This Policy was drawn up in accordance with the Romanian and European Union legislation, especially in accordance with:
- The General Data Protection Regulation (RGPD) adopted by the European Parliament and the European Council on 27 April 2016;
- Any other local law on the protection of personal data that applies in Romania.
For the purposes of this Policy, the following definitions are used:
“Data Protection Officer (DPO)” means a person who is responsible for monitoring the application of the RGPD and other applicable laws on the protection of individuals concerned with the processing of personal data and exercising the functions assigned to it by this Policy and other applicable legislation.
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; For the purposes of this Policy, an operator is understood to be the Conservation Carpathia Foundation.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
THE RIGHTS OF THE DATA SUBJECT
The individual’s whom the personal data is processed by FCC have the following rights:
“The right to be informed” – to obtain from FCC the following information:
- the name and contact details of FCC, its representative and of its data protection officer (if applicable).
- the purposes and lawful basis of the processing, the legitimate interests of FCC.
- the categories of personal data obtained
- the recipients of personal data, including recipients from third countries or international organizations (if any) and the reference to the appropriate collateral and means;
- the retention periods for the personal data and the criteria used to determine that period, provided that FCC keeps and processes personal data as long as the laws and regulations so require. The processing of personal data ceases immediately if there is no longer any reason for such processing;
- the source of the personal data (if the personal data is not obtained from the individual it relates to).
“The right of access” – to obtain from FCC confirmation that his/her personal data is processed and / or the right to receive a copy of any record containing his/her personal data;
“The right to rectification” – to obtain from the FCC without undue delay the rectification of inaccurate personal data concerning him or her, filling in incomplete personal data, including by providing a supplementary statement;
“The right to erasure” – to obtain from the FCC the deletion of personal data without undue delay (if personal data is no longer required for the purposes for which it was collected;
“The right to restrict processing” if personal data is inaccurate; processing is illegal and the data subject asks to restrict the use of personal data instead of deleting it; personal data are no longer required for processing, but they are required for the establishment, exercise or defense of a right in court; the data subject opposed the processing for the time period when verifying that the legitimate rights of the operator prevail over the data subject’s privacy;
“The right to data portability” – to receive personal data in a structured format that is currently used and can be read automatically and has the right to transmit this personal data to another operator without barriers from FCC (if processing is based on consent or on a contract, and processing is done by automated means);
“The right to object” at any time in the processing of personal data (including profile creation based on those provisions and personal data processed for direct marketing purposes);
“The right to withdraw consent” at any time, without affecting the legality of consent-based processing, prior to its withdrawal. Thus, the data subject understands and agrees that in the case of withdrawal, the purpose of the processing of personal data can not be achieved;
“The right to file a complaint with a supervisory authority”, the Office of the Commissioner for Personal Data Protection, if the data subject decides that his rights are violated;
The right to an effective remedy against an authority, FCC or other processor;
Right to Compensation from FCC or another processor for the damage suffered.
WHAT INFORMATION WE COLLECT
When you visit the Site, FCC and its service providers may collect personal information that you provide, such as your name, address, email address, and payment information. “Personal Information” is information that identifies you as an individual or relates to an identifiable person.
In addition, FCC and its service providers use a variety of techniques to gather other information about your use of the Site, including, among other things, your IP address, browser type, mobile device type, content visited while on the Site, and the duration of your visit to the Site. “Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual.
HOW WE COLLECT INFORMATION
FCC and its service providers collect Personal Information that you provide while using the Site. For instance, FCC gathers information when you fill out forms on the Site, including, for example, e-newsletter sign-up forms, donation forms, surveys and advocacy action alerts. We may supplement the information we collect from you with information we collect from and about you from other online and offline sources, such as public databases, social media platforms and from people with whom you are friends or otherwise connected on social media platforms. For example, if you choose to connect your social media account to your Site account, certain Personal Information from your social media account will be shared with us. This may include Personal Information that is part of your profile or your friends’ profiles.
We and our service providers may collect Other Information in a variety of ways, including:
We use “cookies” to help us monitor traffic and collect information about use of the Site. Cookies are pieces of data placed on your device when you visit the Site that help us recognize you when you come back to the Site, allowing us, for instance, to remember the email address and password you use when you log in on a specific computer. FCC uses the aggregated information collected from cookies to measure the number of visits to the Site, the average time spent on the Site, the identity and number of pages viewed, and to gather other traffic data and information that allows us to improve the Site. We also use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Site. Cookies further allow us to select which of our content is most likely to appeal to you and display it while you are on the Site.
FCC also uses a variety of third-party web and mobile app analytics and optimization services to improve the Site and enhance the visitor experience. For examples, the Site use web analytics services that may record mouse clicks, mouse movements, scrolling activity, text you type in the Site, and similar activity. The Site do not use these services to collect any personally identifiable information not otherwise provided by you in using the Site, and does not track your browsing habits across other third-party websites on our behalf.
We may use third-party advertising companies to serve advertisements that may be of interest to you when you access and use the Site and other websites, based on information relating to your access to and use of the Site and other websites. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit https://optout.networkadvertising.org/ and https://www.aboutads.info/.
We may use pixel tags and other similar technologies to, among other things, track the actions of users of the Site, measure the success of our marketing campaigns, and compile statistics about use of the Site and response rates.
We may use Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”) and other similar technologies to, among other things, collect and store information about your use of the Site. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with the Site or our online content.
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, and Internet browser type and version.
We may collect your IP address, which is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Site, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is a common practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, helping diagnose server problems, and administering the Site.
When you download and use our mobile applications (each, an “App”), we may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
We may collect the physical location of your device by, for example, using satellite, cell phone tower or Wi-Fi signals. We may use your device’s physical location to provide you with personalized location-based services and content.
Information that you provide, such as your preferred means of communication, does not personally identify you unless it is combined with your Personal Information.
We may aggregate Personal Information. Aggregated information does not personally identify you or any other user of the Site (for example, we may aggregate Personal Information to calculate the percentage of our users who have a particular telephone area code).
HOW WE USE COLLECTED INFORMATION
FCC may use your Personal Information:
- To send you information about FCC or FCC partners.
- To personalize your interactions with FCC, such as to customize your web and email content based on your interests, send you requests to participate events in your area and otherwise target content and communications to you.
- To respond to inquiries and fulfill your requests, such as to process donations, renew your membership, or send you information about a project, as well as to provide membership services.
- To send administrative information to you, such as information regarding the Site and changes to tour terms, conditions, and policies.
- To allow you to participate in sweepstakes, contests, and similar promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Information.
- To facilitate social sharing functionality.
- For our internal purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and services, enhancing, improving or modifying the Sites, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our activities.
Your Personal Information may be disclosed:
- To our partners, our approved vendors, and their service providers.
- To our third party service providers who provide services such as website hosting, data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing, and other similar services.
- To third-party sponsors of sweepstakes, contests, and similar promotions.
- By you, on message boards, chat, profile pages, blogs, and other services to which you are able to post information and materials. Please note that any information you post or disclose through these services will become public and may be available to users of the Site and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, on the Site.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our operations, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- We may also use and disclose your Personal Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
HOW CAN YOU CONTROL COLLECTION OF YOUR INFORMATION?
Set your web browser to inform you of when cookies are being set before a cookie is stored and refuse any request to set cookies, and do not accept cookies from FCC. Erase all FCC cookies from your hard drive.
Do not provide your information when prompted by the Site.
Please note, however, that if you choose to reject or erase cookies, your ability to navigate the Site may be limited. Further, in the event you choose not to share information, FCC will be unable to respond to your request for FCC information, enter you in any sweepstakes or contests, facilitate your action via FCC’s Action Network, or send online postcards.
If you would like to request that FCC not share your Personal Information with our third-party partners and service providers for their marketing purposes, please contact the phone no. +40-368-45 24 11 or e-mail address firstname.lastname@example.org and ask our representative to mark your record as “No Exchange.”
HOW CAN YOU STOP RECEIVING COMMUNICATIONS FROM FCC?
If you would like to opt out of receiving content from FCC, you can:
Take the opportunity to opt out in links on the bottom of marketing email/newsletter FCC sends to you.
DOES FCC COLLECT INFORMATION FROM CHILDREN?
FCC does not knowingly collect personal information from anyone under the age of 18. The Site does not direct at children under the age of 16. In the event that FCC learns that it has collected personal information from a child under age 16 without parental consent, we will delete that information as quickly as possible. If you believe that we might have collected any personal information from a child under 16, please contact us.
We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Questions/Contact Information” section below.
The Site is controlled and operated by us from Romania and is not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of Romania. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and, by using the Site, you consent to the transfer of information to countries outside of your country of residence, including Romania, which may have different data protection rules than those of your country.
Foundation Conservation Carpathia
12 Cristianului St, 3rd floor, 500053
Brașov County, Romania