WHO is Responsible for the Processing of Your Personal Data?
Our organization/entity is responsible for the processing of your personal data, depending on how you interact with our websites and applications, as well as on where you are located in the world. Within this document, our organization/entity is referred to as: “us”, “our”, “ours”, “we”, ”university” or “Romanian-American University”..
WHAT Personal Data Do We Collect and WHEN?
We ask you for certain personal data in order to be able to provide you with the information, products or services you request from us. For example, we collect data from you in order to ensure your successful participation to our activities, creation of personal accounts, electronic communication.
These personal data include your:
o contact details, such as name, email, phone number, contact address;
o login and account information, such as social platforms accounts, screen name, password or unique user ID;
o personal details, such as gender, hometown, date of birth or activity history;
o payment or credit card information;
o images, photos and videos;
o data on physical characteristics, such as weight, height, age;
o personal preferences, such as wish lists, marketing or cookie preferences.
• Device IDs, call state, network access, storage information or battery information;
• Cookies, IP addresses, referrer headers, data identifying your web browser and version or web beacons and tags.
We comply with local laws and do not allow children to register on our websites or apps when they are under the legal age limit of the country in which they reside. We ask for parental consent for children participating in our activities and events.
When using our websites and apps, we also provide in-time notice or obtain consent for certain practices. For example, we request consent to use your location or send push notifications. We may obtain this consent through the sites, apps or by using the standard permissions available on your device.
In many cases, your web browser or mobile device platform will provide additional tools to allow you to control when your device collects or shares particular categories of personal data. For example, your mobile device or web browser may offer tools to allow you to manage cookie usage or location sharing. We encourage you to familiarize yourself with and use the tools available on your devices.
We use your personal data in the following ways:
To Provide the Features of the Sites, Apps, and Services You Request
When you use our sites and apps, we will use your personal data to provide the requested product or service. For example, if you register for an event we organize, we will use your contact data to keep you informed about different schedule modifications; if you buy a ticket for an event we organize, we will use the data your provided for the payment in order to finalize the payment procedure.
To Communicate Information about our Products, Services, Events and for Other Promotional Purposes
When you consent, we will send you marketing communications and news about our services, products, events and other promotions. You can opt-out at any time after you have given your consent.
To Operate, Improve and Maintain our Business, Products and Services
We use the personal data you provide to us in order to operate our business. For example, when you make a purchase of an online ticket, we use that information for accounting, audits and other internal functions. We may use personal data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our sites and apps.
To Protect Our or Others' Rights, Property or Safety
For Research and Analysis Purposes
We use data about how our visitors use our sites, apps and services to better understand customer behavior or preferences. For example, we may use information about how visitors search for and find our websites or what content has generated a higher level of interest.
We may also use your personal data in other ways and will provide specific notice at the time of collection and obtain your consent where necessary.
To process your personal data, we rely on certain legal grounds, depending on how you interact with our sites and apps.
o When you purchase from our sites and apps, we need your personal data to fulfill our contract with you. For example, we need your payment and contact details to deliver your order.
o When you use our apps, we rely on your consent for processing and for certain limited purposes to fulfill our contract with you (for example, for in-App purchases).
o We also rely on other legal grounds, such as our legitimate interests as a business, to comply with a legal obligation, or to protect your vital interests.
We share your personal data with:
Other entities of ours, for the purposes and under the conditions outlined above.
Third party service providers processing personal data on our behalf, for example to process credit cards and payments, shipping and deliveries, distribute messages, research studies and analyses etc. When using third party service providers we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.
To any other third party where you have provided your consent.
We may also transfer personal data we have about you in the event we transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation).
When you use certain social features on our sites or apps, you can create a public profile that may include information such as your screen name, profile picture and hometown. You can also share content with your friends or the public, including information about our activity. We encourage you to use the tools we provide for managing social sharing to control what information you make available through the social features.
Encryption & Security
We use a variety of technical and organizational security measures, including encryption and authentication tools, to maintain the safety of your personal data.
International Transfers of your Personal Data
We constantly take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside of the EEA or Switzerland that do not provide an adequate level of data protection. We use a variety of measures to ensure that your personal data transferred to these countries receives adequate protection in accordance with data protection rules; this includes signing the EU Standard Contractual Clauses, verifying the recipient has adopted Binding Corporate Rules or adheres to the EU-US and Swiss-US Privacy Shield Framework. Where personal data is transferred within our own infrastructure, we use an internal set of procedures agreed upon at institutional level.
Retention of your Personal Data
You have the right to request: (i) access to your personal data; (ii) an electronic copy of your personal data (portability); (iii) correction of your personal data if it is incomplete or inaccurate; or (iv) deletion or restriction of your personal data in certain circumstances provided by applicable law. These rights are not absolute. Where we have obtained your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
If you like would to request a copy of your personal data or exercise any of your other rights, please contact us at the public email address dpo [at] rau [dot] ro.
USING Our Sites and Apps with Third-Party Products and Services
Our Sites and Apps allow you to interact with a wide variety of other digital products and services. For example, our sites and apps can integrate with third-party devices for tracking social networks activity, geo-tagging and other digital services.
If you choose to connect your account with us to a third-party device or account, your privacy rights on third-party platforms will be governed by their respective policies. For example, if you choose to share your activity with us on third-party social media platforms, the policies of those platforms govern the data that resides there.
Our sites and apps may provide links to other third-party websites and apps. Linked sites and apps have their own privacy notices or policies, which we strongly encourage you to review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content, any use of the websites or apps, or the privacy practices of the websites or apps.
In order to abide by the GDPR specific requirements (starting with the EU Directive from May 26 of 2012) and the national legislation in the field (starting with Law 506/17.11.2004) regarding the processing of personal data and the protection of privacy in the sector of electronic communications, we kindly ask the visitors/users of our sites and apps to give their consent before we send any cookie to their devices.
Our sites and apps use both our own and third-party cookies, in order to provide for our visitors an enhanced experience and highly customized services.
Cookies are important in facilitating access and delivery of varied services for the internet user, such as:
• Customizing settings, like preferred language, preferences history etc.;
• Cookies give site owners a valuable feedback regarding the way visitors use their websites, as to be able to improve them and make them more efficient and accessible for the users;
• Allow multimedia or other type of apps to be included within a certain website, in order to provide a better experience, more useful and enjoyable.
An “Internet Cookie”, term known also as “browser cookie” or “HTTP cookie” or simply “cookie”, is a file of small size, containing letters and numbers, which will be saved on the user's device (e.g. computer, mobile phone, tablet etc.).
Cookies are installed through a solicitation sent by a web server to a browser (e.g.: Firefox, Chrome, Safari, Internet Explorer etc.) and are completely "passive" (they do not contain software, viruses or spyware and cannot access information from the user's hard-drive).
A cookie has two parts: name and content (value). Moreover, its lifespan is predetermined; technically, only the originating web server can access it, doing this at the time when a user returns to the website associated to that server.
Cookies do not request personal information data to use them independently and, in most cases, do not even identify the user on the internet
these are saved temporarily inside the cookie folder of the browser, up to the moment when the user quits the website or closes the browser window (e.g.: at the time of login/logout to a web mail service or a social network).
these are saved on the hard-drive of a computer or other device and, in general, have variable lifespans. Persistent cookies include also those placed by another website than the one the user is visiting at the time - these are known as ‘third party cookies’ (cookies placed by others) – and that can be anonymously used to save data about a user, so that, for example, the browser can deliver relevant marketing messages for the user.
What are the advantages of using cookies?
A cookie contains information which provide a link between the browser (user) and the web server (website). If a browser accesses the website again, the latter can read the information already saved and can react in an appropriate manner. Cookies usage ensures an enhanced experience for the users and support website owners effort to offer better services and customized experiences. (e.g.: preferences related to privacy online, options related to language, shopping cart, targeted advertising etc.).
What is the lifespan of a cookie?
Cookies are administered by web servers. The lifespan of a cookie can vary greatly, depending on the goal for which it was placed. Some cookies are exclusively used for a single connection session (session cookies) and are not saved once the user has left the website, while other cookies are are retained and saved to be reused each time the user returns to that website (persistent cookies). Nevertheless, all cookies can be erased by any user, at any time, through the browser's settings.
What are third-party cookies?
Certain sections of content on a website could be delivered through third-party websites (e.g.: news scrolls, video clips, advertisements). These third-party websites can place cookies through the host website and they are called "third-party cookies" because they are not placed by the owner of the website. Third-parties must also obey the legislation enforced and the privacy policies of the host website.
A visit to a website can place cookies for multiple purposes:
• increasing the website performance;
• analyzing visitor patterns;
• identify geographical information (geo-targeting);
• user registration.
This type of cookie saves the user preferences related to a certain website, so that there is no need for choosing new settings each time a visitor returns to that website (e.g.: settings for video player volume, speed for the video streaming etc.).
Statistics and analyses cookies
Each time a user visits a website, a software provided by a third-party (e.g.: Google Analytics) may generate a user analyses cookie. This cookie shows if the visitors has already been on that website or not. The browser will signal the presence of this cookie and, if it does not exist, it will be generated. This procedure permits the monitoring of unique visitors or the frequency of the visits on a certain website.
As long as the user is not registered with a website, this cookie cannot be used to identify a person, being actually used only for statistical purposes. If the visitor is registered the cookie can also know the information provided at registration, such as email or username - elements comprised under the privacy policies, according to the legislation regarding the protection of personal data.
Cookies for geo-targetting
These cookies are used by a software in order to determine the country of provenience for a visitor. It is completely anonymous and is used only to forward a certain content to a certain visitor - for example, even if the visitor is looking at the Romanian version of a webpage he will receive advertising related to the geographical area from which he visits the website.
Cookies for registration
When you register on a website, this one generates a cookie which announces the website if you are or are not registered with that website. The servers use these cookies in order to connect to your registered account and show if you have or have not permission to use different services. Also, it permits the association of a comment on that website to your registered username. If you did not select "Keep me logged in", this cookie is automatically deleted when you close the browser or the device from which you connected to the website.
Other third-party cookies
On certain webpages, third-parties can set their own anonymous cookies, in order to track the usage of an app or to customize it.
For example, when you share an article by using a social network button from a website, that social network will record your activity.
What type of information are saved and accessed through cookies?
Cookies keep information inside a small size text file, information that allow a website to recognize the browser. The web server will recognize the browser until the cookie expires or is deleted.
The cookie stores important information which enhance the navigation on the internet (e.g.: language settings, keeping a user connected to his web mail account, online banking security, keeping the shopping cart details etc.).
Why are cookies important for the internet?
Cookies represent the central point of efficient use of the internet, helping websites to provide a friendlier experience, customized to the preferences of each user. Refusing or deactivating cookies can render some websites even impossible to use.
Examples of important case scenarios for cookie usage (which to not require user authentication through registration):
• Content and services customized for the user's preferences - news categories, weather, sport, maps, public and governmental services, entertainment websites and touristic services;
• Customized offers - saving passwords, language preferences (e.g.: showing search results in Romania);
• Enforcing child protection filters (e.g.: family mode, safe search);
• Measuring, optimizing and analyzing - such as confirming a certain traffic level on a website, what type of content is viewed or how a visitor got to the website (e.g.: through a search engine, direct, from other websites etc.). Websites constantly monitor such usage analyses in order to improve, this thing being ultimately in the best interest of the visitors.
Cookies are NOT viruses! They use plain text formats. They do not contain code, so they cannot be executed, and they cannot self-execute. Therefore, they cannot duplicate or replicate over the network in order to be executed or replicated again. Without these possibilities, they cannot be considered as viruses.
Cookies can nevertheless be used for negative purposes also. Because they save information about the preferences and history of a user, both on a website and other related websites, cookies can be used as a certain form of Spyware. Most anti-spyware products are aware of this fact and they constantly mark cookies for deletion within their scanning/cleaning anti-virus/anti-spyware procedures.
In general, browsers have built-in settings for privacy, which allow the user to choose different levels of cookie acceptance, periods of time for expiration and automatic deletion after a user visited a certain website.
• Customize your browser settings in relation to cookie acceptance, in order to reflect a level of privacy which you deem fit for you;
• If you share the use of a device, you can consider setting the browser to automatically delete individual browsing data each time it is closed. This procedure is a good way of visiting websites based on cookies and delete all that information when you close your browsing session;
• Install and update constantly your anti-spyware and anti-virus software;
• Most prevention and detection anti-spyware software include website attack warning. Thus, it will stop the browser from accessing websites which could exploit browser vulnerabilities or download dangerous software.
Deactivation and refusal of cookie usage can render certain websites unusable or very difficult to visit and use.
It is possible to set the browser as not to accept cookies at all or accept cookies only from a certain list of allowed websites. But, for example, a visitor which is not registered and recognized by the existence of a cookie on its device will not be able to comment on a certain website.
All modern browsers offer the possibility to change cookie settings at any time. These settings are usually found inside the Options/Settings or Preferences/Favorites menus of the browser.
In order to better understand these setting, the following links could be useful:Cookie settings in Internet Explorer