special guests at events, the general public on online communication channels.
Personal Data:

  • Identification data: full name, date of birth, gender, domicile/residence, citizenship, educational institution, and year of study (class), workplace;
  • Contact details: phone number and email address;
  • Photo images, video, and/or audio recordings;
  • Other personal data specific to a type of event (mentioned in the specific event consent).
    Processing duration: the duration of the event plus a storage period of 10 years.

6.3. Management of Partnership Contract Signing and Execution with Schools, Inspectorates, MEN, Universities, NGOs, and Other Educational Institutions

Purpose: Promoting, implementing, and developing the model of PLUS SOLIDARA ASSOCIATION.
Legality: Steps towards signing the partnership/collaboration contract and executing the partnership/collaboration contract.
Data Subjects: authorized representatives of schools, inspectorates, MEN, universities, NGOs, and other educational/social institutions, authorized to engage and execute partnership/collaboration contracts.
Personal Data:

  • Identification data: Name and surname, position, workplace, signature;
  • Contact details: phone number, email address, correspondence address;
  • Other personal data derived from the specific object of the partnership/collaboration contract.
    Processing duration: the duration of the partnership/collaboration contract plus a 10-year archiving period.

6.4. Management of Trainers and Instructors

Purpose: Conducting training and preparation activities for participants within PLUS SOLIDARA ASSOCIATION.
Legality: Art. 6.1 b – steps towards signing the contract and executing the contract.
Data Subjects: authorized representatives of companies, trainers, instructors, authorized persons from sponsors and partners, educational system instructors authorized to engage and execute partnership/collaboration/service contracts.
Personal Data:

  • Identification data: Name, surname, position, signature, workplace;
  • Contact details: phone number and email address;
  • Photos, video, and/or audio recordings;
  • Other personal data derived from the specific object of the partnership/collaboration/service contract.
    Processing duration: the duration of the partnership/collaboration/service contract plus a storage period of 10 years.

6.5. Management of Sponsor Selection Process

Purpose: Conducting sponsor selection for supporting PLUS SOLIDARA ASSOCIATION.
Legality: Legitimate interest of PLUS SOLIDARA ASSOCIATION to support functional/support activities.
Data Subjects: natural persons, representatives of targeted companies, representatives of funding institutions, representatives of targeted foundations and NGOs, representatives of suppliers.
Personal Data:

  • Identification data: Name, surname, position, workplace, date of birth;
  • Contact details: phone number and email address, correspondence address;
  • Other personal data specific to a type of event (mentioned in the specific event consent).
    Processing duration: the duration of the selection process plus one year.

6.6. Management of Sponsorship and Funding Contract Signing and Execution, Direct Donations through Specialized Web Pages

Purpose: Execution of the sponsorship contract to support PLUS SOLIDARA ASSOCIATION programs.
Legality: Steps towards signing the sponsorship contract and executing the sponsorship contract.
Data Subjects: natural persons, representatives of targeted companies, representatives of institutions, representatives of targeted foundations and NGOs, representatives of suppliers.
Personal Data:

  • Sponsor representative identification data: name and surname, date of birth, gender, position, workplace, signature;
  • Identification data for individual donors: name and surname, date of birth, gender, domicile, ID card series and number, citizenship, position, workplace, bank code, signature;
  • Contact details: phone number and email address, correspondence address;
  • Other personal data derived from the specific object of the sponsorship contract.
    Processing duration: the duration of the sponsorship contract plus a 10-year archiving period.

6.7. Management of Contracts with Product and Service Suppliers

Purpose: Signing and executing contracts with product and service suppliers.
Legality: Steps towards signing and executing contracts with suppliers.
Data Subjects: representatives of contracting parties authorized to engage and execute product and service supply contracts.
Personal Data:

  • Identification data: full name, position, workplace, signature;
  • Contact details: phone number and email address, correspondence address;
  • Other personal data derived from the specific object of the product and/or service supply contract.
    Processing duration: the duration of the product and/or service supply contract plus a 10-year archiving period.

6.8. Management of Volunteer Recruitment and Selection

Purpose: Conducting the recruitment and selection of volunteers for support activities in PLUS SOLIDARA ASSOCIATION.
Legality: Consent of the data subjects.
Data Subjects: candidates for volunteer positions at PLUS SOLIDARA ASSOCIATION.
Personal Data:

  • Identification data: name and surname, date of birth, gender, domicile/residence, citizenship;
  • Contact details: phone number and email address;
  • Educational background and qualifications obtained;
  • Previous professional experience;
  • Data resulting from the selection process;
  • Additional data voluntarily provided by you in your CV or for the conclusion of the volunteer contract (e.g., photograph, hobbies, data regarding possession of a driver’s license, residence permit, registration certificate, marital status, etc.).
    Processing duration: the duration of the recruitment and selection process plus one year after its completion to defend the association against any complaints made by candidates – art. 20 corroborated with art. 8 of ordinance 37/2000 regarding the prevention and sanctioning of all forms of discrimination.

6.9. Management of the Volunteer Contract Execution at PLUS SOLIDARA ASSOCIATION

Purpose: Conducting volunteer management activities to perform specific volunteer activities within PLUS SOLIDARA ASSOCIATION.
Legality: Steps towards signing the contract and executing the volunteer contract.
Data Subjects: candidates for volunteer positions at PLUS SOLIDARA ASSOCIATION.
Personal Data:

  • Identification data: name and surname, place and date of birth, gender, domicile, personal identification number, ID card series and number, driver’s license;
  • Contact details: phone number, email address, residence address;
  • Previous professional experience;
  • Additional data resulting from other documents provided by you (e.g., curriculum vitae, ID card, driver’s license, if applicable, residence registration certificate or residence permit, if applicable);
  • Photos, video, and/or audio recordings;
  • Other data related to the position held in the association (annual evaluation, quality of professional results, etc.).
    Processing duration: the duration of the volunteer contract plus a 10-year archiving period.

6.10. Management of Complaints and Disputes

Purpose: Conducting specific activities for resolving complaints and disputes.
Legality: The legitimate interest pursued by the controller to protect the interests of the organization.
Data Subjects: all persons involved in resolving complaints and disputes.
Personal Data:

  • Identification data: name and surname, workplace, position, phone number, email address;
  • Other data relevant to the resolution of complaints and disputes.
    Processing duration: depending on the case, according to the legislation in force, and subsequently for a period of 2 years from the resolution of the complaint or dispute.

7. Recipients

  • Volunteers, participants in PLUS SOLIDARA ASSOCIATION;
  • Employees and top management of PLUS SOLIDARA ASSOCIATION;
  • Recruitment, psychological evaluation, and specific competence service providers, recruitment platforms (eJobs, Bestjobs, Hipo, etc.);
  • Communication service providers with PLUS SOLIDARA ASSOCIATION supporters, data collection and processing (Galantom, Mailchimp, UK Benevity, Typeform, Form Assembly, Salesforce);
  • Payment processors (Stripe);
  • Funders and sponsors, potential sponsors, individual donors, and fundraisers;
  • Event and communication service providers (PR agencies, logistics, communication, bloggers/influencers, media companies);
  • National and European institutions and organizations co-interested in projects funded by EU/public funds (Ministry of European Funds, FDSC, FRDS), state and European institutions (schools, inspectorates, MEN, O.N.P.C.S.B., ANAF, CE – EACEA, EEA – FMC);
  • Teachers from the public and private education system in Romania, other partner organizations, state institutions (MEN, inspectorates, schools, universities, etc.);
  • Training and testing providers, coaches, mentors;
  • Third parties: ANAF, Revisal, Money Laundering Prevention and Control, court, etc.;
  • Support service providers (IT, internet, telephony, rent, cleaning; accommodation, meals, materials, etc.; accounting, legal support, audit, benefits, impact, medical services, and labor protection, SSM, etc.);
  • Other organizations within the PLUS SOLIDARA ASSOCIATION network.

8. Data Subject Rights

The rights you have regarding your personal data: Under Regulation (EU) 679/2016, you may exercise any of the following rights:

  • The right to access personal data concerning you;
  • The right to request rectification or updating of personal data when they are inaccurate or incomplete;
  • The right to request the deletion of personal data if, for example, the data is no longer necessary for processing, or the data subject objects to the processing, or the personal data was processed unlawfully;
  • The right to data portability, meaning the transfer of your personal data to another data controller in a structured, machine-readable format;
  • The right to restrict the processing of personal data in cases where, for example, the legality of the processing or the accuracy of the data is contested. Once restricted, the controller may only store personal data, not use them further, and may lift the restriction only after informing the data subject of this intention. Each recipient to whom the personal data has been communicated must be informed of any rectification, deletion, or restriction that has been carried out to comply with this request;
  • The right to object to processing when it is carried out to protect our legitimate interest if your particular situation provides legitimate reasons;
  • The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects that concern you or affect you to a significant extent;
  • The right to file a complaint with us and/or the competent data protection authority;
  • The right to withdraw consent at any time for the processing of personal data, to which you have previously consented;

To exercise these rights, as well as for any additional questions regarding this notice or concerning the use of your personal data by PLUS SOLIDARA ASSOCIATION, please contact us using any of the communication methods described below, specifying, at the same time, your name, postal address or email address (depending on the means by which you wish us to communicate), your phone number, and the purpose of your request.

9. Security and Confidentiality

PLUS SOLIDARA ASSOCIATION and its employees have implemented technical and organizational measures to protect personal data against accidental or unauthorized destruction, accidental loss, alteration, or unauthorized access. These measures are developed considering the results of the risk analysis of the processing operations and are regularly evaluated and tested. Security and confidentiality require awareness-raising, training, and communication of issues related to personal data protection within the organization (training for all employees who have access to personal data, allocation of responsibilities, etc.). Techniques such as data minimization, information storage period limitation, pseudonymization, encryption, confidentiality contracts, physical integrity of data carriers, and logging according to access rights based on the role in personal data processing should be considered.

10. Processor

PLUS SOLIDARA ASSOCIATION has required the processors, i.e., any subcontractor who processes personal data on behalf of PLUS SOLIDARA ASSOCIATION, to implement appropriate technical and organizational security measures. When considering these measures, the current state of IT systems, the nature, object, context, and purposes of processing, as well as the risks to the rights and freedoms of natural persons, should be appropriately considered.

11. Data Transfer

The transfer of personal data is guaranteed in terms of security to countries in the European Union / European Economic Area and other countries considered by the European Commission as ensuring an adequate level of protection. When personal data are exported by PLUS SOLIDARA ASSOCIATION, acting as a controller in the European Union, to recipients in countries that do not provide an adequate level of protection, PLUS SOLIDARA ASSOCIATION has ensured that appropriate safeguards are in place, standard contractual clauses regarding the protection of personal data, or approved certification mechanisms. If the rights and freedoms of data subjects have been violated by a PLUS SOLIDARA ASSOCIATION entity that has imported the data, located in a third country without an adequate level of protection, PLUS SOLIDARA ASSOCIATION, which exported the data, undertakes to support the rights of the data subject, in accordance with this policy, against the importing entity of PLUS SOLIDARA ASSOCIATION.

12. Data Protection Officer

Top management ensures that the data protection officer receives the appropriate resources, training, and independence guarantees necessary to efficiently manage their tasks.

The data protection officer has the following tasks:

  • Informing and advising employees and processors of PLUS SOLIDARA ASSOCIATION who handle personal data regarding their obligations under Regulation 679/2016 and other provisions of European Union and national law regarding data protection.
  • Monitoring compliance with Regulation 679/2016, other provisions of European Union or national law regarding personal data protection, and the policies of PLUS SOLIDARA ASSOCIATION or the processor of PLUS SOLIDARA ASSOCIATION regarding personal data protection, including the allocation of responsibilities and awareness-raising and training actions for staff involved in processing operations, and may conduct periodic checks, reviews, and audits of documents, procedures, and operations.
  • Providing advice upon request regarding the data protection impact assessment and monitoring its performance in accordance with the provisions of Article 35 of Regulation 679/2016.
  • Cooperating with the supervisory authority (ANSPDCP).
  • Acting as a point of contact for ANSPDCP regarding issues related to processing, including the prior consultation mentioned in Article 36 of the GDPR, as well as, where appropriate, consultation on any other matter.
  • Coordinating the handling of data subjects’ requests.

13. Contact Information

Data Protection Officer:
E-mail: office@asociatiasolidara.ro
Contact Address: Strada Argeșului nr. 127, Oltenița, Călărași