+40 21 323 6868
+40 21 323 6868

Privacy Policy

1. Introduction

1.1. The website www.raa.ro belongs to the Romanian Angel Appeal Foundation – Apelul Îngerului Român (RAA), hereinafter referred to as the Controller or RAA.

1.2 The Romanian Angel Appeal Foundation – Apelul Îngerului Român is a Romanian non-profit legal entity, established by Decision no. 531/28.08.1991 of the Bucharest District 1 Court, with registered office in Bucharest, 52 Rodiei Street, District 3, fiscal code 7274690.

1.3 The Romanian Angel Appeal Foundation – Apelul Îngerului Român complies with the legal provisions in force regarding the protection of personal data and pays particular attention to the confidentiality of the information of visitors to the website www.raa.ro.

1.4 The personal data collected during your visit to the website www.raa.ro are processed in accordance with the legal provisions in force governing the protection of personal data and only to the extent that the processing of such data is necessary.

1.5 This Personal Data Processing Policy presents the way in which RAA collects and processes personal data through the website www.raa.ro. Access to the website www.raa.ro, as well as its use, represents and constitutes acceptance of this Personal Data Processing Policy as well as of the Terms and Conditions.

1.6 Data processing is carried out responsibly, with your consent, and RAA ensures that your personal data are processed in accordance with the applicable personal data protection legislation.

1.7 By accessing the website www.raa.ro and/or by providing your personal information on the website www.raa.ro, you agree to the provisions of this Personal Data Processing Policy, as well as to the practices and/or methods of collection, storage, and management of personal data and information described in this Personal Data Processing Policy.

2. Principles of processing

2.1 The processing of personal data aims to comply with the following principles:

  • it takes place with respect for your rights;
  • data are collected for specified, explicit, and legitimate purposes;
  • data are limited to what is necessary in relation to the purposes for which they are processed and are not subsequently processed in a manner incompatible with those purposes;
  • data are processed lawfully, fairly, and transparently;
  • data are accurate;
  • data are not kept longer than necessary;
  • adequate security is ensured by taking appropriate technical or organisational measures (ensuring protection against unauthorised/unlawful processing, against accidental loss/destruction/damage);
  • your data are not transferred outside the European Economic Area, except where the territory/country to which they are to be transferred ensures an adequate level of personal data protection;
  • where RAA processes personal data of minors, it will obtain the consent of the parents/parent or legal representative of the minor. If minors send personal data through this website, they declare that they are 16 years old at the time they provide RAA with personal data.

3. General considerations regarding the personal data processed by the Romanian Angel Appeal Foundation – Apelul Îngerului Român

In general, the personal data that we may process, depending on the situation, are data obtained directly from you, which you provide to us voluntarily.

In general, by way of example, we refer to the following categories of data:

3.1 Ordinary personal data such as: surname, first name, sex, date of birth/age, citizenship, domicile/residence address, mobile/landline telephone number, fax number, e-mail address, personal identification number, other information from identity documents.

3.2 Data relating to the means of contact used in the relationship with RAA: data transmitted by e-mail or letters, telephone, text messages, or other means of contact.

3.3 Your personal data that are public or that you provide to RAA or to professionals working for RAA.

3.4 Data relating to beneficiaries of projects implemented by RAA directly or as a partner (in general information that you provide to RAA regarding your social situation).

3.5 Personal data included in video recordings, photographs, voice recordings, including those of beneficiaries included in projects implemented/carried out by RAA.

3.6 Data provided by you when making a donation and/or sponsorship, as well as data relating to the payment process and instruments in connection with donations/sponsorships made to RAA (e.g. account/card/IBAN number, surname and first name of the account/card holder, card issue/expiry date).

3.7 Data relating to or contained in comments and/or communications and/or opinions that you express on the RAA website, on RAA social media channels, or that you send to us by any other means.

3.8 Sensitive personal data such as medical data, data regarding racial or ethnic origin, religious beliefs, political affiliation, social situation.

3.9 Personal data contained in your CV, cover letters, employment and/or collaboration applications, study documents, seniority certificates, or other associated documents, which you send to us במסגרת the selection and employment and/or volunteering and/or internship and/or collaboration process with RAA.

3.10 Personal data provided by you when subscribing to RAA newsletters or when contacting us to request information about RAA’s activity or when sending us comments and/or questions and/or requests through social networks such as Instagram, Facebook, X, YouTube, TikTok, etc.

3.11 Data provided by you (for yourself or for other persons) within the procedures and steps for registration/inclusion in a project implemented by RAA.

3.12 Data provided for the purpose of concluding and executing/implementing a contract or another legal arrangement.

3.13 Personal data provided when you visit or browse the RAA website.

4. Purposes of processing

4.1 In principle, the purposes for which we process personal data relating to you are:

  • for carrying out RAA’s activity;
  • for fulfilling RAA’s legal obligations;
  • for implementing the programmes and projects carried out by RAA;
  • for reporting to funders and/or state bodies;
  • for carrying out correspondence and communication with you;
  • for making records, audits, and financial-accounting reports, archiving;
  • managing received donations and sponsorships;
  • conducting contractual relations, invoicing;
  • managing communication and IT systems;
  • improving RAA projects and services;
  • research in RAA’s fields of activity;
  • other purposes expressly and explicitly communicated by RAA.

5. Legal basis for processing

5.1 RAA processes your personal data on the following legal grounds:

  • Based on the consent of the data subject. Where no other legal basis for processing applies, RAA will always obtain the consent of the data subject for the processing of their personal data for one or more purposes.
  • Based on a legitimate interest, where processing is necessary for pursuing and exercising RAA’s legitimate interest in the context of pursuing its statutory objectives.
  • For carrying out RAA’s legitimate activities such as projects and activities provided for in RAA’s statutes, in compliance with the legal provisions and obligations imposed in this regard, as well as with appropriate safeguards.
  • Pursuant to a legal obligation, where processing is necessary for compliance with a legal obligation incumbent on RAA. This also includes processing as a result of fulfilling financial-accounting obligations, labour law obligations, document archiving obligations, or obligations to communicate data or information to a public authority, etc.
  • For the conclusion and/or performance of a contract. This also includes stages prior to the conclusion of a contract (such as communications, negotiations, public procurement procedures, selection procedures, etc.) as well as subsequent stages (handover-receipt, acceptance, warranty and post-warranty aspects, reference letters, etc.). In this case the processing is necessary for the conclusion and performance of the contract by RAA.
  • For the establishment, exercise, or defence of a right of RAA before a court, arbitration body, or authority, in which case we may process your data for the establishment, exercise, or defence of a right of RAA before the above-mentioned bodies. Where disagreements arise that cannot be resolved amicably, we may process your data for the establishment, exercise, or defence of a right of RAA before a court/arbitration or mediation body, authority, etc.
  • For the protection of a general public interest/in the field of public health, where it may be necessary to process your sensitive data for reasons of general public interest or in order to fulfil obligations relating to public health.
  • In emergency situations where we may process your data for the purpose of protecting your physical integrity or that of third parties, as well as the vital interests of you/third parties/RAA.

6. Transfer of data

6.1 As a matter of principle, we do not disclose your data to other companies, organisations, or persons in Romania or abroad. However, in certain situations, due to the specific nature of RAA’s activity and/or reporting obligations and/or the technical-functional particularities of the IT platforms and solutions used, we may disclose your data to other natural or legal persons.

6.2 In the interest of transparency and informing you, we will try to define as clearly as possible the possible categories of recipients, which may be as follows:

  • Domestic and international funders / international organisations / partner organisations as part of the obligations of collaboration/reporting towards them. Even in these cases, if and to the extent possible, an attempt will be made to limit the communicated data to what is strictly necessary, as well as to adopt measures such as anonymisation. RAA collaborates with trusted funders, partners, and international organisations that have implemented personal data protection measures and systems.
  • Competent authorities, public institutions, audit and accounting firms, lawyers and mediators, human resources firms, contractual partners, service providers, experts, researchers, collaborators, etc. In the case of any data transfers to such entities, RAA ensures that there is a sound justification, that only strictly necessary data will be transferred for achieving the purpose of the transfer, and RAA will try to establish that the receiving entity ensures a high standard of personal data protection.
  • Implementation partners of RAA projects, third-party service providers/suppliers under partnership agreements or commercial contracts. In such partnerships/contracts, RAA includes a series of specific clauses through which the above-mentioned third parties provide guarantees for the implementation of appropriate GDPR measures, so that the processing complies with GDPR requirements and ensures the protection of the rights of the data subject.
  • Recipients for whom you request/give us your consent in this regard or persons who can demonstrate that they have the legal authority to act on your behalf.
  • Bailiffs, criminal investigation bodies, public bodies, institutions and agencies, courts/arbitral tribunals to the extent necessary for the establishment, exercise, or defence of a right of RAA.

6.3 Where transfers outside the European Union take place, RAA undertakes to include contractual clauses so that your data are protected as well as possible.

7. Data retention

7.1 RAA will make efforts to ensure that your data are kept securely. In this regard, RAA has approved its own GDPR procedure, annexed to its Internal Rules, and will strive to adopt reasonable organisational, technical, and administrative measures to protect your personal data.

7.2 Your personal data will be kept only for as long as they are necessary for RAA or for as long as required by the relevant legislation in force. If there is no legal requirement, the data will be stored only for as long as necessary for their processing for the purposes mentioned in this document.

7.3 Personal data processed on the basis of your consent will be processed by RAA for the duration of the consent, unless their retention is required even after the withdrawal of consent, based on another legal ground provided by the data protection legislation or by other relevant legal and/or procedural provisions.

7.4 Data related to payments and invoicing and/or employment relationships will be stored for the periods indicated by the financial-accounting and labour law legislation in force.

7.5 If possible, depending on the case and on the technical and human possibilities, we will try to anonymise your data so that the anonymised form does not allow the identification of data subjects.

8. Collection and processing of data when accessing the website

8.1 Each time the website www.raa.ro is visited, we will automatically collect certain data during browsing, which we store in a file called the “server log”. These are the following data: date and time of access, page address, IP address, browser type and version (“user agent”), operating system used, source URL (previously visited) and URLs for the page accessed immediately after www.raa.ro, quantity of transmitted data, and the status message indicating whether the request was successful. These data are used by the Controller exclusively for technical or statistical purposes of maintenance or platform optimisation. The storage of the IP address is only temporary, during access; personal information collected with regard to the expiry of access or other uses is deleted immediately or after termination thereof. Further use of the data and, in particular, the IP address, as part of statistical analysis is carried out anonymously, the IP address being shortened. Where suspicion of illegal use or technical risks to platform security arises, the Controller reserves the right to evaluate the existing data for defence purposes.

8.2 Contacting us

If you contact us through the contact form on the website or by e-mail, you implicitly agree that data and information are stored for the purpose of processing your request and for follow-up.

8.3 Newsletter

If you have subscribed on the website www.raa.ro, you will automatically receive a periodic newsletter by e-mail with information about events and activities. You can stop receiving these messages at any time by clicking the link at the end of the newsletter e-mail to unsubscribe. You can also request to receive the newsletter again in the future by filling in the form available on the website.

The newsletter is sent through the service substack.com. Your name and e-mail address are securely stored in the substack.com application, so that other substack.com clients or third parties do not have access to them, and they are used only by the Controller for sending newsletters.

8.4 Integration of services and content from third parties

The website www.raa.ro may incorporate content from third parties and other websites, such as YouTube videos, Google Maps maps, RSS feeds, or graphics, etc. This always implies that the content providers process your IP address so that you can view that content. The Controller assumes no responsibility for the processing of your data by content providers. We recommend that you inform yourself about their privacy and personal data processing policies.

8.5 Forms

If you wish to participate in events or register in a campaign or other type of activity organised through the Romanian Angel Appeal Foundation – Apelul Îngerului Român, when you register your initiative on the website, you complete a form in which you may be asked for your name, e-mail address, telephone number, and other personal information. By completing and submitting the registration form, you agree that RAA may use these data. These data will be used strictly in accordance with the purpose for which they were transmitted and will be deleted or anonymised (for statistical processing) within a maximum of 90 days or otherwise, depending on the specific or legal provisions.

8.6 Cookies

Raa.ro may use cookies, stored temporarily in your computer’s memory (“session cookie”) or permanently on the hard disk (“persistent cookie”). Cookies are files transferred from the website to the computer while you access the website. They are used for usability purposes (for example: remembering login information, ensuring better functioning of the website, correct display of content). Secondly, they allow us to provide more effective design experiences.

If you agree to the inclusion of cookies in your browser through the banner on the first homepage of the website, please note that your consent may be withdrawn at any time. Current browsers (web browsers) offer the possibility to set/disable cookies. To do this, the Options or Preferences section is generally accessed.

By changing the settings in your internet browser, you can at any time prevent storage or delete already stored cookies. However, it should be noted that use and, in particular, ease of use will be considerably more difficult without cookies.

You can find more information about cookies on the website www.allaboutcookies.org or http://ro.wikipedia.org/wiki/Cookie.

8.7 Traffic tracking

This website uses Google Analytics, a web analysis service provided by Google Inc. (Google). Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

If IP anonymisation is activated on this website, the IP address will be truncated in Member States of the European Union or other parties in accordance with the Agreement on the European Economic Area.

Only in exceptional cases is the full IP address first transmitted to a Google server in the USA and then shortened there.

On behalf of the Controller of this website, Google will use this information to evaluate your use of the website, to compile reports regarding website activity, and to provide other services.

You may prevent the use of cookies by changing your browser settings. However, we would like to emphasise that in this case you may no longer be able to use all features of this website.

You can also change the level of detail of the data generated by the cookie relating to website use (including the IP address) for Google and the level of permissions for the processing of these data by Google, or you can prevent these procedures by using the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can prevent Google Analytics from tracking by clicking the link below. This will set an opt-out cookie that prevents future collection of information from this website: Disable Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de).

We emphasise that the Google Analytics code “anonymize IP” has been extended to this website in order to ensure anonymous collection of IP addresses (see: https://support.google.com/analytics/answer/2763052?hl=ro).

We also use Google Analytics to evaluate data from the AdWords programme and the double-cookie for statistical purposes. If you do not want this, you can disable it from the preferences manager: http://www.google.com/settings/ads/onweb/?hl=de.

8.8 Heatmaps

This website uses a cookie-based web analysis service. With its help, a graphical representation of data is obtained using a colour-coding system to represent different values. These reports are used in various forms of analysis, but are most frequently used to show user behaviour on certain web pages.

8.9 Social media plugins

Facebook
Facebook social network plugins (1601 South California Avenue, Palo Alto, CA 94304, United States of America) may be integrated on www.raa.ro. The plugins are marked with the Facebook logo or the phrase “Facebook Social Plugin”. An overview of Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit a page on www.raa.ro that contains such a plugin, a direct connection between your browser and the Facebook server is initiated through this plugin. Facebook thus gains access to the information that you have visited our website (with your IP address). If you click on the Facebook plugin while you are logged in to your Facebook account, you can view the content of the website on Facebook.com, as a fan of our page on the network.

In this context, the Facebook social network is allowed to assign the visit to www.raa.ro to the personal account. We emphasise that we, as Controller, have no knowledge of the content of the data transmitted and used through Facebook. For more information, you can consult Facebook’s privacy policy here. If you do not want Facebook to be able to assign the visit to www.raa.ro to your Facebook user account, please log out of your Facebook account.

A similar system also applies in the case of plugins of the Instagram, LinkedIn, TikTok, etc. networks on the website www.raa.ro. However, there may be notable differences depending on the network/platform and the policy applied by them at a given time. For more information, please periodically consult the privacy policy of these networks/platforms. RAA is not responsible for compliance with data protection regulations by these platforms/networks.

8.10 URLs

The page www.raa.ro and our newsletter contain links to other web pages. RAA is not responsible for the content of these pages and for the compliance with data protection regulations by third parties on their pages.

8.11 Other rights of the Controller

We reserve the right to use, retain, or disclose personal information in exceptional situations where there is suspicion of violations of the law (to support investigations), to protect the integrity of the website, or to respond to your questions.

9. Your rights and how to exercise them

In summary, your GDPR rights are:

  • The right to be informed, which means informing you about the purpose of using the data and the rights you have.
  • The right to withdraw consent. In situations where we process your data on the basis of your consent, you have the right to withdraw your consent. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.
  • The right to rectification of data, if they are not correct. You have the right to rectify data held in relation to you by RAA, if these are not correct. If the data we hold about you need to be updated or if you believe that they may be incorrect, you may contact the Foundation at: office@raa.ro.
  • The right of access to data, which means that you have the right to request information related to the personal data we hold about you, as well as the right to request a copy of them (for issuing the copy we may charge you a fee based on the actual costs incurred by RAA in providing it).
  • The right to erasure of data (also known as the “right to be forgotten”), which consists in the deletion of your data that we process or control.

In this regard, RAA will comply with your data deletion request if:

  • RAA holds/processes your data;
  • the data are no longer necessary for the purposes for which they were collected;
  • you object to the processing for reasons related to your particular situation;
  • your data have been processed unlawfully;
  • the data must be erased in order to comply with a legal obligation of RAA.

However, the requested data may still be retained in the following situations:

  • in order to comply with a legal obligation that RAA has;
  • for exercising the right to freedom of expression and information;
  • for archiving purposes in the public interest, scientific or research purposes, studies, or statistical purposes;
  • for the establishment, exercise, or defence of a right in court.
  • The right to restriction of data processing, under which you may request restriction of the processing of your personal data if:
    • you contest the accuracy of your personal data, for the period we need to verify the accuracy;
    • the processing is unlawful, but you oppose the deletion of the personal data, requesting instead restriction of their use;
    • we no longer need your personal data, but you require them for the establishment, exercise, or defence of a right in court;
    • you object to the processing, for the period during which we verify whether our legitimate interests override your interests.
  • The right to data portability, under which you have the right to receive your personal data that you have provided to us, and if technically feasible, to request that we transmit your personal data (which you have provided to us) to another organisation/legal entity. The right for your personal data to be transmitted by us to another organisation is a right you have if this transmission is technically feasible/possible (for the transmission we may charge you a fee based on the actual costs incurred by RAA for this operation).
  • The right to object to the use of data. In certain circumstances, according to the provisions of the GDPR and national legislation, you have the right to object to the processing by RAA of your personal data.
  • The right not to be subject to an automated decision. You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. This right shall not apply in the following exceptional situations, where the automated decision:
    • is necessary for entering into or performing a contract between the data subject and RAA;
    • is authorised by European Union law or domestic law applicable to RAA and which also lays down suitable measures to safeguard the rights, freedoms, and legitimate interests of the data subject;
    • is based on your explicit consent.

If you no longer wish to receive marketing messages from RAA regarding our services and products and/or those of our partners, you may contact the Foundation at: office@raa.ro. If you choose to opt out of marketing messages, this does not mean that you will no longer receive service-related messages. You will continue to receive these (unless we/you have indicated otherwise).

If you have objections regarding other processing carried out on the basis of our legitimate interests, you may contact the Foundation at: office@raa.ro and/or dataprotection@raa.ro.

  • The right to submit a complaint/request to RAA. If you wish to contact us in relation to any of your rights arising from the GDPR and/or national legislation or to make a complaint regarding the way we use your personal data, you may contact the Foundation at: dataprotection@raa.ro.
  • The right to lodge a complaint with the supervisory authority. As mentioned above, if you have a concern regarding the way we process your data, you may contact us directly so that we can resolve your request. However, if you continue to have concerns, you may contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro) at the following contact details: B-dul G-ral. Gheorghe Magheru, Bucharest, Romania; Telephone: +40.318.059.211 / +40.318.059.212, Fax: +40.318.059.602; E-mail: anspdcp@dataprotection.ro.
  • The right to bring the matter before the courts. If you consider that the rights you benefit from have been infringed, you also have the right to address the courts.

9.2 It is not recommended that persons under 18 provide personal data without the consent of parents or legal guardians/representatives. If minors send personal data through this website, they declare that they are 16 years old at the time they provide RAA with personal data.

9.3 In order to exercise the above rights or to ask any question about any of these rights or any other aspects of the processing of your data by RAA, you may send a written, signed, and dated request to the e-mail addresses: office@raa.ro and/or dataprotection@raa.ro.

9.4 In certain situations:

  • it may not be possible for us to grant you access to all or part of your personal data due to legal restrictions. If we refuse your access request, we will communicate the reason for this refusal.
  • it may not be possible for us to identify your personal data due to the identification elements you provide in the request. In such cases, if we cannot identify you as the data subject, we cannot comply with your request in accordance with this section, unless you provide us with additional information that allows us to identify you.

10. Validity and amendments

10.1 This Personal Data Processing Policy is valid starting from August 2024.

10.2 We reserve the right to modify, whenever we consider appropriate, our data protection practices and policies and to update and amend at any time this Personal Data Processing Policy and/or the Terms and Conditions for accessing the website www.raa.ro. For this reason, we encourage you to periodically check this Personal Data Processing Policy, as well as the Terms and Conditions for accessing the website www.raa.ro. The most current version of these is permanently available in the respective sections of the website.