Consumer protection policy: principles and instruments

Consumer protection policy: principles and instruments
 
Legal basis
Articles 4(2)(f), 12, 114 and 169 of the Treaty on the Functioning of the European Union (TFEU) and Article 38 of the Charter of Fundamental Rights of the European Union.
Objectives
In order to promote their interests and ensure a high level of protection, the Union must contribute to protecting the health, safety and economic interests of consumers. In addition, the Union must promote consumers' right to information and education and their right to organise themselves in order to protect their interests. Consumer protection must be integrated into all relevant policy areas of EU legislation.
Actions
A. General
The EU Consumer Policy Action Programme builds on the New Consumer Agenda, adopted on 13 November 2020. The Agenda sets out an updated vision for EU consumer policy for the period 2020-2025, with the subtitle "Strengthening consumer resilience for sustainable recovery". It also aims to address immediate consumer concerns about the COVID-19 pandemic.
The agenda covers five key priority areas:
Green transition: overcoming new challenges to consumer rights and harnessing the empowering opportunities that the green transition presents, ensuring that sustainable products and lifestyles are accessible to all, regardless of geographic location or income;
Digital transformation: creating a safer digital space for consumers, where their rights are protected, and ensuring a level playing field to enable innovation to deliver newer and better services to all Europeans;
effective enforcement and redress: tackling the impact of the COVID-19 pandemic on consumer rights and eliminating misleading environmental lies and unfair commercial practices in online influencing and personalisation techniques; although enforcement of consumer rights is primarily the responsibility of national authorities, the EU plays an important coordinating and supporting role, underpinned by the Regulation on consumer protection cooperation;
responding to the specific needs of consumers: taking into account the needs of consumers who, in certain situations, may be vulnerable and require additional safeguards; this may be determined by social circumstances or specific characteristics of individuals or groups of consumers;
consumer protection in the global context: guaranteeing the safety of imports and protecting EU consumers against unfair practices by non-EU operators through market surveillance and closer cooperation with the relevant authorities in EU partner countries.
The EU institutions systematically monitor consumer protection policy through the Consumer Scoreboard, which monitors national consumer conditions in three areas (knowledge and trust, compliance and enforcement, and complaints and dispute resolution) and reviews progress in integrating the EU retail market, based on the level of cross-border business-to-consumer transactions and the development of e-commerce. Consumer policy is also systematically monitored using the Consumer Markets Scoreboard, which collects recent purchase data from consumers to track the performance of over 40 consumer markets against key indicators such as confidence that sellers comply with consumer protection rules, comparability of offers, the options available in the market, the extent to which consumer expectations are met and the harm caused by problems faced by consumers.
In addition, on 28 April 2021, the Single Market Programme was launched, with the aim of helping the single market reach its full potential and ensuring Europe's recovery from the COVID-19 pandemic. With a budget of €4.2 billion for the period 2021-2027, the programme provides an integrated package to support and strengthen the governance of the Single Market, including financial services.
B. Sectoral measures (2.2.2)
1. Consumer groups
The involvement of groups representing consumer interests in the EU is a priority for the EU institutions. The European Consumer Consultative Group (ECCG) is the main forum used by the Commission to consult with national and European consumer organisations. Established by Commission Decision 2009/705/EC, the ECCG can provide the Commission with advice and information on any issue related to the protection of consumer interests at EU level. In 2017, the Parliament and the Council adopted Regulation (EU) 2017/826 establishing a Union programme to support specific activities enhancing the involvement of consumers and other end-users of financial services in Union financial services policy making for the period 2017-2020.
2. Consumer education
The EU has organised consumer education actions at various levels, for example through the gradual inclusion of consumer education in primary and secondary school curricula. One such initiative is the Consumer Classroom, a pan-European and multilingual EU website for teachers. The site brings together an extensive library on consumer education from across the EU and provides interactive and collaborative tools for preparing lessons and making them available to learners and other teachers. The online interactive consumer education tool "Dolceta" has been designed for trainers and teachers as well as consumers and covers, among other things, basic consumer rights, product safety and basic financial education.
3. Consumer information
If consumers were better informed and more knowledgeable about their rights, they could be more confident. The EU has set up European Consumer Centres (ECC-Net) to provide information and advice on cross-border shopping and to deal with consumer complaints. A parallel network called FIN-NET fulfils the same role for complaints about cross-border financial services. The Commission also organises consumer information campaigns in the Member States and publishes practical guides for consumers. SOLVIT is a service dedicated to resolving disputes arising from breaches of EU law.
The Your Europe portal plays an important role, providing access to better information on consumer policy and bringing together different sources of information in a one-stop information centre. Access to information has been improved with a single digital portal (Regulation (EU) 2018/1724).
On 30 March 2022, as part of the circular economy package, the Commission published a proposal for a directive on strengthening the role of consumers for the green transition through better protection against unfair practices and better information. The main objective of the proposal is to encourage consumers to make green choices by providing them with the necessary information.
4. Ensuring that consumer rights are respected
Ensuring the effective and fair enforcement of consumer rights is as important as their existence. Responsibility for ensuring that they are respected lies primarily with national public authorities. Regulation (EU) 2017/2394 on cooperation between national authorities responsible for the enforcement of consumer protection laws brings these national authorities together in an EU-wide network, which provides a framework for information exchange and cooperation actions to combat any infringements of consumer protection laws (e.g. misleading advertising, package holidays or distance selling). The network also carries out coordinated investigations and enforcement activities, e.g. in the form of internet screening activities, during which authorities check whether websites comply with the law.
The role of the European Parliament
The Parliament is constantly working to improve consumer protection rules in the EU. Consumer protection policy has undergone a transition from a policy of technical harmonisation of standards to the completion of the internal market, becoming part of the effort to contribute to the objective of creating a "citizens' Europe". As a result of Parliament's legislative effort, since 13 June 2014, Member States have been implementing national laws transposing the Consumer Rights Directive, which was adopted by an overwhelming majority in Parliament.
On 12 December 2017, the Parliament adopted Regulation (EU) 2017/2394 on cooperation between national authorities responsible for the enforcement of consumer protection laws with the intention of improving the effectiveness of the rules and procedures on cooperation between national authorities responsible for the enforcement of consumer protection laws.
Following the Commission's proposal on new consumer benefits, on 27 November 2019, the Parliament adopted Directive (EU) 2019/2161 on better enforcement of Union consumer protection rules and modernisation of consumer protection rules. On 25 November 2020, the Parliament adopted Directive (EU) 2020/1828 on representative actions to protect the collective interests of consumers.
In addition to participating in the drafting of EU legislation, the Parliament sets the agenda for consumer policy by adopting own-initiative reports. Parliament has been particularly active in securing greater budgetary resources for consumer protection measures and developing consumer representation in Member States, especially those that joined the EU after 2004. On 13 September 2018, Parliament adopted a resolution on the quality differences that characterise some products on the single market, finding that these practices are discriminatory and contrary to consumer expectations.
On 25 November 2020, the Parliament adopted a resolution "Towards a more sustainable single market for businesses and consumers", stressing that it is important that consumer goods are durable and repairable and that consumers must be given more rights and information to help them make sustainable choices[1].
During the crisis caused by the COVID-19 outbreak, consumer protection has become essential to ensure reimbursement in case of cancellation of certain services and to combat the spread of misinformation and dishonest traders selling fake or non-compliant medical equipment at excessive prices. On 23 March 2020, the Internal Market and Consumer Protection Committee (IMCO) sent a letter to European Commission Executive Vice-President Margrethe Vestager, Commissioners Thierry Breton and Didier Reynders and the Croatian Council Presidency. The letter calls for more measures to be taken to combat the crisis caused by the COVID-19 pandemic and warns of the need for democratic oversight of the process. On 9 November 2020, the Thematic Department for Economic, Scientific and Quality of Life Policies organised a webinar[2] for the IMCO Commission on the impact of the COVID-19 pandemic on the internal market and consumer protection. It highlighted the effects of measures introduced at national and EU level to mitigate the negative consequences of the pandemic and made suggestions on further measures that could be taken to ensure the smooth functioning of the internal market both now and in the event of future crises. On 19 November 2020, Justice and Consumer Affairs Commissioner Didier Reynders presented the new consumer agenda to the IMCO Commission. The agenda examines the impact of the COVID-19 pandemic on consumers and deals with longer-term consumer policy issues related to the green and digital transition, responding to consumer vulnerabilities, effective enforcement of consumer rights and international cooperation with partner countries.
On 22 February 2021, a comprehensive study[3] on the impact of COVID-19 on the internal market was presented to the IMCO Commission. The study shows the impact of restrictions at Member State and EU level on the free movement of goods, services and persons. It makes policy recommendations on how future crises could be managed to allow free movement to continue, such as allocating funds for future vaccine development and procurement and continued coordination of relevant rules at EU level.
Consumer protection policy in the area of online and digital services is a topic on which Parliament, and in particular the IMCO Committee, has placed particular emphasis. In June 2020, a study[4] on the moderation of illegal content by online platforms, commissioned by the IMCO Committee, identified the need to tighten the EU legal framework, in addition to co-regulation by online platforms, to protect consumers from illegal or harmful online content. A study published in June 2021 analysed the impact of targeted advertising on advertisers, market access and consumer choice.
On 20 October 2020, the Parliament adopted three resolutions entitled "Digital Services Act: improving the functioning of the single market", "Digital Services Act and fundamental rights issues" and "Digital Services Act: adapting commercial and civil law rules for commercial entities operating online". With these resolutions, the Parliament set out its plan for ensuring the future functioning of the digital single market, including stricter consumer protection measures in the online environment. Much of the content of the own-initiative reports was included in the European Commission's proposals, which were successfully amended and voted in the IMCO Committee in December 2021 (2.1.7). The provisional political agreements reached in March and April 2022 on the Digital Markets Regulation and the Digital Services Legislative Act are essential for consumer protection in the digital environment.
On 27 September 2021, the IMCO Commission held a public hearing on consumer protection and automated decision-making tools in a modern economy. The hearing focused on solutions to protect consumers against the risks associated with the use of professional artificial intelligence services and smart products based on automated decision-making tools and highlighted solutions to improve the quality and quantity of information provided to consumers. Representatives of consumers, companies, certification bodies and academia presented their views on the current EU framework and the requirements that should be introduced to ensure a high level of consumer protection and trust. They also presented their views on the difficulties this would entail for firms and how compliance could be effectively ensured. IMCO members stressed that a trust-based environment must be created and expressed their views on how the current regulatory framework could be improved. In addition, in May 2022, the IMCO Commission held a public hearing on digital product passports: increasing transparency and consumer protection as a means of improving consumer information in a digitalised environment.
Furthermore, on 7 April 2022, the Parliament adopted a resolution on consumers' right to redress. The resolution pursues the dual objective of providing consumers with products that last longer and can be repaired. On 20 April 2022, the IMCO Committee held a public hearing on the enforcement of consumer rights when shopping outside the EU. The purpose of the hearing was to provide an overview of the situation of consumer rights when shopping outside the EU, for example on pre-contractual information and protection against unfair contract terms and practices.

[Keirsbilck, B. et al., "Sustainable Consumption and Consumer Protection Legislation", paper published for the Committee on the Internal Market and Consumer Protection, Thematic Department for Economic, Scientific and Quality of Life Policies, European Parliament, Luxembourg, 2020.
[2]Milieu Consulting SRL, "The impact of COVID-19 on the Internal Market and consumer protection - IMCO Webinar Proceedings", paper published for the Committee on the Internal Market and Consumer Protection, Thematic Department for Economic, Scientific and Quality of Life Policies, European Parliament, Luxembourg, 2020.
[3]Marcus, J. S. et al, "The impact of COVID-19 on the Internal Market", paper published for the Committee on the Internal Market and Consumer Protection, Thematic Department for Economic, Scientific and Quality of Life Policies, European Parliament, Luxembourg, 2021.
[4]De Streel, A. et al., "Online Platforms' Moderation of Illegal Content Online", paper published for the Committee on the Internal Market and Consumer Protection, European Parliament, Thematic Department for Economic, Scientific and Quality of Life Policies, Luxembourg, 2020.

Cookie file management policy
What are cookies and how are they used?
In order to improve your online browsing experience, we use cookies to make it easier for visitors to use the online shop (site) [site/store name].
A cookie is a small file, usually consisting of letters and numbers. It is downloaded into the memory of a computer or other type of device used for internet browsing (smartphone, tablet, etc.) when the user accesses a particular website.
Note: The cookie cannot access the information on the user's hard drive, does not contain software or viruses, and is completely "passive".
When the user accesses a website from a web browser, the website transmits information to the browser and the browser creates a text file. Each time the user accesses the website again, the browser transmits this file to the website. Thus the cookie always notifies the website when the user returns to the website.
In general, the role of cookies is to ensure quick and easy interaction between users and websites. Cookies are also used so that users can easily resume their activities the next time they visit a previously visited website. Basically, cookies tell the server which pages to display to the user, without the user having to remember which pages they have browsed or to browse the whole site from the beginning.
Why do we use cookies?
- To recognize new visitors to [site/store name] sites and/or applications
- To recognize past visitors.
- To remember your password if you are registered on our site.
- To improve [site/shop name] sites and/or applications
- To better understand the interests of our customers and visitors to our site.
Types of cookies used on the [site/store name] website
1. Essential cookies
These cookies are necessary for the functioning of the website and cannot be disabled in our systems. In the browser you use, you can set these cookies to block or warn you about them, but in this case, certain parts of the site may not work.
2. Functional cookies
These cookies allow us to analyse your behaviour on the site and the choices you have made in order to provide you with content tailored to your preferences. The information collected also helps us to improve the performance of the site and its functionality.
3. Measurement (statistical) cookies
These cookies are used strictly for statistical purposes and allow us to count the number of users visiting the site or how many times a particular element of the page is accessed (e.g. button). These cookies do not collect personal data.
4. Promotion (marketing) cookies
Marketing cookies are used to track visitors to websites. The intent is to display ads that are relevant and personalized to the individual user and therefore more valuable to publishers and third party advertisers.
Note: Our website may contain cookies placed by third parties, which we do not control.
We use the following technologies to improve user experience:
Platform [platform name if applicable]
The platform stores user data used for online accounts created on [name of site/store], for placing and managing orders, for storing shopping carts for a certain period of time.
More information about the OS platform you can read here: platform link
Google Analytics
We use Google Analytics to collect information about how visitors use our websites and web applications. For example, we collect details such as the source of the visit and the total number of visitors to our website and apps. This allows us to determine the effectiveness of our promotional campaigns and user activity on our websites and apps.
You can find more details about the Google Analytics privacy policy here: https://support.google.com
Traffic.ro
We use trafic.ro to collect information about how visitors use our website. For example, we collect details such as the source of the visit and the total number of visitors to our site. This allows us to determine the effectiveness of our promotional campaigns and user activity on our site.
Further information is available on the pages: Terms and Conditions trafic.ro [link to http://www.trafic.ro/termeni-si-conditii] and Privacy Policy trafic.ro [link to http://www.trafic.ro/politica-de-confidentialitate].
API for uploading videos from YouTube
We use the YouTube API services for uploading and playing videos from the YouTube platform. Learn more about the YouTube API terms and conditions and Google's privacy policy.
Social network plugins
Our website uses "plugins" from social network operators (e.g. facebook.com, pinterest.com, twitter.com). All social network plugins on our website are clearly and distinctly marked.

When accessing our web pages that contain a social network plugin your browser will make a direct connection to the social network operator's server. The content of the plugin will be transmitted by the accessed server of the social network operator directly to your browser and will be integrated by it into the web page. By integrating the plugin the social network operator receives the information that you have accessed our website. If a valid login session to a social network is running while visiting our website, the visit can be attributed to the respective user account. If you interact with the plugin, that information is transmitted to the social network operator and saved there.
If you wish to prevent the collection of your data by the social network operator via our website, you must log out (i.e. "opt out") of the social network operator's service before visiting our website.
You can also refuse the use of cookies by selecting the appropriate settings on your browser.
Information on the purpose and amount of data storage as well as on further processing, use and your rights and the possibilities of setting can be found in the data protection statements of the social network operator, which are not related to this data protection statement.
- Facebook Cookie Policy https://www.facebook.com/policies/cookies
- Pinterest Cookie Policy https://policy.pinterest.com/en-gb/cookies
- Twitter Cookie Policy https://help.twitter.com/en/rules-and-policies/twitter-cookies
How can I control cookies?
Your web browser offers users the possibility to control/deactivate cookies. How you do this depends on the type of cookie mode.
To learn more about enabling/disabling or deleting cookies from your browser you can visit this page: http://www.allaboutcookies.org/
Some browsers have a "Do Not Track" feature that allows users to not be tracked while browsing. Blocking cookies or using "Do Not Track" mode may block certain features on our sites.
How do I uninstall/delete cookies?
Disabling cookies may make it difficult or even impractical to browse certain websites. You will also no longer be able to enjoy a pleasant browsing experience and therefore all the benefits offered by the website in question.
Current browsers offer users the possibility to change the cookie settings. These are usually found in the "Help", "Options" or "Preferences" menu of the browsers.
Below you will find information on cookies from the most popular web browsers:
- Internet Explorer ? Read more '
- Mozilla Firefox ? Read more '
- Safari ? Read more '
- Google Chrome ? Read more '

PRIVACY AND PERSONAL DATA PROCESSING POLICY
GDPR
The security of your data is most important to us, that is why we treat every aspect of your data protection with SERIOUSNESS and INVOLVEMENT.
As of 25 May 2018, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) known as GDPR (General Data Protection Regulation) has been implemented. This means that any Operator/entity processing personal data must apply these new requirements and provide in a transparent way information on how the data is processed.
WHY IS MY DATA PROCESSED?
Considering the need to comply with the GDPR provisions, as well as the fact that we are dedicated to take care of your personal data (which may include name, surname, e-mail address, IP addresses, etc. depending on the purpose of the processing) contained in our database, we inform you that they are used only for the purpose of successfully fulfilling the processes carried out in relation to you (we mention some processes without limitation: [listing examples of processes in which users' personal data are used e.g.: user communication, sending of advertising information, subscriptions, statistical analysis, behaviour control, competitions, carrying out recruitment processes]).
WHAT OPTIONS DO I HAVE?
To exercise your rights regarding the processing of personal data, please consult the section: Rights of the data subject [link in the page to the section Your rights]
HOW DO I FIND OUT MORE ABOUT THE NEW REGULATIONS?
We are committed to the protection and security of your data and we want you to be informed and make an informed decision about how the information you provide to us is used.
In this regard, please refer to the following sections to learn more about the application of the "GDPR" as of 25 May 2018 and how it translates into our relationship.
HOW CAN I CONTACT YOU?
If you still have any questions or would like further information related to data protection, please send us an email at [company contact email address / email address specifically created for contacting GDPR-related requests ] and we will get back to you as soon as possible.
Note: [company name] complies with all legislative measures on personal data protection.
INFORMATION ON THE APPLICATION OF "GDPR" WITHIN [company name]
1. INTRO:
As of 25 May 2018, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as "GDPR Regulation" has been applied. [link to https://www.dataprotection.ro/servlet/ViewDocument?id=1262]
Please refer to the information in this document as it expresses [company name]'s policy on the processing of personal data.
Within [company name] we process personal data exclusively within the framework of the legal provisions on the protection of personal data see legal basis [link on page to Legal basis section].
DEFINITIONS:
● Controller = The controller responsible for processing data for the purposes of the GDPR Regulation is [company name], a privately owned company, registered with the Trade Register under No. [registration number], fiscal code [tax code] and registered office in [address of registered office], hereinafter referred to as "the Controller" or "[company name]".
● Data Protection Officer (DPO) contact details = Address to which requests for information on the processing of personal data may be sent: [address of registered office], [company name] - for the attention of the DATA PROTECTION OFFICER or at the following e-mail address: [e-mail address of company contact / e-mail address specially created for contacting GDPR-related requests].
● Cookies = A "cookie" is a small file, usually consisting of letters and numbers. It is downloaded into the memory of a computer or other type of device used for browsing the internet (smartphone, tablet, etc) when the user accesses a particular website.
● Data subject for the purposes of the GDPR Regulation = identified or identifiable natural person (who can be identified, directly or indirectly, in particular by reference to an identifier: name, identification number, location data, an online identifier, or to one/more specific elements, specific to his/her physical, physiological, genetic, psychological, economic, cultural or social identity). The data subject may be the applicant for a service offered by the Operator, as well as any other natural person whose personal data is transmitted to the Operator (a user of the Operator's website, a candidate for a specific job vacancy [if there is a Recruitment section on the website] etc.).
● Categories of data processed = Personal data (first name, surname, date of birth, address, telephone number, e-mail address, etc.) are processed by us only when you enter these data in a field on the website or send them to us by e-mail. Non-personal data (anonymous - IP address, date and time of access, amount of data transferred, information about the browser and operating system used, etc.) are stored and processed for internal system-related and statistical purposes.
● Processing of personal data: means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. PURPOSES AND LEGAL BASIS OF THE PROCESSING OF YOUR DATA:
In accordance with Regulation (EU) 2016/679 and related legislation, the purposes for which we process your personal data strictly relate to the relationship between [company name] and the data subject. The information you provide to us is treated with the utmost confidentiality and exclusively for the purposes for which it was collected.
Please see below for details of the purposes for which we process data and the legal basis:
2.1. CONTRACTING AND MANAGING THE RELATIONSHIP WITH CUSTOMERS AND PLATFORM USERS:
a. Site access [if any].
When accessing our website your internet browser automatically transmits access data (e.g. IP address, date and time of access, URL of the referring website, file accessed, amount of data transmitted, browser type and version, operating system, http response code) to our server, based on technical settings. This data is collected by us and partly by third parties in the form of protocol files and is used exclusively for statistical and analytical purposes, e.g. to improve your experience on the site.
Note: Certain traffic data (such as IP addresses or other identifiers of the devices with which you access our site) may in certain circumstances be personal data and we will treat it as such.
b. User account data [if any].
When registering as a user on the site we collect: [list the data used for the user's account e.g.: name, surname, or desired pseudonym, email, photo, etc.] if you associate an account on a social network we have access to your profile address on that social network.
Your data will be saved in the database of [company name]. You have the possibility to request the deletion of your data and your user account at any time.
c. Data for the newsletter service [if any].
When you provide your data to benefit from our newsletter service, your data is used by [company name] only for [list purposes for which the newsletter service is used; e.g. promotional and marketing purposes, information, sending messages, etc.].
Through direct marketing actions we can keep you informed about our services and campaigns, respecting the legal provisions in force. [only if there are promotional and marketing purposes].
The use of the data ceases as soon as you stop the newsletter service. You can unsubscribe from the newsletter service at any time and free of charge by: accessing the "Subscriptions" section of your account [if there is such a section on the website], checking the "Unsubscribe" / "Unsubscribe" option within the newsletter or sending an e-mail to [company contact e-mail address / e-mail address specially created for contacting requests related to the newsletter] expressly requesting unsubscription.
d. E-mail communication [if any]
We may use the data you have provided to us to send you communications by e-mail to your e-mail address. If you have signed up for some of our newsletters, we will send these to the e-mail address you have provided. You can unsubscribe from the newsletter at any time.
d. Subscriptions [if any]
For the purposes of providing services, delivering goods and making payments under the relevant contracts (including subscriptions), we may process your personal data, such as identification data, contact data, bank data. This processing is based on the performance of a contract to which subscribers are party or a legal obligation imposed on us.
In order to conclude a subscription, the following data is collected: [list of data collected e.g.: name, surname, age, address, telephone number, email address, fax and bank details if payment is made by card].
e. Behaviour control [if any].
[site name] is a community of civilized debate. We may use your personal data to prevent any illegal, prohibited activity on the site or which harms the activity of others on the site.
f. Contests [if any]
In connection with your participation in various contests organized through our website, we may collect and process your personal data for the purposes of selecting winners, awarding prizes and compiling statistical reports on consumers, as well as communicating with you and others in connection with the above.
Under the same conditions as above, depending on the character or nature of a particular contest, we may also publish photographs, video recordings, audio recordings or audiovisual recordings of you.
➢ LEGAL GROUNDS: the legitimate interest of the Operator to avoid online fraud and to ensure the general functionality of the website, the execution of a contract [if there is a purpose Subscriptions and/or Contests] and the consent of the data subject, as appropriate.
2.2. RECRUITMENT ACTIVITIES: [if any].
● In order to quickly submit your application for one of the positions available within [company name], you can use our online section created for this purpose and accessible at [url of the recruitment page].
● Your data and documents will be used exclusively for the processing of your application, i.e. to identify a suitable position available within [company name]. They are stored in our database, are protected against unauthorised access and processed in accordance with the legislation in force on the processing of personal data.
➢ LEGAL ISSUE: consent of the data subject.
2.3 BUSINESS ADMINISTRATION:
a. Cookies policy [if any].
In order to improve your online browsing experience, we use cookies to facilitate the use of the [website name] website by visitors
In general, the role of cookies is to ensure quick and easy interaction between users and websites. Cookies are also used so that users can easily resume their activities the next time they visit a previously visited website. Basically, cookies tell the server which pages to display to the user, without the user having to remember which pages they have browsed or to browse the whole site from the beginning. Please refer to the Cookies Policy [link to cookies policy page] for detailed information.
b. Advertising [if any]
Our pages will display advertisements, many of which are influenced by your selected options and preferences on the site and related accounts. For example, using information collected through cookies, demographic information from third party sites and your activity on the site, we may serve ads that may be relevant to your preferences (see Cookie Policy [link to Cookie Policy page]).
c. Statistical analysis [where available]
We have a legitimate interest in understanding how our site works, how it is read and who our audience is. To do this, we aggregate data from several sources. We may use this data to improve certain features, to modify sections or to provide you with the most relevant information in the best possible graphical form.
➢ LEGAL ISSUE: legitimate interest to provide continuously improved services to the users of the [website name] website, to maintain free access to our websites but without affecting our financial activity [add only if there is an advertising purpose].
Notes:
• 

If we intend to process your personal data for purposes other than those mentioned above, we will provide you, prior to such further processing, with information about the secondary purpose and any relevant information.
- Where we process your personal data only with your consent, we will ask for your consent separately in a transparent manner when you provide us with your personal data. Subsequently, you will be able to withdraw your consent at any time via email address [company contact email address / email address specifically created for contacting GDPR-related requests] or by post: [postal address], to the attention of the Data Protection Officer. However, withdrawal of consent will not affect the lawfulness of any processing that has taken place prior to the withdrawal of consent.
3. YOUR RIGHTS AS A DATA SUBJECT WITH REGARD TO THE PROCESSING OF PERSONAL DATA PROVIDED:
3.1. RIGHTS OF THE DATA SUBJECT AND HOW THEY CAN BE EXERCISED
Under the GDPR Regulation, as a data subject, you benefit from a combination of rights, namely
a. The right to information and access to personal data: the right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, the right to have access to such data.

b. Right to rectification: the right to request the Operator and obtain, without undue delay, the rectification of inaccurate personal data relating to you and/or to obtain the completion of personal data which are incomplete, noting that, in the case of an online account, you may make these changes yourself in the edit section of the account data.

c. Right to erasure of data ("right to be forgotten"): the right to obtain the erasure of personal data relating to you without undue delay if certain grounds specified in the GDPR Regulation apply.

d. Right to restriction of processing: the right to obtain restriction of processing in certain cases.

e. Right to data portability: the right to receive personal data concerning you and to transmit them to another controller.

f. Right to object: the right to object at any time to the processing of personal data concerning you in accordance with the GDPR Regulation.

g. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you to a significant extent.

h. The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you consider that your data has not been processed in accordance with the law.

➢ How can you exercise these rights?
To exercise your rights mentioned above, please send a written request, dated and signed, to the following email address: [email address of the company contact person / email address specifically created for contacting GDPR-related requests ], or to the postal address [postal address], for the attention of the Data Protection Officer.
➢ How quickly do we respond to your requests?

Notes: Please note that in order to comply with a request for access to personal data we will take all reasonable steps to verify the identity of the data subject.
Also, according to the GDPR Regulation, the response time mentioned above may be extended by up to two months if necessary, taking into account the complexity and the number of requests, and we will inform you about this if necessary.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA:
Recipients who process personal data within the European Union are obliged to comply with the same legal provisions, providing the same level of protection as the Controller.
Note: In the case of recipients operating within the United States of America, the Operator guarantees that they are "Privacy Shield" certified and are considered by the European Commission as providing an adequate level of protection. The list of companies adhering to the Privacy Shield is available on this website: https://www.privacyshield.gov/welcome .
4.1. TRANSMISSION OF DATA FOR THE PURPOSE OF OPERATING THE NEWSLETTER SERVICE [if a specialised third party is used to send newsletters]
In order to make sure that this service works at the desired parameters, we use a third party specialised in the field of e-mail delivery, namely the mailchimp.com platform belonging to The Rocket Science Group. Its data protection policy can be found here: https://mailchimp.com/legal/priva

You can unsubscribe from the newsletter service at any time - either from your account - section name, or by clicking the "Unsubscribe" button in the received e-mail, or by sending an e-mail to [contact e-mail address / e-mail address specially created for newsletter requests] expressly requesting unsubscription.
4.2. FORWARDING TO PUBLIC INSTITUTIONS, COURTS OF LAW AND AUTHORITIES COMPETENT TO INVESTIGATE THE COMMISSION OF CRIMINAL OFFENCES
In special cases, when required by law, the company [company name] may provide the competent institutions with information on personal data.
4.3. TRANSMISSION TO OTHER THIRD PARTIES
In order to provide you with the most enjoyable online experience, we are constantly striving to improve/maintain the software used. To this end, we have development contracts with companies specialising in software programming and maintenance.

4.4. SOCIAL NETWORK PLUGINS [if there are social network plugins on the website]
Our website uses "plugins" from social network operators (e.g. facebook.com, instagram.com, other social networks). All social network plugins on our website are clearly and distinctly marked.
When accessing our web pages that contain a social network plugin your browser will make a direct connection to the social network operator's server. The content of the plugin will be transmitted by the accessed server of the social network operator directly to your browser and will be integrated by it into the web page. By integrating the plugin the social network operator receives the information that you have accessed our website. If a valid login session to a social network is running while visiting our website, the visit can be attributed to the respective user account. If you interact with the plugin, that information is transmitted to the social network operator and saved there.
If you wish to prevent the collection of your data by the social network operator via our website, you must log out (i.e. "opt out") of the social network operator's service before visiting our website.
You can also refuse the use of cookies by selecting the appropriate settings on your browser. Find out more by visiting the Cookies Policy page [link cookies policy page - How can I control cookies section]
Information on the purpose and volume of data storage as well as on further processing, use and your rights and the possibilities of setting can be found in the data protection statements of the social network operator, which are not related to this data protection statement. For the "facebook" controller you can find these guidelines at https://www.facebook.com/policies/cookies
4.5. GOOGLE ADWORDS/ANALYTICS WEB ANALYSIS SERVICE [if available]
Our website uses the web analytics service "Google Adwords/Analytics" of Google Inc. for statistical purposes.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"), which in turn uses cookies. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
If IP address anonymisation is activated, your IP address will be shortened within the European Union or other third countries that are members of the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is enabled for this site. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

The IP address that your browser sends will not be associated with any other data held by Google. You can refuse the use of cookies by selecting the appropriate settings on your browser, but in this case you may not be able to use all the features of the site. You can also opt-out of using Google Analytics in the future by downloading and installing the Google Analytics Opt-out Browser Addon for your browser: https://tools.google.com/dlpage/gaoptout?hl=en
Note: Additional information is available on the pages: Google Analytics Terms of Service and Google Privacy & Terms.
4.6. trafic.ro WEB ANALYSIS SERVICE [if available]
Our website uses the web analytics service "trafic.ro" of ActiveSoft SRL for statistical purposes.
trafic.ro is intended to monitor the online audience in Romania. trafic.ro audits in real time the registered sites and provides relevant statistics for the entire Romanian Internet, thus constituting the most representative overview of this environment.
In order to provide the services mentioned above, trafic.ro uses cookies to retrieve information about your visits to the [site name] website and to analyse your interaction with it. The information collected does not monitor users, does not provide any identifying data about them but monitors traffic on the site. You can refuse the use of cookies by selecting the appropriate settings on your browser, but in this case you may not be able to use all the features of the site.
trafic.ro is a member of the Digital Analytics Association (DAA) [link to https://www.digitalanalyticsassociation.org/], the international body that regulates the online traffic monitoring industry through research, development of standards and promotion of accepted practices, recognized as an authority by leading industry names such as Google Analytics, Omniture, WebTrends, Yahoo! or CoreMetrics.
Note: Additional information is available on the pages: Terms and Conditions trafic.ro [link to http://www.trafic.ro/termeni-si-conditii] and Privacy Policy trafic.ro [link to http://www.trafic.ro/politica-de-confidentialitate].
5. RETENTION PERIOD OF PERSONAL DATA
To determine the period for which personal data will be processed and stored, we take into account the contractual duration until the fulfilment of the contractual obligations respectively the purpose and the archiving periods provided for by the legal provisions on the matter. If you would like more information about how long we keep your personal data, please contact us at the e-mail address [company contact e-mail address / e-mail address specially created for contacting GDPR-related requests ].
If we process your personal data under your consent, this personal data will only be processed for the period provided by your consent, unless you withdraw or limit your consent before the expiry of this period. In such cases, we will cease processing such personal data for the relevant purposes, subject to any legal obligation to process such personal data and/or our need to process such personal data for the purpose of exercising our legitimate rights (including the legitimate rights of other persons).
6. DATA SECURITY
Our website and our other information systems are protected by technical and organisational measures against access, modification or dissemination of your data by unauthorised persons and against loss or destruction of your data.
It is necessary to treat your access data confidentially at all times and to close your browser window when you finish visiting our website.
For the transfer of personal data we use technical encryption procedures. You can identify the transmission of encrypted data (https) by the display of a lock symbol, e.g. the display of a key or lock symbol in the status bar of your browser. [if the website has an SSL certificate installed]
7. LEGAL BASIS
For even more details you can consult the legal basis:
- Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (accessible at http://dataprotection.ro/?page=Regulamentul_nr_679_2016 ).
- Law No 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.
Top management is committed to ensuring that this privacy policy is adhered to by all employees by implementing specific internal procedures/rules on the protection of personal data in accordance with the legal basis for their processing.