Privacy and protection of personal data

ASF is committed to maintaining the confidentiality of the data and information received within the FinTech Hub in compliance with the legislation in force.

The opinions and views presented by the designated ASF specialists in the FinTech Hub refer to a specific situation described by a particular participant and cannot be considered as applicable in similar cases. The information provided is for guidance / advice only and does not in any way attract the legal responsibility of the Authority.

The views and opinions expressed within the FinTech Hub cannot be considered as assuming acceptance or approval regarding compliance with regulatory requirements. The responsibility for the evaluation and compliance with the regulatory requirements belongs to the entity concerned, which has the obligation to obtain the authorization, according to the legal provisions in force.

ASF reserves the right to change the opinion or view expressed in the FinTech Hub regarding a particular proposal, in particular in the case of legislative changes, subsequent analyses or the receipt of additional information on the species in question.

As for the personal data processed by ASF in carrying out the specific activities within the FinTech Hub, we mention that their processing is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of these data and repealing Directive 95/46 / EC (General Regulation on data protection), as well as Law no. 190/2018 on measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing of Directive 95/46 / EC (General Regulation on data protection), published in the Official Gazette of Romania, Part I, no. 651 of July 26, 2018, observing the principles of legality, equity and transparency.

The processing of personal data within the FinTech Hub is performed for specified, explicit and legitimate purposes and is based on the principle of minimization, these data being adequate, relevant and strictly limited to the need to achieve the purposes for which they are processed.

The personal data collected in the execution of the specific activities within the FinTech Hub are kept in a form that allows the identification of the data subjects for a period that does not exceed the period of accomplishing the purposes for which the data are processed, in accordance with the legal provisions in force.

The processing of personal data is performed in a manner that ensures their adequate security, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage. In order to protect the personal data of the data subjects, the responsibility for their processing according to the legal provisions related to them is the responsibility of all ASF employees involved in the FinTech Hub activities.

The processing of the personal data provided within the FinTech Hub is performed on the basis of the provisions of art. 6 paragraph (1) letter e) of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR) which consider the fulfilment by the Financial Supervisory Authority (ASF), of a task that results from the exercise of public authority.

In these conditions, ASF processes the personal data of legal representatives and contact persons made available by the entities participating in the FinTech Hub initiative regarding last names, first names, telephone numbers, e-mail address, position in the entity, voice. These data are processed exclusively for the purpose of ensuring an efficient, integrated communication process within the FinTech Hub.

Furthermore, depending on the specific activities organized and carried out in the context and within the FinTech Hub initiative, personal data of the designated representatives of the entities participating in this initiative can be processed, i.e. data regarding the last name, surname, telephone number, e-mail address, position in the entity, voice, image and signature.

The personal data provided within the FinTech Hub are processed during the period necessary to fulfil the purposes for which the data were collected (this includes the duration of participation in the FinTech Hub, but also the storage period for auditing and legal purposes), as required by the legal provisions applicable in the field, under conditions of legality, transparency and fairness, by persons designated by the Financial Supervisory Authority to manage the FinTech Hub initiative.

Personal data provided within the FinTech Hub will not be made public by the Financial Supervisory Authority, will not be used for purposes other than those stated, will not be transmitted to other institutions or entities and will not be transmitted to third countries, with except for the situations expressly provided by law.

After the data processing operation is completed, they will be deleted or destroyed, depending on the media they were stored on. If there is a legal obligation to archive them, the data will be fully / partially archived, according to the legal provisions.

In accordance with the legal provisions in force in the field of personal data protection, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC , the data subjects benefit from the right to access the data provided, to request the rectification or deletion of the data, the right to restrict processing and the right of opposition, the right to data portability, the right to file a complaint with the supervisory authority regarding the personal data processing, the right not to be subject to an individual decision, and to withdraw consent at any time, where appropriate.

For the exercise of the rights presented above, or, to the extent that the data subject needs additional information or clarifications, they can be addressed in writing, by a dated and signed request, to the attention of the Personal Data Protection Officer within the ASF , at the ASF Registrar's Office, at the address of Bucharest, 15, Independenței Drive, 5th District, or to the e-mail address dpo@asfromania.ro.

In case the answer given to the request of a data subject is not considered satisfactory, one can resort to the National Supervisory Authority for the Personal Data Processing, at the address 28-30, G-ral Gheorghe Magheru Boulevard, 1st District, post code 010336, Bucharest, Romania, +40.318.059.211 / +40.318.059.212, anspdcp@dataprotection.ro, or can bring their case before a court of law.

ASF is committed to maintaining the confidentiality of the data and information received within the FinTech Hub in compliance with the legislation in force.

The opinions and views presented by the designated ASF specialists in the FinTech Hub refer to a specific situation described by a particular participant and cannot be considered as applicable in similar cases. The information provided is for guidance / advice only and does not in any way attract the legal responsibility of the Authority.

The views and opinions expressed within the FinTech Hub cannot be considered as assuming acceptance or approval regarding compliance with regulatory requirements. The responsibility for the evaluation and compliance with the regulatory requirements belongs to the entity concerned, which has the obligation to obtain the authorization, according to the legal provisions in force.

ASF reserves the right to change the opinion or view expressed in the FinTech Hub regarding a particular proposal, in particular in the case of legislative changes, subsequent analyses or the receipt of additional information on the species in question.

As for the personal data processed by ASF in carrying out the specific activities within the FinTech Hub, we mention that their processing is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of these data and repealing Directive 95/46 / EC (General Regulation on data protection), as well as Law no. 190/2018 on measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing of Directive 95/46 / EC (General Regulation on data protection), published in the Official Gazette of Romania, Part I, no. 651 of July 26, 2018, observing the principles of legality, equity and transparency.

The processing of personal data within the FinTech Hub is performed for specified, explicit and legitimate purposes and is based on the principle of minimization, these data being adequate, relevant and strictly limited to the need to achieve the purposes for which they are processed.

The personal data collected in the execution of the specific activities within the FinTech Hub are kept in a form that allows the identification of the data subjects for a period that does not exceed the period of accomplishing the purposes for which the data are processed, in accordance with the legal provisions in force.

The processing of personal data is performed in a manner that ensures their adequate security, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage. In order to protect the personal data of the data subjects, the responsibility for their processing according to the legal provisions related to them is the responsibility of all ASF employees involved in the FinTech Hub activities.

The processing of the personal data provided within the FinTech Hub is performed on the basis of the provisions of art. 6 paragraph (1) letter e) of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR) which consider the fulfilment by the Financial Supervisory Authority (ASF), of a task that results from the exercise of public authority.

In these conditions, ASF processes the personal data of legal representatives and contact persons made available by the entities participating in the FinTech Hub initiative regarding last names, first names, telephone numbers, e-mail address, position in the entity, voice. These data are processed exclusively for the purpose of ensuring an efficient, integrated communication process within the FinTech Hub.

Furthermore, depending on the specific activities organized and carried out in the context and within the FinTech Hub initiative, personal data of the designated representatives of the entities participating in this initiative can be processed, i.e. data regarding the last name, surname, telephone number, e-mail address, position in the entity, voice, image and signature.

The personal data provided within the FinTech Hub are processed during the period necessary to fulfil the purposes for which the data were collected (this includes the duration of participation in the FinTech Hub, but also the storage period for auditing and legal purposes), as required by the legal provisions applicable in the field, under conditions of legality, transparency and fairness, by persons designated by the Financial Supervisory Authority to manage the FinTech Hub initiative.

Personal data provided within the FinTech Hub will not be made public by the Financial Supervisory Authority, will not be used for purposes other than those stated, will not be transmitted to other institutions or entities and will not be transmitted to third countries, with except for the situations expressly provided by law.

After the data processing operation is completed, they will be deleted or destroyed, depending on the media they were stored on. If there is a legal obligation to archive them, the data will be fully / partially archived, according to the legal provisions.

In accordance with the legal provisions in force in the field of personal data protection, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC , the data subjects benefit from the right to access the data provided, to request the rectification or deletion of the data, the right to restrict processing and the right of opposition, the right to data portability, the right to file a complaint with the supervisory authority regarding the personal data processing, the right not to be subject to an individual decision, and to withdraw consent at any time, where appropriate.

For the exercise of the rights presented above, or, to the extent that the data subject needs additional information or clarifications, they can be addressed in writing, by a dated and signed request, to the attention of the Personal Data Protection Officer within the ASF , at the ASF Registrar's Office, at the address of Bucharest, 15, Independenței Drive, 5th District, or to the e-mail address dpo@asfromania.ro.

In case the answer given to the request of a data subject is not considered satisfactory, one can resort to the National Supervisory Authority for the Personal Data Processing, at the address 28-30, G-ral Gheorghe Magheru Boulevard, 1st District, post code 010336, Bucharest, Romania, +40.318.059.211 / +40.318.059.212, anspdcp@dataprotection.ro, or can bring their case before a court of law.