Privacy Policy

Updated on 19.06.2023

I. GENERAL PROVISIONS

The content of the website www.mentale.ro (hereinafter referred to as “the Site”) is the exclusive property of MENTALE FLOW SRL (hereinafter referred to as “mentAle ”), with its registered office in Cluj-Napoca, Calea Turzii 30, Cluj County, phone +40 758 11 99 09, registered in the Trade Office Register Cluj with ID J12/6461/2022 and having the following TAX ID: 47039961..

In the European Union, the personal data of natural persons are protected according to the provisions of Regulation no. 679 of 27.04.2016 (on the protection of individuals with regard to the processing of personal data and the free movement of such data) which applies in Romania from 25.05.2018 (hereinafter referred to as “GDPR” or “European Regulation”). mentAle, as a personal data controller, constantly monitors and ensures that the processing of personal data strictly complies with the principles and rules of the European Regulation when accessing the content of the Site.

This Privacy Policy is in force since 19.06.2023 and its role is to inform you that mentAle applies and complies with the provisions of the GDPR, regarding the processing of personal data of subjects (visitors or users of the Site).

mentAle may periodically update this Privacy Policy, depending on the applicable legislative changes or as the services it provides change, as well as the level of technological development. mentAle will inform the data subjects through the Site of any changes before they come into force.

II. DEFINITIONS
• ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;• ‘visitor’ means any person who accesses the Site or uses functions within the Platform;
• ‘data subject’ means any natural person whose personal data are processed by mentAle, as a controller;
• ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
• ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;
• ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
• ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• ‘personal data security breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘supervisory authority’ (hereinafter ANSPDCP – National Authority for the Supervision of Personal Data Processing) is a public, autonomous and independent national authority, established under Article 51 of the Regulation, aiming to protect the fundamental rights and freedoms of individuals located in Romania in matters of personal data processing and the free movement of such data.
III. CATEGORIES OF PROCESSED PERSONAL DATA

The categories of personal data processed depend on the interactions and relationships that you, as the data subject, establish with mentAle and with the Site.

The controller processes the following categories of personal data:

  • For the individuals who access the Site to view its content (visitors):
    • Information about the device, including the IP address, geographical location, type and version of the browser and about the operating system;
    • information about visits and use of the Site, including the source of recommendation, duration of the visit, page views and navigation paths on the Site;
    • information generated while using the Site, including when, how often and under what circumstances it is accessed.
  • For the individuals who use functionalities within the Site (filling in the contact form, sending communications by e-mail or through the Site):
    • identification data: name, surname;
    • contact details: e-mail address;
    • other personal data: content of communications, personal information transmitted.
  • For contractual partners (individual), representatives of commercial partners (legal entities) and collaborators, mentAle will carry out the following personal data processing of:
    • identification data: name, surname;
    • contact details: home address, telephone number, e-mail address;
    • national identification numbers: series and number of the identity card, social security number;
    • other personal data: signature, position, role.
IV. THE PURPOSES OF PERSONAL DATA PROCESSING

The personal data concerning the categories of data subjects referred to in Chapter III, will be processed by mentAle, through the Site, for the following purposes:

  • Specific activities:
    • administration and personalization of the content of the Site;
    • conducting activities according to the object of activity of mentAle;
    • authorizing the use of the services available on the Site;
    • providing the services purchased through the Site;
    • receiving and resolving requests and complaints submitted by individuals;
  • Other activities:
    • sending commercial communiques for information;
    • sending notifications by e-mail, based on the consent expressed;
    • In legitimate interest:
    • for identifying analyzing and monitoring of commercial risks;
    • for the identification and prevention of crime and fraud.
V. LEGAL GROUNDS FOR PROCESSING DATA

The legal grounds underlying the data processing are the provisions of the EU Regulation and the normative acts regarding the processing of personal data in Romania as well as the provisions of the legislation applicable in the field of activity of the data controller.

According to the General Data Protection Regulation (EU) 2016/679 article 6, processing shall be lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
VI. DURATION OF THE PROCESSING
mentAle will process your personal data in accordance with the time required to achieve the processing purposes for which it was collected (as presented in Chapter IV) and in compliance with internal procedures on data retention and security and in accordance with internal policies, ensuring compliance with the applicable legal obligations, including, but not limited to, the provisions relating to the archiving obligation..
VII. CATEGORIES OF RECIPIENTS. THE TRANSFER OF PERSONAL DATA
mentAle may transmit and /or disclose the personal data of data subjects to:
  • public authorities and institutions, based on receiving requests or complying with legal obligations;
  • service providers and business partners (for example: IT service providers, accounting firms).

mentAle does not transfer personal data to third countries or international bodies. Any transfer to a third country shall require the prior information and consent of the data subject.

VIII. PROTECTION MEASURES IN PERSONAL DATA PROCESSING

mentAle attaches particular importance to the confidentiality and security of personal data collected and processed in accordance with the purposes listed in Chapter IV.mentAle has implemented technical and organizational measures to comply with the provisions of the EU Regulation. no. 679/2016, therefore the processing procedures fully comply with the processing principles, established in art. 5 of the European Regulation:

  • Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
  • Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes listed in chapter IV.
  • Collected data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Working procedures have been established for all personal data processing operations and technical solutions have been implemented to ensure the security, confidentiality and availability of data.
  • Staff was trained on the rules and procedures for processing and securing personal data.
  • The personal data provided through the Site are stored in accordance with legal provisions and in conditions of security and protection.
IX. USE OF AUTOMATED DECISION-MAKING AND PROFILING PROCESSES
mentAle does not use automated processes to create profiles by processing personal data.
X. PROVISION OF PERSONAL DATA

The provision of personal data by you may be a contractual obligation or an obligation necessary for the conclusion / execution of a contract. It may be necessary in order to benefit from the services / facilities offered through the Site.

Refusal to provide personal data may result in the impossibility to benefit from the services provided through this Site or to comply with your requests.

In order to comply with the rights and freedoms regarding the processing of personal data, mentAle asks for your consent, but you must take into account that for the processing of certain personal data, this consent may not always be necessary according to the provisions of the EU Regulation. In such cases, mentAle may use other grounds for data processing, such as fulfillment of legal obligations, performance of the contract or legitimate interest.

XI. RIGHTS OF THE DATA SUBJECT

With regard to the processing of personal data indicated in this Privacy Policy Information, you, as the data subject, enjoy the following rights, in accordance with the applicable legal provisions:

  • right of access: implies access to the personal data processed and to the information on the means of processing;
  • the right to rectification: the revision by the operator at your request of incorrect or incomplete personal data concerning you;
  • the right to object: implies your right to object to the processing;
  • right of erasure: gives you the right to request the erasure of stored data when they are no longer necessary for the purposes for which they were collected, when you withdraw your consent and there is no other legal basis for processing, when you consider that the data has been processed illegally or in compliance with a legal obligation;
  • the right to restriction of processing: implies obtaining a restriction on the processing of your personal data in certain cases, for example when you consider the processing to be illegal or if the accuracy of the personal data is contested , for a period enabling the controller to verify the accuracy of the personal data;
  • right to data portability: you have the right to receive the personal data you have provided to mentAle through the Site, in a structured, commonly used and legible format, or to request the transmission of this data to another operator.

If you consider that the data processing performed by mentAle violates the rights provided by the European Regulation, you can address a written request (dated and signed) to the registered office in Cluj-Napoca, Calea Turzii 30, Cluj County, phone +40 758 11 99 09, or you can send it by e-mail to ale.uiuiu@mentale.ro.

You also have the right to submit a complaint to the National Authority for the Supervision of Personal Data Processing (28-30 General Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, phone 0318.059.211, address e-mail anspdcp@dataprotection.ro).

In all cases, mentAle will respect your rights as well as the provisions of EU Regulation no. 679/2016.