GDPR

Starting with May 25, 2018 has entered into force and is directly applicable in all Member States of the European Union Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, also known as the General Data Protection Regulation (GDPR).
Regulation (EU) 679/2016, in accordance with the provisions of art. 2 para. (1) shall apply to the processing of personal data, carried out in whole or in part by automated means, as well as to the processing by means other than automated of personal data which form part of a data record system or which are intended to be part of a data record system.
As a personal data controller, the Ministry of European Funds complies with the legal provisions on the protection of personal data and implements technical and organizational measures to protect all operations that directly or indirectly concern personal data and prevent unauthorized or unlawful processing and accidental destruction or illegal.

LEGISLATION – GDPR REFERENCES DOCUMENTS

  • Regulation (EU) no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation);
  • Law no. 190 of 18 July 2018 on measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation);
  • Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data by the competent authorities for the purpose of preventing, detecting, investigating or prosecuting criminal offenses or the execution of sentences and for the free movement of such data and repealing Council Framework Decision 2008/977 / JHA;
  • Law no. 102 of May 3, 2005 on the establishment, organization and functioning of the National Authority for the Supervision of Personal Data Processing, with subsequent amendments and completions;
  • Law no. 129 of June 15, 2018 for the amendment and completion of Law no. 102/2005 regarding the establishment, organization and functioning of the National Authority for the Supervision of Personal Data Processing, as well as for the abrogation of Law no. 677/2001 for the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  • ANSPDCP Regulation on the Organization and Functioning of November 11, 2005, as subsequently amended and supplemented;
  • Decision no. 99 of May 18, 2018 – ANSPDCP – regarding the cessation of the applicability of some normative acts of administrative character issued in application of Law no. 677/2001 for the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  • Decision no. 128 of 22 June 2018 – ANSPDCP – on the approval of the standard form of notification of personal data breach in accordance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of data these data and repealing Directive 95/46 / EC (General Data Protection Regulation);
  • Decision no. 133 of July 3, 2018 – ANSPDCP – regarding the approval of the Procedure for receiving and resolving complaints;
  • Decision no. 174 of October 18, 2018 – ANSPDCP – regarding the list of operations for which it is mandatory to perform the impact assessment on the protection of personal data;
  • Guidelines on Consent under Regulation (EU) 679/2016 (17 / RO / WP259);
  • Data Protection Officer (DPO) Guide – (16 / RO / WP 243 rev.01, revised and adopted on 5 April 2017);
  • Guidance on Data Protection Impact Assessment (DPIA) and determining whether a work is “likely to pose a high risk” within the meaning of Regulation 2016/679 (17 / RO WP 248 rev.01) revised and adopted on 4 October 2017;
  • Opinion no. 2/2017 on data processing at workplace (Article 29 – Working group on Data Protection 17 / RO GL 249), adopted on 8 June 2017.

Terminology – definitions, detailing of terms, according to GDPR

  • Personal data – means any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity;
  • Special categories of personal data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the unique identification of a natural person, health data or data on the sexual life or sexual orientation of an individual.
  • Data controller (Controller) – a natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data;
  • Data subject – any living person who is the subject of personal data held by the Ministry of European Funds.
  • Processing – any operation or set of operations involving personal data or personal data sets, whether or not they are performed by automated means, such as: collection, recording, organization, structuring, storage, adaptation, modification, retrieval , disclosure by transmission, dissemination or otherwise made available, aligned or combined, restricted, deleted or destroyed.
  • Consent – of the data subject means any manifestation of free, specific, informed and unambiguous will of the data subject by which he / she accepts, by an unequivocal statement or action, that the personal data concerning him / her be processed .
  • Third party – means a natural or legal person, public authority, agency or body other than the data subject, the controller, the controller and persons who, under the direct authority of the controller or the controller, are authorized to process personal.

The Ministry of European Funds is a data controller and / or data processor in accordance with the provisions of the General Data Protection Regulation (GDPR).

The activities of personal data processing are carried out for the purpose of implementing / monitoring the programs / projects, fulfilling their objectives, as well as for statistical purposes, in accordance with the European regulations governing the absorption of structural and investment funds.

Types of personal data that MFE processes

The Ministry of European Funds processes only the personal data necessary for the mentioned purposes and requests the data subjects to communicate the personal data strictly necessary for the fulfillment of these purposes.

The categories of personal data (classic or digital) subject to processing at the level of services / offices / compartments within the MFE are the following:

For public relations / petitioning / formulation of views at the request of individuals:

name, surname
signature
contact details – personal phone number, email address, home / residence address, etc.,
Exceptionally:

CI / BI series and number
CNP

For forms of action and representation in court:

name surname
signature
contact details – personal phone number, email address, home / residence address, etc.
CI / BI series and number
CNP
For organizing / running events:

name surname
function, profession
employer name
contact details – personal / business phone number, email address, postal address
To access the website of the Ministry of European Funds

IP address
the type of browser used
To resolve data security breach notifications:

name surname
function
contact details – personal / business phone number, email address, postal address
For resolving complaints / notifications:

name surname
signature
contact details – personal phone number, email address, home / residence address, etc.
CI / BI series and number
CNP

For concluding contracts for the supply of goods / services:

name surname
function
employer / supplier name
contact details – personal / business phone number, email address, postal address
The Ministry of European Funds reserves the right to request other data necessary for the performance of the duties of the services / offices / compartments within the MFE, strictly in accordance with the legal provisions.

Source of personal data

MFE through the services / offices / compartments collects personal data directly from data subjects or third parties (such as other institutions or entities that address MFE or other data subjects) or from public documents.

Categories of recipients of personal data

Personal data is intended for use by the MFE and is communicated to the following recipients, if any:

data subjects / legal representatives of the data subjects
staff
MFE proxies (natural or legal persons)
contractual partners
other central and local institutions / authorities
courts in order to bring actions and represent them in court
within the activity of organizing / carrying out events of MFE
within the investigation / control activity.
Internal, external and international auditors
Criminal investigation bodies
The disclosure of data to third parties is made in accordance with the legal provisions for the categories of recipients specified above.

Personal data are stored for the period necessary for the purposes mentioned above, in order to carry out all steps taken to support the activities of services / offices / compartments within the MFE, taking into account the provisions of national and European legislation, after which they will be archived according to applicable law.

FORMS
Request for the exercise of the right of access
Request for the exercise of the right of opposition
Request for the exercise of the right to data portability
Request for the exercise of the right to restrict processing
Request for the exercise of the right to delete data

RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA AT THE MFE LEVEL
Name and surname: Gheorghe Burlacu
Function: counselor
E-mail address: dpo@fonduri-ue.ro
Phone: +4 0372 838 668
Headquarters address:
Ministry of European Funds
The entrance to Menuetului street, no. 7, Sector 1, Bucharest
S.O.S. Bucharest-Ploiesti, no. 1 – 1B, Victoria Office

NATIONAL SUPERVISORY AUTHORITY FOR THE PROCESSING OF PERSONAL DATA