PERSONAL DATA PROTECTION POLICY
GDPR Policy
By using the website danubeashraechapter.org and by submitting personal data through the forms available on the website, you confirm that you have read and understood this Personal Data Protection Policy (“GDPR Policy”).
1. Introduction
This GDPR Policy describes how your personal data is collected, used, stored, and protected when you use the website danubeashraechapter.org, particularly in connection with registration and ticket purchases for events organized by AIIRO and/or Danube ASHRAE Chapter.
Personal data is processed in accordance with the General Data Protection Regulation, namely Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
2. Data Controller
Personal data is processed by the event organizers, as applicable:
AIIRO – Romanian Association of Building Services Engineers
Address: Bd. Pache Protopopescu 66, Sector 2, Postal Code 021414, Bucharest, Romania
Email: office@aiiro.ro
Phone: +40-21.252.42.95 / +40-727.791.833
and/or
Danube ASHRAE Chapter
Website: https://danubeashraechapter.org/
Email: ioansilviu@dosetimpex.ro
Phone: +40 256 200 368
Depending on the event, AIIRO and/or Danube ASHRAE Chapter may act as data controllers or joint controllers, to the extent that they determine the purposes and means of processing personal data related to event organization.
3. Personal Data We Collect
Through the website danubeashraechapter.org, we may collect the following categories of personal data:
- first and last name;
- email address;
- phone number;
- organization, company, or institution represented;
- job title or professional capacity, where relevant to the event;
- data required for issuing tickets;
- billing data, such as company name, tax identification number, address, registration number, or other fiscal information;
- information regarding payments for tickets;
- information required for participation in events;
- preferences or options voluntarily submitted in connection with an event;
- any other information voluntarily provided by the user through website forms or direct communication.
We do not request or intentionally collect sensitive data, such as health data, political opinions, religious beliefs, or other special categories of personal data, unless such data is voluntarily provided and strictly necessary for a specific event.
4. Purposes of Processing
Personal data is collected and processed for the following purposes:
- registering participants for events;
- processing ticket orders;
- issuing, sending, and validating tickets;
- confirming participation in events;
- issuing invoices and fulfilling accounting and tax obligations;
- processing payments through payment service providers;
- communicating with participants regarding the events for which they have registered;
- sending organizational information, such as the event agenda, venue, schedule changes, or logistical details;
- managing participant lists;
- handling requests, questions, or complaints;
- sending information about future events, activities, or updates, only where the user has given consent for such communications;
- complying with applicable legal obligations.
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
Performance of a contract or steps taken prior to entering into a contract
This applies when you register for an event, purchase a ticket, or request information regarding participation.
Legal obligations
This applies to issuing invoices, retaining accounting documents, and complying with applicable tax or legal requirements.
User consent
This applies to marketing communications, newsletters, or information about future events, where you have expressly given your consent.
Legitimate interest
This may apply to improving our services, efficiently organizing events, preventing fraud, ensuring website security, and managing the relationship with participants.
6. Data Retention Period
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.
Data related to ticket orders and event participation is retained for the period necessary to organize the event and to handle any subsequent requests related to the event.
Accounting, tax, and billing data is retained in accordance with the retention periods required by applicable tax and accounting legislation.
Data used for marketing communications is retained until consent is withdrawn or until it is no longer necessary for the purpose for which it was collected.
7. Sharing Personal Data with Third Parties
Your personal data is not sold, rented, or transferred to third parties for their independent commercial purposes.
Where necessary, personal data may be shared with:
- payment service providers;
- IT, website hosting, or maintenance service providers;
- ticketing or event management service providers;
- accounting, tax, or legal service providers;
- contractual partners involved in organizing events;
- public authorities, institutions, or competent bodies, where required by law.
All partners and service providers that process personal data on our behalf are required to comply with GDPR requirements and to ensure the confidentiality and security of the data.
8. Transfers Outside the European Union
As a general rule, personal data is processed within the European Union or the European Economic Area.
Where certain service providers use infrastructure located outside the European Union or the European Economic Area, any transfer of personal data will be carried out only in compliance with the safeguards provided by GDPR, such as standard contractual clauses or other applicable legal mechanisms.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, disclosure, or misuse.
These measures may include, as applicable:
- limiting access to data only to authorized persons;
- using secure systems for processing orders;
- protecting website communications and infrastructure;
- working with service providers that comply with GDPR requirements;
- retaining data only for as long as necessary for the stated purposes.
10. Your Rights
In accordance with GDPR, you have the following rights:
- the right to access your personal data;
- the right to rectify inaccurate or incomplete data;
- the right to erasure, under the conditions provided by law;
- the right to restriction of processing;
- the right to data portability;
- the right to object to processing;
- the right to withdraw consent, where processing is based on consent;
- the right not to be subject to a decision based solely on automated processing;
- the right to lodge a complaint with the competent supervisory authority.
To exercise these rights, you may contact us at:
or
We will respond to your requests within the timeframe provided by applicable law.
11. Withdrawal of Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
To unsubscribe from marketing communications, you may use the unsubscribe mechanism included in the messages received or contact us at one of the email addresses indicated in this policy.
12. Cookies and Similar Technologies
The website danubeashraechapter.org may use cookies or similar technologies to ensure the proper functioning of the website, improve user experience, and, where applicable, for analytics or personalized communications.
For more information about the use of cookies, please consult the Cookie Policy available on the website, if published separately.
13. Complaints
You have the right to lodge a complaint with the competent supervisory authority:
The National Supervisory Authority for Personal Data Processing – ANSPDCP
Website: www.dataprotection.ro
However, we encourage you to contact us first so that we may try to resolve any request or concern amicably.
14. Changes to This GDPR Policy
This GDPR Policy may be updated periodically to reflect legal, operational, or technical changes.
Any changes will be published on the website danubeashraechapter.org and will take effect from the date of publication or from the date indicated in the document.
15. Contact
For questions, requests, or the exercise of rights regarding personal data protection, you may contact us at:
AIIRO – Romanian Association of Building Services Engineers
Email: office@aiiro.ro
Phone: +40-21.252.42.95 / +40-727.791.833
Address: Bd. Pache Protopopescu 66, Sector 2, Postal Code 021414, Bucharest, Romania
Danube ASHRAE Chapter
Website: https://danubeashraechapter.org/
Email: ioansilviu@dosetimpex.ro
Phone: +40 256 200 368
By using the website danubeashraechapter.org and by submitting personal data through the available forms, you confirm that you have read and understood this GDPR Policy.