GDPR - Agreement to process personal data

Share with:

Content

How we collect and use (process) your personal data
Who we disclose our personal data to
Withholding Personal Data
Your Rights
Transfer of personal data outside the European Union
Security
Changes in data processing
Additional questions or complaints

Agreement

The Konnectika Business Networking Club Association(‘Konnectika‘, ”, “‘we’,‘ association’ or a similar name) collects and processes several categories of personal data from current or future members, which, in accordance with European Union data protection law, qualifies us as the controller of such personal data.

We know that such aspects of your personal life are particularly important, and we take these matters seriously. This document describes our policies and practices regarding the collection and use of your personal data, upon joining the association, as well as your rights. This document provides the following specific information:

What data we collect about you;
How we use and generally process this data;
The basis on which we rely in this processing
Whom or to which we communicate this data;
How to store data.

Please read this briefing note carefully to understand how we process your personal data.

1. How we collect and use (process) your personal data

1.1 Within KONNECTIKA we collect and use any of the following data about you, and in this document we will refer to it as “personal data”.

1.1.1 Information from your CV or information that is otherwise provided to us by you, in the context of joining the Association, such as your full name, address, email address, telephone number, your past and current employers, your professional positions, and professional qualifications, recommendations, professional development, skills, training, and details about your performance. We will use this data to facilitate the integration and deployment of membership activities in Konnectika.

1.1.2 The results of our research concerning identification and compliance, such as checking databases on company holdings and administrator status, checking possible personal bankruptcy, social media sources, and public information about lawsuits.

1.1.3 We use the above data (1.1.1 & 1.1.2) in our legitimate interest to assess the person’s suitability for the Association, as well as to confirm information from CVs, biographies and letters of intent, as well as to obtain letters of recommendation and to carry out checks on their past performance. We also have an interest in ensuring the honour and good reputation of our future members, so we consider it important to check the image of a member in the press and on social media, the tone of public postings on social media (for example, we do not tolerate hate speech, discrimination and racism), and whether that member is involved in any dispute that may affect our reputation, etc. We do not process sensitive data (such as health data) in these checks, but we can unintentionally find information on criminal convictions if this information is public (such as information listed on court portals).

1.1.4 The information provided by you containing identification data (PIN, address, date of birth, domicile, place of birth, etc.) will be processed and used for the purpose of drawing up accession documents, collaboration contracts, voluntary contracts and certain documents aimed at collaborative relations and the granting of benefits (subscriptions, invitations events, vouchers etc.).

1.2 Source of personal data. Some of the personal data processed is provided directly by you, and other information is obtained indirectly from third parties, such as recruitment agencies and public sources (e.g. LinkedIn, Trade Register, Court Portal).

2. To whom we disclose our personal data

2.1 Disclosure of data to third parties. We’ll share the necessary part of your data, only to the necessary extent and only to the following categories of third parties:

2.1.1 other entities such as regulators, accountants, auditors, lawyers or other external experts, where their work requires such information; And
2.1.2 providers of products and services, such as:

human resources services;
IT systems providers and related support service providers, including email archiving, telecommunications service providers, backup and disaster recovery, IT security services and cloud storage service providers.
if you request or give us your consent;
persons who can demonstrate that they have the legal authority to act on your behalf;
if it is in our legitimate interest to do so to administer, expand or develop the activity of the association. For example if KONNECTIKA (or a substantial part of its assets) is merging or joining a group of associations.
if we have an obligation to disclose your personal data, to comply with a legal obligation, any legal request from government or executive authorities, and as may become necessary to meet certain national security or law enforcement requirements or to prevent certain illegal activities;
to respond to any claims, to protect our rights or to a third party, to protect the safety of any person or to prevent any illegal activity; or
to protect the rights, property or safety of KONNECTIKA, its members, its partners, suppliers or others.

2.1.3 Some of these recipients (including our affiliates) may use your personal data in countries outside the European Economic Area. Please refer to Chapter 5 below for more details on this topic.

2.2 Restrictions on the use of personal data by recipients. Third parties to whom we provide your information, according to paragraphs a), b) and (e) above are limited (by law and by contract) in their use of your personal data, for the specific purposes we have identified. We will always ensure that any third parties to whom we voluntarily disclose your information are not available, are subject to confidentiality and security obligations in accordance with this information note and applicable law (for the avoidance of doubt, this may not apply where disclosure is not our decision, such as the situations referred to in paragraphs c), (d), f), g) and h) above.). Except the above-mentioned cases, we will never disclose, market or lend any of your data, without notifying you, or, where appropriate, without first obtaining your consent.

3. Withholding personal data

Your data is shall be kept for as long as is necessary to fulfil the purposes for which the information is being processed. At the time of this document, personal data shall be retained for the following periods which we reasonably consider necessary:

Personal data of future members who do not complete the accession process – for six months after the end of the last action;
Members’ personal data shall be retained for the duration of the accession and for 75 years starting with the date of termination.

4. Your rights

4.1 You have certain rights to your personal data.

4.1.1 You may request access to the personal data we hold for you. You can also request information about the following: the purpose of the processing; categories of personal data processed; who besides KONNECTIKA could have received the data from us; what was the source of the information (if you did not give it to us directly); and how long that data will be kept.
4.1.2 You have the right to correct (rectify) your data which is in our possession, in case of inaccuracies
4.1.3 You may also request the deletion of the data or the cessation of their processing activity, subject to certain exceptions.
4.1.4 You may also request an end to the processing of data if this occurs on the basis of a legitimate interest, subject to certain exceptions.
4.1.5 You have the right to ask us to transfer the data we process about you, on the basis of your consent, or in completion of a contract, to you, or, directly to another operator, if technically feasible.
4.1.6 If you are not satisfied with the way we process your data or the response you received to a request concerning your personal data, you have the right to issue a complaint to the competent data protection authority. This is either the authority in your home state within the European Union (if not Romania) or the National Authority for the Supervision of Personal Data Processing, http://dataprotection.ro/.

4.2 We will consider all these requests and we will provide you with an answer within a reasonable timeframe ( at any time no longer than one month, which we can extend by another two months if your request is complex). However, please consider that there are exceptions to several of the already mentioned rights. If your request is rejected, KONNECTIKA will provide you with an explanation for the rejection of your request.

4.3 If any exceptions apply, we will notify you about them when we respond to your request. Before you respond to any request you make, we may ask you for certain information necessary to confirm your identity.

5. Transfer of personal data outside the European Union

5.1 Personal information may be processed by our staff operating outside the European Economic Area as well as by other agents, members of our group or third parties, for the purposes referred to in Section 1.1. You can see more details about the recipients of your data under section 2 above.

5.2 If we provide any personal data about you to partners outside the EEA, we will take appropriate steps to ensure that the recipient adequately protects your personal information in accordance with the provisions of this information note. These measures include:

5.2.1 in the case of US-based service providers, the conclusion of standard clauses approved by the European Commission or the supplier’s accession to the Privacy Shield (more details are available at https://www.privacyshield.gov/welcome); Or
5.2.2 in the case of service providers based in other countries outside the European Economic Area, we will conclude standard clauses approved by the European Commission.

6. Security

6.1 KONNECTIKA is determined to protect personal information from any loss, misuse, disclosure, change, unavailability, unauthorized access and destruction, and takes all reasonable steps to ensure the confidentiality of personal information, including through the use of appropriate organizational and technical measures. Among the measures of an organizational nature, we consider the control of physical access to our premises, the training of personnel, and the storage of physical files in lockers. Technical measures include the use of encryption, password access to our systems and the use of antivirus software.

6.2 In the process of providing your personal data to us, your personal information will be available might be transferred over the internet. While we are working hard to protect the personal information you provide to us, the exchange of information between us and you available via an internet connection is not 100% safe. Therefore, we cannot guarantee the security of the information you transmit to us via the Internet and therefore the transmission made via Internet occurs at your own risk. Once we have received your information, we will use strict procedures and security methods to prevent unauthorized access to this information.

7. Changes in data processing

This agreement can be subject to amendments whenever necessary. Any changes made will be displayed on the same website or via the shared spaces in the Cloud software, but will not be made known to you via email.

8. Additional questions or complaints

8.1 If you have any further questions or if you wish to issue a complaint about how we collect, use or store your information, or if you wish to exercise any of your rights concerning your personal data, please write to us at office@konnectika.org.

8.2 We will attempt to resolve any such complaint or claim concerning your personal rights.

8.3 If you are not satisfied with the response received, you may also issue a complaint at the National Supervisory Authority for Personal Data Processing. You can find additional information about the above procedure on the http://dataprotection.ro/?page=procedura_de_solutionare_a_plangerilor page.

I have taken notice

Member

……………………………………………

Data

…………………………………………..

GDPR – Agreement to process personal data