AFTERHILLS S.R.L., based in Sat Dobrovăț, Comuna Dobrovăț, nr. 1211, Iași County, registration number at the Trade Registry J22 / 1653/2016, CUI RO36328743, tel. 0771032494, email: firstname.lastname@example.org will be referred to as the “Company” below.
According to the legal requirements for personal data processing, the Company has the obligation to safely process and only for the specified purposes, the personal data provided by you when you contact the Company.
The protection of personal data is a priority for the Company. We appreciate your trust and, therefore, we apply the highest protection standards to your personal data. The storage of your personal data on the Company’s servers is made in accordance with the legal security and protection standards against access by unauthorized third parties.
- “Personal data” means any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, especially by referring to an identification element such as a name, identification number, localization data, online identifier or to one or more elements specific to his/her physical, physiological, genetic, psychic, economic, cultural or social identity;
- “Processing” means any operation or set of operations made on the personal data or on the personal data sets with or without the use of automated means such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consulting, usage, disclosure by transmission, dissemination or availability in any other way, alignment or combination, restriction, deletion or destruction;
- “Processing restriction” means marking the stored personal data in order to limit their future processing;
- “Profile creation” means any form of automatic processing of personal data consisting of using the personal data in order to assess certain personal aspects related to a natural person, especially for analyzing or providing aspects related to workplace performance, economic status, health, personal preferences, interests, sustainability, behavior, the location of the respective person or his/her travels;
- “Pseudonymization” means the processing of personal data in such a way that these cannot be attributed to a certain data subject without using additional information, provided that such additional to be stored separately and to be object of some technical and organizational measures assuring the fact that the respective personal data are not attributed to an identified or identifiable natural person;
- “Data recording system” means any structured set of personal data accessible according to specific criteria, either centralized, decentralized or distributed based on functional or geographical criteria;
- “Operator” means a legal or natural persona, a public authority, an agency or other bodies which, solely or together with other bodies, set out the purposes and the processing means of the personal data; when the processing purposes and means are set based on EU law or internal law, the operator or the specific criteria for its designation may be provided in the EU law or in the internal law. AFTERHILLS S.R.L., headquartered in Str. Vasile Lupu, no. 78A, camera 1, lot 57, Bloc N3, Etaj 11, Ap. 57, Iasi County, registration number at the Trade Registry J22/1653/2016, Tax Identification No. RO36328743, tel. 0771032494, email email@example.com, represented by manager George Acasandrei, is an Operator according to EU Regulations no. 678 of April 27, 2016 on the protection of natural persons regarding the processing of personal data and the free circulation of these data;
- “Person authorized by the operator” means a legal or natural person, a public authority, an agency or other bodies which process personal data on behalf of the operator;
- “Recipient” means a legal or natural person, a public authority, an agency or other bodies to which the personal data are disclosed, irrespective if it is a third party or otherwise. However, the public authorities to which personal data may be communicated within a certain inquiry in accordance with EU or internal law are not recipients; the processing of these data by the respective public authorities observes the applicable norms on data protection in accordance with the purpose of the processing;
- “Third party” means a legal or natural person, a public authority, an agency or bodies other than the data subject, the operator, the person authorized by the operator and the persons who, based on the direct authorization of the operator or of the person authorized by the operator, are authorized to process personal data;
- “Consent” of the data subject means any manifestation of the free will which is specific, informed and without ambiguity of the data subject accepting, through a statement or an unequivocal action, the processing of his/her personal data.
- “Violation of personal data security” means a violation of the security which leads accidentally or illegally to the destruction, loss, modification or unauthorized disclosure of personal data which are sent, stored or processed in another way or to the unauthorized access;
Data Collection and Processing. Disclosure.
- The Company collects, stores, processes and uses the following types of personal data: name and contact data (phone number, email address, PIN, bank account) together with the localization data, information about the device used for accessing the webpage www.afterhills.com, including the IP address, geographical location, browser type, reference source, visit duration and number of page views as well as other information communicated only if it is relevant and only if it is necessary. Information provided automatically by your computer is also stored in the Server Log Files of the Webpage.
- The personal data are collected for:
- Taking-over, validating, sending and invoicing the orders placed via the Company’s website www.afterhills.com;
- Conclusion and execution of the Company’s agreement with you including the fulfillment of legal obligations resulted from ticket sales;
- Dealing with the withdrawal requests or issues of any kind related to an order placed on the Company’s website or to an agreement concluded with the Company;
- Sending information related to an order placed on the Company’s website;
- Promotion of the Company and the events organized by it;
- Providing security for the website www.afterhills.com;
- ensuring the security of the AFTERHILLS Festival participants
- Providing security for the attendees at the AFTERHILLS Festival;
- Carrying out various statistical analyses (including for the improvement of the navigation experience or of the services provided by the Company);
- Fulfillment of the Company’s legal obligations.
- Taking into account the stated purposes, the Company processes Personal Data:
- For concluding or executing the agreements is part of;
- For fulfilling its legal obligations;
- Based on its legitimate interests;
- Based on the consent of the data subjects, in the cases specified in section 3 below,
- For activities of staff selection and hiring, for the conclusion, execution and termination of labor agreements, for the conclusion, execution, termination and debt collection related to other types of agreements which the Company concludes in running its activities, in order to respond to the requests of law courts and other public authorities making inquiries.
- The Company undertakes that the Personal Data collected will be used only in accordance with the stated purposes and will not make public, sell, lease, license, transfer etc. databases comprising Personal Data to any third party which is not involved in achieving the above mentioned purposes.
- However, the Company will be able to send the Personal Data to its authorized contractor in order to process the Personal Data for the purposes provided in this Confidentiality Policy. For example, the processor(s) of bank cards agreed by the Company will have the right to access/view any type of data/documents generated by an order which was issued or canceled.
- The Company will also be able to send Personal Data if these are requested by the authorized public bodies/institutions in the cases provided by the regulations in force as the Company is compelled to send data and information to the authorities.
- Based on our policy of data retention, we make sure that the Personal Data collected by the Company are processed for a reasonable period of time which does not exceed the period needed for fulfilling the purposes for which the Personal Data were collected. For example, we make sure that we periodically delete the Personal Data of users related to orders placed via the website www.afterhills.com so that the Personal Data related to each order will not be retained more than three years from the date of the last interaction regarding the respective order.
- The data subjects are explicitly informed via the available online means regarding the fact that their personal data will be processed, the purpose, the ways and the duration of the processing as well as the rights in relation to the collection, processing and storage of these data. Generally, the personal data will be collected directly from the respective person except the case in which the Company is compelled in concluding or executing an agreement following a business or professional relationship concluded directly with a third party (e.g. purchase of tickets via intermediaries). When the data are collected, the data subjects are informed about the identity of the data controller (the company collecting the data), the purpose of data processing, third parties or categories of third parties which may receive the data.
Logging On the Company’s Webpage
- The Server Log Files of the Webpage store the information provided automatically by your computer and namely: the version of the browser used by you, the operating system used, URL address (the page previously viewed), IP address, time when the server was accessed. For the purposes of the present Confidentiality Policy, the data and information mentioned in the present paragraph will be collectively called “Personal Data”.
Special Categories of Personal Data
- In certain conditions, the Company may process Personal Data related to the health status of the attendees at the AFTERHILLS Festival. Therefore, the persons with severe disabilities will be able to enjoy free access to the festival based on a request sent to AFTERHILLS accompanied by documents attesting the disability.
Newsletters and Other Business Information
- The Company’s newsletters and other business information sent via email allow your permanent access to the updated offers and to business information related to the Company.
- You will receive the Company’s newsletters and other business information if you give your express consent to receive such notifications via your specified email. The consent for receiving business information means your consent for:
- Business information via the Webpage’s newsletter;
- The use of your Personal Data by the Company for purposes related to sending the Newsletter and other business information.
- Even in the absence of your express consent, if you place an Order in the Virtual Shop, we will send on your email business communications related to products or services similar to those which you ordered from the Company’s Webpage.
- In order to unsubscribe from receiving the Newsletter and any type of business information, please use the option at the end of each Newsletter. The registered users may cancel the Newsletter and other types of business information in the “My Account” section on the Webpage. We will delete your contact data from the list of Users receiving our Newsletters no later than 10 working days from the unsubscribing date.
- Due to the functionality of the Company’s Newsletter, we may monitor information which is of interest for the Users of the Webpage (considering also other Cookie type files). The results of the analysis of this information are exclusively used in order to improve the Company’s offers.
Using The Images Of The Attendees Of The Afterhills Festival
- In accordance with the provisions of the Rules of AFTERHILLS Festival, the Company may use the images captured during the Festival for event promotion purposes.
- By attending the event, the natural persons give their express consent regarding image processing, including public broadcast, in which elements of physiognomy and/or attire are also incorporated for Festival promotion purposes.
- At the same time, on the premises of the even surveillance cameras will be installed and the images captured by them will be processed in order to assure the safety of the attendees of the event. The areas under surveillance will be signaled via the display of pictograms.
- According to law, you are conferred a series of rights as data subject. If you wish to exercise these rights, you may submit a written request with the date and your signature to the Company. Your main rights are:
- The right to be informed and the right to access: you have the right to obtain from the Company the confirmation that the Personal Data are processed as well as information related to the specificity of the processing such as: purpose, personal data categories which are processed, data destination, period for which the data are retained, the existence of the right to rectification, erasure or restrict processing. This right allows you to obtain free of charge a copy of the data processed.
- The right to rectification of data: you have the right to obtain, on request and free of charge, the rectification, updating, blocking, erasure or restriction of data processing which is not according to the law, especially of incomplete and inaccurate data. You also have the right to request the modification of incorrect Personal Data or, if applicable, to complete the incomplete data.
- The right to erasure: you have the right to request the erasure of personal data when:
- These are no longer necessary for the purposes for which they were collected and processed. There may be cases in which the interests or the obligations imposed by the legal provisions mandate the storage of these data for predefined terms;
- You have withdrawn your consent for the processing of personal data and we can no longer process data based on other legal grounds;
- The Personal Data are processed against the law;
- The Personal Data must be erased according to the relevant laws.
- The right to withdraw your consent: you have the right to withdraw at any time your consent related to the processing of Personal Data.
- The right to object: you have the right to object the processing of data based on the Company’s legitimate interests and based on the reasons of your particular case. You have also the right to object at any time, free of charge and without offering a reason, based on a request made in written form with the date and your signature, for your related data to be processed for direct marketing purposes, on behalf of the operator or of a third party or to be disclosed to third parties.
- The right to restrict processing: you have the right to request the restriction of data processing in the following cases:
- If you dispute the correctness of the data for a period which allows us to check the accuracy of the respective data;
- If the processing is illegal and you oppose the erasure of personal data, however, requesting the restriction of their use;
- If we no longer need the Personal Data for processing and you request them for a law court matter;
- If you oppose processing, for the time period in which it is verified if your legitimate rights as operators prevail against the rights of the data subject.
- The right to stop receiving promotional messages.
- The right not to be subject to a decision based solely on automated means, including the creation of profiles which would have legal effects.
- The right to personal data erasure:you have the right to request your data erasure if their processing has no legal grounds or if the legal grounds are no longer applied. The same applies if the purpose of data processing expired or ceased to be applicable due to other reasons.
- The right to data portability:in the extent in which we will process your personal data via automated means, you have the right to request us to provide your personal data in a structured form which is regularly used and which can be read in an automated way (e.g. in Excel format). If make such request, you can send your Personal data to another organization if this is technically feasible. However, we are not compelled to adopt or to maintain processing systems which are technically compatible with other organization. In exercising the rights specified at points 2.1.1 – 2.1.7 from above, you may contact us at: email – firstname.lastname@example.org, tel.: 0040 771 032 494.
- The right to lodge a complaint with a supervisory authority:you have the right to lodge a complaint with the supervisory authority of data processing if you consider that your rights were violated:
- National Authority for Personal Data Supervision of Romania
- B-dul G-ral. Gheorghe Magheru 28-30
- Sector 1, cod poștal 010336
- București, România
Data Protection Control and Security
- The Personal Data Processing on the Company’s website is made with the help of the SSL secured encryption protocol (Secure Socket Layer) which uses a key of 256 bits marked with the symbol of a little padlock located in the lower part of the browser’s window. This technique assures a high degree of data security.
- The observance of the personal data protection policies and applicable laws related to data protection is verified regularly via the controls made by the Responsible of Personal Data Protection and by the entities of the company with audit rights or by external auditors. The results of the controls related to data protection are reported to the Company’s manager. On request, the results of the controls related to data protection will be made available to the supervisory authority responsible for data protection. The authority responsible for data protection may carry out its own controls according to the national laws.
Online Payments Security
- The Webpage offers the option of payment via the “euplatesc” online service, by wire transfer or in cash at the moment of the delivery of products. The website offers the possibility to pay via online mail service, by bank transfer or cash at the moment of delivery of the goods.
- The Company’s Webpage fulfills the requirements of the Payment Card Industry Data Security Standard (PCI-DSS). The Company does not request and does not stores any information related to the User’s card as these are directly processed on the servers of the online payment service providers.
- Cookies are files which allow the connection of the user in a corresponding way to the Company’s webpage and placing orders in an easy way also allowing some statistical analyses to be made.
- The use of the cookie type mechanism represents an advantage for the visitors as it allows the memory of browsing options on the webpage such as the language in which the webpage is accessed, filter types to be applied in viewing some pages. With the help of cookies, the Company may analyze the interest of the visitors for the Webpage’s sections and this allows the future improvement of the browsing experience by introducing contents relevant for the user. Some of the business partners of the Company, e.g. those contracting advertising services on the Company’s webpage use the Webpage’s cookies. The Company does not have access and cannot control these cookies.
- The user is able to limit or to restrict the access to cookie files on his/her own computer with the help of the browser’s settings or by using the options offered on the Company’s webpage.
- The Company uses its own Cookie files for the following purposes:
- Configuration of services, such as:
- Adaptation of its webpage contents in accordance with user preferences and optimization of webpage usage;
- Recognition of devices used by the user and the accurate display of the Webpage;
- Memory of the chosen settings and customization of the user interface, e.g. related to the selected language or the region of the user;
- Memory of the history of visited pages.
- User authentication and assuring the efficiency of the user’s session on the server:
- Maintenance of the user’s session (after logging in) which allows the user to log in automatically without entering the user and password each time;
- Correct configuration of the chosen functions thus allowing the possibility to check in detail the session’s authenticity;
- Carrying out necessary processes for the integral operation of the webpage (transactions);
- Adaptation of the www.afterhills.com webpage contents according to the user preferences and optimization of page usage. More specifically, these files allow the understanding of basic parameters of the user device and the adequate loading of webpages of interest for the user.
- Analyzing, researching and auditing the audience:
- Compilation of statistics useful for understanding the way in which the users use the Company’s webpage. This offers the possibility to improve the Webpage’s offers.
- The Company uses two types of cookie files:
- temporary cookie files which are saved on the user device and remaining until the session is ended. At the end of the session, these are deleted permanently from the device memory. The mechanism of the temporary cookie files does not allow the storage of personal data or other confidential information related to the user.
- permanent cookie files which are saved on the user device and remaining until they are deleted. The end of the browsing session on the webpage or turning the computer off does not delete these cookies. The mechanism of the permanent cookie files does not allow the storage of personal data or other confidential information related to the user.
- The user is allowed to limit or deactivate the cookie files stored on his/her computer. The deactivation of the access to Cookie files does not restrict the use of the server except the use of those functions which cannot be made without cookie files, e.g. logging on the user account, purchase of products or making payments related to orders.
- The Company reserves the right to update and modify the present rules related to Personal Data protection at any time and without a prior notice. The new rules come into effect from the moment of their publication on the www.afterhills.com Webpage.
- The Company is not liable for the malfunctions caused by fortuitous events which may endanger the server’s security on which the database containing Personal Data is hosted.
- The Company is not liable for the confidentiality policy practiced by any other third party which can be reached via links connecting outside the webpage www.afterhills.com.
- The Company does not collect and does not process data disclosing racial or ethnic origins, political views, religious background or philosophical beliefs or membership to labor unions or genetic and biometric data for the unique identification of a natural person, data related to the health status or data related to the sexual lifestyle or orientation of natural person.
- Regulation no. 679 of April 27, 2016 related to the protection of natural persons regarding personal data processing and the free circulation of these data and the abrogation of Directive 95/46/EC (EU General Regulations related to data protection / GDPR);
- Directive 2002/58/CE of the European Parliament and Council of July 12, 2002 related to personal data processing and protection of private life in the field of electronic communications;
- Law no. 506/2004 related to personal data processing and protection of private life in the field of electronic communications;