INFORMATION NOTICE REGARDING THE PROCESSING OF PERSONAL DATA

uvvg.ro

This website is operated by the “Vasile Goldiș” Western University of Arad (hereinafter referred to as “We”), headquartered at B-dul Revoluției no. 94-96, having CUI 14305480.

We collect and process different categories of personal data from you as a user of the uvvg.ro domain, hereinafter referred to as the “website”, and in accordance with EU Regulation 2016/679 regarding the protection of personal data, we act as the data controller.

The protection of your personal data is very important to us.

This Information Notice describes the methods used for collecting and using your personal data. Thus, you will find out what data is collected, how and for what purpose, and you will be informed about the rights you have regarding your personal data.

Principles of Personal Data Processing

We comply with the principles of personal data processing established by EU Regulation 2016/679, namely:

1. Lawfulness, fairness and transparency – we process personal data lawfully, fairly and transparently in relation to you;
2. Collection for specific purposes – personal data is collected only for specific, legitimate purposes that are clearly communicated and is not further processed in a way incompatible with those purposes; further processing for archiving in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible with the initial purposes;
3. Data minimization – the personal data collected is adequate, relevant and limited to what is strictly necessary for the purpose for which it is processed;
4. Data accuracy – we ensure that personal data is accurate and kept up to date, taking all necessary measures to ensure that inaccurate personal data, considering the purposes for which it is processed, is erased or corrected without delay;
5. Storage limitation – we respect the legal retention periods for storing data or keep it only until the purpose of collection has been fulfilled, with retention periods established through internal procedures, after which the data is deleted;
6. Integrity and confidentiality – we take appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

How We Collect Your Personal Data and What Data We Collect

Personal data is collected:

• Directly from you, through:

– completing online forms on our website pages or on our social media pages/accounts (Facebook, LinkedIn, Instagram, Twitter, TikTok, YouTube, Google Business);

– emails you send to one of the addresses indicated on the website pages;

• Through cookies when you browse our website.

All personal data is processed by us for precise and clearly determined purposes, described in the forms through which you give your prior consent, for concluding or properly performing a contract, fulfilling a legal obligation, or defending a legitimate right in court.

During the online process of providing personal data to us, although we make considerable efforts to protect the information you provide, the exchange of information over an internet connection is not 100% secure. Therefore, we cannot guarantee the security of personal data transmitted in this way. Once we receive the data, we use strict procedures and security methods to prevent unauthorized access.

Through the pages of the uvvg.ro domain, we do not collect or process special categories of personal data that reveal racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data, biometric data used for unique identification, health data, or data concerning a person’s sexual life or sexual orientation. Any such personal data communicated to us accidentally or intentionally will be immediately deleted.

Personal Data of Minors. Parental Consent

This website is intended for use by adults aged 18 or older. However, in certain situations, our services may also be accessed by minors. Their personal data will be stored and processed only with the prior, explicit and written consent of the parent or legal guardian.

In the absence of such consent, any personal data originating from a minor will be immediately removed from our database.

As parents, we recommend that you actively participate in your children’s online activities and use the parental control options available through your computer systems, software applications, and/or internet service provider. Limiting minors’ online access can help protect their psychological and physical well-being.

What Happens if You Do Not Provide Your Data

If you do not provide the requested personal data, or provide it only partially, we may be unable to deliver the requested service.

The personal data collection forms are configured to request only the minimum amount of information necessary to identify you, contact you, fulfill your requests, execute a contract, or meet our legal obligations.

In such situations, if possible, we will inform you so that you can make an informed decision.

Access to Personal Data and Protection Measures

The personal data in our database is processed by our own staff, who are periodically trained to comply with GDPR compliance procedures prepared in accordance with EU Regulation 2016/679.

We may disclose certain personal data to trusted third parties for the established purposes. These parties are required to implement appropriate technical and operational security measures to protect your personal data in accordance with data protection legislation.

Personal data may also be disclosed when necessary to comply with a legal obligation, upon request from governmental or executive authorities, to meet national security or law enforcement requirements, or to prevent illegal activities.

Except for the cases mentioned above, we will never disclose, sell, or lend your personal data to any third party without your prior consent.

We are committed to protecting personal data against loss, misuse, disclosure, alteration, unavailability, unauthorized access, and destruction, and we take all reasonable measures to ensure confidentiality. We also continuously evaluate risks associated with personal data processing activities and update our procedures accordingly.

How Long We Keep Personal Data

We will retain personal data only for as long as necessary to fulfill the purpose for which it was collected.

To determine the appropriate retention period, we consider the quantity, nature, and sensitivity of the personal data, the purposes for which it is processed, and whether those purposes can be achieved through other means.

Certain personal data may be retained for specific periods required by law in order to fulfill legal obligations.

When personal data is no longer needed, it will be securely deleted or destroyed. If such measures would involve disproportionate costs, the data will be anonymized or encrypted so that it becomes inaccessible.

We may also anonymize personal data so that it can no longer be associated with an identifiable person, in which case it may be used for statistics, studies, evaluations, and similar purposes without further notice.

Your Rights

EU Regulation 2016/679 grants you several rights, which we respect and are committed to addressing promptly.

1. Right of access – the right to obtain confirmation from the controller as to whether personal data concerning you is being processed and, if so, access to that data and information about the categories of data held, the purpose of processing, the source of collection, etc. Upon request, we will provide you with a copy of your personal data free of charge. Requests for additional copies may involve a reasonable administrative fee.
2. Right to withdraw consent – you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
3. Right to rectification – the right to have inaccurate personal data concerning you corrected. Considering the purposes of processing, you also have the right to have incomplete personal data completed.
4. Right to restriction of processing, if:

• you contest the accuracy of the personal data, for the period necessary to verify its accuracy;
• the processing is unlawful and you request restriction instead of deletion;
• we no longer need the data but you require it for the establishment, exercise, or defense of legal claims;
• you have objected to processing while we verify whether our legitimate grounds override yours.

5. Right to erasure (“right to be forgotten”) – you may request the deletion of personal data processed about you. We will comply without undue delay, except where the data is necessary:

• to exercise the right to freedom of expression and information;
• to comply with a legal obligation;
• for archiving in the public interest, scientific or historical research, or statistical purposes;
• for establishing, exercising, or defending legal claims.

6. Right to data portability – you have the right to receive the personal data concerning you and transmit it to another data controller. Where technically feasible, you may request that we transfer your data directly to another organization.

This right applies if:

• processing is carried out by automated means;
• processing is based on your consent or necessary for a contract;
• the data was provided by you;
• the transfer does not adversely affect the rights and freedoms of others.

7. Right to object – you may object at any time to the processing of your personal data when it is based on legitimate interests of the controller or a third party. In such cases, we will stop processing the data unless compelling legitimate grounds exist or the processing is necessary for legal claims. You may always object to processing for direct marketing purposes, regardless of the reason.

Communication Methods

We will inform each recipient to whom personal data has been disclosed of any rectification, deletion, or restriction of processing, unless this proves impossible or involves disproportionate effort.

All requests will be resolved within the legal period of 30 days.

To exercise your rights, please submit a written request to the Data Protection Officer (DPO). The request may also be submitted in person or by email at: dpo@uvvg.ro

All communications and actions taken following your request are free of charge. However, if requests are unfounded, excessive, or repetitive, we may legally refuse the request or charge a fee corresponding to the administrative costs involved.

If you are not satisfied with the response received, you have the option to contact the National Supervisory Authority for Personal Data Processing​.

This information notice may be modified at any time without prior notice when improvements are made or when practices and/or legislation regarding personal data protection are updated. For this reason, we recommend that you periodically review this page. Your personal data will be processed according to the information notice in force at the time the data is collected, unless we obtain your consent to process it differently.