DEFINITIONS
Terms used in this document shall be understood to mean:
- personal data (hereinafter “data”) – shall mean any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly,
- processing –shall be understood to mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
- data subject –any person whose data shall be processed,
- data protection law –shall meanLaw of the Republic of Moldova nr.133 on Personal Data Protection from 08.07.2011
- GDPR – Regulation 2016/679 of European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
If you want to know the details of how we obtain and use your personal data, read this document.
GENERAL INFORMATION
Who is responsible for processing personal data?
Solidarity Fund PL in Moldova (the “SFPL in MD”)
operating address Chisinau, Sfatul Țării str.27, of. 45, MD-2012
fiscal code (IDNO) 1013620007086
IBAN MD69MO2224ASV64024217100
BC “OTP Bank” SA, sucursala nr.29 “Ialoveni”
e-mail: info@solidarityfund.md
The SFPL in MD shall process personal data only in connection with its mission and purposes as set out in its statutes.
On what legal basis are personal data processed at the SFPL in MD?
The SFPL in MD may process ordinary category of personal data on the following grounds:
- processing shall take place following obtaining consent, or
- processing shall take place in connection with activities performed prior to entering into a contract and performance of that contract, or another contract to which data subject and the SFPL in MD are parties,
- processing shall be necessary due to a legal obligation on the SFPL in MD (e.g. Labour Code, insurance, tax regulations),
- processing shall take place in order to pursue the legitimate interest of the SFPL in MD related to the performance of its statutory tasks.
How long shall personal data be processed?
A period for processing personal data shall not exceed the time necessary to achieve a pursued goal, unless contracts binding the SFPL in MD and universally legal binding provisions stipulate other processing periods. In this case, the SFPL in MD shall inform precisely of a different period for processing personal data and the basis for extending or shortening this period.
What rights shall the data subject have in relation to the processing of personal data by the SFPL in MD?
In the course of the SFPL’s in MD processing of personal data, the data subject shall have the following rights under the provisions of the GDPR:
- the right to receive information about the processing of personal data (in particular, information for what purpose, on what basis, and by whom they shall be processed and to whom they shall be made available).
- the right to lodge a complaint with the SFPL in MD about the data processing.
- the right to control data and its processing by exercising in particular:
- the right to request access to personal data, including obtaining information on the manner, purpose and scope of data processing and receiving a copy of the data processed by the SFPL in MD;
- the right to request rectification or amendment of personal data;
- the right to request deletion of personal data. The SFPL in MD shall comply with the request if:
- the data are no longer necessary for the purposes for which they were collected,
- the data subject has withdrawn consent to the processing of his/her data and the SFPL in MD has no other legal basis to process the personal data,
- the data subject objects to the processing of personal data and there are no overriding legitimate grounds on the part of the SFPL in MD for the processing despite the objection,
- the data were processed unlawfully,
- the data should be deleted in order to comply with a legal obligation.
The right to delete data does not apply to data processed on the basis of applicable law or to data processed for the establishment, defence, investigation of possible claims;
- the right to request that SFPL in MD to restrict the processing of his/her personal data. The SFPL in MD shall comply with the request if:
- the data subject notices that the data are inaccurate – the restriction is made for a period that allows the SFPL in MD to verify the accuracy of the data,
- data are being processed unlawfully, but the data subject does not want them to be deleted by the SFPL in MD,
- data are no longer needed by the SFPL in MD, but may be needed by the data subject to establish, assert, or defend a claim,
- the data subject files an objection to the processing of his/her data – the restriction is made until it is determined whether the SFPL’s in MD existing legitimate grounds override the grounds for the objection;
- the right to transfer personal data if the processing is based on his/her consent or is necessary for the conclusion and performance of a contract to which he/she is a party;
- the right to object to the processing of personal data if the processing is based on a legitimate interest of the SFPL in MD;
- the right to withdraw his/her consent to the processing of personal data at any time, whereby the withdrawal of consent does not affect the lawfulness of actions performed prior to the withdrawal of consent.
To exercise your rights, please contact the SFPL in MD directly via email: info@solidarityfund.md – we are committed to protecting your rights to the best of our ability.
If you consider that the processing violates the provisions of the data protection law, you can also lodge a complaint with the National Center for Personal Data Protection of the Republic of Moldova, Serghei Lazo str. 48, Chisinau, MD-2004, tel. +373 22 820 801, fax: +373 22 820 810, website: www.datepersonale.md, email: centru@datepersonale.md.
Can the SFPL in MD share personal data with other entities?
In general, the SFPL in MD shall not share personal data with other entities. However, in some situations, transfer of personal data may be necessary or indispensable to achieve the purposes of the processing.
Entities with whom SFPL in MD may share personal data shall be included in the following categories:
- Partners of the SFPL in MD,
- Companies that provide IT services and server maintenance,
- Companies that provide telecommunications services,
- External legal counsel,
- Tax authorities and Banks,
- State social/medical insurance institution, Insurance companies,
- Auditors.
The SFPL in MD may also disclose personal data in order to respond to requests made by authorised governmental and judicial authorities (e.g., prosecutors, courts, police, and offices) as well as to requests from entities that co-fund its activities and control the use of its funds.
Information regarding the processing of personal data within the SFPL’s in MD website and social media
I. Visitors to the SFPL’s in MD website
When you visit the SFPL’s in MD website, you remain anonymous until you decide otherwise. The information contained in system logs (e.g. IP address) is used by the SFPL in MD for technical purposes related to server administration. In addition, IP addresses are used to gather general, statistical demographic information such as the region from where you connect to us. Provision of personal data is therefore voluntary, and failure to provide such data has no consequences for the person visiting the website.
Our website uses the “cookies” and similar technologies – hereinafter collectively referred to as the Cookies.
The legal basis for the collection of your personal data derived from the Cookies comes from Article 6(1)(f) GDPR. Data read from the Cookies shall be used to:
- adapt the website to your individual settings, such as your choice regarding the storage of Cookies on your device or the display language,
- conduct statistical analysis of website visitors, such as website visitation statistics, which shall serve to, among other things, build development strategies and enhance website transparency.
Data shall be processed until the purposes for which it was collected (as indicated above) are achieved, or until an effective objection is raised to the processing of the data or until you delete the Cookies from your terminal device you use to connect to SFPL in MD website depending on which event occurs first.
For more information about the Cookies, including how to manage and delete the Cookies, please see the “Cookies Policy” section below.
II. SFPL in MD and social media
Data about users of the SFPL’s in MD website may also come from the use of social networking plug-ins available on the website.
Following the wording of the judgment of the Court of Justice of the European Union of June 5, 2018 (Ref. C-210/16), Meta Platforms Ireland Ltd (formerly: Facebook Ireland Ltd; “Facebook”) shall be the joint controller of personal data of the SFPL’s in MD fanpage users.
Additionally, following the wording of the judgment of the Court of Justice of the European Union of 29 July 2019 (Ref. C-40/17), Facebook shall also be the joint controller of personal data of people using the Facebook plug-in posted on the SFPL’s in MD website.
The purpose and scope of data collection and further processing and use by Facebook, as well as privacy rights and settings, can be found in Facebook’s privacy policy >>>>>
As the SFPL’s in MD collaboration with Facebook involves the joint control of personal data, the data subject shall have the right to obtain an extract of the arrangements made between Facebook and the SFPL in MD with regard to the joint control to be carried out. An extract of key informationis available here >>>>>
Twitter International Company with its registered office in Ireland (“Twitter”) shall be jointly responsible for the processing of personal data of users of the SFPL’s in MD profile on Twitter.com and of users of the Twitter plug-in on the SFPL’s in MD website.
The purpose and scope of data collection and further processing and use by Twitter, as well as privacy rights and settings, can be found inTwitter’s privacy policy >>>>>
Collaboration with YouTube (Google):
YouTube is a service provided by Google. Google Ireland Limited (“Google”) shall be jointly responsible for the processing of personal data of users of the SFPL’s in MD profile on YouTube.com and of persons using the YouTube plug-in on the SFPL’s in MD website.
The purpose and scope of data collection and further processing and use by Google, as well as privacy rights and settings, can be found in Google’s privacy policy >>>>>
Where does the SFPL in MD obtain data from in connection with its work with social media providers?
In working with social networking providers, the SFPL in MD obtains personal data in part directly from users of its website and in part from user profiles on these sites.
- To the extent that the SFPL in MD obtains data directly from the data subject, the provision of personal data is completely voluntary, and failure to provide such data has no effect on the data subject.
You may use the website and the SFPL’s in MD social media profiles without providing any personal data and remain anonymous at all times (where you are merely browsing the website or any of the SFPL’s in MD profiles on these sites without interacting with the plugins or these profiles).
- To the extent that the SFPL in MD obtains data as a user from the data subject’s social media profiles in connection with interaction with the plugins, disclosure shall be made of data about the data subject in the form of anonymous statistical summaries prepared by the social networking providers (Facebook, Twitter, Google).
- To the extent that the SFPL in MD obtains data from the data subject’s social media profiles in connection with interaction with the SFPL’s in MD profile located on those sites, disclosure shall be made of any data posted to the data subject’s profile that is marked as “Public” or that the data subject explicitly makes available to the SFPL in MD through his/her profile by marking you’re his/her privacy settings so that it can be reviewed. As with plug-ins, when the data subject interacts with the SFPL’s in MD social networking profiles, the SFPL in MD may also obtain anonymous statistical summaries from the social networking providers (Facebook, Twitter, Google) which are also prepared with personal data included.
How and why does the SFPL in MD use data in connection with its work with social media providers?
The SFPL in MD processes your data in order to create analyses, statistics and summaries that shall serve to improve the effectiveness of our actions and build a development strategy – in the vast majority of cases such statistics are created on the basis of non-personal data or anonymised data. In some cases, personal data collected through the Cookies may be used. Should personal data be used for this purpose, their processing shall be carried out on the basis of the need to execute the SFPL’s in MD legitimate interest in the form of carrying out analytical and statistical activities aimed at the development of the SFPL in MD.
Personal data disclosed by data subject as part of his/her social media profiles shall also be processed in order to share information about the SFPL in MD and its functioning and initiatives undertaken as well as to inform about the SFPL’s in MD activities, for the purpose of realising its legitimate interests.
In connection with the operation of social networks, there may be profiling of the user, i.e., creation of a profile containing information about the interests or certain characteristics of the user. Certain features provided by social media providers allow the compilation of personal data about users and the creation of statistics and summaries from that information that the SFPL in MD may later use to tailor the content it shares with users. At the same time, the decisions based on the created profiles shall not be made in an automated manner.
Data collected by the SFPL in MD in connection with social networking plugins and through social media profiles shall also be processed by the providers of these social networking sites as joint data controllers for the purposes and in the manner specified in their own privacy policies. These data may be processed outside the European Economic Area (EEA), and the social networking providers shall ensure that the data subject’s privacy is respected when data shall be processed outside the EEA. Additional privacy information can be found in the privacy policies of the providers.
In addition, the personal data disclosed as public on social networking sites may be available to an unrestricted audience, including audiences in countries outside the European Economic Area (EEA). As SFPL in MD has no control over the content that data subject posts on social media, it is urged to share content in a reasonable fashion.
COOKIE POLICY
Cookies are IT data, in particular text files, which are stored on the end device of a website user and are intended for use on websites. More information about Cookies >>>>> [1]
How and why does the SFPL in MD use Cookies?
As part of its website, the SFPL in MD uses Cookies that are persistent in nature, functional Cookies that allow the SFPL in MD to remember the data subject’s settings for the website, and analytical Cookies provided by third parties that are solely responsible for the cookie technology used.
For information on what Cookies are distributed within the SFPL’s in MD website, please use the settings of the browser you use to connect to our website.
SFPL in MD does not combine the usage data and information contained in Cookies with any other data in its’ possession or to which it may have access.
You can change your Cookie management settings. You can use your Internet browser to delete Cookies that have already been saved. If you do not want Cookies to be stored on your device in the future, you can change your browser settings. However, you should be advised that disabling or limiting the use of Cookies necessary to maintain your preferences may make it difficult, and in extreme cases, even impossible for you to use our website (e.g., make you have to reselect the language in which the SFPL’s in MD website is displayed each time).
INFORMATION ON PROCESSING OF PERSONAL DATA IN INDIVIDUAL PROCESSES CARRIED OUT BY THE SFPL IN MD
I. Processing of personal data in grant and partnership projects implemented by the SFPL in MD– information for Applicants (contact persons and persons representing Applicants).
The purpose of processing personal data is to carry out the call for proposals under the grant competition or the call for partnership proposals, i.e. to:
- enable submission of an application for funds under a grant competition or partnership call and to contact the Applicant;
- analyse and evaluate the project proposal and select entities to receive funding.
The scope of data processed includes: name and function of the contact person or person representing the Applicant, mailing address, telephone number, name and registration data of the organisation, information about key persons in the project implementation (position and responsibilities).
Provision of contact details and details of persons representing the organisation by the Applicant shall be necessary for the call for proposals. Provision of other data shall be voluntary.
Data shall be processed on the basis of consent and for the purposes of the SFPL’s legitimate interests, until the evaluation of the application and selection of the entities that shall receive funding, and thereafter for the period necessary to secure the SFPL’s in MD potential claims and to demonstrate the accountability of the SFPL’s in MD actions.
The data shall be made available to members of the Commission or Panels reviewing the proposals. Team members may also include representatives of donors and other national and foreign public entities.
II. Processing of personal data in grant and partnership projects carried out by the SFPL in MD
Information for Grant Recipients, Partners (contact persons and those representing Grant Recipients and Partners), and Beneficiaries.
The purpose of processing personal data shall be to:
- undertake activities prior to the conclusion of the agreement, in pursuit of its conclusion, and after its conclusion, implementation of the agreement and the grant/partnership project, including monitoring of project activities;
- enforce reporting obligations and evaluation of the project;
- comply with other legal obligations imposed on the SFPL in MD, including those under tax and accounting law,
- secure potential claims, including those related to the implementation of the accountability principle.
The scope of data processed may include:
- in case of contact persons – name, surname, e-mail address, telephone number, address data, other information necessary for realisation of project activities.
- In the case of persons authorised to represent the entity – name, surname and function in the organisation, and for the purposes of carrying out the verification process in relation to the provisions on anti-money laundering, terrorist financing and organised crime, anti-corruption and sanctioning regimes in force in the territory of the Republic of Moldova, also address of residence, e-mail address, citizenship held, information on the status of the beneficial owner in the entity.
- In the case of persons involved in the project on the part of the Grant Recipient or the Partner – name and surname, e-mail address, telephone number, address of residence or professional activity, data on professional experience, and education and other information necessary for the implementation of project activities.
- In the case of persons representing Grant Recipients/Partners and in the case of Beneficiaries, personal data shall be processed due to the legally justified interest of the SFPL in MD as an controller – performance of statutory activities, security of potential claims, performance of the contract and the grant/partnership project, including the monitoring of project activities, enforcement of reporting obligations, project evaluation, ensuring contact with the Grant Recipient/Partner, security of potential claims, including those related to the implementation of the accountability principle.
Grant Recipients, Partners (contact persons and those representing Grant Recipients and Partners), and Beneficiaries have the following rights under Articles 15-22 of the GDPR: link to art.15-22
If you are a Grant Recipient/Partner and you provide the data of other natural persons (Beneficiaries, other persons connected with the realisation of the project), you need to remember about your obligation to inform these persons about the category and the purpose of processing of their personal data, about making their personal data available to the SFPL in MD.
III. Conducting contract award procedures under the Procurement Procedure
Personal data shall be processed for the purpose of conducting procurement proceedings and entering into a contract, and the legal basis for its processing is the obligation to apply formalised procurement procedures incumbent on the SFPL in MD.
The scope of the processed data may include first name, surname, date of birth, e-mail address, citizenship data, information regarding the organisation and its beneficiaries, function in the organisation, telephone number, address data, data regarding bank account data, and other information required by law and by the Procurement Policy.
IV. Processing of data in the recruitment process of Candidates for employees and co-workers
The purpose of processing personal data shall be to:
carry out the process of recruitment of employees and co-workers as well as to establish the employment or collaboration relationship based on a contract.
The scope of data processing may include: name, surname, data concerning professional experience, education, contact details, other information voluntarily provided in the CV and other documents (e.g. cover letter) submitted to the SFPL in MD.
Personal data in the process of recruitment of future employees shall be processed on the following grounds: execution is necessary for the performance of a legal obligation of the SFPL in MD in connection with the relevant provisions of the Labour Code, in order to take steps prior to entering into a contract and for the performance of the contract to which the data subject is a party, due to a legitimate legal interest.
Personal data in the process of recruitment of co-workers shall be processed on the following grounds: in order to take steps prior to the conclusion of a contract and for the performance of the contract to which the data subject is a party, due to the legitimate legal interest of the SFPL in MD.
Data shall be made available to authorised employees of the SFPL in MD.
The data shall be processed for the period necessary to carry out the recruitment process and to secure potential claims, and in the case of consent – for the purpose of future recruitment.
Candidates for employees and co-workers have the following rights under Articles 15-22 of the GDPR: link to art.15-22
V. Processing of Staff Personal Data
Personal data of the employees shall be processed on the following grounds: the processing shall be necessary for the performance of a legal obligation of the SFPL in MD in connection with relevant labour and data protection legislation, among others. The data subject is obliged to perform the activities which are required under the Labour Code, tax regulations, social/medical insurance, in order to take steps prior to concluding a contract and to perform the contract to which the data subject is a party.
Personal data of the employees shall be made available to authorised employees of the SFPL in MD, and in the scope in which it is required under contracts and provisions of law: to the donor, the social/medical insurance institution, other offices and institutions authorised to control by law, as well as to auditors insofar as it is required for audit research. Upon knowledge and consent, personal data of the employees may also be shared with other entities such as training companies for the purpose of conducting a training, workshop, seminar, team-building event.
SFPL in MD employees have the following rights under Articles 15-22 of the GDPR: link to art.15-22
VI. Processing of data in connection with whistleblowing procedure (whistleblowing and whistle-blower protection)
The provision of data in a whistleblowing procedure is not mandatory.
Whistle-blower’s personal data shall be processed to:
- analyse the received notification and conduct an investigation in accordance with the procedures in force at the SFPL in MD and the commonly applicable laws, the legal basis is formed by implementation of the legal obligation to implement the procedure for reporting by employees or other persons performing activities for the SFPL in MD of actual or potential violations of regulations in connection with the legitimate interest, which is the prevention of fraud;
- detect and mitigate fraud in connection with the SFPL in MD’s activities and conducting investigations. The legal basis for the processing is the SFPL’s in MD legitimate interest in protecting the SFPL in MD’s property interests from possible misuse;
- establish or assert possible claims or the defence against such claims by the SFPL in MD. The legal basis for data processing is the legitimate interest of the SFPL in MD in enabling the establishment, investigation or defence against claims.
The information may be shared with the following entities:
- entities and authorities authorised to process such data under the provisions of law,
- entities that the SFPL in MD has contracted to perform activities related to its operations, including IT solutions and services providers and entities that provide archiving and document destruction services.
Whistle-blower’s personal data shall be retained until the investigation is complete. Once the investigation has been completed, data may be retained until the statute of limitations for claims related to the completed investigation.
Whistle-blowers have the rights under Articles 15-22 of the GDPR: link to art.15-22