The Romanian Competition Law Association (ARCON) (hereinafter referred to as “ARCON”, the “Association”, the “Operator” or “We/Us/Our”) registered in the Register of Associations and Foundations under no. 157/02.11.2021, and headquartered in 66 Petre Crețu Street, District 1, Bucharest, Romania, is the entity that collects, processes and stores the personal data of members of the association and other users of www.arcon.org.ro.
The protection of personal data is very important to ARCON and we want you to be properly informed about how and for what purposes ARCON processes your personal data.
The processing of personal data by the Controller shall be in accordance with the provisions of Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), as well as with the applicable national data protection laws.
Personal data means any data or information by which a natural person can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
Categories of personal data processed and purposes
ARCON’s policy is to collect and process only the data that we need to provide you with the most pleasant experience when you browse www.arcon.org.ro and/or when you purchase products/services made available on the website (e.g., organisation of courses, seminars, other events or publications for educational purposes for the organisation of professional training programmes). We also process your personal data when you wish to become a member of the Romanian Competition Law Association (ARCON).
The categories of personal data we process as a personal data controller include:
identification elements such as name and surname, name and surname of legal representatives, telephone, fax, e-mail address, place of work, profession, professional training – diplomas – studies, which serve to identify you or the persons who represent you or whom you represent for membership of the Romanian Competition Law Association (ARCON). Also, to identify and activate the user/member account, a password will be set by the user/member (password to be provided each time the user/member logs into the account).
identification elements such as name and surname, e-mail address, telephone number, business and transactional information (e.g., payment information, purchase/order/return information), for products/services purchased through the www.arcon.org.ro website.
ARCON will collect, use, process and provide the personal data provided by you for the following purposes: creating a user /member account, newsletter subscription, informing ARCON members about news of interest to the field, organising courses, seminars, other events for educational purposes (for the organisation of professional training programmes), for issuing any financial-accounting documents, concluding contracts or other documents necessary for ARCON’s activity, for fulfilling the legal obligations imposed by G.O. no.26/2000 regarding associations and foundations, as well as any other obligations imposed by the law.
If you decide to register as a user/member on www.arcon.org.ro, we need to process your data in order to identify you as a user/member and to provide you with access to its various features, products and services available to you as a registered user/member. You may cancel your registered user/member account by contacting us at firstname.lastname@example.org.
Please bear in mind that when we ask you to fill in your personal data in order to provide you with access to certain ARCON features or services, we will mark some fields as mandatory, as we need this information in order to provide you with the service or to give you access to the feature. Remember that, if you choose not to provide us with this information, you may not be able to complete your user/member registration or benefit from these services or features.
The processing of personal data may be based on:
user/member consent (Art. 6 para. 1 let. a) of GDPR);
the need to perform a contract (Art. 6 para. 1 let. b) of GDPR);
fulfilment of a legal obligation (Art. 6 para. 1 let. c) of GDPR). For example, compliance with specific legal obligations, including mandatory accounting and tax requirements that impose specific rules, such as keeping certain documents, for a certain period of time;
based on the legitimate interest of the Controller (Art. 6 para. 1 let. f) of GDPR). For example, ensuring the security of your data and improving our services. Whenever we rely on this ground, we will make sure to assess our interests and that they do not override your rights.
Retention period of personal data
ARCON processes your data for the period necessary to fulfil the purposes for which they were collected. Your personal data will not be kept in a form that allows you to be identified for longer than is reasonably considered necessary by ARCON to achieve the purposes for which they were collected or as set out in applicable laws regarding data retention periods. In some cases, certain legal provisions may require or permit us to retain data for a longer period.
Unless legal or contractual obligations require/allow us to retain your data for a specific period of time (e.g., periods required by the law for archiving in order to defend our rights in court), the following retention periods apply in accordance with our data retention policy:
for as long as we need your data in order to provide you with the requested products/services and to fulfil our obligations towards you as set out in this Personal Data Processing Policy and subsequently for archiving purposes for a period of 5 (five) years;
in case you have a user account opened on www.arcon.org.ro, we will keep your data as long as this user account is active, but no longer than 5 (five) years from the last login to the account;
for the issuance of any financial-accounting documents, the conclusion of contracts or other documents necessary in ARCON’s activity (invoice operation), we will keep the data for a period of 10 (ten) years;
for the identification activities of the members of the association, we will keep your data as long as you are a member of ARCON and subsequently according to the legal provisions in the field.
ARCON has implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of unlawful processing, as well as the erasure or rectification of data that is inaccurate or incomplete in relation to the purpose for which they were collected and for which they are further processed. However, no data transmission over the Internet can be guaranteed to be completely secure.
If you suspect that the confidentiality of your data has been breached, please contact us immediately at email@example.com.
Disclosure of personal data to third parties
To the extent necessary, we will commission other external companies/suppliers to perform certain tasks that contribute to our services on our behalf. We may, for example, provide personal data to external service providers to host our databases or to send you the information you have requested. We will send these data in accordance with the GDPR, as well as in accordance with the applicable national data protection laws.
We will also disclose your personal data to public authorities if required by the law.
Some personal data may be transferred to our partners/suppliers that help us operate ARCON’s activities and that are located outside the European Union. If we transfer your personal data to third countries that are not recognised by the European Commission as having an adequate level of protection, we assure you that the transfer will be carried out in accordance with the GDPR, as well as with the applicable national data protection laws. Measures may include, for example, the implementation of data protection standards and standard contractual clauses adopted by the Commission of the European Union.
Your legal rights
As a data subject, you have specific legal rights with regard to the personal data we collect from you. In accordance with the applicable data protection legislation, please be advised that you have the following rights:
Right of access: You have the right to obtain confirmation from us as to whether or not personal data relating to you are being processed and, if so, to request access to the personal data. Information on access includes – inter alia – the purposes of the processing and the recipients or categories of recipients to whom personal data have been or will be disclosed. However, this is not an absolute right and the interests of others may restrict your right of access.
You have the right to obtain a copy of the personal data being processed. For other copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data relating to you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by providing an additional statement.
Right to erasure (right to be forgotten): In certain circumstances, you have the right to obtain from us the erasure of Personal Data relating to you and we may be compelled to erase such personal data.
Right to restrict processing: In certain circumstances, you have the right to obtain from us restrictions on the processing of your personal data. In this case, such data will be marked and may only be processed by the Controller for certain purposes.
Right to data portability: In certain circumstances, you have the right to receive personal data relating to you, which you have provided to us or which we have recorded, in a structured, commonly used and machine-readable format.
Right to object: In certain circumstances, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data by us and we may be compelled to stop processing your personal data.
Right not to be subject to a decision based solely on automated processing, including profiling: In certain circumstances, you may have the right not to be subject to such a decision which may significantly affect you.
Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing: If you believe that your rights are being violated, you may lodge such a complaint with the National Authority for Personal Data Protection.
If you have any questions about this Personal Data Processing Policy or wish to exercise your legal rights, please send your request to the e-mail address firstname.lastname@example.org or to the postal address 012052, 66 Petre Crețu Street, District 1, Bucharest, Romania.