Responsible management of personal data is a high priority for INCAS. We would like users to know what data is collected and how it is used.
Using the INCAS website is generally possible without revealing your identity.
What is personal data? Personal data is information (e.g. name, address, postal address, phone number) that can be used to ascertain the identity of users. Information that is not associated with the identity is not included.
Collection and storage of data
INCAS uses a web tracking tool to obtain anonymous information about visitor behavior when they visit websites. From this data, user profiles can be created under a pseudonym. The cookies stored for this purpose are used exclusively to perform analyses on the usage behavior on the INCAS site and to periodically verify the information provided by users. No personal data is stored or transmitted to third parties. You can object to the collection and storage of data at any time, with effect for the future.
If you send us a message using the contact form or an email, your data will be used to correspond with you.
If we receive a message via the contact form or by email, we assume we are authorized to reply by email. Otherwise, you must expressly inform us of another type of communication.
The content of contact forms is transmitted via an encrypted https connection.
When using a contact form, the sender’s IP address is transmitted in addition to the content of the data fields. In principle, this also happens when sending a regular email. Before sending the contact form, you will be asked to agree to the transmission and storage of the IP address. The IP address is used exclusively in the context of law enforcement and national security measures, in accordance with legal requirements.
If you register for an INCAS email list or database, we will ask for your name and other personal information. By entering your data, you agree to its intended use. We store your information on specially protected servers in Romania. Access to them is only possible for a few specially authorized individuals involved in the technical, commercial, or editorial support of the server.
We store your data only as long as it is necessary for its intended use. For example, your data will be deleted when you unsubscribe from a newsletter.
An IP address is a number assigned to your computer every time you access the internet. It allows computers and servers to recognize and communicate with each other. IP addresses from which visitors appear to come can be recorded for IT security and system diagnosis. This information can also be used in aggregate form for trend and website performance analysis.
“Web beacon” technologies
A web beacon is a small image file within a webpage that can be used to collect certain information from your computer, e.g., IP address, the time the content was viewed, the type of browser, and the existence of previously installed cookies from the same server. INCAS uses web beacons exclusively in accordance with applicable laws. INCAS or its service providers may use web beacons to track the effectiveness of third-party websites that provide us with recruitment or marketing services or to produce consolidated visitor statistics and manage cookies. You have the option to make some web beacons unusable by declining the associated cookies. The web beacon may still record an anonymous visit from your IP address, but the cookie information will not be recorded. In some of our communications, we might confirm the email address of a recipient through embedded links in messages. We collect this information to measure user interest and facilitate future user information.
The GDPR regulation grants the user a series of rights, which we briefly present below:
- The right to information and access to personal data, under which one can obtain a confirmation from us that we process or do not process personal data, having access to the respective data and information regarding the methods and purposes of their processing;
- The right to data rectification, which can be exercised to obtain, without undue delay, the rectification of inaccurate data or the completion of incomplete personal data;
- The right to data deletion (the right to “be forgotten”), under which one can obtain the deletion of personal data, without undue delay, for one of the following reasons: i. the data is no longer necessary to achieve the purpose for which they were collected or processed; ii. the user withdraws consent and there is no other legal basis for processing; iii. the user opposes the processing and there are no legitimate reasons that prevail in terms of processing; iv. personal data has been processed illegally; v. personal data must be deleted to comply with a legal obligation; vi. personal data was collected in connection with the provision of information society services.
- The right to restrict processing can be exercised in the following situations: i. when the accuracy of the data is disputed, for a period that allows us to verify the correctness of the data; ii. processing is illegal, and the user opposes the deletion of data, instead requesting the restriction of their processing; iii. we no longer need personal data for processing purposes, but the user requests them for the establishment, exercise, or defense of a right in court; iv. when the user opposes processing for reasons related to his particular situation, for the time in which it is checked whether in this case the legitimate rights of the operator prevail.
- The right to object, under which the user can oppose the processing of personal data, including profiling, for reasons related to his particular situation, in cases where processing is necessary to fulfill a task that serves a public interest or when it takes place for the legitimate interests pursued by us or a third party. In these cases, processing will only take place if justified by compelling and legitimate reasons that override the interests, rights, and freedoms of the user, or when the purpose of processing is the establishment, exercise, or defense of a right in court.
- The right to data portability, which allows the user to receive personal data concerning him and which he has provided in a structured, commonly used, and machine-readable format, and to transmit this data to another operator, provided that the processing is based on consent or a contract and is carried out by automated means.
Terms and definitions
Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, an online identifier, or one or more specific elements of his physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing: any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Consent: any freely given, specific, informed, and unambiguous indication of the user’s wishes by which he, by a statement or by clear affirmative action, agrees to the processing of personal data relating to him.
User: a natural person, with full exercise capacity, aged at least 18 years, who expresses his consent for the use of data by INCAS.
Supervisory Authority: an independent public authority established by a member state under Regulation (EU) 2016/679.
In the course of the further (technological) development of our website, changes to this data protection statement may become necessary. Therefore, we recommend that you read this data protection statement from time to time.