Privacy Policy
Data protection and privacy policies
These privacy policies explain why ASTRA Museum collects personal data, what the data is used for, how it is stored and protected. The Museum may collect, use and store personal data according to the General Data Protection Regulation published on the website. The Museum has the right to change these policies when it deems necessary by publishing them on the website.
Please consult the Museum's website www.muzeulastra.ro to be informed of any changes, which cannot be applied retrospectively.
ASTRA Museum will always comply with the General Data Protection Regulation when collecting, storing and using personal data in accordance with Regulation 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR).
DEFINITION OF CONCEPTS
DEFINITION OF CONCEPTS concerning personal data and the processing of such data:
- "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
- "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Rights
RIGHTS of the data subject according to the General Data Protection Regulation No 679/ 2016 (GDPR):
- Right of access: the right to obtain confirmation as to whether or not personal data relating to her are being processed and, if so, access to those data, information on their processing and a copy of the personal data processed (as per Article 15 GDPR).
- the right to rectification of data: the right to have inaccurate personal data rectified or incomplete personal data completed (under Article 16 GDPR).
- the right to erasure of data ("right to be forgotten"): the right to obtain the erasure of personal data and, where personal data have been made public, the transmission of information relating to the erasure request to other controllers processing personal data (under Article 17 GDPR).
- the right to restriction of processing: the right to obtain from the controller the restriction of the processing of personal data (under Article 18 GDPR).
- the right to data portability: the right to receive personal data concerning her that she has provided to the controller in a structured, commonly used and machine-readable format and her right to have such data transferred to another controller without hindrance by the controller to whom the personal data were provided, as well as her right to have the personal data transferred directly from one controller to another (under Article 20 GDPR)
- Right to object: the right to object to the processing of personal data with the intention of ceasing the processing of such data (under Article 21 GDPR)
- the right to withdraw at any time the consent given: the right to withdraw at any time a consent given in order to stop a processing of personal data that is based on consent. Withdrawal will not affect the lawfulness of the processing of personal data carried out on the basis of the consent given before the withdrawal (as per Article 7 GDPR)
- the right to lodge a complaint with a supervisory authority: the right to lodge a complaint with the National Supervisory Authority for the Processing of Personal Data if it is considered that the data processing is in breach of the GDPR (Article 77 GDPR).
Who is the controller of personal data?
COMPLEXUL NATIONAL MUZEAL ASTRA SIBIU, located in Sibiu, Pădurea Dumbrava, nr. 16, Sibiu county, CUI 4406304, www.muzeulastra.ro, email: office@muzeulastra.com is the controller of the personal data you submit to us and is responsible for your personal data in accordance with applicable data protection legislation.
Why do we use your personal data?
We use your personal data to issue your access pass to the ASTRA National Museum Complex and to generate invoices (on request) for the services provided.
What types of personal data do we collect?
We will process the following categories of personal data: - name, surname, address, series and ID number, matric number (in the case of pupils/students), pension file number (in the case of pensioners), disability certificate number/disability decision number (in the case of persons with disabilities and accompanying person), unemployment card number, war veteran or former political prisoner card number.
Where do we store your data and for how long?
Your data is stored in an electronic database and is kept for the duration of the contractual relationship and, after its completion, at least for the period required by the applicable legal provisions in the field and for the period during which the institution is legally obliged to keep correspondence with third parties.
Who has access to your data?
The categories of recipients of personal data are: the data subject, the cashier of the institution, local or county public authorities or institutions in strictly determined cases in compliance with the law.
What is the legal basis for processing personal data?
- The collection, archiving and processing of data subjects' data for the purposes mentioned above are based on legal grounds:
- the person's consent when agreeing to the issuing of the subscription or the issuing of the invoice;
- the legal obligation of the C.N.M. ASTRA;
- the legitimate interest of the C.N.M. ASTRA, for activities such as: carrying out statistical analysis and internal reporting or reporting to the relevant state or government authorities, institutions or agencies.
What are your rights?
Please be informed that you can exercise all your rights under Regulation 679/ 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, such as:
- Right of access to data: any data subject has the right to obtain from the ASTRA National Museum Complex, upon request (free of charge, for one request per year), confirmation as to whether or not his/her personal data are being processed by it, as well as the following information:
- information on the purposes of the processing, the categories of data concerned and the recipients or categories of recipients to whom the data are disclosed;
- communication in an intelligible form of the data undergoing processing and of any available information as to the origin of the data;
- information on the principles of operation of the mechanism by which any automatic processing of data relating to that person is carried out;
- information on the existence of the right to intervene on the data and the right to object, as well as the conditions under which they can be exercised;
- information on the possibility to consult the register of personal data processing operations, to lodge a complaint with the supervisory authority and to appeal to the court against decisions, in accordance with the legal provisions.
The ASTRA National Museum Complex is obliged to provide the requested information within 30 days from the date of receipt of the request.
- Right of intervention on data: any person concerned has the right to obtain, free of charge, from the ASTRA National Museum Complex, by means of a written, dated and signed request:
- rectification, updating, blocking or deletion of data whose processing is not in accordance with the law, in particular incomplete or inaccurate data;
- anonymising data whose processing does not comply with the provisions of GDPR/2016;
- notification to third parties to whom the data have been disclosed, unless such notification proves impossible or involves a disproportionate effort compared to the legitimate interest that might be harmed.
The ASTRA National Museum Complex is obliged to communicate the measures taken and, if applicable, the name of the third party to whom personal data relating to the data subject have been disclosed, within 30 days of receipt of the request.
Right to object: the data subject shall have the right to object at any time, by means of a written, dated and signed request, on compelling legitimate grounds relating to his or her particular situation, to the processing of data relating to him or her, unless otherwise provided for by law. In case of justified objection, the processing may no longer concern the data concerned.
The data subject shall have the right to object at any time, free of charge and without justification, to the processing of data relating to him or her for direct marketing purposes on behalf of the controller or of a third party, or to their disclosure to third parties for such purposes.
The ASTRA National Museum Complex is obliged to inform the data subject of the measures taken and, where appropriate, the name of the third party to whom personal data relating to the data subject have been disclosed, within 30 days of receipt of the request.
The right to address the National Supervisory Authority for Personal Data Processing or the courts to defend any rights guaranteed by the GDPR/2016 that have been infringed.
How can you exercise your rights?
We attach great importance to the protection of personal data and therefore have dedicated customer service staff to handle your requests in relation to your rights mentioned above. Our staff is always available to you at dpo@muzeulastra.com
The right to lodge a complaint with a supervisory authority
If you are of the opinion that the ASTRA National Museum Complex is processing your personal data incorrectly, you can contact us. You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing or with the courts to defend any rights guaranteed by the GDPR/2016 that have been violated.
Privacy Notice Updates
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any significant changes to the Privacy Notice, for example the purpose for which we use your personal data, the identity of the controller or your rights.
Cookie Policy
This website uses third-party cookies to provide visitors with a much better browsing experience and services tailored to their needs and interests.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data in the electronic communications sector, all visitors to the website are asked for their consent before cookies are sent to their computers.
A cookie is a small file, usually made up of letters and numbers. It is downloaded into the memory of a computer or other type of device used for internet browsing (laptop, desktop, smartphone, tablet, etc.) when the user accesses a particular website.
The cookies used are performance cookies and remember the user's preferences and how they use the site, so there is no need to set them each time they visit the site. They do not collect information that can identify users, all data is anonymous. Performance cookies are only used to improve the way the site works.
Note: The cookie cannot access the information stored on the user's HDD, does not contain software or viruses, and is completely "passive".
When the user accesses a website from a web browser, the website sends information to the browser and the browser creates a text file. Each time the user accesses that website again, the browser transmits this file to the website. The cookie thus notifies the website whenever the user returns to the website.
We use Google Analytics to collect information about how visitors use our website and web applications. For example, we collect details such as the source of the visit and the total number of visitors to the website and related applications.
What is the lifetime of a cookie?
Cookies are managed by web servers. The lifetime of a cookie can vary significantly, depending on the purpose for which it is placed. Some cookies are used exclusively for a single session (session cookies) and are no longer retained once the user has left the website, while other cookies are retained and reused each time the user returns to that website ('persistent cookies'). However, cookies can be deleted by a user at any time via browser settings.
How can you control cookies?
You can control and/or delete cookies as you wish - see aboutcookies.org for details. You can delete all cookies from your computer and set most browsers to block the placement of cookies.
Useful links to control cookies depending on the browser you use:
