Data Protection Statement

Date: 1st of March 2023

Version 1.0

This data protection statement tells you what to expect us to do with your personal data when you contact us or use one of our services.

We keep our data protection notice under regular review to make sure it is up to date and accurate. We reserve the right to make any changes. You will be informed of these changes accordingly.

Who are we?

We are The ABC of Data Protection SRL, registered in Bistrita, Romania, under registration number 47418248, based in Bistrita, Garii 30, ap. 26. We can also be found in Bistrita, Al. Odobescu 8.

The purpose of this data protection statement is to provide details on why and how we process personal data when you interact with our website or contract our services. We will explain what purposes and legal bases we have for the processing, for how long do we keep the data, who we share it with and whether we do any automated decision-making or profiling. We are considered a ‘controller’ according to Regulation (EU) 2016/679 (“GDPR”) for the personal data processed, unless otherwise stated.

What personal data do we collect and why?

We collect personal data directly from you when:

  • You use our website;

  • You submit a contact form;

  • You subscribe to our newsletter;

  • You sign up for a course or sign a services agreement;

According to GDPR, for all personal data collection and processing purposes, we need a legal basis.

Data Elements — Purposes —Legal basis

Contact data — Newsletter — Consent*

Contact data; any other data elements included in the inquiry — Contact form — Legitimate interest** to respond to customer’s request

Contact data; any other data elements required to fulfill the contract obligations — Services contract — Contract; Legal Obligation – Civil code

Contact data (name, e-mail address); any other data provided during the course — Courses attendance — Contract; Legal Obligation – Civil code

Cookies — Website functionality and security — Legitimate interest* of maintaining and monitoring the performance of our website

Cookies — Website performance — Consent

*Consent - You have the right to withdraw your consent at any point.

**Legitimate interest - As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use a cookies tool called [CookieYes] on our website to gain consent for the optional cookies we use.

Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.

The table below explains the cookies we use and why.

Cookie — Duration — Purpose

IP Address — 30 days — Collect IP address to remember preferences

crumb — Session — Squarespace sets this cookie to prevent cross-site request forgery (CSRF)

Adobe Typekit — Session — Collect information relating to your JavaScript version, the amount of time it takes for you to download and apply fonts, and whether you are using an ad blocker and the effects of your ad blocker on website rendering.

This website is built using Squarespace. You can learn more about the cookies used by Squarespace here.

When a visitor accepts or declines your website's cookies, they won't see the cookie banner again for 30 days, unless they clear their cookies.

Who receives your personal data from us?

We use data processors who are third parties who provide elements of services for us, such as website functionality, data storage or accounting. We have contracts in place with our data processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal data with any organization apart from us. They will hold it securely and retain it for the period we instruct. When it is necessary for us to transfer your personal data outside of the EEA this will only be done in accordance with the GDPR.

In some circumstances we are legally obliged to share information. For example, under a court order or where we cooperate with the supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.

We use Squarespace to develop and support our website and digital services. They may have access to the personal data you share with us via our website, but only where this is necessary for them to provide us with this support.

We use Google Workspace to host and provide contact information. Data is stored in the US.

For how long do we store your personal?

Your information is securely stored according to the retention details below.

Categories — Retention Period — Disposal

Contact data for newsletter — Until consent is withdrawn — Deletion

Data obtained from contact form — 3 years after the request is closed* — Deletion

Data obtained for contract fulfillment — 3 any after the contract is completed, unless otherwise specified in the contract – Civil Procedure Code — Deletion & Paper destruction

Data obtained for contract fulfillment for fiscal duties — 5 years after 1st of July of the following year since the bill has been emitted – Fiscal Code — Deletion & Paper destruction

Data Subject requests details — 2 years after completing the request — Deletion

*A request is considered closed after 2 months of inactivity – no reply has been received from the requestor.

Other

We do not do any automated decision making or profiling. We do not provide services directly to children or proactively collect their personal data. We do not process any special categories of personal data.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing - You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.

Your right to data portability - This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organization to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

You also have the right to complain to the Romanian Data Protection Authority.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us here if you wish to make a request.

Contact us

If you want to get in touch with our team, please reach out to contact@theabcofdataprotection.com.

Definitions

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 

Processor - means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 

Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Consent - means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; 

EEA - The European Economic Area (EEA) unites the EU Member States and the three EEA EFTA States (Iceland, Liechtenstein, and Norway) into an Internal Market governed by the same basic rules.