GDPR-en - You 4 Peace

General policy on the protection of personal data

The D’Apetresii Association through the You4Peace platform (owned by the D’Apetresii Association) hereinafter referred to as You4Peace operates in compliance with data protection requirements, including those provided by the General Data Protection Regulation 2016/679/EU regarding the protection of natural persons in regarding the processing of personal data and the free movement of such data.

D’Apetresii Association is registered with ANSPDCP as personal data operator no. 34037 / 2015 having the capacity to process personal data. (https://www.dataprotection.ro/index.jsp?page=home&lang=en)

The requirements in this document apply to the processing of personal data concerning natural persons, and not to the data concerning companies or other legal entities.

Note: Personal data may be held even if You4Peace has concluded service contracts, etc. only with legal entities. For example, data about legal representatives, contact persons, etc. may be held in these cases. of these legal entities (e.g., business email addresses with the format “[email protected]” or telephone numbers).

You4Peace undertakes to any persons who provide it with personal data that it ensures the confidentiality and security of personal data in accordance with the applicable legal provisions in this area.

In the performance of their day-to-day duties, when necessary, You4Peace employees process data belonging to the legal representatives of legal entity members and service/utility providers with whom You4Peace has concluded contractual relations, natural persons, beneficial owners, proxies, etc.

In order to ensure the highest standards of protection, You4Peace employees who process personal data in order to fulfill their job duties must at least comply with the main principles and obligations listed in this Policy.

Definitions

Personal data is the information that identifies a natural person or that makes them at least identifiable. Personal data are divided into general data (surname, first name, telephone, address, etc.) and sensitive data (serial and number of bulletin / passport, personal numerical code, health data, trade union membership data, etc.).

Processing is any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation (simple viewing/access), use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

The data subject is any natural person whose personal data is processed by or on behalf of You4Peace.

Principles regarding the processing of personal data.

2.1. Personal data must be processed in a legal, fair and transparent manner towards the data subject

The data subject is the natural person whose personal data is processed.

In order to comply with the previously stated principle, in order to process personal data, employees must ensure that:

there is a legal basis on which the processing is based;
the processing does not affect the fundamental rights and freedoms of the persons concerned;
the data subjects were provided with the minimum content of information regarding the processing activities.

Spot checks regarding compliance with the above requirements will be made by the employees who make the final decision regarding the necessity and method of carrying out the processing in relation to the intended purpose.

2.2. Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with these purposes.

You4Peace employees must consider the collection of data for specifically determined purposes (e.g., in order to conclude the employment contract, in order to fulfill legal obligations deriving from tax legislation, etc.) and ensure that the processing purposes do not contravene the applicable legal norms , respectively that the processing purposes are legal.

Personal data can only be processed in the following situations:

when the use of the data is necessary for the negotiation in order to conclude or for the execution of a contract with the data subject;
to comply with a legal obligation;
when the processing is necessary for the performance of a task that serves a public interest, provided for in EU or national legislation;
to protect the vital interests of a natural person;
for the purposes of the legitimate interests of You4Peace, unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, in particular when the data subject is a child;
with the consent of the natural persons concerned.

To be valid, consent must be a free, specific, informed and unambiguous manifestation of the data subject’s will, by which he accepts, by a statement or an unequivocal action, that the personal data that look to be processed.

Consent must be expressed for each processing purpose and requires adequate identification of the person who consented to the processing.

In employment relations, You4Peace will not, as a general rule, rely on the consent of employees.

2.3. Personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

The data collected must be really necessary for the provision of services by You4Peace and for the fulfillment of the duties of You4Peace employees, the processing of data that is not subject to a real need for processing is prohibited, for example:

the collection of sensitive personal data, such as health data, for marketing campaigns, in the absence of an express legal requirement in this regard;
generating reports (e.g., lists in Excel) in which more categories of data are included than those strictly necessary to achieve the purpose pursued by generating the report.

Also, the collected data will not be subjected to other processing activities additional to those initially established. To the extent that additional processing is intended, the data subject will be informed about the new processing activity, with a reasonable period of time before the actual start of the processing in question.

2.4. The personal data processed are accurate and, where necessary, updated

All necessary steps must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is deleted or rectified without delay.

In this sense, employees must avoid storing documents containing personal data on personal stations and use data stored in centralized applications to avoid the risk of using inaccurate data.

2.5. Personal data must be kept in a form that allows the identification of the data subjects for a period that does not exceed the period necessary to fulfill the purposes for which the data are processed.

In carrying out processing activities, Yo4Peace employees must ensure that they comply with data storage requirements for the duration strictly necessary for the purpose of processing, including by referring to the archiving requirements imposed by specific legislation.

2.6. Personal data must be processed in a way that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures.

In the data processing activity, You4Peace employees must comply with the security requirements imposed on You4Peace by means of this policy.

Rights of data subjects

The regulation recognizes several rights for data subjects. These rights must be respected and any request received by You4Peace employees under these rights must be handled in accordance with the requirements of this Policy.

The right to information and the right of access refer to the right of data subjects to obtain:

a confirmation from You4Peace that the personal data concerning her are being processed or not and, if so;
access to the respective data and to information regarding the manner in which the data are processed, the purpose for which the processing is done, the recipients or categories of recipients of the data, etc.

The right to data portability refers to the right to receive personal data in a structured, commonly used and machine-readable format and the right to have this data transmitted directly to another operator, if legal requirements are met and if this transmission is technically feasible.

The right to object – any data subject has the right to object:

at any time, for reasons related to his particular situation – that the data concerning him be processed in the legitimate interest of You4Peace, except in cases where there are legal provisions to the contrary;
at any time, free of charge and without any justification, that the data concerning her be processed for direct marketing purposes.

The right to rectification refers to the correction without undue delay of inaccurate personal data. The rectification will be communicated to each recipient to whom the data were transmitted, unless this proves impossible or involves disproportionate efforts.

The right to data erasure (“the right to be forgotten”) refers to the right to request the erasure of personal data, without undue delay, if one of the following reasons applies:

they are no longer necessary to fulfill the purposes for which they were collected or processed;
if consent is withdrawn and there is no other legal basis for processing;
if the data subject objects to the processing and there are no legitimate reasons to prevail;
if the personal data were processed illegally;
if personal data must be deleted to comply with a legal obligation.

The right to restrict processing can be exercised if the person disputes the accuracy of the data, for a period that allows Asociația D’Apetresii to verify the correctness of the data.

The right not to be subject to an individual decision – any person has the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects him to an extent significant, unless this processing:

it is necessary for the conclusion or execution of a contract between the data subject and the D’Apetresii Association;
is authorized by Union law or domestic law that applies to the operator and that also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject or
is based on the explicit consent of the person concerned.

The person concerned can request reconsideration of the decision taken in the 3 cases above.

All these rights can be exercised by the persons concerned through a request sent to the headquarters of the D’Apetresii Association or to the e-mail address: office (at) you4peace (dot) ro.

You4Peace must respond to any request to exercise the rights of the persons concerned within a maximum of one month (as a rule), respecting the minimum content established by the Regulation.

Breach of data security

A data security breach occurs when data for which You4Peace is responsible suffers a security incident that results, accidentally or unlawfully, in compromising the confidentiality, availability or integrity of personal data (e.g. destruction, loss , unauthorized modification or disclosure of personal data).

Security incidents can occur, e.g., as a result of cyber attacks, but also when a piece of equipment (e.g., phone, laptop, etc.) on which personal data is saved is lost, or when an email is accidentally sent e-mail that includes personal data of a person other than the intended recipient.

Any employee who becomes aware of a security incident that may lead to the damage of personal data must immediately notify You4Peace management.

You4Peace management, together with the IT manager, analyzes the incident, then determines and implements the necessary measures to eliminate the consequences of the incident.

If there is a possibility that the violation presents a risk to the rights and freedoms of natural persons, You4Peace is obliged to notify the National Supervisory Authority for the Processing of Personal Data within no more than 72 hours from the moment it becomes aware of the violation.

If the breach of data security poses a high risk to the natural persons affected, then all such persons must also be informed (unless effective technical and organizational safeguards or other measures have been applied to ensure that the risk is no longer likely to materialize).

You4Peace keeps a record of personal data security incidents, including measures established and taken to remedy the consequences of such incidents.

Cookie Policy

Last updated: February 2023

Like most websites, the You4Peace website uses small text files called cookies. The text below provides information about what they are, what cookies the organization uses and how they can be controlled.

If you want to restrict or block cookies, you can do so from the settings of the Internet browser used, however, the experience on our website may not be the same. For more details about browser settings you can access the following link (information in English): www.aboutcookies.org.

5.1. What are cookies?

The cookie is a small file, consisting of letters and numbers that is downloaded and will be stored on the computer, mobile terminal or other equipment from which you access the Internet. The cookie is installed by the request issued by the user’s terminal to the server on which the You4Peace website is hosted.

On each subsequent visit these files are sent back to the site of origin or to another site that recognizes them, thus mainly making it possible to recognize the terminal and present the content in a relevant way, adapted to the user’s preferences offering improved functionality.

Definitions

First-party/third-party cookies

Refers to the web domain that places the cookie. First-party cookies are set by a site accessed by the user at the time (the site displayed in the URL address window). Third-party cookies are set by a domain other than that of the site accessed by the user. If a user accesses a site and another entity sets the cookie through that site, we are talking about a third-party cookie.

Persistent cookies

They remain on a user’s device for the period of time specified in the cookies and are activated each time the user accesses the site that created them.

Session cookies

They allow site operators to log a user’s actions during a browsing session. A session starts when the user opens the window and ends when the user closes it. Session cookies are created temporarily; once the browser is closed, they are deleted.

Pixel tags

A pixel tag is not actually a cookie, but a similar type of technology placed on a website or in the body of an email to track activity on websites or when emails are opened and accessed. It is often used in combination with cookies, and the information collected is anonymous

You can learn more about cookies at (information in English): www.aboutcookies.org

5.2. How does You4Peace use cookies?

You4Peace uses cookies for the following purposes:

to compile statistical data about the use and operation of the site, so that we can monitor and improve it;
to provide users with the ability to navigate the site and allow registered users to access secure parts of the site;
to allow us to share our web pages in social networks.

You can choose to block these cookies in your internet browser, but this may affect the proper functioning of the website.

5.3. What cookies does You4Peace use?

We use cookies to improve the experience of visitors to the site, but also to learn relevant data about the use of the site in order to be able to monitor and improve each visit.

We use “first party” cookies from Google Analytics (eg _ga, _ajs_anonymous_id, _gid, _gat, _asj_group_ide, ajs_user_ide. _gid, _gat) to track how you interact with the site. We use “third party” Cloudflare cookies (eg _cfduid) to increase the loading speed of the website, without storing the user’s identification data; these are session cookies and expire in 30 days.

5.4. How you can control cookies

If you want to block cookies, some functions of the site will be stopped, and this may generate certain malfunctions or errors in using our site. For example, blocking cookies may prevent you from accessing the “Gifts” section or creating an account for the “My Campaign” section.

If you agree with these limitations and want to block cookies, follow the instructions below:

Most browsers are set to accept cookies by default, but you can change your settings to block some or all cookies.
Choose your browser from the list below to display the instructions you need to go through after opening the browser. (Firefox, Internet Explorer, Chrome, Opera, Safari, Android, IOS/Apple)

The above links do not belong to Asociația D’Apetresii websites – You4Peace is not responsible for their content.

5.5. Managing preferences regarding the placement of cookies

In general, a browser allows cookies to be saved on the terminal by default. They are stored for the periods described in the table in section 8 below. These settings can be changed in such a way that the automatic administration of cookies is blocked by the web browser or the user is informed each time cookies are sent to his terminal.

Detailed information about the possibilities and ways of managing cookies can be found in the settings area of the web browser. Limiting the use of cookies may affect certain functionalities of the website.

5.6. Why are cookies important to the Internet?

Cookies are central to the efficient functioning of the Internet, helping to generate a user-friendly browsing experience tailored to each user’s preferences and interests. Rejecting or disabling cookies may make some sites or parts of sites impossible to use.

Disabling cookies does not mean that you will no longer receive, in compliance with the law, online advertising – but only that it will no longer be able to take into account your preferences and interests, highlighted by your browsing behavior.

Examples of important uses of cookies (which do not require the authentication of a user through an account):

Content and services tailored to user preferences – categories of products and services.
Offers tailored to users’ interests
Password retention
Retention of child protection filters regarding Internet content (family mode options, safe search functions)
Limiting the frequency of serving ads – limiting the number of times an ad is shown to a specific user on a site.
Providing relevant advertising to the user.
Measuring, optimizing and adapting analysis features – such as confirming a certain level of traffic on a website, what type of content is viewed and how a user arrives at a website (eg: via search engines, directly, from other websites etc.). Websites run these analyzes regarding their use in order to improve their services for the benefit of users.

5.8. Useful links and additional information

If you want to find out more information about cookies and what they are used for, we recommend the following links:

http://www.youronlinechoices.com/ro/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.