Personal data protection policy

This is Stuffino Crișan's data protection policy.

Stuffino Crișan respects your privacy and is committed to protecting the personal information you provide to us. We undertake to collect and use personal data in accordance with the General Data Protection Regulation (RGPD).

This policy will inform you of how we treat your personal data and will detail your personal data rights and how the law (including the RGPD) protects you.

This data protection policy applies to the personal data of our customers, business partners, other people who contact and visit us and their representatives and employees, potential employees or interns, and applies to data collected through our site and personal data collected by e-mail or other offline means.

Content

1. Information about Stuffino Crișan

Purpose of this personal data protection policy

This personal data protection policy aims to inform you about the way in which Stuffino Crișan collects and uses personal data as a result of using the website, as a result of any current or potential collaboration with Stuffino Crișan.

This website is not intended for minors and we do not consciously collect personal data of minors.

It is important that you read this privacy policy with any other privacy notice or processing notice that we may provide on certain occasions when we collect or process personal information about you so that you are fully informed. the manner and purpose of the use of this data. This privacy policy complements the other notifications and is not intended to replace them.

Operator

Stuffino Crișan is the controller for your personal data (collectively referred to as “Company”, “us”, “us” or “us” in this personal data protection policy).

Changes in personal data protection policy

It is important that the personal data we hold is accurate and current. Please let us know if your personal information changes during your relationship with us.

2. The data we collect

Personal data or personal information means any information about a person from which that person can be identified. Does not include data in which the identity was removed (anonymous data).

In order to provide our services, we collect or receive your personal information in different ways. We often choose what information to provide, but sometimes we need certain information from you to use so that we can provide you with these services.

We may collect, use, store and process different types of personal data about you that we have grouped together (all or any):

  • Identity data include first name, last name, username or similar identifier, personal numeric code, initial code, specialty, professional grade, job, date of birth and gender.
  • Contact details include billing address, delivery address, email address, and phone numbers.
  • Financial data include bank account and payment card details.
  • Transaction data include details about payments to and from you and other details about the products and services you have contracted with us.
  • Technical data include [IP protocol] address, your connection data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use the site.
  • Profile data include your username and password, your purchases or orders, interests, preferences, feedback, and survey responses, including user data for registration on the platforms where webmars are organized.
  • Usage data include information about how you use our website, products, and services.
  • Marketing and communication data include your preferences in receiving our communications from us and our third parties and your communication preferences.
  • Media data include audio, video and photo / picture.

We also collect, use, and share aggregate data such as Google Analytics, such as statistics or demographics. Aggregate data may be obtained from your personal data, but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users who access a Stuffino Crișan service or product.

We do not collect any particular category of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual life, sexual orientation, political opinions, trade union membership, information about your health and biometrics, and genetics). We also do not collect any information about criminal convictions and crimes.

If you do not provide us with personal data

If we need to collect personal data by law or for the performance of a contract we have with you or the organizations you are affiliated with, and you are unable to provide such data when requested, we may not be able to perform the contract we have (for example, to provide you with goods or services). In this case, you may need to cancel a product or service that you have with us, but we'll let you know if that's the case at that time.

3. How is personal data collected?

We use different methods to collect personal data including:

  • Direct interactions. We collect your data when you voluntarily provide us with contact information by filling in the forms on boarding, by filling in the data on our website or by correspondence with us (including mail, telephone, email or other method of communication). These include personal data that you provide when, for example:
  • participate in an event organized by Stuffino Crișan
  • applications for our products or services;
  • you subscribe to our services;
  • request offers or promotional materials Stuffino Crișan;
  • participate in a contest, competition, survey organized by Stuffino Crișan;
  • candidates for a position in Stuffino Crișan;
  • provide feedback on our services and products;
  • provide or offer to provide services for us;

There are also situations in which we collect media data on boat trips organized by Stuffino Crișan. For example, if on a route on the Danube River, you will verbally ask Stuffino Crișan staff or Stuffino Crișan collaborators to take photos. All media data collected will be posted on the blog on the site STUFFINOCRISAN.RO or the facebook page Stuffino Crisan and only if you voluntarily take action in this regard.

  • Automatic technologies or interactions. As you interact with our site, we may automatically collect technical data about your equipment, actions, and navigation patterns. We collect this personal data using cookies and other similar technologies. Please see our cookie policy for more details.
  • Third parties or public sources. We may receive personal information about you from various third parties or from public sources (public registries). These sources also include:
    • Professional organizations and associations to which you are affiliated and which contact our services or products;
    • Medical companies you work with and contact our services;
    • Public authorities or institutions of any kind
    • Personnel recruitment companies;
    • Credit institutions (for example, when you make a payment to us by payment order);

4. How we use personal data

We will only use your personal data when permitted by law. We will most commonly use your personal information in the following situations:

  • If we have to execute a contract with you (or we are about to conclude);
  • If we need to perform a contract with an organization, association, or company to which you are affiliated; (e.g. participate in a Danube route organized by Stuffino Crișan)
  • If necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not exceed those interests;
  • If we have to comply with a legal or regulatory obligation;
  • If you give us your express prior consent or on the basis of fair evidence of your consent provided by a third party who communicates this information to us;
  • If we disseminate video or photo content from the routes on the Danube on the media channels of Stuffino Crișan or of the partners for whom Stuffino Crișan organizes walks on the Danube, for the purpose of media communication, or for educational and scientific purposes.

The purpose for which we use your personal data

Please note that we may process your personal data based on several legal grounds, depending on the specific purpose for which we use the data. Contact us if you need details on the specific legal basis on which we rely to process personal data if several reasons have been set out in the table below.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we must use it for another purpose and that this reason is consistent with our original purpose. If you would like to receive an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.

If we have to use your personal data for undeclared purposes, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, if required or permitted by law.

5. Disclosure of Personal Data

We may share your personal data with the parties listed below for the purposes set out in the table in point 4 above.

  • Internal third parties
  • External third parties
  • Third parties to whom we may choose to transfer or merge parts of our business or assets. Alternatively, we can look into acquiring or merging with other businesses. If there is a change in our business, then the new owners may use your personal information in the same way as described in this privacy notice.

We ask all employees and partners to respect the security of your personal data and to treat it in accordance with the law. We do not allow employees to use your personal data for their own purposes. They may use your personal data only if we give them permission to process it and only for the purposes mentioned by us.

6. Data security

We have implemented appropriate security measures to prevent accidental loss of your personal data, unauthorized use or access, alteration or disclosure of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who are in dire need of such data. They will only process your personal data in accordance with our instructions and will be subject to the obligation of confidentiality.

We have instituted proceedings to deal with a suspicious breach of personal data and we will inform you and any applicable regulator of a breach if we are legally obliged to do so.

7. Data retention

As long as we keep our personal data

We will retain your personal data for as long as is necessary to fulfill the purposes for which we have collected it, including for the purpose of fulfilling any legal, accounting or reporting requirements.

In order to properly determine the retention period for personal data, we consider the value, nature and sensitivity of your personal data, the potential risk of harm caused by unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and if we can achieve these goals by other means.

8. Your rights

In certain circumstances, you have rights under your data protection laws with respect to your personal data. Click on the links below to learn more about these rights:

  • the right of access (the right to access personal data processed and information on the means of processing);
  • the right to rectification (correction by the operator of incorrect / inaccurate personal data);
  • the right to object (possibility to oppose processing);
  • the right to delete (the right to request the deletion of the data collected when they are no longer necessary for the purposes for which they were collected, when they withdraw their consent and there is no other legal basis for processing, when they consider that the data have been processed illegally or for compliance with a legal obligation);
  • the right to restrict processing (allows the restriction on the processing of personal data to be obtained in certain cases, for example when it considers that the processing is illegal or challenges the accuracy of personal data, for a period that allows us to verify this accuracy):
  • the right to data portability (allows the receipt of personal data provided in a structured, commonly used and legible format, or the transmission of such data to another data controller).

If you wish to exercise any of the rights set forth above, please complete the appropriate form and submit it to us.

Without taxes

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repeated, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we can ask of you

We may request specific information from you to help you confirm your identity and secure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who is not entitled to receive it.

We try to respond to all legitimate requests within one month. Occasionally, it may take more than a month if your request is particularly complex or if you have made multiple requests. In this case, we will notify you and keep you informed of the status of the request.

LEGAL ISSUE

Legitimate interest means the interest of our business in running and managing our business to enable us to provide you with the best service / product and the best and safest experience. We make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities in which our interests are overwhelmed by the impact on you (unless we have your consent or the law provides otherwise). You can obtain additional information about how we assess our legitimate interests against any potential impact on you in respect of certain activities by contacting us.

Execution of the Contract means the processing of your data if it is necessary to perform a contract to which you are a party or to which an association or company to which you are affiliated is a party or to take action at your request before concluding such a contract.

Compliance with a legal or regulatory obligation means the processing of your personal data if it is necessary to comply with a legal or regulatory obligation to which we are subject.

THIRD PARTIES

Internal third parties

Other companies in the Stuffino Crișan group that act as operators and that are based in Romania, associates, employees or collaborators of Stuffino Crișan.

External third parties  

  • Service providers providing IT system administration and management services.
  • Professional consultants including lawyers, accountants, bankers, auditors and insurers providing consulting, banking, legal, insurance and accounting services.
  • Public regulatory authorities and institutions and other public authorities in Romania or the European Union.
  • Collaborators or business partners with whom Stuffino Crișan works in order to carry out his activity.

YOUR RIGHTS

You have the following rights:

Right of access to the personal data which stipulates that you have the right to a copy of the personal data held by us and to verify that it is processed lawfully.

The right to rectification by which you can request the correction of personal data that we hold about you. This allows you to request the correction of any incomplete or inaccurate data that we hold about you. Please note that it may be necessary to verify the correctness of your data. you provide us.

The right to have data deleted (“right to be forgotten”). This allows you to ask us to delete or delete your personal data if there are no more valid reasons to continue processing. Please note, however, that we may not always be able to comply with your request for deletion for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

The right to opposition regarding the processing of personal data when we process data based on the legitimate interest (ours or of a third party) when in your particular situation you consider that fundamental rights and freedoms are being violated. You may also object to the processing of your data for marketing purposes. In some cases, we may demonstrate legitimate and compelling reasons justifying the processing and prevailing over personal interests, rights and freedoms.

The right to restrict processing. This right allows you to request that we suspend the processing of your personal data in the following cases: (a) if you wish to establish the accuracy and correctness of the data, or; (b) if the processing of our data is illegal, but you object to the deletion; (c) if you need to keep the data, even if we no longer process it, because you need it to establish, exercise or defend rights in court; or (d) you have objected to the processing of your data, but we must verify that we have every reasonable legal reason to process it.

The right to data portability. We will provide you or your chosen third party with your personal data in a structured, commonly used, readable format. Please note that this right applies to automatic data processing for which you have given us your consent or, if we have used the data, to perform a contract with you.

The right to withdraw consent when we base the processing on your consent. However, this right will not affect the lawfulness of any processing performed prior to the withdrawal of your consent.

The right not to be the subject of any individual decision or an automated individual decision-making process, including creating profiles that produce legal effects that affect or affect you in a similar way.

Last updated - January 2021