Policy on the processing of personal data through the Revista Tuș Platform - revistatus.ro
With this Information Notice on the processing of personal data we inform you about how your personal data are processed when you visit and/or use the revistatus.ro Platform, owned by SC Reea SRL.
REEA SRL is a trading company organized and operating in accordance with the laws of Romania, with its registered office in Mun. Târgu-Mureș, Piața Republicii nr. 41, jud. Mureș, Romania, postal code 540110, registered in the Trade Register under number J26/628/1998, with tax identification code RO10966500, e-mail redactia@revistatus.ro.
1. Purpose of the Personal Data Processing Policy
When you visit or use our Platform, we process a range of your personal data as described below. In the view of the legislation on the protection of personal data, Reea SRL is in this situation Personal Data Controller and you are a Data Subject. Please read this Information Notice carefully to understand how we process your personal data.
This Notice is formulated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as the "GDPR Regulation".
The processing of personal data is the set of operations we may carry out on your data, such as: collecting, storing, organizing, transferring and deleting data.
This Notice on the processing of personal data forms an integral part of the Terms and Conditions of Use of the Platform.
2. What data do we collect and on what legal basis?
Your personal data may be collected by us:
- directly from you;
- observed by us when you browse our Platform.
A. Personal data provided directly by you
a) You can send us a message using the contact form available on the Platform. The data you enter in this form (name, e-mail, subject, message) are collected directly from you and are processed on the basis of our legitimate interest in responding to your request and keeping a record of the requests made by people who contact us.
b) You have the possibility to contact us by e-mail at redactia@revistatus.ro or by phone at 0365430954 extension 14. We will process your contact details (name, surname/alias, e-mail/telephone) and other information that you send to us on the basis of our legitimate interest, to respond to your requests and to keep a record of the requests made by people who contact us.
c) You can send us your creation for publication on our Platform using the online form available on the "We publish your creations" page.
In order to fill in the form, you need to provide us with the following information: name, surname, e-mail, telephone number, title of the children's work, category (story, poem, comic strip), your creation in pdf format).
We will process your data (i) in order to act on your request prior to the conclusion of a contract and (ii) in our legitimate interest, to respond to your requests and to keep a record of the requests made by people who contact us.
d) If you choose to enter into a separate contract with us for the publication of (i) your creation or (ii) the creation of the minor child whose representative you are, we will process the personal data necessary for the conclusion and execution of the contract: identification data of the author of the creation, identification data of the legal representative of the minor author (if applicable) - name, surname, address, series and ID card number, CNP.
In the above cases a)-d), your data is processed through our website hosting provider Hetzner Online GmbH. This company stores the data on servers located in the European Union.
When you choose to contact us by any means, please only send us personal data that is strictly necessary to deal with your request.
B. Traffic data, collected automatically while browsing our Platform
Our Platform automatically collects certain information in our legitimate interest in order to ensure its security and optimal functioning.
This information collected by us is traffic data automatically sent by your browser, collected by us or through third party services: Google, YouTube, Meta (Facebook), is statistical data, in anonymous form, which although individually (or in isolation) may not lead to direct identification, by correlation with other data sets, in exceptional situations have the potential to be used to identify a person, such as: the location of the device from which you access the internet, determined on the basis of the IP address or following your consent, provided through the device used for access, the browser used for browsing, its version and functions, other information accessible through the browser or application used, such as the version of the operating system or the resolution used on your device, the names of pages accessed and/or files downloaded, the source of the previous page.
We use cookies and similar technologies on the website. You can find more details in the Cookie Policy document.
C. Data collected as Associated Operators
In the case of Platform accounts on various online networks (Facebook , YouTube etc.) - we only collect your data for normal interaction within that network when: you subscribe to our pages, if you leave us comments on our posts, Like/Share or write us a direct message. In these cases, we have access to your public profile, the reaction you had to the date and time of the message/comment.
The data is collected together with the social networks concerned, with whom we are associated Operators. The legal basis for the collection is your consent. The data is used to publish your comment or to be able to reply to your message to us. The data is kept until: you close our social media page, you withdraw your previously obtained consent via social media, or you request us to delete this information.
When you interact with our pages on various social networks/online platforms, those networks process some personal data, based on which they provide us with aggregated statistics. These statistics do not directly contain personal data, but only information such as: the number of views of our page, the number of people who have been shown content from our page, the number of likes our page has.
Our accounts on the various social networks/online platforms are created under the conditions imposed by those networks. For more details about the processing of your data through these networks, please read their personal data processing policies.
3. How do we store and protect your data?
Reea securely stores your data on servers located in the European Union.
Reea implements appropriate technical and organisational measures to ensure the security, confidentiality, integrity, availability and protection of data against destruction, loss, alteration, unauthorised disclosure or unauthorised access to personal data processed.
Some of the technical measures are:
- Implementation of an ISO27001 certified information security management system. This system involves a series of technical (monitoring systems, compliant equipment, specialised staff, physical, cyber security measures, etc.) and organisational (policies, operational procedures) measures that apply to all staff;
- The use of cryptographic systems for medium and long-term data storage;
- Use of anti-virus solutions on the IT systems used;
- Encryption of electronic communications;
- Secure and redundant backup systems.
Some of the organisational measures are:
- Appointing a Data Protection Officer (DPO) within the company;
- Appointment of an Information Security Management System Officer;
- Adoption of an internal code of conduct applicable to all staff;
- Provision of expert legal assistance on local and international legislation with implications for personal data;
- Establishing contractual obligations with our partners and employees regarding privacy and protection of personal data.
Your personal data that we process is limited to that which is necessary, appropriate and relevant for the purposes mentioned in this Notice.
Even though we strive to provide the highest possible security for your data, it should be noted that we cannot guarantee the security of the information transmitted 100%, given the lack of security of data transmissions over the Internet due to external factors such as: viruses or malware, loss of electronic devices from which you access the Platform, access to your electronic devices by unauthorized persons, insecurity of some wifi networks.
For better protection of your data, we recommend:
- In your relationship with us, do not disclose personal data unless expressly requested to do so;
- Change your wifi router username and password;
- Choose strong, complex passwords for your electronic devices (use a password manager), unrelated to your personal life and save them in a secure way;
- Secure your electronic devices with passwords or other locking modes;
- Don't leave your electronic devices unattended;
- Verify the identity of the people you communicate with to make sure you are not sharing personal data with people who are not legally representing us.
4. How long do we keep your personal data?
The data collected will only be kept for a certain period of time, depending on the needs and purpose of the processing.
If you have chosen to contact us: via the forms available on the Platform, by e-mail or by phone, we keep your personal data for 3 years from the date we last communicated with you or from the final resolution of your request.
If you have chosen to publish a creation on the Platform, the name of the author is kept on the Platform until: the closure of our Platform or until you ask us to delete this information. At the same time, your identification data necessary for the execution of the contract concerning the publication of your creation is kept for 3 years from the date our contractual relationship ended.
Data obtained for processing based on your consent will be kept until you withdraw your consent.
After the expiry of the periods indicated above, your data will be deleted by the persons authorised to do so by Reea in accordance with our internal procedures.
5. Who do we share your personal data with?
For the above purposes, your personal data will not be sold or rented to third parties.
We will share the necessary part of your personal data only to the extent necessary and only to the following categories of third parties:
a) In the event you choose to use our Platform, we may provide your personal data to our processors:
- the company that provides certain services to us, as we have indicated in Section 2 of this Notice (e.g. the company that hosts our servers, Hetzner Online GmbH); archiving
- services in physical and/or electronic format; legal, notarial, accounting or other consulting services.
The third parties indicated above who have access to your personal data are obliged, according to the legislation in force or the contracts that we have concluded with them, to use the personal data to which they have access only for the purpose of providing the service for which we have contracted them.
b) Public authorities and institutions, if we are legally obliged to disclose it.
c) We may disclose your personal data to third parties:
If you request or give us your consent to do so;
- If those persons can demonstrate that they have the legal authority to act on your behalf;
- Where we have a legitimate interest in administering, expanding or developing our business: where we sell part of our business or certain of our assets, we may disclose your personal data to the prospective purchaser; where Reea or a substantial part of Reea's assets is acquired by a third party and the personal data held by us will be part of the transferred assets;
- In order to respond to any claims, to protect the rights of a third party, to protect the safety of any person or to prevent any illegal activity;
- For the purpose of protecting the rights of Reea or our employees and customers and others.
6. Transfer of personal data outside the European Economic Area
Reea stores the personal data it processes on servers located in the European Union.
However, some personal data to which we have access may be processed by third party companies operating outside the European Economic Area (EEA). If we provide any personal data to companies operating outside the EEA, we will take appropriate steps to ensure that they provide an adequate level of protection to the data to which they have access. These measures include entering into contracts in accordance with standard clauses approved by the European Commission. Where appropriate, we also implement additional protection measures, such as encryption and/or pseudonymisation.
7. What are your rights and how do we respect them when we are an Operator?
Personal data legislation gives you a number of rights in relation to your data; below we give you details of these and how you can exercise them:
a) Right of access - you have the right to request information about your personal data that we process, including the purpose of the processing, whether and with whom it is shared and how long it will be kept.
b) Right to rectification - if your data processed is inaccurate, you have the right to have it rectified or completed.
c) Right to erasure of data ("right to be forgotten") - you have the right to ask us to erase your data, except where the data is necessary: to exercise your right to freedom of expression and information; to comply with a legal obligation incumbent on us and/or a task carried out in the public interest; for purposes of public interest, scientific, historical or statistical research; to formulate, exercise or defend a right in court.
d) Right to restriction of processing - you may request restriction of the processing of your personal data if: you dispute the accuracy of the data, for the period during which we verify the accuracy of the data; the processing is unlawful and you object to the erasure of the personal data and instead request restriction of its use; the data is no longer necessary for us to process, but you request it for the establishment, exercise or defence of legal claims; you have objected to the processing, for the period during which we verify whether our legitimate rights prevail over your rights.
e) Right to data portability - you have the right to receive your personal data from us if you have previously provided it to us in a structured, machine-readable form. You also have the right to ask us to pass on your data to another personal data controller.
f) Right to object - you have the right to object at any time, given your particular situation, to the processing of your data if we process it on the basis of our legitimate interests or those of a third party. In such a situation, we will no longer process your data with the following exceptions: (i) if we can demonstrate legitimate grounds and an interest overriding your interests, rights and freedoms and (ii) if the purpose of the processing is the establishment, exercise or defence of legal claims.
g) The right to withdraw your consent - if your personal data is processed on the basis of your consent, you can withdraw your consent at any time. Withdrawal of consent does not have retroactive effect, so withdrawal of consent does not affect in any way the processing carried out prior to withdrawal.
h) Right to address the National Supervisory Authority for Personal Data Processing (ANSPDCP) - you have the right to lodge a complaint with the ANSPDCP if you consider that your personal data protection rights have been violated. Complaints can be lodged online, for more details please visit the following link: https://www.dataprotection.ro/?page=Plangeri_pagina_principala
8. What happens if you do not want to share your personal data with us?
In most cases, you are under no obligation to share your personal data with us. However, there are situations where, without additional data, we cannot process your request.
9. Further processing
Reea uses personal data only for the purpose for which it was collected. According to the GDPR Regulation, further processing of personal data for historical, statistical or scientific purposes is compatible with the original purpose of the processing.
10. Absence of automated decision making
As a user of our services, you will not be subject to a decision based solely on automated processing of your data that produces legal effects on you or affects you to a significant extent.
11. How do you contact us?
To send us a request regarding the processing of your personal data, please write us a message in the contact form available on the Platform or you can email us at dpo.in(at)reea.net.
We will inform you, within one month of receiving your request, of the action taken. This period may be extended to two months where necessary, taking into account the complexity, number of requests or the impossibility of identifying the applicant. If the time limit is extended, you will be informed within one month of receipt of the request, giving the reasons for the delay. If we are unable to identify the person contacting us, we will only be able to respond to that request if we request and receive additional information to identify the person concerned.
If we do not respond positively to your request, we will inform you of the reasons for not taking action and the possibility of filing a complaint with the ANSPDCP or the court.
12. Final Provisions
This Notice may be amended, in whole or in part, from time to time. Amendments are effective as of the time they are posted on the Platform. Whenever your consent is required or requested, we will inform you. We therefore recommend that you consult this document each time you use our services in order to be aware of the version in force.
This version of the personal data processing policy is stored at: www.revistatus.ro/copyrights/politica-privind-prelucrarea-datelor-personale.html
Version 2
VERSION HISTORY
1. Version 2 - in force from 22 May 2023
2. Version 1 - in force from 31 May 2018 - 23 May 2023