Privacy & Terms of use
Legal notices
NoBoCap maintains this website to enhance public access to information about its initiatives and
NoBoCap’s policies in general. Our goal is to keep this information timely and accurate. If errors are
brought to our attention, we will try to correct them.
However, NoBoCap accepts no responsibility or liability whatsoever with regard to the information
on this site.
This information is:
of a general nature only and is not intended to address the specific circumstances of any particular
individual or entity; not necessarily comprehensive, complete, accurate or up to date; sometimes
linked to external sites over which the Institute services have no control and for which the Institute
assumes no responsibility;
not professional or legal advice (if you need specific advice, you should always consult a suitably
qualified professional).
It is our goal to minimise disruption caused by technical errors. However, some data or information
on our site may have been created or structured in files or formats that are not error-free and we
cannot guarantee that our service will not be interrupted or otherwise affected by such problems.
NoBoCap accepts no responsibility with regard to such problems incurred as a result of using this site
or any linked external sites.
Data Protection
What are personal data
There is a broad legal definition of personal data.
Any information relating to an identified or identifiable person is considered personal data (for a full
definition see Article 2 paragraph a) of Regulation (EC) No 45/2001) (pdf 234KB). It is important to
note that, where the ability to identify an individual depends partly on the data held and partly on
other information (not necessarily data), the data held will still be “personal data”.
The categories of personal data are broadly drawn so that, for example personal data are considered
to be telephone numbers, addresses, financial information, photographs, satellite images, car
registrations, ID numbers, e-mail addresses, health records, etc.
Personal data can be contained in computer files (e.g., in databases, on the Internet or other closed
networks) or in paper records. Data protection is a fundamental right, protected not only by national
legislation, but also by European Law.
Legal basis
The legal basis for data protection is Regulation (EC) No 45/2001.
This regulation aims to protect the liberties and fundamental rights of individuals and in particular
their right to privacy with respect to the processing of personal data about them.
It only applies within the institutions and bodies set up by, or on the basis of, the Treaties
establishing the European Communities. The legal basis for data protection concerning the general
public is not ruled by this Regulation.
The Regulation applies to the processing of personal data by all Community institutions and bodies,
insofar as such processing is carried out in the exercise of activities all or part of which fall within the
scope of Community law (Article 3.2.)
Legal background
Charter of Fundamental Rights of the EU – Article 8
Treaty establishing the European Community – Article 286
Collection of personal data by NoBoCap
A number of NoBoCap’s activities involve the collection and processing of personal data, for instance
as part of the recruitment procedures, or collection of data for salaries or reimbursements,
contractual arrangements with suppliers or organization of events, etc.
It shall be noted that collecting and processing of personal data and its subsequent utilisation should
be done «fairly and lawfully» (Article 4 paragraph 1a).
Purpose of the collection
Whenever personal data are requested, it is essential that the data subject (the person whose
personal data are collected, held or processed) knows for what purposes the data is being collected.
According to the Article 4 Paragraph 1b of the Regulation, personal data «must be collected for
specified, explicit and legitimate purposes and not further processed in a way incompatible with
those purposes. »
Moreover, personal data must be adequate, relevant, and not excessive in relation to the purpose
and kept for no longer than is necessary for the purposes for which they were collected.
Rights of data subjects
When personal data are requested, data subjects have the right:
to be informed of the processing operations (Articles 11 and 12)
to access, rectify, block or erase the data (Articles 13-16)
to object to the processing on compelling legitimate grounds (Article 18)
to compensation for any damage (Article 32)
Other principles NoBoCap
Processing of personal data is only lawful, if the purpose(s) is legitimate and if it is necessary either:
for the performance of a task carried out in the public interest or in the legitimate exercise of official
authority (Article 5(a))
for compliance with a legal obligation (Article 5(b))
for the performance of a contract to which the data subject is party (Article 5(c))
if the data subject has unambiguously given his or her consent (Article 5(d))
in order to protect the vital interests of the data subject (Article 5(e)).
The Data Controller (i.e., the person who is responsible for the processing operation) must ensure
that all provisions of the Regulation (EC) 45/2001 are complied with.
According to the principles of confidentiality and security, only those people who need access shall
have it. By analogy:
– access to basic personal data shall be limited to staff who need it for their work (such as security
guards).
– access to a staff evaluation report should be limited to the particular employee in question, as well
as to a restricted number of people in the human resources department.
Sensitive data, such as medical files or an arrest warrant shall be treated even more carefully (Article
10). The presumption is that, because information about these matters could be used in a
discriminatory way, and is likely to be of a private nature, it needs to be treated with even greater
care than other personal data.
Personal data should in general be transferred neither internally nor externally, unless it is necessary
for the legitimate performance of tasks covered by the competence of the recipient – the necessity
of the transfer must be evaluated. In certain cases, data subjects must be informed of the transfer.
Unauthorized access to personal data should be prevented by ensuring appropriate safeguards,
both:
in terms of barriers that secure the system technically and logistically
by selecting a limited and appropriate number of people who have authorised access
The main players
Besides the data subject, there are three main data protection players:
The European Data Protection Supervisor (EDPS) is responsible for the monitoring of Community
institutions and bodies on their compliance with data protection rules, in particular to ensure that
the fundamental rights and freedoms of natural persons, especially their right to privacy, are
respected by the Community institutions and bodies. The EDPS is an independent supervisory
authority.
The Data Protection Officer (DPO) ensures that data controllers and individuals know their rights and
obligations, co-operates with the EDPS, ensures internal application of the regulations and keeps a
register of processing operations notified by the controllers. NoBoCap has one designated DPO, who
can be contacted via e-mail at: nobocap@rohealth.ro
The Data Controller is the person who determines how personal data is processed, and is the person
that grants the rights to the data subject. For each processing operation, a Data Controller must be
identified and prior notice must be given to the DPO of the institution.
Who should you contact for more information about the processing of your personal data by the
Institute?
If you feel that your personal data are being misused by the Institute, or their processing by the
Institute is otherwise not compliant with Regulation (EC) No 45/2001, you should first notify the
Data Controller for the processing in question and ask him or her to take action.
You may also contact the DPO at nobocap@rohealth.ro to inform him or her of any issues related to
the processing of your data.
If the problem cannot be solved this way, you may lodge a complaint with the EDPS. The EDPS is
empowered to hear and investigate complaints and to conduct inquiries, including on his or her own
initiative. If a breach of data protection rules is found to have occurred, the EDPS may exercise the
powers assigned to him or her under Article 47 of Regulation (EC) No 45/2001.
User Privacy
NoBoCap is committed to user privacy. The policy on ‘protection of individuals with regard to the
processing of personal data by the Community institutions’ is based on Regulation (EC) No. 45/2001.
This general policy covers the European Union’s family of institutional websites, within the
‘europa.eu’ domain.
Although you can browse through NoBoCap’s web pages without giving any information about
yourself, in some cases, personal information is required in order to provide the e-services you
request.
Web pages that require such information treat it according to the policy described in the Regulation
mentioned above and provide information about the use of your data in their specific privacy policy
statements.
The European Union’s family of institutional websites, within the ‘europa.eu’ domain, provides links
to third party sites. Since we do not control them, we encourage you to review their privacy policies.
Cookies Policy
To make this website work properly, we sometimes place small data files called cookies on your
device.
Usage of cookies
We use cookies to:
-Manage sessions for logged in users;
-Remember the selected website language and other website settings; and
-Monitor site usage using Google Analytics and/or web analytics tools.
Cookies will not be used for any purpose other than the ones stated.
Google
This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’).
Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the web team
analyse how users use the site. The information generated by the cookie about your use of the
website (including your IP address) will be transmitted to and stored by Google on servers in the
United States. Google will use this information for the purpose of evaluating your use of the website,
compiling reports on website activity for website operators and providing other services relating to
website activity and internet usage. Google may also transfer this information to third parties where
required to do so by law, or where such third parties process the information on Google’s behalf.
Google will not associate your IP address with any other data held by Google. You may refuse the
use of cookies by selecting the appropriate settings on your browser, however please note that if
you do this you may not be able to use the full functionality of this website. By using this website,
you consent to the processing of data about you by Google in the manner and for the purposes set
out above.
Cookies do not contain any personal information about you and cannot be used to identify an
individual user.
You may refuse the use of Google Analytics cookies by downloading and installing the Google
Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript
(ga.js) to indicate that information about the website visit should not be sent to Google Analytics.