Privacy Policy

At ISWinT, we are committed to maintaining the trust and confidence of our guests when attending our festival events and when visiting our online platforms. We want to assure you that we are not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes. In this Privacy Policy, we’ve provided lots of detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. If you have any questions please contact us at contact@iswint.ro
Thank you!
- The ISWINT Team
 
1. REGISTER HOLDER (CONTROLLER)
 
Alexandru Constantin ILIESCU
Timișoara, Timiș county, Romania, blvd. Vasile Pârvan, no. 2, room A021
0040 765 822 936
TIN 7267553
 
2. PERSON IN CHARGE OR CONTACT PERSON
 
Alexandru LUCA
0040 733 934 063
 
3. NAME OF REGISTER
 
Liga Studenților din Facultatea de Automatică și Calculatoare
 
4. PURPOSE OF THE PROCESSING OF PERSONAL DATA
 
          The PURPOSE of personal data processing by Liga AC is to fulfil our specific activity and the subject of the contract with the data subject, as well as the fulfilment of legal obligations concerning financial, commercial and international law matters and the compliance with all the legal provisions regarding our activity.
 
          The LEGAL GROUND for personal data processing by Liga AC is, mainly, article 6, paragraph (1), letter b) from GDPR - processing is necessary for the performance of a contract, as well as, article 6, paragraph (1), letter c) from GDPR – processing is necessary for compliance with a legal obligation – the legal obligations that apply to the controller are regulated by labor law or any other legislative or administrative document or decision relating to data collection and processing.
 
5. INFORMATION CONTENT OF THE DATA FILES
          In order to fulfil our tasks and the obligations imposed by the aforementioned legal documents, the controller processes the following:
PERSONAL DATA CATEGORIES: first, middle and last names, home addresses, personal identification number and any data from identity documents for:
  • Signing and executing a contract;
  • Billing and carrying out payments;
  • Fulfilling accounting and financial obligations;
  • Drawing up the accounts required by law;
  • Settling financing projects;
  • Displaying results or rankings from competitions, projects or selection processes organized by Liga AC;
  • Drawing up statistics following projects, activities or events in order to observe the impact of theproject/activity/event; the statistics are not nominal.
Bank account data for making payments;
Phone numbers, email addresses, Facebook/Instagram/YouTube/Twitter or other social media accounts, websites for:
  • Communication regarding the execution of a contract or results;
  • Providing new pieces of information regarding projects or events organized by Liga AC;
  • Contacting the data subject for their confirmation for participating in the events that we collected data for;
  • Providing information about a project, such as scheduling data, organizers’ contacts, meeting locations etc.;
  • Efficiently communicating with or promoting partners.
Personal data regarding clothing or footwear, culinary preferences, gender, sexual orientation, race, nationality, any other options required by signup forms are required and internally processed for having a richer experience in the projects, activities or events that participants, collaborators or partners take part.
Any other “personal data”, meaning any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
          According to the GDPR, exceptionally, the processing of the following SPECIAL PERSONAL DATA CATEGORIES requires a higher protection standard: racial or ethnic background, political opinions, religious orientation, philosophical convictions, syndicate memberships, genetic data, biometric data that can uniquely identify a person, data regarding health or the sexual life or orientation of a natural person.
          In order to process special personal data, besides identifying grounds for processing in accordance with article 6 of the GDPR, it is required that one of the conditions stated in article 9, paragraph (2) of the General Data Protection Regulation is satisfied. Those conditions are as follows:
  • The explicit consent of the data subject;
  • The processing is necessary in order to fulfil some obligations and to exercise specific rights belonging to the controller or to the data subject.
 
6. RECEPIENTS
 
          The RECIPIENTS of personal data are the controller’s proxies, employees, the accounting and human resources departments, as well as clients, partners, beneficiaries, suppliers and state institutions.
          We do not intend to transfer data to other companies (marketing or advertising companies).
          We do not intend to transfer personal data to another country or international organization unless we are partners or collaborators and this fact is clearly stated in the data collection form.
          Information regarding personal data might be communicated, by request, to the following recipients or recipient categories: the National Authority for Community Programs in Education and Professional Training (ANPCDEFP), the Ministry of Finances, the Ministry of Youth and Sports, Timișoara City Hall, Timiș County Council, the Sports and Youth Department of Timiș County, the Ministry of Culture and National Identity, the Ministry of Education, universities in Timișoara, the Timiș County School Inspectorate and subordinate institutions, public authorities with attributions regarding defense, public order, supervising and controlling economic activity, national security and justice, institutions or authorities of public administration, foreign diplomatic missions recognized by Romania, public institutions or authorities in healthcare and social insurance, other public or private entities that can prove a legitimate interest, according to the law.
          Providing that other personal data is required, the petitioner must provide legitimate interest, according to the law.
          Personal data may be processed by the petitioners only for the purpose they were required for and provided for, except in situations stated by the law.
          If the petitioner intends to process the personal data acquired from the controller, they have the obligation to respect the regulations regarding personal data processing.
 
7. DURATION
 
          The DURATION of personal data storage and processing is limited, from the submitted registration to the day limit of the contract, in case of litigation – for the duration of the settlement of said litigation, as well as in accordance with the law and for as long as it is legally required that we keep work contracts, documents regarding payments or accounting or other legal documents that we must keep in accounting and society archives. Furthermore, personal data belonging to participants in project, activities or events organized by Liga AC is stored for up to ten years or until the data subject requests its erasure.
 
8. RECTIFICATION AND REALISATION OF THE RECTIFICATION
 
Everyone has the right to request rectification of invalid register information.
The rectification request should be made in writing and with sufficient details.
This prohibition as well as rectification requests should be addressed to:
 
Alexandru Costantin ILIESCU
Timișoara, Timiș county, Romania, blvd. Vasile Pârvan, no. 2, room A021
0040 765 822 936
TIN 7267553
 
9. OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
 
As a data subject, the following RIGHTS apply to you:
  • The right to access – you have the right to obtain confirmation from us that we do or do not process personal data that is of interest to you, and to gain access to your own data and to information regarding the means of data collecting.
  • The right to data portability – you have the right to receive personal data in a structured, commonly used format that can be automatically read and the right to have this data transferred to another controller should this be possible from a technical standpoint.
  • The right to opposition – you have the right to oppose personal data processing when the processing is necessary to a task that serves public interest or a legitimate interest of the controller. When personal data is processed for direct marketing, you have the right to oppose processing at any moment.
  • The right to rectification – you have the right to have your personal data rectified, without unjustified delays. The rectification will be further communicated to any recipient whom the data was previously sent to, unless this proves to be impossible or entails disproportionate effort.
  • The right to data erasure (“the right to be forgotten”) – you have the right to request that your personal data is erased, without unjustified delays, provided one of the following reasons apply: the data is no longer necessary in order to fulfil the purpose it was collected or processed for, you withdraw consent and there is no longer legal ground for the processing, you oppose the processing and there are no other prevalent legitimate reasons, personal data must be erased in order to respect a legal obligation, the personal data was illegally processed, the personal data was collected in order to provide services of an informational society.
  • The right to restriction of processing – it can be exercised if the accuracy of the personal data is contested by the data subject for a period of time that allows us to check the correctness of the data; the processing is unlawful and the data subject opposes personal data erasure, requesting restriction instead; if the controller no longer needs the personal data for processing but the data subject requests the data for the establishment, exercise or defense of a legal claim; the data subject objected processing for the time period pending the verification whether the legitimate grounds of the controller override those of the data subject.
          All these rights may be exercised via a written, signed and dated request that is sent to our headquarters or via fax or email at the contact details previously mentioned and the controller will respond to the request without unjustified delays, in a month from the date of its receival, or in exceptional situations, if the data subject’s request is complex, the controller will respond in a period of time of maximum three months from its receival and the data subject will be notified of this situation.
          We inform that we do not use personal data for automatic processing or for creating profiles. We do not make automatic decisions regarding your personal data. We use technological means to store personal data securely. We do not process data for purposes that are incompatible with the purpose the data was collected for.
          We respect and strictly ensure professional secrets. We do not publish personal data, unless it is in your interest or to fulfil legal obligations. Confidentiality represents not only a professional obligation for us, but also a fundamental value.
          We will take technical and procedural measures in order to protect and to ensure the confidentiality, integrity and accessibility of your personal data that is processed by us. We will prevent unauthorized access or usage and personal data security violations, according to the law.
          Furthermore, as a data subject, should you be unhappy with how we apply the regulations and respect the rights regarding personal data protection, you have the right to file a complaint with The National Supervisory Authority For Personal Data Processing (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at their headquarters at blvd. General Gheorghe Magheru no. 28-30, sector 1, Bucharest, postal code 0103336, email: anspdcp@dataprotection.ro or to take legal action.
          We inform that an intervention over the personal data you provided us might prevent us from fulfilling the contract signed between you and the controller, the controller being released from any obligation or liability in such event.