Privacy policy

Date of entry into force: July 21, 2021

The privacy of your data is important to us and we take our responsibility to manage it seriously. This policy describes how your data is processed when you access the www.curatorial.ro website , what your choices and rights are in the context of such processing, and what are the relevant issues you need to be aware of in relation to respecting your data privacy.

About the website operator responsible for processing your data

The data controller, within the meaning of the General Data Protection Regulation (“GDPR”), responsible for data processing on this website is: FUNDAȚIA PENTRU ARTĂ, NATURĂ ȘI SOCIETATE Municipiul București, Strada Londra nr.32, Sector 1. E-mail: redactia@curatorial.ro According to GDPR, the controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1. Information we collect

The information we collect depends on how you interact with the site. Please see the information below for more details.

1. Information you give us directly

When you use our website for informational purposes, we only collect data that your browser transmits to our server (so-called “server log files”). When you call up our website, we collect the following data that is technically necessary to display your website:

• our website that has been visited;
• date and time of access;
• volume of data sent, in bits;
• the source/link from which you accessed the page;
• browser used;
• the operating system used;
• IP address used (in some cases: anonymized).

Processing is carried out in accordance with Art. 6 (1) letter (f) GDPR on the basis of our legitimate interest to improve the stability and functionality of our website. The data will not be transmitted or otherwise used. However, we reserve the right to check server log files at a later date if there are concrete indications of unlawful use.

1. Legal basis for processing

We have a number of legal bases for processing information about you. For example, we will process information about you where we have your consent, where we have a legitimate interest in doing so, where the processing is necessary for the performance of a contract with you and where we are under a legal obligation to process your information. For example: When you access our website, certain cookies will be set by us or our partners. About the cookie functionality you will be able in the Cookie Policy. Depending on the cookie and its functionality (the purpose for which the cookie is installed on your terminal), we will rely on your consent in accordance with Article 6(1)(a) GDPR or on our legitimate interest in accordance with Article 6(1)(f) GDPR. With the exception of cookies that are strictly necessary for the use of our website, we will provide you with the ability to manage your cookie preferences. When you contact us (e.g. by e-mail), personal data is collected. This data is stored and used solely for the purpose of responding to your request and establishing contact, as well as for further technical administration. The legal basis for data processing is your consent according to Art. 6(1)(a) GDPR in conjunction with our legitimate interest to respond to your request according to Art. 6(1)(f) GDPR. Your data will be deleted after the final processing of your request, if we can reasonably deduce under the circumstances that your request has been completed and if there are no legal obligations to retain this data further.

2. How we collect information

We collect some information from you when you provide it to us directly, such as by e-mail.

3. How we use the information

We use personal and anonymous data, both individually and combined, in the following ways:
To operate the webiste and to improve and personalize your browsing experience, including:

• operate, improve and develop our services;
• take enquiries and forward our response following contact with the editors;
• measure the functionality of our services;
• respect your preferences and deliver dynamic content; and
• maintain our services safely, to comply with the law and to enforce our policies.

We keep the data we collect for as long as necessary to provide the services; we may keep the data after this period if necessary for legal, operational or other legitimate reasons.

4. Information we disclose to third parties

We do not transmit personal data that directly identifies you (such as e-mail) to third parties without your consent, unless required by law or unless we determine that disclosure is reasonably necessary for our legitimate interests. We may share anonymized or aggregated information or other data that does not directly identify you with third parties, for example, statistics about the use of our services. We do not control the information sent from your browser to third parties, such as analytics companies that receive information in the normal course of your internet activity.

5. Where the data is stored

The personal information we collect may be stored and processed for the purposes set out in this Privacy and Cookies Policy in Romania, in the European Union, and in any other country that has an adequate level of protection recognized by the European Union Institutions.

6. How we protect your personal information

Information security is a priority and we take a number of appropriate measures, including establishing procedures and processes to ensure the confidentiality, security, availability and resilience of the data you entrust to us.

7. Your options and controls Your rights under GDPR

We give you important choices so that you can choose which data we process. For example, you can choose preferences for cookie management or preferences for receiving a newsletter when it becomes available. You have the following rights recognized by law:

Right of access under Art. 15 GDPR

You have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing or objections to processing, the right to lodge a complaint with a supervisory authority, about the source of your data if it was not collected from you, the existence of automated decision making, including profiling and, where necessary, meaningful information about the logic involved and the extent to which you are the subject of the processing and the intended consequences of such processing, and your right to be informed of any safeguards that exist under Art. 46 GDPR in case of transfer of your data to third countries.

Right to rectification under Art. 16 GDPR

You have the right to immediately rectify any inaccurate data relating to you and/or to complete any incomplete data stored by us about you;

Right to erasure under Art. 17 GDPR

You have the right to request erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right may not be exercised if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

Right to restriction of processing under Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data as long as we verify the accuracy of your contested data, either if the processing is unlawful and you object to the deletion of your data and instead request the restriction of the use of your data, or if we no longer need your data for the purpose of the processing but need your data for the establishment, exercise or defense of legal claims or if you have raised an objection for reasons related to your particular situation, as long as it is not yet clear whether our legitimate interests prevail;

Right to information under Art. 19 GDPR:

If you have exercised your right to request that the data controller rectify or erase your personal data or restrict processing, the data controller will be obliged to inform all recipients to whom personal data have been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability in accordance with Art. 20 GDPR:

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request their transfer to another controller, where technically possible;

Right to withdraw consent under Art. 7 (3) GDPR:

You have the right to withdraw your consent to data processing at any time with effect for the future. In the event of withdrawal, we will delete the relevant data without delay, unless further processing may take place on a lawful basis, which permits processing without consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent until withdrawal;

Right to complain under Art. 77 GDPR:

If you believe that the processing of your personal data violates the GDPR, you have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial remedy. In Romania, the relevant authority is the National Supervisory Authority for the Processing of Personal Data, which can be contacted by visiting the website www.dataprotection.ro.

8. Changes to our policy

We may update this policy from time to time, so please check back frequently. If we are required by applicable data protection laws to provide you with prior notice or seek your consent to any such changes, we will do so. You can see when this version of the policy took effect by checking the “effective date” shown above.