The PONT Group has been registered in the Personal Data Processing Register of the National Authority for the Supervision of the Processing of Personal Data (hereinafter referred to as ANSPDCP) under number 14257 as of 10/08/2021.

Privacy policy for the activities of the PONT Group Association

Legal basis for processing: EU Regulation 679/206, Art. 6(a); Art. 9(a); Art. 9(b). (2) (a).

 

I. WHO ARE WE AND WHAT IS THE PURPOSE OF THIS POLICY?

PONT Group / PONT Group / PONT Csoport Association is the trade name of the association with its registered office at 5 Horea Street, ap. 7-8, Cluj-Napoca, jud. Cluj, Romania, with fiscal code 25545941.

This policy aims to inform you about the personal data processing activities carried out by the Pont Group Association and applies to all processing carried out by us, including interaction with the websites pontgroup.org, kastelyerdelyben.ro, kreativkolozsvar.ro, comoncluj.ro, comonsepsi.ro, critbiz.ro, citizeny.eu.

The Pont Group Association is constantly striving to ensure a full experience when using our services and to provide services to our beneficiaries according to their needs. Therefore, we strive to provide our Beneficiaries with quality products and services, as well as post-sale information and guidance, i.e.: newsletters, invitations to events, promotions, and special offers, both on our products and activities and those of our partners (collectively referred to as “Newsletters”).

 

II. WHAT KIND OF PERSONAL DATA DO WE PROCESS?

We collect and process only the personal information about you that is necessary for us to provide you with a quality user/purchasing experience with respect to our products, services, resources and websites. The personal information we process may include, by way of example

1. Identifying information: first name, last name, date and place of birth, gender, nationality, user name;
2. contact information: home and/or work address, telephone number, email address;
3. Data for the valid conclusion of contracts and for the issuing of tax invoices: ID card data, series, number, CNP, date of issue;
4. data provided by you when creating a user account on our website, registering, updating your details or unsubscribing from the newsletter, as well as when registering for and participating in events organized or supported by us;
5. data received or collected during visits to events organized by us and/or our partners: biometric data consisting of the person’s image and voice captured by photographs and/or audio-video recordings (automated and/or controlled by human operators, specialized software and devices);
6. bank account and other financial information for the management of the contractual relationship;
7. technical data, including IP address: information about your access to our website, applications developed by us or access to newsletters, materials and communications we send to you in your user account, by phone or by e-mail;
8. any other information you may provide to us.

If you wish to join our team and thus become employed by us, we will process the data necessary for the recruitment process, i.e. identification data (full name, gender, date of birth), contact data (telephone number, postal address and e-mail address) and any other data that you provide to us through the application forms and CVs or that you provide to us by submitting or sending to our office in physical form and/or electronically by e-mail.

 

III. HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect in physical and electronic form only the personal data that you voluntarily provide to us and information available from public sources, such as

1. by registering for activities organised by or in partnership with the PONT Group;
2. when you purchase products and services from us or in discussions prior to their purchase;
3. via our website when registering for your user account;
4. when you register to receive the newsletter;
5. when you contact us by email expressing an interest in our goods and services or expressing an interest in being contacted, employed or working with us;
6. if we meet at an event and, for example, exchange business cards;
7. when you access other information available on the registration base.

We remind you that you are completely free to provide us with any of this personal information. However, in the absence of data specific to the type of activity in which you are engaged, it will not be possible to carry out the relationship.

 

IV. WHAT IS THE PURPOSE FOR WHICH WE PROCESS YOUR PERSONAL DATA AND WHAT ARE THE LEGAL GROUNDS FOR SUCH PROCESSING?

For any processing of your personal data, we will inform you in advance of the purpose of the processing, as follows

1. Organisation of events for promotional, training or professional purposes: personal data will be processed in order to establish the identity of the person, to establish the legal framework and to verify the eligibility of the person to participate in a specific activity, to establish a simple and effective means of communication (in the case of telephone number, e-mail). Biometric data may be processed for archiving purposes and for the exercise of rights and legitimate interests arising from the use of images and/or audio-video recordings for the purposes of the activities in which the PONT Group Association is involved.

2. Communications and newsletters: If you are already our customer/beneficiary or if you have contacted us for professional purposes, we will process your personal data on the basis of legitimate interest in order to send you specific communications, newsletters of interest to you and invitations to our events and those of our partners. If you wish to subscribe to our newsletter (via our website or any other form of direct request), we will ask for your consent to process your personal data in order to provide you with the services you have requested.

3. Purchase of goods and services: we process all the personal data that you provide us with, as well as any other data necessary for the sale of products and the provision of services contracted, in accordance with the terms and conditions of the website and the provisions of the laws in force regarding the processing of personal data and the purchase of goods and services, as well as for other activities and operations deriving from the conclusion and execution of the contract.
4. Recruitment: When we have open positions and a person expresses interest in joining our team, we collect the information necessary for the recruitment process to assess whether you are suitable for the position. The processing of personal data in the recruitment process is carried out by law, i.e. for the purpose of concluding a contract, and this processing constitutes the pre-contractual phase.

When we advertise vacancies, you can apply for a place on our team by submitting your application: by email, in hard copy to our office or via the dedicated section of our website at that time.

When you apply, we will need and request the following personal information: name, contact details (email address and telephone number) and CV. This personal information is required and will be used in the employment process for the purposes of

1. conducting and administering the recruitment process;
2. To assess whether you have the right professional profile to join our team;
3. to contact you in relation to your application
4. to contact you in the future about other opportunities or positions that may become available that may be of interest to you.

In the case of a contract, we will ask you for the following personal data: name and full identification details (copy of identity card) and, depending on the type of contract, a medical certificate from a specialist in occupational medicine and contact details.

Any processing of personal data for the above purposes will be based on one of the following grounds

1. Performance of a contract for the purchase of goods and/or services, in which case the following personal data will be processed: identification data and contact data.
2. the fulfilment of obligations imposed by legal provisions binding on us, provided that the conditions for their applicability are fulfilled – contact data and the series, number and identity card number will be processed on this basis;
3. Consent, in relation to the sending of newsletters, contacting you about other opportunities or jobs or invitations to our events – to the processing of your identification and contact data.

 

V. WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA?

Right of access – You may request information about

1. a) the identity of the controller and of the representative, if any
2. b) the purposes for which the data will be processed;
3. c) additional information, such as: the recipients or categories of recipients of the data; whether or not it is obligatory to provide all the data requested and the consequences of refusing to provide them; the existence of the rights provided for by this Law for you as the data subject, in particular the right of access, the right to intervene and the right to object, as well as the conditions under which they may be exercised;
4. d) any other information the provision of which is required by order of the supervisory authority, taking into account the specific nature of the processing.

Right of access to data – You have the right to obtain confirmation from us as to whether or not we are processing your personal data. The PONT Group is obliged to provide at least the following information

1. a) Information on the purposes of the processing, the categories of data concerned and the recipients or categories of recipients to whom the data is communicated;
2. b) communication, in an intelligible form, of the data being processed and of any information available on the origin of the data;
3. c) information on the logic applied in the event of automated processing of personal data;
4. d) information on the existence of the right to intervene in the data and the right to object, and the conditions under which they may be exercised.

Right to intervene on data (rectification, erasure) – You have the right to obtain from us, where appropriate, the rectification, updating, blocking or erasure of data, in particular incomplete or inaccurate data.

Right to object (withdrawal of consent, restriction of processing) – you have the right to object to the processing of data relating to you at any time, unless otherwise provided by law.

Right not to be subjected to individual decisions (automated decisions, profiling) – you may request and obtain human intervention with respect to such processing or express your own point of view on such processing.

The right to data portability – you may obtain the personal data provided in a machine-readable format or request that the data be transferred to another controller in accordance with the relevant legislation;

The right to take legal action – if you feel that we have not dealt with all your requests or if you are not satisfied with the answers we have given you, you may lodge a complaint against us with the National Supervisory Authority for the Processing of Personal Data or you may take your case to the competent courts.

If you have any concerns or questions about your rights and the processing of your personal data, or if you wish to make a request to us or exercise any of your rights in relation to the processing of your personal data, please do not hesitate to contact us using the contact methods at the end of this notice.

 

VI. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Personal data will be kept for the time necessary to organise and carry out the activities to be carried out by the PONT Group Association and for a maximum of 5 years from the date of completion of the activities. With the exception of the beneficiaries of transport, accommodation and meals, these personal data will be kept for 10 years, in accordance with the Regulation of the Ministry of Public Finance (MFP) No. 2634/2015 on the archiving and keeping of accounting records and other financial accounting documents, as subsequently amended and supplemented.

Biometric data will be kept for the time necessary to organise and carry out research activities and for a maximum of 5 years from the date of completion of the events during which the data was collected.

If you have opted to receive communications by newsletter, we will keep your data for 2 years after your last interaction with the communications sent to you in order to provide this service. After this period of 2 years, we will ask for your consent again so that you can decide whether you wish to continue to receive the newsletter from us.

If you decide at any time that you no longer wish to receive the newsletter and withdraw your consent, we will no longer process your personal data for this purpose.

As a rule, we will delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent where the processing of your data is based on consent. Exceptions to this rule are cases where the processing of personal data is required by law or where we are entitled to continue such processing. We may also retain your personal data for a longer period than set out above, but only in situations where immediate deletion would require overwriting our back-up and disaster recovery systems.

 

VII. WHAT HAPPENS TO PERSONAL DATA IN RELATION TO OTHER PERSONS?

As a general rule, we do not disclose or transfer your personal information to third parties. Exceptionally, in situations where disclosure and transfer are necessary or where we are required by law, we will inform you as soon as possible, unless applicable law prohibits or prevents such disclosure.

Communication of the processed data to other private entities (collaborators, suppliers, co-organisers, etc.) involved in the research activities we carry out, as well as to public entities (ISU, DSV, police, courts, public prosecutor’s office, city hall, local council, county council, ministries, etc.) involved in the organisation of the events we carry out, or to public entities with control and supervision powers over the activities carried out and which may require access under the law. With regard to specific personal data, the PONT Group will endeavour to analyse objectively, on a case-by-case basis, whether and to what extent it is really necessary to disclose such data. To the extent that it appears that such disclosure is not necessary or that it would cause any disadvantage or inconvenience to the person who has provided it, the PONT Group may refuse to disclose it, unless we are required by law to make such personal data available.

If we disclose or transfer your personal data to third parties, we will do so in accordance with the law and with measures taken to protect and secure it.

We may use data processors (e.g. IT service providers and suppliers, database or contact management, accounting, event organisers, etc.) to process personal data. We have entered into personal data processing agreements with all of these processors to ensure that they also fulfil their legal obligations to process personal data, provide an adequate level of protection and security of personal data and comply with applicable laws.

 

VIII. HOW IS PERSONAL DATA PROCESSED?

The manner in which the data is processed is manual and/or automated, depending on the specific nature of the processing of each type of personal data highlighted above.

 

IX. UPDATING OF THIS INFORMATION

We recommend that you visit this section regularly, as we will publish a new updated version on this web page to replace this information whenever we make changes to it.

In order to exercise the rights granted to data subjects, they may send a written request, dated and signed, to the following contact details

Data Processor: Larisa Dumitroaea

E-mail: office@pontgroup.org / larisa.dumitroaea@pontgroup.org

Telephone: 0730 614 606

Correspondence address: str. Horea nr. 5, ap. 7-8, Cluj-Napoca, jud. Cluj

 

The PONT Group Association undertakes to provide the requested information within a maximum of 15 days from the date of receipt of the request.