Politică de confidențialitate

Introducere

Această politică de confidențialitate descrie modul în care operatorul ASOCIATIA AERONAUTICA ROMANA ( “AAR”, “noi”, “nouă”, “site-ul nostru”, “asociatia”) colectează, folosește și protejează informațiile dvs. personale atunci când vizitați și utilizați platforma noastră de cursuri online. Ne angajăm să protejăm confidențialitatea și securitatea datelor dvs. personale.

Date Operator:

• Nume: ASOCIATIA AERONAUTICA ROMANA
• Website: europeaninstitute.eu
• Sediu TIMISOARA
• Numărul de înregistrare la Registrul Comerțului –
• Cod fiscal: 29573081
• Instanța de înregistrare: JUDECATORIA TIMISOARA
• Adresa poștală: Tebea 25, Timisoara
• Adresa de e-mail: office@aeroas.ro
• Număr 0764400300

Informații Privind Prelucrarea Datelor

În ceea ce privește prelucrarea datelor cu caracter personal care sunt stocate în sistem, un operator acordă o atenție deosebită în timpul prelucrării datelor pentru prelucrarea, stocarea și utilizarea datelor cu caracter personal conform REGULAMENTULUI (UE) 2016/679 AL PARLAMENTULUI EUROPEAN ȘI AL CONSILIULUI (“Regulamentul”) privind protecția persoanelor fizice în ceea ce privește prelucrarea datelor cu caracter personal și libera circulație a acestor date și de abrogare a Directivei 95/46/CE (Regulamentul general privind protecția datelor).

Datele personale sunt acele informații prin care un client sau vizitator poate fi identificat în mod direct sau indirect. Asociatia Aeronautica Romana obține aceste date astfel:

1. • Direct de la client sau vizitator
     • Completarea profilului pe site
     • Transmiterea datelor prin intermediul mailului sau a oricărei alte metode
     • Completarea si semnarea contractului
     • Completarea diverselor formulare de comanda
     • Participarea la sondaje
     • Participarea la evenimente
   • Automatically:
     • Există situații în care Asociatia Aeronautica Romana poate colecta datele clienților sau vizitatorilor și prin mijloace automate. De exemplu, date personale pot fi colectate prin intermediul cookie-urilor sau atunci, când vizitează site-urile web ale entităților care fac parte din Asociatia Aeronautica Romana sau paginile Asociatiei Aeronautice Romane de pe rețelele sociale

Asocitia Aeornautica Romana poate combina diverse date personale ale clientului sau vizitatorului, provenite din diferite surse (un site web, un eveniment etc.), doar pentru a deservi interesele clientului sau vizitatorului într-un mod personalizat și legitim.

AAR poate colecta următoarele categorii de date:

1. • Numele, adresa de domiciliu, adresa de e-mail, numărul de telefon, localitatea;
   • Informații detaliate despre participanți, care includ numele, data nașterii, sexul, numărul cărții de identitate;
   • Condiții medicale pentru participanți care au necesități medicale speciale și / sau cerințe alimentare;
   • Istoricul participărilor, inclusiv informații referitoare la cursurile dvs. și serviciile rezervate în legătură cu cursurile dvs.;
   • Informațiile pe care le furnizați despre preferințele dvs. de participare și cele ale însoțitorilor dvs. în programele şi cursurile oferite de AAR;
   • Informații despre utilizarea de către dvs. a site-urilor și/sau a aplicațiilor noastre;
   • Comunicațiile pe care le faceți cu noi sau pe care le direcționați către noi prin scrisori, e-mailuri, servicii de chat, apeluri și rețele de socializare.
   • Detalii privind tranzacțiile efectuate (servicii achiziționate, prețuri, moduri de plată)
   • Date de utilizare: Informații despre modul în care utilizați site-ul nostru, inclusiv paginile vizitate, timpul petrecut pe pagini și clicurile efectuate
   • Date tehnice: Adresa IP, tipul browser-ului, sistemul de operare, tipul dispozitivului.
   • Platforme de socializare: Informații colectate dacă vă conectați printr-un cont de socializare (Facebook, Google etc.).

De asemenea, pentru a putea îmbunătăți calitatea serviciilor si produselor oferite Asociația Aeronautica Romana poate solicita uneori informații privind experiența clientului sau vizitatorului în timpul utilizării produselor și serviciilor achiziționate. Aceste informații pot fi comentarii sau sugestii, dar și recomandări.

1. Utilizarea Informațiilor Utilizăm informațiile dvs. personale în următoarele scopuri:
   • Furnizarea serviciilor Pentru a crea și gestiona contul dvs., a procesa plățile și a vă oferi acces la cursuri.
   • Îmbunătățirea serviciilor: Pentru a înțelege cum utilizați site-ul și pentru a îmbunătăți experiența utilizatorilor.
   • Comunicări: Pentru a vă trimite notificări, actualizări și materiale de marketing (cu consimțământul dvs.).
   • Securitate: Pentru a proteja site-ul nostru și utilizatorii de fraude și activități neautorizate.
2. Divulgarea Informațiilor Nu vom vinde, închiria sau înstrăina informațiile dvs. personale unor terțe părți fără consimțământul dvs., cu excepția cazurilor specificate mai jos:
   • Furnizori de servicii: Colaborăm cu terțe părți pentru a furniza servicii în numele nostru (de exemplu, procesarea plăților).
   • Obligații legale: Putem dezvălui informațiile dvs. personale pentru a respecta legislația aplicabilă sau solicitările autorităților.
3. Securitatea datelor Adoptăm măsuri tehnice și organizaționale adecvate pentru a proteja datele dvs. personale împotriva accesului neautorizat, pierderii sau distrugerii. Operatorul ia toate măsurile necesare pentru a păstra datele în siguranță, în special în cazurile de acces neautorizat, modificare, transmitere, dezvăluire, ștergere sau distrugere, pierdere sau deteriorare accidentală.
4. TEMEIUL JURIDIC AL GESTIONĂRII DATELOR În legătură cu serviciile disponibile pe Site, temeiul juridic pentru prelucrarea datelor privind prelucrarea datelor cu caracter personal ale persoanelor fizice, este contribuția voluntară a Utilizatorului conform Articolului 6. (1) lit. a) parte din REGULAMENTUL (UE) 2016/679 AL PARLAMENTULUI EUROPEAN ȘI AL CONSILIULUI (“Regulamentul”) privind protecția persoanelor fizice în ceea ce privește prelucrarea datelor cu caracter personal și libera circulație a acestor date și de abrogare a Directivei 95/46/CE (Regulamentul general privind protecția datelor). Utilizatorul își poate retrage contribuția la prelucrarea datelor de fiecare dată. În acest caz, operatorul șterge datele personale ale utilizatorului din sistem. Dacă Utilizatorul nu și-a retras contribuția, durata prelucrării este durata stabilită în aceste informații în cazurile legate de prelucrarea datelor. Operatorul începe prelucrarea datelor cu caracter personal, atunci când Utilizatorul le oferă voluntar la momentul primei comunicări și prelucrarea datelor durează până la ștergerea datelor la cerere.
5. Prelucrarea datelor în alte scopuri 7.1. Buletin informativ, activitatea DM

• Domeniul de aplicare al datelor prelucrate: Numele, adresa de e-mail
• În momentul înregistrării, operatorul – dacă nu există nicio altă declarație sau obiecție – utilizează datele personale, adresa de e-mail și numele dat de Utilizator în scopul de a trimite materiale informative, oferte speciale, oferte și alte informații despre serviciile/produsele sale.
• Aceste date sunt prelucrate de către operator până când Utilizatorul se dezabonează de la Newsletter făcând clic pe linkul “dezabonare” găsit în Newsletter sau solicită dezabonarea prin e-mail sau poștă. În cazul dezabonării, operatorul nu va trimite buletine informative sau oferte către Utilizator. Utilizatorul se poate dezabona de la newsletter oricând, gratuit, fără limitări și justificări.
• Baza legală a prelucrării datelor: Contribuția voluntară a utilizatorului. Voluntary contribution of the User.

Data collected concerning website usage (data processing for other purposes)

• Technical data, site visit data: The operator does not match data with other information found during log file analysis and does not attempt to identify the User.
• IP Address: This is a series of numbers, with which the user’s computer accessing the internet can be distinctly identified. The visitor using the computer can even be geographically located with the help of the IP address. The address, date, and time are not sufficient to identify the User, but if matched with other data (registration data), conclusions about the User can be drawn.
• Domeniul de aplicare al datelor prelucrate: Date, time, IP address of the user’s computer, address of the visited site, and data regarding the visitor’s age or majority.
• Purpose of data processing: The operator’s system automatically records the IP address of the user’s computer, the time of the visit, or, in other cases – depending on the computer settings – the browser type and operating system. Data recorded in this way cannot be correlated with other personal data. Data processing is carried out only for statistical purposes. The purposes of data processing are to check the operation of the service, provide personalized service, and prevent abusive use.
• Data processing duration: Until written request from the user/visitor.
• Baza legală a prelucrării datelor: Contribuția voluntară a utilizatorului. Voluntary contribution of the user.

1. Processing cookies: The operator places small files, so-called cookies, on the User’s computer to provide personalized services and reads them later during a visit. If the browser sends back a previously saved cookie, the cookie provider can link the User’s actual visit to previous ones, but only in the case of their content. Cookies typical for online stores are session-protected password cookies.

i. Session cookies:

• Purpose of data processing: These cookies are used to operate the Site more efficiently and securely, and they are indispensable for the proper functioning of some site functions or applications.
• Domeniul de aplicare al datelor prelucrate: Does not record personal data.
• Data processing duration: Data is processed only while the User visits the website and is automatically deleted afterward.

ii. Persistent cookies:

• Purpose of data processing: Persistent cookies are used for a better user experience, for example, by providing optimized navigation. These cookies are stored for a longer period in the browser’s cookie file. This period depends on the browser’s settings.
• Domeniul de aplicare al datelor prelucrate: Does not record personal data.
• Data processing duration: These cookies are stored for a longer period in the browser’s cookie file. This period depends on the browser’s settings, mainly 30-60-90-120-180-365 days.

iii. Cookies used for the shopping cart:

• Domeniul de aplicare al datelor prelucrate: Does not record personal data.
• Data processing duration: Until the user requests the cessation of data processing.
• Purpose of data processing: Identifying customers, recording the “shopping cart,” managing the cart, and ensuring proper navigation.

iv. Security cookies:

• Domeniul de aplicare al datelor prelucrate: Does not record personal data.
• Purpose of data processing: Identifying the actual session of the User, preventing unauthorized access.
• Data processing duration: During the session.

v. Cookies necessary for password-protected sessions:

• Domeniul de aplicare al datelor prelucrate: Does not record personal data.
• Purpose of data processing: This cookie identifies the User after accessing a service related to the information society; user identification is necessary to maintain uninterrupted communication with the network server.

1. Deleting cookies: The user has the right to delete cookies from their computer, and the user can prohibit cookies from their browser. Cookies can be managed in the Tools/Settings menu under the Privacy Policy/History/Settings section by the cookie name or monitoring. The website may contain information, mainly advertisements, from third parties or advertising services that are not in contact with the Operator. These third parties may transfer cookies to the User’s computer or use similar methods to collect data to send direct advertisements related to their services to the User. In these cases, data processing is governed by a private policy established by a third party, so the Operator is not responsible for data processing.

Purpose of data processing: The Google Analytics server, as an external provider, helps measure and independently audit site visits.

Hostinger

1. • Address:
   • Număr
   • Email: support@hostinger.com
   • Website: www.hostinger.com
   • Services: Hosting service provider

Netopia Payments

1. • Sediu Bucharest
   • Număr
   • Email: contact@netopia.ro
   • Website: www.netopia-payments.com
   • Services: Online payment

User Rights

Information and access to personal data

The user has the right to know the personal data stored by the Operator and information about data processing; to verify data recorded by the Operator and access personal data. The user must send a written request to the operator to access the data (via email or post). The operator provides information to the user in a commonly used electronic form, unless the user requests it in writing in paper format. The operator does not provide verbal information over the phone in case of access.

In case of exercising access rights, information can be provided about:

• Definition of the scope of processed data, purpose, time, legal basis of data processing concerning processed data,
• Data transmission: to whom data has been or will be transferred,
• Data source name.

The operator provides (personally at customer service) a copy of the personal data for the user for the first time free of charge. For additional copies, the operator may charge a reasonable cost based on administrative expenses. If the user requests a copy via electronic means, the information will be provided via email in a commonly used electronic format.

The user can request, in writing, the rectification or deletion of personal data or restriction of processing or can object to personal data processing after the information has been provided and the user disagrees with its accuracy.

Rights to correct or rectify processed personal data

Upon the user’s written request, the operator corrects incorrect personal data indicated by the user, either in writing or personally, at one of the operator’s stores, without undue delay, and rectifies incomplete data with content specified by the user. The operator informs each recipient with whom personal data has been shared about the correction or rectification, except when it proves impossible or requires a disproportionate effort. The user provides information about these recipients upon written request.

Rights to restrict data processing

The user can request the operator to restrict data processing through a written request if the accuracy of personal data is contested by the user for a period allowing the operator to verify the accuracy of personal data, data processing is unlawful, and the user opposes the deletion of personal data and requests instead the restriction of its use, the operator no longer needs the personal data for data processing purposes, but it is required by the user for the establishment, exercise, or defense of legal claims, the user objects to data processing: pending the verification whether the operator’s legitimate grounds override those of the user.

If processing has been restricted, such personal data shall, except for storage, only be processed with the user’s consent or for the establishment, exercise, or defense of legal claims or the protection of the rights of another natural or legal person or reasons of important public interest of the Union or a Member State. If processing is restricted, the operator will inform the user (whose request resulted in the data processing restriction) before lifting the data processing restriction.

Right to deletion (right to be forgotten)

The operator deletes, at the user’s request, personal data concerning them without undue delay if one of the following reasons applies: i) the personal data is no longer necessary concerning the purposes for which it was collected or otherwise processed by the operator; ii) the user withdraws their consent on which the processing is based and there is no other legal ground for the processing; iii) the user objects to processing concerning their situation and there are no overriding legitimate grounds for processing; iv) the user objects to processing of personal data concerning them for direct marketing purposes, including profiling, to the extent it is related to such direct marketing; v) the personal data has been unlawfully processed by the operator; vi) the personal data has to be erased to comply with a legal obligation in Union or Member State law to which the operator is subject; vii) the personal data has been collected concerning the offer of information society services directly to a child.

The user cannot claim the right to deletion or the right to be forgotten if the data processing is necessary: i) for exercising the right of freedom of expression and information; ii) for compliance with a legal obligation that requires processing by Union or Member State law to which the operator is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the operator; iii) for reasons of public interest in the area of public health; iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the right to be forgotten is likely to render impossible or seriously impair the achievement of the objectives of that processing; or v) for the establishment, exercise, or defense of legal claims.

Right to data portability

Data portability enables the user to obtain and reuse their data via a different provider defined by the user stored in the operator’s system for their own purposes. The right applies only to data provided by the user. Portability of other data (such as statistics) is not possible.

The following activities can be performed by the user with personal data (when subscribing to the newsletter) stored in the operator’s system:

• The user receives the data in a structured, commonly used, and machine-readable format.
• The user has the right to transfer the data to another operator.
• The user can request data transmission to another operator – if technically feasible in the operator’s system.

The operator respects only data portability requests sent via email or post. For request execution, the operator must ensure that the authorized user is exercising their rights. Therefore, the user must visit the operator’s headquarters to be identified by the operator according to the data stored in the system. The user can request the portability of data transmitted to the operator by themselves. Exercising this right does not mean data will be automatically deleted from the operator’s system; thus, the user can use the operator’s services after exercising this right.

Objection to personal data processing

The user can object to the processing of personal data concerning their situation at any time, including profiling and the user has the right to object to processing for direct marketing purposes, including profiling. If the user objects to processing personal data, the operator will delete the personal data from the system.

The user can object to personal data processing in writing (via email or post) or, in the case of a newsletter, by clicking the “unsubscribe” link found in the newsletter.

Request fulfillment term

The operator informs the user about the arrangements without undue delay, but in any case, within one month of the arrival of any request.

1. • This period may be extended by another two months if necessary, considering the complexity and number of requests, but in this case, the user must be informed by the operator about the reasons for the delay within one month of the arrival of the request. If the request was submitted electronically by the user, the operator provides the information electronically, unless the user requests it otherwise.

Legal enforcement possibilities

• The user can exercise their rights through a written request sent via email or post.
• The user cannot exercise their rights if the operator proves they are unable to identify the user. If a user’s request is manifestly unfounded or excessive (especially due to its repetitive nature), the operator may charge a reasonable fee or refuse to comply with the request. This must be proven by the operator. If the operator has reasonable doubts concerning the identity of the individual making a request, they may request additional information necessary to confirm the requester’s identity.

Management of Personal Data Breach

A personal data breach means a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. The operator keeps a record to control measures regarding personal data breaches, inform supervisory authorities, and notify the user. This record includes the scope and number of personal data, the date of the personal data breach, the scope and number of those involved, the time, circumstances, and effects of the incident, and measures taken to avoid it. In case of an incident, the operator – unless the breach is unlikely to result in a risk to the rights and freedoms of individuals – must inform the user and supervisory authorities about the breach without undue delay, but at least within 72 hours.