Dear Madam/Dear Sir,
Having regard to the provisions of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, we, ABSL Romania with headquarters in Bucharest, Barbu Delavrancea Street, no.5, 1st floor, Romania (hereafter referred to as ,,we”, ,,us” and/or the ,,ABSL”), in our capacity as data controller, hereby inform you on how, when and why we process your personal data, the conditions in which we can disclose your personal data to others and how we keep it safe.
If you have any questions about the way we process your personal data, you can send us an inquiry to our headquarters address or an email to our email address, firstname.lastname@example.org.
We are processing your personal data for specific purposes.
Given your registration and participation to the ABSL Annual Conference taking place on November 18, 2019 in Bucharest JW Marriott Grand Hotel (the “Event”), we process your personal data as follows:
- we process your first and last name, email address, phone number, name of the employer and your position with your employer for the purpose of managing your participation in the Event; the legal basis for such processing is your consent given by voluntarily registering for participating in the Event;
- we process your image and/or your voice captured by photos and videos made during the Event for the purpose of advertising ABSL and its projects, over our social media accounts – Facebook and LinkedIn, on ABSL website, promotional materials; the legal basis for such processing is your consent given by entering the Event premises upon being informed that photos and videos are to be taken during the Event;
- we process your first and last name, email address, phone number, name of the employer and your position with your employer for further marketing purposes, that is to contact you by email or by phone in order to provide you with information on our activity or to send you invitations to our future activities or
events; we process your personal data for this particular purpose only in case you give us your express consent through the registration form at the date of your registration for participating in the Event.
We may also process your personal data in case we need to comply with specific legal provisions (in the financial-fiscal area with regards to payment of the registration fee, if the case), as well as for our specific legitimate interests, such as:
- in connection with any claims, legal actions or proceedings (including, obtaining legal advice and facilitating dispute resolution);
- assisting in law enforcement and investigations conducted by relevant authorities, in case such assistance is not mandatory by law;
- managing and preparing reports for internal purposes, that is for us to review, develop and improve our activity.
You may withdraw your consent with regards to the processing activities indicated herein by sending us a written request at the headquarters address located in Bucharest, Bucharest, Barbu Delavrancea Street, no.5, 1st floor, Romania or by e-mail at email@example.com.
Upon the case, if you withdraw your consent:
- we will not be able to administer and ensure your participation in the Event (if your consent is withdrawn before the Event);
- we will delete the photos and images of you from our social media accounts – Facebook, LinkedIn;
- we will not contact you by phone or by email for marketing purposes, respectively to provide you with information on our activity or to send you invitations to our future activities or events.
We disclose your personal data to third parties.
In order to facilitate our activities for the purposes of processing detailed above, we communicate this data to third parties, including our partners, such as:
- third party service providers, such as Event preparation and organization services providers and information technology providers;
- professional advisers such as lawyers;
- relevant government regulators, statutory boards or authorities and/or law enforcement agencies, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them.
Your personal data will not be transferred outside the European Economic Area.
We guarantee observance of your rights in what concerns your personal data.
Unless subject to an exemption provided by law, you have the following rights with respect to your personal data:
- right to access - the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information on the processing;
- right to rectification - the right to demand without undue delay the rectification of inaccurate data or the correction of incomplete data;
- right to erasure/right to be forgotten - the erasure of personal data concerning you whenever the personal data is no longer necessary in relation to the purposes for which they were collected or processed and there is no other legal ground for the processing, the personal data has been unlawfully processed or the personal data have to be erased for compliance with a legal obligation;
- right to restriction of processing where (i) you challenge the accuracy of the personal data; (ii) the processing is unlawful and you oppose the erasure of the personal data while you request the restriction of their use instead; (iii) we no longer need the personal data for the purposes of the processing herein, but you require the data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing pending the verification whether our legitimate grounds override your rights;
- right to object – unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- right to data portability - the right to receive the personal data concerning you, which you have provided to us for the purposes indicated herein, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- right to lodge a complaint with the The National Supervisory Authority For Personal Data Processing (www.dataprotection.ro);
- right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless is necessary for performance of the agreement or is authorized by law.
Excluding the right to lodge a complaint with the supervisory authority, all the rights can be exercised by submitting a written request by post to our address Bucharest, Bucharest, Bdul Barbu Delavrancea Street, no.5, 1st floor, Romania or by email to firstname.lastname@example.org.
We do not use automated means in order to process your personal data.
We keep the personal data for a limited period.
Your data shall be kept for the period of time necessary for complying with specific legal obligations applicable to our domain of activity or according to applicable statute of limitations, if the case.
More to the point, we shall keep your personal data processed based on your consent as follows:
- your personal data processed for the purpose of managing your participation in the Event will be kept for a period of 6 (six) months following the Event save for the data related to payment of the participation fee (i.e. invoice) which shall be kept according to financial-fiscal regulations (5 or 10 years, upon the case);
- your personal data processed for marketing purposes will be kept until you withdraw your consent and there are no compelling legitimate grounds for us to continue processing of your personal data which override your interests, rights and freedoms or your personal data is no longer necessary to us for the establishment, exercise or defense of legal claims.
We have implemented appropriate technical measures to ensure the security of personal data.
We will do everything that is necessary to protect your personal data or control by establishing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, alteration or disposal, as well as other similar risks.