Last updated: 21.03.2025

1. General information

Assa Foundation, headquartered in Str. Nuferilor no. 5, Izvorani village, Ilfov county, CIF 46338647, as a personal data controller, respects the right to privacy of each user of the website www.fundatiaassa.org, in accordance with Regulation (EU) 2016/679 on data protection (GDPR).

This policy explains how we collect, use, store and protect personal data.

2. Categories of data collected

Through the website, the Foundation may collect the following data:

• Identification data: name, surname

• Contact data: e-mail address, telephone number (if provided voluntarily)

• Payment/donation data: donated amount, payment method, transaction date (we DO NOT collect and DO NOT store bank card details)

• Technical data: IP address, browser type, navigation data (via cookies)

3. Purposes of data processing

The data is collected and used exclusively for the following purposes:

• Processing donations and issuing proofs (upon request)

• Communicating with donors or visitors who contact us

• Compliance with legal and financial obligations

• Improving the experience on the website (anonymous statistical analyses)

• Periodic information about the Foundation’s activity, only if you have given your consent

4. Legal basis of processing

Data processing is based on one or more of the following legal grounds:

•Explicit consent (art. 6 par. 1 lit. of GDPR)

•Execution of a contract or request (e.g. request for information or donation)

•Legal obligations (e.g. tax legislation)

•Legitimate interest of the Foundation (e.g. improvement of services, prevention of fraud)

5. Transmission of data to third parties

The Foundation does not sell or rent personal data to third parties. We may only transmit data to:

•Payment processor Stripe, for processing online donations (see Stripe policies: https://stripe.com/privacy)

•Public authorities, upon their legal request

•Service providers (e.g. hosting, accounting), only on the basis of a confidentiality agreement

6. Duration of data retention

The collected data are kept only for the period necessary for the purposes mentioned above or in accordance with legal provisions. Transaction and financial data are kept for a minimum of 5 years, according to Romanian tax law.

7. User rights

According to the GDPR, you have the following rights:

•Right of access to your personal data

•Right to rectify data

•Right to erase data (“right to be forgotten”)

•Right to restrict processing

•Right to data portability

•Right to object

•Right to withdraw your consent at any time

•Right to file a complaint with ANSPDCP – www.dataprotection.ro

For any request regarding personal data, you can contact us at: office@fundatiaassa.org

8. Data security

Fundația Assa implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss or destruction. The website uses encrypted connections (SSL).

9. Cookie Policy

The website may use cookies for traffic analysis or navigation improvement. They do not personally identify users. You can accept or block cookies in your browser settings.

10. Changes

We reserve the right to update this policy, depending on legislative changes or the Foundation’s activity. We recommend that you check this page periodically.