Privacy policy

This privacy policy applies to the www.sts.ro site, developed and operated by the Special Telecommunications Service.

All personal data processing activities carried out within or in connection with the www.sts.ro site comply with the provisions of the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)and Law no. 190/2018.

Terms and definitions

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Consent means any  freely given, specific, informed and unambiguous manifestation of the user/data subject's will by which he or she agrees, through a statement or an unequivocal action to the processing of personal data relating to him or her;

Cookie - "Internet Cookie" (also known as "cookie browser" or "HTTP cookie" or simply "cookie") is a small file of letters and numbers that will be stored on user’s computer, mobile terminal or other equipment from which the Internet is accessed. The cookie is installed on a web browser request from a browser (eg Internet Explorer, Chrome) and is completely "passive" (does not contain software, viruses or spyware, and can not access the information on the user hard drive). A cookie consists of two parts: the name and the content or the cookie value. Furthermore, the duration of a cookie is determined; technically, only the webserver that sent the cookie can access it again when a user returns to the web site associated with that webserver.

Operator – Serviciul de Telecomunicații Speciale, care prelucrează date cu caracter personal în UE, conform legislației și prezentei politici.

User is a the natural person, a Romanian or foreign citizen, who expresses his / her consent to access the sts.ro site, according to the operator's policies.

Supervisory authority is the National Supervisory Authority for Personal Data Processing (NSAPDP).

Principles

The operator's privacy policy is based on the following principles:

1. Personal data is processed lawfully, fairly and in a transparent manner.
2. Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3. Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Personal data is rigorously accurate and, where necessary, kept up to date.
5. Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
6. Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

The lawful basis for personal data processing

Personal data processing is performed on the express, freely expressed, specific and unambiguous consent of the sts.ro site user in accordance with applicable law and under the terms of this policy.

It may constitute a ground for personal data processing: a contract, a user request before entering into a contract, the need to comply with a legal obligation, the legitimate interest of the operator or a third party, the need to protect the vital interests of the user or other natural person, fulfilling a task that serves a public interest.

Security measures implemented

We are constantly concerned with the implementation of the necessary security measures n order to minimize the risks of unauthorized access to data and implicitly the impact on the users privacy:
-    limiting the IPs number from which the server where the database and the web server we have can be accessed;
-    renaming the dynamic login address
-    using CAPTCHA.

User Rights

The Regulation gives the user a series of rights, which are presented briefly below:

1. the right to information and access to personal data by which one can get confirmation from us that we process personal data or not, have access to that data and information on the methods and purposes of its processing;

2. the right to data rectification, which may be exercised in order to obtain, with out undue delay, the rectification of inaccurate data or the completion of personal data which are incomplete;

3. the right to erase the data (the right „to be forgotten”), by which personal data can be erased without undue delay for one of the following reasons:
i. the personal data are no longer necessary in relation to the purposes for which they were collected or  processed;
ii. the user/data subject withdraws consent on which the processing is based  and where there is no other legal ground for the processing;
iii. the user/data subject objects to the processing and there are no overriding legitimate grounds for the processing;
iv. the personal data have been unlawfully processed;
v. the personal data have to be erased for compliance with a legal obligation;
vi. the personal data have been collected in relation to the offer of information society services.

4. the right to restriction of processing may be exercised in the following situations:
i. when the accuracy of the personal data is contested, for a period enabling us to verify their accuracy;
ii. the processing is unlawful and the user opposes the erasure of the data, requesting the restriction of their processing instead;
iii. we no longer need the personal data for the purpose of the processing, but thy are required by the user for the establishment, exercise or defense of a right in court;
iv. when the user has objected to processing on grounds relating to his particular situation, for the period of time of the verification whether the legitimate grounds of the operator override those of the user.

5. the right to object, under which the user shall have the right to object to the processing of personal data, including the creation of profiles, on grounds relating to his particular situation, in situations where the processing is necessary for the performance of a task carried out for reasons of public interest, or when it takes place for the legitimate interests pursued by us or a third party. In such cases, the processing shall be carried out only if it is justified by legitimate and compelling reasons which override the interests, rights and freedoms of the user or where the purpose of the processing is the establishment, exercise or defence of a right in court.
Where personal data are processed for direct marketing purposes, the user has the right to object at any time to processing of data, including profiling, to the extent that is related to direct marketing.

6. the right to data portability, which allows the user to receive the personal data concerning him and which he has provided in a structured, commonly used and which can be automated readable (machine-readable format) and transmit this data to another operator, under the conditions in which the processing is based on consent or on a contract and is carried out by automatic means.
Under this right, the personal data related to the user may be transmitted directly from one operator to another, where technically feasible. 

Modification/updating of the personal data processing policy

This personal data processing policy may be updated as a result of changes in relevant legislation or changes in the structure and functions of the sts.ro website.

If changes are made to the personal data processing policy, users will be notified by e-mail and/or notifications within the application, before the changes enter into force.  

We encourage users to periodically review this page in order to be informed of our latest personal data processing practices.

Cookie policy

By browsing the sts.ro website, through your browser, small files with data, known as session cookies, can be stored in your computer.
Session cookies
- are used to identify a device in a unique way in order to make statistics on the number of visitors;
- the lifetime of these cookies ends when the Internet browser closes;
- do not store information that identifies a person or personal data;
- do not contain viruses, malicious code, and cannot extract data from the visitor's device.
Some cookies are essential and without them we cannot provide some of the services of this portal.  Other cookies may be disabled, although this will affect the functionality of the sts.ro website.

Cookie Management

Cookies can be controlled by deleting or blocking them from the browser settings, as desired. If you do so, certain website features may not work properly, and you may have to manually set up some preferences each time you visit our website.

All modern browsers offer the ability to change cookie settings. These settings are usually found in your browser's "options" section or "preferences" menu.

Learn how to manage cookies using the most popular browsers:

https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?
https://support.google.com/chrome/answer/95647?hl=en
https://support.apple.com/kb/PH21411?locale=en_US
How to contact us

For inquiries or questions regarding the processing of your personal data, you can address with a written request: The Special Telecommunications Service, headquartered in 323A Splaiul Independentei, District 6, Bucharest. Responsible for the Protection of Personal Data (DPO) – telephone: 0212022155 and email: dataprotection@stsnet.ro.

If you would like to file complaints about the processing of your personal data, you can write to the same address, and we will respond to you within the legal deadlines, in accordance with our internal policies and procedures.

In the unlikely event that you believe that your personal data processing rights have been violated and the Special Telecommunications Service did not address the complaint properly, you may address to the Personal Data Processing Supervisor.

The National Supervisory Authority for Personal Data Processing in Romania headquartered in Bucharest, 28-30 G-ral Gheorghe Magheru Bld, District 1, postal code 010336.

 

 

 

 

 

 

 

Contact
Public Relations Office
Press Office
Monday-Friday: 08:00 - 16:00
+4021.202.21.88
+4021.202.21.41
or
Special Telecommunications Service © 2018 All Rights Reserved.