Overview

Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document - GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable starting with May 25, 2018. This Regulation expressly repeals Directive 95/46 / EC, thus replacing the provisions of Law no. 677/2001 (currently repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons located within the territory of the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data concerning legal persons and, in particular, undertakings with legal personality, including the name and type of legal person and the contact details of the legal person.

Personal data are defined as any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier or one or more specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity.

The processing of personal data involves any operation or set of operations performed on personal data or data sets, with or without the use of automated means, such as collecting, recording, organising, structuring, storing, adapting or modifying, extracting , consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction.

​

The identity of the operator

Noting that the Regulation does not apply to the processing of personal data carried out by a natural person in an exclusively personal or domestic activity, the operator who processes personal data through this website is Diana Teodora Popa, identified by 2910105046285, with contact details contact@psihologdianapopa.com.

Recital 18 of the GDPR states that personal or domestic activities should not be related to professional or commercial activity. Personal or domestic activities may include correspondence and the directory of addresses or activities within social networks and online activities carried out in the context of those activities.

​

Collection of personal data
What are the personal data collected

The operator of this website collects, stores and processes the following personal data about you:

Name surname
Personal identification number
Series and identity card number
Home and / or residence address
Contact details (such as email, phone, fax)

​

Obtaining General Consent

In order for the processing of personal data to be lawful, the GDPR provides that it is carried out on the basis of a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or the valid consent expressed by the data subject. In the latter case, the controller is required to be able to demonstrate that the person concerned has given his consent to such processing. Consent expressed under Directive 95/46 / EC remains valid if it meets the conditions set out in the GDPR.

Consent must be given by an unequivocal statement or action which constitutes a freely expressed, specific, informed and clear manifestation of the data subject's consent to the processing of his or her personal data. Where the consent of the data subject is given in the context of a statement, in electronic or written form, which also covers other matters, the request for consent must be made in a form which clearly distinguishes it from other matters, it can be done even by checking a box. In order for the processing of personal data to be lawful, the GDPR provides that it is carried out on the basis of a legitimate reason, such as the performance or conclusion of a contract, the fulfillment of a legal obligation, or the valid consent expressed by the data subject. In the latter case, the controller is required to be able to demonstrate that the person concerned has given his consent to such processing. Consent expressed under Directive 95/46 / EC remains valid if it meets the conditions set out in the GDPR.

​

Cookies

Cookies are used on this site. They do not harm your computer and do not contain viruses, but are intended to help make the site easier, more efficient and safer to use. They are small text files that are saved on your computer and saved by your browser.

Many of the cookies used are called "session cookies", which are automatically deleted after visiting this site. Others remain in your computer's memory until you delete them, making it possible to recognise your browser at a later visit.

You can configure your browser to inform you about the use of cookies, so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser may be set to automatically accept cookies under certain conditions or to always reject them or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions that you wish to use (such as shopping cart) are stored in accordance with the provisions of art. 6 para.1 lit. f) of the GDPR, according to which the processing is legal only if and insofar as it is necessary for the purpose of the legitimate interests pursued by the operator or by a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies, in order to ensure an optimisation without technical errors. Other cookies (such as those used to analyse your browsing behaviour) are also stored and will be treated separately in this document.

​

Contact form

If you send us questions via the contact form, we will collect the data entered in the form, including the contact details you provide, to answer your questions and others. We do not transmit this information without your permission. Therefore, we will process all data you enter in the contact form only with your consent [in accordance with the provisions of art. 6 para. 1 lit. a) GDPR]. You can revoke your agreement at any time, as an informal email will suffice. The data processed before receiving your request can be legally processed. We will keep the data you provide on the contact form until:

request data deletion;
revoke the consent for their storage or if the purpose for its storage is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

​

Contact by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request, including all personal data you provide, will be stored and processed by us for the purpose of resolving your request, based on your consent.

Therefore, we will process all data you provide under the following legal provisions in the GDPR, respectively:

only with your consent - in accordance with the provisions of art. 6 para. 1 lit. a) GDPR
for the execution of a contract or in the pre-contractual stage - in accordance with the provisions of art. 6 para. 1 lit. b) GDPR
for fulfilling the purpose and the legitimate interest pursued by us, respectively that of efficient processing of the requests sent by you - in accordance with the provisions of art. 6 para. 1 lit. f) GDPR.

We will keep the data you provide in this way until:

request data deletion;
revoke consent to their storage or if
the purpose for its storage is no longer valid, in all cases except for mandatory data retention periods.

​

Purpose of processing the collected data

Some of the data collected on this site are used for:

Providing the services we provide for your benefit (for example, to resolve issues of any kind regarding our products and services, to provide support services, etc.)
Optimal operation and optimisation of this site (statistical and analytical) - We always want to offer you the best experience on our site, which is why we can collect and use certain information about the degree of satisfaction you have had while browsing this site, we may invite you to complete suggestion questionnaires or the like.

Regular user information - We want to keep you informed about our offers. In this regard, we may send you any type of message containing general and thematic information, information on offers or promotions, as well as other commercial communications such as market research and opinion polls. For communications of this type, we have as a basis the consent obtained in advance from you. You can change your mind and withdraw your consent at any time.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and reasons for the proper execution of contracts or the realisation of the legitimate interests of the controller (unless the interests prevail or the fundamental rights and freedoms of the data subject, which require the protection of personal data, especially when the data subject is a child).

​

Users' rights

Your rights regarding personal data and the means of exercising them are: The right to information, the right of access, the right to rectification, the right to deletion of data, the right to restrict processing, the right to data portability, the right to object, the right not to is the subject of a decision based exclusively on automatic data processing, the right to lodge a complaint and to go to court, the right to withdraw consent.

Right to information - you can request information on the processing of your personal data, on the identity of the controller and his representative or on the recipients of your data;
Right of access - you can obtain from the operator a confirmation that personal data concerning you are processed or not and, if so, access to those data and to the following information: purposes of processing; the categories of personal data concerned; recipients or categories of recipients to whom personal data have been or are to be disclosed, in particular recipients from third countries or international organisations; where possible, the period for which personal data are expected to be stored or, if this is not possible, the criteria used to establish this period;

the right to request the operator to rectify or delete personal data or to restrict the processing of personal data or the right to oppose the processing, etc. Right to rectification - you can rectify inaccurate personal data or complete them; The right to delete data - you can obtain the deletion of data, if their processing was not legal or in other cases provided by law;

The right to restrict the processing - you can request the restriction of the processing in case you dispute the accuracy of the data, as well as in other cases provided by law;
Right to data portability - you may receive, under certain conditions, the personal data you have provided to us, in a format that can be read automatically or you can request that the data be transmitted to another operator

Right to object - you may object in particular to data processing which is based on the legitimate interest of the controller;
The right not to be subject to a decision based exclusively on automatic data processing - you can request and obtain human intervention on that processing or you can express your own point of view on this type of processing;

The right to file a complaint and to address the courts - you can file a complaint regarding the processing of personal data with the National Authority for the Supervision of Personal Data Processing and / or you can contact the courts for the observance of your rights;

Right of withdrawal of consent - in cases where the processing is based on your consent, you can withdraw it at any time. Withdrawal of consent will have effect only for the future, the processing carried out prior to the withdrawal remaining valid.

​

Obligations of the data Hosting / Hosting operator

Personal data recorded on this website is stored on TransIp servers. The processing of data provided and stored complies with the following legal provisions:

art. 6 para. 1 lit. a) GDPR - data processing by TransIp is performed based on your consent, obtained after a correct and complete information;
art. 6 para. 1 lit. b) GDPR - data processing by TransIp takes place in order to fulfil the contractual obligations assumed;

art. 6 para. 1 lit. f) GDPR - data processing by TransIp is performed for the purpose of legitimate interests pursued by the operator

​

Regardless of the purpose for which the processing of personal data takes place, the principles of legality, fairness and transparency are respected, but also the one according to which the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which are processed.

For more information on the processing of personal data by TransIp, visit

​

https://www.transip.nl/legal-and-security/

​

We have a contract / convention / legal act (including the possibility to include and agree to the clauses of the Terms and Conditions of the website) concluded with TransIp to ensure the processing of personal data in accordance with legal regulations in the field. We comply with our obligations under Article 28 of the GDPR by choosing an external service provider that provides sufficient guarantees for the implementation of appropriate technical and organisational measures so that processing complies with the requirements of the Regulation and ensures the protection of your rights.

​

Data encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognised by you by the lock icon that appears in the browser bar and by changing the address of that browser from http: // to https: //. Once such encryption is enabled, transmitted or transferred data will not be visible to third parties.

According to GDPR, if the breach of personal data security is likely to pose a high risk to your rights and freedoms, the operator of this website will inform you, without undue delay, of this breach, unless the supplementary provisions become incidental. of the same Regulation (art. 34 para. 3).

​

Data protection officer

Not being applicable the provisions of the GDPR regarding the obligation to appoint a Data Protection Officer (art. 37 para. 1 - according to which the Operator and the person empowered by the controller designate a data protection officer whenever:

1. the processing is carried out by a public authority or body, with the exception of courts acting in the exercise of their jurisdictional function;

2. the main activities of the controller or of the person authorized by the controller consist of processing operations which, by their nature, scope and / or purposes, require regular and systematic monitoring of the persons concerned on a large scale; or

3. the main activities of the controller or the controller are the large-scale processing of special categories of data pursuant to Article 9 or of personal data relating to criminal convictions and offenses referred to in Article 10)

​

For any information or clarifications regarding the operation of this website, please contact us at the following dates:

Name: Psychologist Diana Popa
E-mail: contact@psihologdianapopa.com

​

Records of processing activities

According to the GDPR Regulation, the controller or the person authorised by the controller should keep, for a reasonable period, records of the processing activities under his responsibility. Thus, these records will contain the following information:

the name and contact details of the operator for the purposes of processing;

description of the categories of data subjects and of the categories of personal data; the categories of recipients to whom the personal data have been or will be disclosed; if appropriate:

transfers of personal data
deadlines for deleting the various categories of data a general description of the technical and organisational security measures

​

The obligation detailed above does not apply to an undertaking or organisation with less than 250 employees, unless the processing it carries out is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional or the processing includes special categories. data or personal data relating to criminal convictions and offenses.

​

Appropriate technical and organisational measures

Given the current state of technology, the context and purposes of the processing, as well as the risks to the rights and freedoms of individuals, the controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data that are processed are processed. necessary for each specific purpose of the processing.

Notification to the supervisory authority in case of personal data breach

According to art. 33 para. 1 of the GDPR, in case of a breach of security of personal data, we will notify the National Authority for Supervision of Personal Data Processing without undue delay and, if possible, within 72 hours from the date on which I became aware of it, unless it is unlikely to pose a risk to the rights and freedoms of individuals.

Informing the data subject about the personal data breach of personal data

Reported to the provisions of art. 34 of the GDPR, if the breach of security of personal data is likely to pose a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay about such breach, unless:

adequate technical and organisational protection measures have been implemented, and these measures have been applied to personal data affected by the breach of personal data security, in particular measures to ensure that personal data become unintelligible to any person is authorised to access them, such as encryption;

further measures have been taken to ensure that the high risk to the rights and freedoms of the persons concerned mentioned above is no longer likely to materialize;
it would require a disproportionate effort. In this case, public information shall be provided instead or a similar measure shall be taken to inform the data subjects in an equally effective manner.

​

Plugins and Tools

Google Web Fonts

This site uses the fonts provided by Google to ensure the uniform use of fonts on this site.

When you visit a page on this website, your browser will load, as a result of establishing a connection with Google's servers, the web fonts needed to display the correct text and fonts. So,

The use of Google Web Fonts is based on Art. 6 para. 1 lit. f) GDPR, there is a legitimate interest in the uniform presentation of the font on this website. If there is a consent expressed in this regard (for example, consent to the archiving of cookies), the data will be processed exclusively based on art. 6 para. 1 lit. a) GDPR.

For more information about how Google Web Fonts handles user data, see the Privacy Policy available at: https://policies.google.com/privacy?hl=en .

​

Audio-Video Communications Audio-Video Communication Services

We use specific tools for online conferences to communicate with our clients. If you choose to communicate with us through one of these tools, your personal data will be collected and processed by both us and the provider.

These tools collect all the information you provide (for example, your email address or phone number). Other information is processed such as the duration of the conference, the time spent in that conference, the number of participants, other information specific to the operation of these tools, but also technical data (such as: IP addresses, type of devices used, type and version of operating system, details about the camera and microphone used, but also data and content information - text messages, voice messages, photos and uploaded files, etc.).

The legal bases for the processing of personal data through these tools are represented by:

art. 6 lit. b) of the Regulation, in order to communicate effectively with our contractual partners and with current or potential clients;

art. 6 lit. f) of the Regulation, based on our legitimate interest in the legality of processing, from the perspective of simplifying and accelerating communication with us.

However, we would like to inform you that we do not have full control over all procedural and legal aspects of the processing of personal data, in which sense please consult the privacy policies of the suppliers of such video-audio tools. communication. To the extent that your consent has been sought, the use of that tool will be made on the basis of this consent, until its withdrawal.

As for the duration of storage of data processed as a result of the use of these tools, outside the legal periods of storage, at your request or if storage is no longer necessary, personal data will be deleted by us. However, for more details on the storage of data by audio-video communication tool providers for their own purposes, please contact them and study their privacy policies.

​

Conclusion

This policy on the processing of personal data is generated in accordance with the provisions of Regulation no. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, but also with the other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend that you consult the Policy regularly for accurate and up-to-date information regarding the processing of personal data.

For further details regarding this GDPR Policy, as well as for the exercise of any of the aforementioned rights, a written notice may be sent to the contact details indicated above.