Processing of personal data

Association Black Sea FooDignity must operate in compliance with data protection requirements, including those set out in the General Data Protection Regulation 2016/679/EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("Regulation"), which is applicable from May 25, 2018.

The requirements in this document apply to both natural and legal persons.

The Association undertakes to any person who provides it with personal data that it will ensure the confidentiality and security of personal data in accordance with the legal provisions applicable in this field.

In performing their daily duties, when necessary, the employees of the Association Black Sea FooDignity processes data belonging to the legal representatives of legal entities members and service/utility providers with which the Association Black Sea FooDignity has entered into contractual relationships, individual sponsors, beneficial owners, proxies, etc.

In order to ensure the highest standards of protection, the employees of the Association Black Sea FooDignity  who process personal data for the performance of their job duties must comply with at least the main principles and obligations listed in this Policy.

  1. Definitions

Personal data is the information that identifies a natural person or who do at least identifiable. Personal data is divided into general data (name, surname, telephone number, address, etc.) and sensitive data (ID/passport number and series, personal numerical code, etc.).

Processing shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation (mere viewing/access), use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Person concerned means any natural person whose personal data are processed by or on behalf of the Association Black Sea FooDignity.

  1. Principles on the processing of personal data

2.1. Personal data must be processed lawfully, fairly and transparently in respect of the data subject.

The data subject is the natural person whose personal data are processed.

In order to comply with the above principle, in order to process personal data, employees must ensure that:

  • there is a legal basis for the processing;
  • the processing does not affect the fundamental rights and freedoms of the data subjects;
  • data subjects have been provided with the minimum content of information on the processing activities.

Spot checks on compliance with the above requirements will be made by the employees who make the final decision on whether and how the processing is necessary and carried out in relation to the intended purpose.

2.2 Personal data are collected for specified, explicit and legitimate purposes and are not further processed in a way incompatible with those purposes.

Association employees Black Sea FooDignity must consider collecting data for specifically determined purposes (e.g. for the conclusion of the employment contract, in order to fulfill legal obligations deriving from tax law, etc.) and ensure that the purposes of the processing do not contravene the applicable legal rules, i.e. that the purposes of the processing are lawful.

Personal data may be processed only in the following situations:

  • where the use of the data is necessary for the negotiation with a view to the conclusion or performance of a contract with the data subject;
  • to respect a legal obligation;
  • when the processing is necessary for the performance of a task serving a public interestprovided for in EU or national law;
  • to protect vital interests of a natural person;
  • in order the legitimate interests of the Association Black Sea FooDignity, except where the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, in particular when the data subject is a child;
  • with consent individuals concerned.

To be valid, consent must be a freely given, specific, informed and unambiguous indication of the data subject's free, specific, informed and unambiguous will by which he or she accepts, by an unequivocal statement or action, that personal data relating to him or her may be processed.

Consent must be expressed for each processing purpose and requires adequate identification of the person who consented to the processing.

In labor relations, the Association Black Sea FooDignity will not, as a general rule, be based on employee consent.

2.3. Personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The data collected must be genuinely necessary for the provision of services by the Association Black Sea FooDignity and for the performance of the duties of the employees of the Association Black Sea FooDignity, prohibiting the processing of data that is not based on a genuine processing need, for example:

  • collecting sensitive personal data, such as health data, for marketing campaigns, in the absence of an express legal requirement to do so;
  • generation of reports (e.g. lists in Excel) that include more categories of data than strictly necessary to achieve the purpose of generating the report.

Furthermore, the data collected will not be subject to any processing activities additional to those initially established. To the extent that further processing is envisaged, the data subject will be informed about the envisaged new processing activity a reasonable period of time before the envisaged processing actually starts.

2.4. The personal data processed are accurate and, where necessary, updated.

Every reasonable step must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

To this end, employees should avoid storing documents containing personal data on personal workstations and use data stored in centralized applications to avoid the risk of inaccurate data.

2.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.

In carrying out processing activities, employees of the Association Black Sea FooDignity must ensure that it complies with data storage requirements for the period of time strictly necessary for the purpose of the processing, including by reference to archiving requirements imposed by specific legislation.

2.6. Personal data must be processed in a manner that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or accidental damage, by taking appropriate technical or organizational measures.

In data processing activity, the employees of the Association Black Sea FooDignity must comply with the security requirements imposed at Association level Black Sea FooDignity through this policy.

  1. Rights of data subjects

The Regulation recognizes several rights of data subjects. These rights must be respected and any request received by employees of the Association Black Sea FooDignity under these rights must be managed in accordance with the requirements of this Policy.

Right to information and right of access concerns the data subjects' right to obtain:

  • a confirmation from the Association Black Sea FooDignity whether or not personal data relating to her are processed and, if so;
  • access to the data concerned and to information on how the data are processed, the purposes for which they are processed, the recipients or categories of recipients of the data, etc.

Right to data portability refers to the right to receive personal data in a structured, commonly used and machine-readable format and the right to have such data transmitted directly to another controller, if the legal requirements are met and if such transmission is technically feasible.

Right to oppose - any data subject has the right to object:

  • at any time, for reasons relating to his or her particular situation - that the data concerning him or her may be processed in the legitimate interest of the Association Black Sea FooDignity, unless otherwise provided by law;
  • at any time, free of charge and without any justification, to have the data concerning him/her processed for direct marketing purposes.

Right to rectification relates to the correction without undue delay of inaccurate personal data. The rectification shall be communicated to each recipient to whom the data have been transmitted, unless this proves impossible or involves a disproportionate effort.

Right to erasure ('right to be forgotten') refers to the right to request erasure of personal data without undue delay if one of the following grounds applies:

  • they are no longer necessary for the purposes for which they were collected or processed;
  • where consent is withdrawn and there is no other legal basis for processing;
  • where the data subject objects to the processing and there are no legitimate prevailing reasons;
  • where personal data have been processed unlawfully;
  • where personal data must be deleted in order to comply with a legal obligation.

Right to restrict processing may be exercised if the person contests the accuracy of the data, for a period allowing the Association to Black Sea FooDignity checking data accuracy.

Right not to be subject to an individual decision - any person shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless such processing:

  • necessary for the conclusion or performance of a contract between the data subject and the Association Black Sea FooDignity;
  • is authorized by Union or national law applicable to the controller and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or
  • is based on the explicit consent of the data subject.

The data subject may request a review of the decision taken in the above 3 cases.

All these rights can be exercised by the data subjects by submitting a request to the headquarters of the Association Black Sea FooDignity or by e-mail: office@bsfda.ro.

Association Black Sea FooDignity must reply to any request to exercise data subjects' rights within a maximum of one month (as a general rule), respecting the minimum content set by the Regulation.

  1. Data breaches

A data breach occurs when data for which the Association Black Sea FooDignity is responsible suffers a security incident that accidentally or unlawfully results in the compromise of the confidentiality, availability or integrity of personal data (e.g. destruction, loss, alteration or unauthorized disclosure of personal data).

Security incidents can occur e.g. as a result of cyber-attacks, but also when equipment (e.g. laptop phone, etc.) on which personal data is stored is lost or when an e-mail containing personal data is accidentally sent to someone other than the intended recipient.

Any employee who becomes aware of a security incident that may lead to personal data being compromised must immediately notify the Association's management Black Sea FooDignity.

Management of the Association Black Sea FooDignitytogether with the IT manager, analyze the incident, then establish and implement the necessary measures to eliminate the consequences of the incident.

If the infringement is likely to present a risk to the rights and freedoms of individuals, the Association Black Sea FooDignity is obliged to notify the National Supervisory Authority for Personal Data Processing within 72 hours of becoming aware of the breach.

If the data breach poses a high risk to the individuals affected, then all such individuals must also be informed (unless effective technical and organizational safeguards or other measures have been implemented to ensure that the risk is no longer likely to materialize).

Association Black Sea FooDignity keep a record of personal data security incidents, including measures established and taken to remedy the consequences of such incidents.

  1. Cookies policy

Last update: January 2023

Like most websites, the association's website Black Sea FooDignity uses small text files called cookies. The text below provides information about what these are, what cookies the organization uses and how they can be controlled.

If you want to restrict or block cookies, you can do so in the settings of the internet browser you are using, but the experience on our website may not be the same. For more details about browser settings, please follow this link: www.aboutcookies.org.

5.1. What are cookies?

A cookie is a small file made up of letters and numbers that is downloaded and will be stored on your computer, mobile device or other equipment from which you access the internet. The cookie is installed by a request from the user's terminal to the server on which the Association's website is hosted Black Sea FooDignity.

On each subsequent visit, these files are sent back to the originating site or to another site that recognizes them, thus making it possible, in essence, to recognize the terminal and present the content in a relevant way, tailored to the user's preferences, offering enhanced functionality.

Definitions

First-party/third-party cookies

It refers to the web domain that places the cookie. First-party cookies are set by a site currently accessed by the user (the site displayed in the URL window). Third-party cookies are set by a domain other than the domain of the website accessed by the user. If a user accesses a site and another entity sets the cookie through that site, this is a third-party cookie.

Persistent cookies

They remain on a user's device for the period of time specified in the cookie and are activated each time the user accesses the website that created them.

Session cookies

They allow site operators to link a user's actions during a browsing session. A session starts when the user opens the window and ends when they close it. Session cookies are created temporarily; once the browser is closed, they are deleted.

Pixel tags

A pixel tag is not actually a cookie, but a similar type of technology placed on a website or in the body of an email to track activity on websites or when emails are opened and accessed. It is often used in combination with cookies and the information collected is anonymous.

You can find out more about cookies at: www.aboutcookies.org.

5.2. How does Black Sea FooDignity use cookies?

Black Sea FooDignity uses cookies for the following purposes:

  • in order to compile statistical data about the use and functioning of the website so that we can monitor and improve it;
  • to give users the ability to navigate the site and allow registered users to access the secure parts of the site;
  • to allow us to share our web pages on social networks.

You can choose to block these cookies in your internet browser, but this may affect the proper functioning of the website.

5.3. What cookies it uses Black Sea FooDignity?

We use cookies to improve visitors' experience on the site, but also to learn relevant data about site usage so that we can monitor and improve each visit.

We use "firts party" cookies from Google Analytics (ex. _ga, _ajs_anonymous_id, _gid, _gat, _asj_group_ide, ajs_user_ide. _gid, _gat) to track how you interact with the site. We use "third party" Cloudflare cookies (e.g. _cfduid) to increase website loading speed without storing user identification data; these are session cookies and expire in 30 days.

5.4. How you can control cookies

If you choose to block cookies, some site functionality will be turned off, and this may cause certain malfunctions or errors in the use of our site.

If you agree to these limitations and wish to block cookies, follow the instructions below:

  • Most browsers are set by default to accept cookies, but you can change your settings to block some or all cookies.
  • Choose your browser from the list below to display the instructions you need to follow after opening your browser.

The above links do not belong to Association websites Black Sea FooDignity and the Association Black Sea FooDignity is not responsible for their content.

5.5. Managing cookie preferences

Generally, a browser allows cookies to be saved on the terminal by default. They are stored for the periods described in the table in section 8 below. These settings can be changed in such a way that automatic cookie handling is blocked by the web browser or the user is informed each time cookies are sent to their terminal.

Detailed information about the possibilities and ways to manage cookies can be found in the settings area of your web browser. Limiting the use of cookies may affect certain website functionality.

5.6. Why are cookies important for the Internet?

Cookies are central to the efficient functioning of the Internet, helping to generate a user-friendly browsing experience tailored to each user's preferences and interests. Refusing or disabling cookies may make some sites or parts of sites unusable.

Disabling cookies does not mean that you will no longer receive legally compliant online advertising - just that it will no longer be able to take into account your preferences and interests, as evidenced by your browsing behavior.

Examples of important uses of cookies (which do not require a user to authenticate via an account):

  • Content and services tailored to user preferences - categories of products and services;
  • Offers tailored to users' interests;
  • Retaining passwords;
  • Retain child protection filters on internet content (family mode options, safe search features);
  • Limiting how often ads are shown - limiting the number of times an ad is shown for a particular user on a website;
  • Provide relevant advertising to the user;
  • Measuring, optimizing and tailoring analytics features - such as confirming a certain level of traffic to a website, what type of content is being viewed and how a user gets to a website (e.g. through search engines, directly, from other websites, etc.). Websites run these analytics on their usage to improve their services for the benefit of their users.

5.7. Do cookies contain personal data?

Cookies themselves do not require personal information in order to be used and in many cases do not personally identify internet users. However, there are situations where personal data may be collected through the use of cookies to facilitate certain functionality for the user or to provide the user with an experience more tailored to their preferences. Such data is encrypted in a way that makes it impossible for unauthorized persons to access it.

5.8. Useful links and additional information

If you want to find out more about cookies and what they are used for, we recommend the following links:

Kitchen Battle 2024

The biggest charity culinary competition in Romania