The purpose of using personal data by Baia de Fier MunicipalityThe Municipality of Baia de Fier collects, records, organizes, stores and uses to administer, maintain, improve and obtain feedback on the services it offers, as well as to prevent errors and leaks of information through its own IT network, violations of the law or contractual terms.
Marketing
Baia de Fier City Hall collects and updates information about the customers of its services and users of its sites, as well as about the suppliers with whom it regularly interacts and can obtain this information, either directly from you or from third parties, or automatically, with the use of Baia de Fier City Hall services through cookies and traffic reports generated by the servers that host the visitbaiadefier.ro website.
User rights
In the context of personal data processing, users have the following rights:
The right to be informed:
(1) If the personal data are obtained directly from the data subject, the operator is obliged to provide the data subject with at least the following information, except for the case where this person already possesses the respective information:
the identity of the operator and his representative, if applicable;
the purpose for which the data is processed;
additional information, such as: recipients or categories of data recipients; if providing all the requested data is mandatory and the consequences of refusing to provide them; the existence of the rights provided by this law for the data subject, in particular the right of access, intervention on the data and opposition, as well as the conditions under which they can be exercised;
any other information the provision of which is required by the supervisory authority, taking into account the specifics of the processing.
(2) If the data are not obtained directly from the data subject, the operator is obliged, at the time of data collection or, if it is intended to disclose them to third parties, at the latest until the time of the first disclosure, to provide the data subject with the at least the following information, with the exception of the case where the concerned person already possesses the respective information:
the identity of the operator and his representative, if applicable;
the purpose for which the data is processed;
additional information, such as: the categories of data concerned, the recipients or the categories of recipients of the data, the existence of the rights provided by this law for the data subject, in particular the right of access, intervention on the data and opposition, as well as the conditions under which they can be exercised;
any other information the provision of which is required by the supervisory authority, taking into account the specifics of the processing.
(3) The provisions of para. (2) does not apply if data processing is done for statistical, historical or scientific research purposes, or in any other situations where the provision of such information proves impossible or would involve an effort disproportionate to the legitimate interest that would could be damaged, as well as in situations where the recording or disclosure of data is expressly provided by law.
Right of access to data
(1) Any data subject has the right to obtain from the operator, upon request and free of charge for one request per year, confirmation of the fact that the data concerning him are or are not processed by him. The operator is obliged, in the situation in which it processes personal data concerning the applicant, to communicate to him, together with the confirmation, at least the following:
a) information regarding the purposes of the processing, the categories of data considered and the recipients or categories of recipients to whom the data is disclosed;
b) communicating in an intelligible form the data that are the subject of processing, as well as any available information regarding the origin of the data;
c) information on the principles of operation of the mechanism through which any automatic data processing is carried out that targets the respective person;
d) information regarding the existence of the right of intervention on the data and the right of opposition, as well as the conditions under which they can be exercised;
e) information on the possibility to consult the record register of personal data processing, to submit a complaint to the supervisory authority, as well as to address the court to challenge the operator’s decisions, in accordance with the provisions of this law.
(2) The person concerned may request from the operator the information provided in paragraph (1), through a written, dated and signed application. In the application, the applicant can indicate whether he wants the information to be communicated to him at a certain address, which can also be by e-mail, or through a service of correspondence to ensure that delivery will be made only in person.
(3) The operator is obliged to communicate the requested information, within 15 days from the date of receipt of the request, respecting the possible option of the applicant expressed according to para. (2).
The right to intervene on the data
(1) Any data subject has the right to obtain from the operator, upon request and free of charge:
as the case may be, rectifying, updating, blocking or deleting data whose processing is not in accordance with this law, especially incomplete or inaccurate data;
as the case may be, the transformation into anonymous data of data whose processing is not in accordance with this law;
the notification to third parties to whom the data of any operation carried out according to letter a) or b), if this notification does not prove impossible or does not involve an effort disproportionate to the legitimate interest that could be harmed.
(2) For the exercise of the right provided for in para. (1) the concerned person will submit a written, dated and signed request to the operator. In the application, the applicant can indicate whether he wants the information to be communicated to him at a certain address, which can also be by electronic mail, or through a correspondence service that ensures that the delivery will be made only in person.
(3) The operator is obliged to communicate the measures taken pursuant to para. (1), as well as, if applicable, the name of the third party to whom the personal data relating to the concerned person were disclosed, within 15 days from the date of receipt of the request, respecting the possible option of the applicant expressed according to para. (2).
The right of opposition
(1) The data subject has the right to object, at any time, for well-grounded and legitimate reasons related to his particular situation, to the processing of his data, except in cases where there are legal provisions to the contrary. In case of justified opposition, the processing can no longer concern the data in question.
(2) The data subject has the right to object at any time, free of charge and without any justification, to the data concerning him being processed for direct marketing purposes, on behalf of the operator or a third party or to be disclosed to third parties for such a purpose.
(3) In order to exercise the rights provided for in para. (1) and (2) the person concerned will submit a written, dated and signed request to the operator. In the application, the applicant can indicate whether he wants the information to be communicated to him at a certain address, which can also be by electronic mail, or through a correspondence service that ensures that the delivery will be made only in person.
(4) The operator is obliged to communicate the measures taken pursuant to para. (1) or (2), as well as, if applicable, the name of the third party to whom the personal data relating to the person concerned were disclosed, within 15 days from the date of receipt of the request, respecting the possible option expressed by the applicant according to paragraph (3).
The right not to be subject to an individual decision
(1) Any person has the right to request and obtain:
the withdrawal or cancellation of any decision that produces legal effects regarding him, adopted exclusively on the basis of a processing of personal data, carried out by automatic means, intended to evaluate some aspects of his personality, such as professional competence, credibility, behavior or other similar times aspects;
the re-evaluation of any other decision taken regarding it, which significantly affects it, if the decision was adopted exclusively on the basis of a data processing that meets the conditions provided for in letter a).
(2) Respecting the other guarantees provided by this law, a person may be subject to a decision of the nature referred to in paragraph. (1), only in the following situations:
the decision is taken within the framework of the conclusion or execution of a contract, provided that the request for the conclusion or execution of the contract, introduced by the person concerned, has been satisfied or that some appropriate measures, such as the possibility to support his point of view, guarantees the defense of its own legitimate interest;
the decision is authorized by a law that specifies the measures that guarantee the protection of the legitimate interest of the person concerned.
The right to data erasure
(1) The data subject has the right to obtain from the operator the deletion of the personal data concerning him, without undue delay, and the operator has the obligation to delete the personal data, without undue delay, if one of the the following reasons:
the personal data are no longer necessary to fulfill the purposes for which they were collected or processed;
the data subject withdraws his consent on the basis of which the processing takes place and there is no other legal basis for the processing;
the person concerned is
is being processed and there are no legitimate reasons to prevail regarding its processing;
personal data were processed illegally;
personal data must be deleted in order to comply with a legal obligation that rests with the operator under Union law or the internal law to which the operator is subject;
personal data were collected in connection with the provision of information society services.
(2) If the operator has made personal data public and is obliged, pursuant to paragraph (1), to delete it, the operator, taking into account the available technology and the cost of implementation, takes reasonable measures, including technical measures, to inform the operators who process the personal data that the data subject has requested the deletion by these operators of any links to the respective data or of any copies or reproductions of these personal data.
The right to go to justice
(1) Without prejudice to the possibility to complain to the supervisory authority, the persons concerned have the right to go to justice for the defense of any rights guaranteed by this law, which have been violated.
(2) Any person who has suffered damage as a result of an illegal processing of personal data, may apply to the competent court for its reparation.
(3) The competent court is the one in whose territorial jurisdiction the plaintiff resides. The summons application is exempt from the stamp duty.
In order to implement the technical and organizational measures necessary to preserve the confidentiality and integrity of personal data, the operator will comply with the minimum security requirements for the processing of personal data developed by the supervisory authority according to the state of the art used in the processing process and costs, so that to ensure an adequate level of security, in terms of the risks posed by the processing, as well as in terms of the nature of the data that must be protected.
In this sense, the minimum security requirements for the processing of personal data cover the following aspects:
Staff training
During the user training courses, the operator is obliged to inform/train them on the following aspects:
the provisions of Law no. 677/2001 for the protection of individuals regarding the processing of personal data and the free circulation of such data, to the minimum security requirements for the processing of personal data;
the risks involved in the processing of personal data, depending on the specifics of the user’s activity.
preserving the confidentiality of personal data, meaning that they will be warned by messages that will appear on the monitors during the activity, users also having the obligation to close the work session when they leave the workplace.
Use of computers
To maintain the security of personal data processing (especially against computer viruses), the operator will take the following measures:
prohibiting the use by users of software programs that come from external or dubious sources;
informing users about the danger of computer viruses;
the implementation of automatic de-virusing and computer security systems;
deactivating, as much as possible, the “Print screen” key, when personal data are displayed on the monitor, thus prohibiting their printing.
Contact
For any other information regarding the collection, archiving and protection of personal data, please send us an e-mail at office@visitbaiadefier.ro
Update
These Privacy Conditions are updated as often as needed. Please read these conditions periodically, to be aware of what information Baia de Fier City Hall collects, uses and transmits.