INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA

uvvg.ro

This website is operated by “Vasile Goldiș” Western University of Arad (hereinafter referred to as “We”), with its registered office at Revoluției Blvd. no. 94-96., having Tax Identification Number 14305480,

We collect and process various categories of personal data from you as a user of the uvvg.ro domain, hereinafter referred to as the “website,” and in accordance with EU Regulation 2016/679 on the protection of personal data, we act as a personal data controller.

The protection of your personal data is very important to us!

This Information Note describes the methods used by us for collecting and using your personal data. Thus, you will learn what data is collected, how and for what purpose, and you will be informed about your rights regarding personal data.

Principles of personal data processing

We comply with the principles of personal data processing established by EU Regulation 2016/679, namely:

  • Lawfulness, fairness, and transparency – we process personal data lawfully, fairly, and transparently in relation to you;

  • Purpose limitation – personal data is collected only for specific, legitimate, and explicitly communicated purposes and is not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible with the initial purposes;

  • Data minimization – the personal data collected is adequate, relevant, and limited to what is necessary for the purpose for which it is processed;

  • Accuracy – we ensure that personal data is accurate and up to date, taking all necessary measures to ensure that inaccurate personal data, having regard to the purposes for which it is processed, is erased or rectified without delay;

  • Storage limitation – we comply with the legal deadlines for data retention, or we retain it only until the purpose of collection is fulfilled, with deadlines established in this regard through internal procedures, and then we delete it;

  • Integrity and confidentiality – we implement appropriate technical and organizational measures for the security of personal data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage.

How we collect your personal data and what type of data we collect

Personal data is collected:

  • directly from you, by:

– completing online forms on our websites or social media pages/accounts (Facebook, LinkedIn, Instagram, Twitter, TikTok, YouTube, Google Business);

– emails you send us to one of the addresses indicated on the website pages;

  • through cookies when you browse our website.

All personal data is processed by us for precise and well-defined purposes, described in the forms through which you give your prior consent, for the conclusion or proper execution of a contract, to fulfill a legal obligation, or for the purpose of defending a legitimate right in court.

In the online process of providing personal data to us, although we make sustained efforts to protect the information you provide, the exchange of information via an internet connection is not 100% secure; therefore, we cannot guarantee the security of personal data transmitted by this method. Once we have received the data, we use strict procedures and security methods to prevent unauthorized access to this information.

Through the pages on the uvvg.ro domain, we do not collect or process special categories of personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor do we process genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Any such personal data that you communicate to us, accidentally or intentionally, will be immediately deleted.

Personal data of minors. Parental consent.

This website is intended for use by adults aged 18 and over. In certain cases, however, our services may also be accessed by minors. Their personal data will be stored and processed by us only with the prior, explicit, and written consent of the parent or legal guardian. In the absence of such consent, any personal data originating from a minor will be immediately removed from our database. As parents, we recommend that you actively participate in your children’s online exploration and use the parental control options offered by your computer system, the programs you use, and/or your internet service provider. Limiting minors’ online access is very helpful for their psychological and physical integrity.

What happens if you do not provide us with your data

If you do not communicate the requested personal data to us, or communicate it partially, we may be unable to provide the requested service. The personal data collection form is configured to request the minimum volume of information we need to identify you, to contact you, fulfill your requests, execute the contract, or fulfill our legal obligations. In these situations, we will inform you, if possible, so that you can make an informed decision.

Access to personal data and protection measures

Personal data in our database is processed by our own staff, who are periodically trained to comply with GDPR compliance procedures, drawn up according to the requirements of EU Regulation 2016/679.

We may disclose some personal data to trusted third parties for the stated purposes. We require them to have adequate technical and operational security measures in place to protect your personal data, in accordance with personal data protection legislation. Personal data will also be transmitted if we need to comply with a legal obligation, a request from governmental or executive authorities, to meet certain national security or law enforcement requirements, or to prevent certain illegal activities.

Except for the cases mentioned above, we will never disclose, sell, or lend any of your personal data to any third party without your prior consent.

We are committed to protecting personal data against any loss, misuse, disclosure, alteration, unavailability, unauthorized access, and destruction, and we take all reasonable measures to ensure the confidentiality of this data. We also continuously assess the risks that may arise during personal data processing activities and update our working procedures.

How long we retain personal data

We will retain personal data only for as long as necessary to fulfill the purpose for which it is processed. To determine the appropriate retention period, we consider the quantity, nature, and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve these purposes through other means. Some personal data is retained for necessary and specific periods, expressly provided by law, to fulfill our legal obligations.

When we no longer need personal data, we will securely delete or destroy it, or, if such a measure involves disproportionate costs, we will anonymize or encrypt it so that it becomes inaccessible. We will also consider the possibility of anonymizing personal data so that it can no longer be associated with an identifiable person, in which case we may use that information for statistics, studies, evaluations, and the like, without further notifications.

Your rights

EU Regulation 2016/679 grants you a series of rights that we respect and commit to responding to your requests with maximum promptness.

  • Right of access: this is the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data, including information regarding the categories of data held, the purpose of their use, the source of collection, etc. Upon your request, we will provide you, free of charge, with a copy of your personal data. Requesting multiple copies of your personal data may incur a reasonable fee, based on administrative costs.

  • The right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  • The right to rectification of personal data concerning you that is inaccurate. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by providing a supplementary statement.

  • The right to restriction of processing of your personal data, in cases where:

– you contest the accuracy of your personal data, for the period we need to verify its accuracy;

– the processing is unlawful, if you request restriction of processing instead of erasure;

– we no longer need your personal data but you require it for the establishment, exercise, or defense of legal claims;

– you have objected to processing while we are verifying whether our legitimate grounds override yours.

  • The right to erasure, or “right to be forgotten,” based on which you can request the erasure of personal data processed about you. We must comply with this request, without undue delay, with the following exceptions where the data is necessary:

– for exercising the right to freedom of expression and information;

– for compliance with a legal obligation we have;

– for archiving purposes in the public interest, scientific, historical research purposes, or statistical purposes;

– for the establishment, exercise, or defense of legal claims.

  • The right to data portability ensures that you have the right to receive the personal data concerning you and to transmit it to another personal data controller. Where technically feasible, you may request that we transmit your personal data (which you have provided to us) to another organization. You have this right if, cumulatively:

– We process your personal data by automated means,

– Our processing of your personal data is based on your consent or is necessary for the conclusion or performance of a contract to which you are a party;

– Your personal data is provided by you to us and the transmission of your personal data does not adversely affect the rights and freedoms of others.

  • The right to object, based on which you can object, at any time, to the processing of your personal data, provided that the processing is not based on consent but on the legitimate interests of the controller or a third party. In this case, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the purpose of the processing is the establishment, exercise, or defense of legal claims. You can always object to the processing of your personal data for direct marketing purposes, regardless of the reason.

Communication methods

We will communicate to each recipient to whom personal data has been disclosed any rectification or erasure of personal data, or restriction of processing, unless this proves impossible or involves disproportionate effort. All your requests will be fulfilled within the legal term of 30 days.

To exercise your rights, please send a written request to the data protection officer (DPO). You can also submit the request in person, or contact us by email at dpo@uvvg.ro

Any communication and measures taken as a result of your exercising your rights are provided by us free of charge. However, if you make unfounded, excessive, or repetitive requests, we have the legal option to refuse to act on the request or to charge a fee in accordance with the administrative costs necessary to fulfill your request.

If you are not satisfied with the response received, you have the option to contact the National Supervisory Authority for Personal Data Processing.

This information note may be amended by us at any time, without prior notice, when it can be improved or when practices and/or legislation in the field of personal data protection are updated. For this reason, we invite you to visit this page periodically, as your personal data will be treated according to the information note under which it is collected, unless we have your consent to treat it otherwise.