PRIVACY POLICY – Cluj Cultural Centre

GENERAL INFORMATION

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter – GDPR, Regulation, or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, and its provisions have been directly applicable since May 25, 2018. This Regulation expressly repeals Directive 95/46/EC, thereby also replacing the provisions of Law No. 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons within the territory of the European Union. From a substantive standpoint, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, undertakings with legal personality, including the name and type of the legal person and the contact details of the legal person.

Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

DATA CONTROLLER

In accordance with Article 4(7) of the Regulation, which defines the term “controller” as the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data, this Privacy Policy is developed and applied by:

Centrul Cultural Clujean
Headquarters: 3 Fluierașului St., Cluj-Napoca, Romania, Postal Code: 400073
Email:office@cccluj.ro
Website: https://cccluj.ro/

WHAT DATA WE COLLECT

The Centrul Cultural Clujean collects personal data only to the extent necessary to provide the requested services, under conditions of legality, fairness, and transparency. Data is collected through:

Contact forms available on the website (data provided voluntarily by users);
Newsletter subscription forms via the Mailchimp platform;
Cookies and similar technologies;
Server log files.

Data collected via contact forms

Data collected via the contact form may include: first and last name, email address, phone number (optional), message, relevant professional information (e.g., occupation, institution).

Sometimes the contact form redirects to the https://show.forms.app/ platform, which may use technologies such as cookies or pixels to process data and improve the user experience. We recommend reviewing the privacy policy of the relevant platform.

Data collected via the newsletter (Mailchimp)

Our website offers the option to subscribe to our newsletter. The data collected through this service includes: email address, first name, last name, and explicit consent to receive the newsletter.

The newsletter is managed through the Mailchimp platform, which is certified in accordance with legal mechanisms for international data transfer (standard contractual clauses). The data provided when subscribing to the newsletter is used exclusively for the purpose of sending periodic communications related to the activities of the Centrul Cultural Clujean.

You can unsubscribe at any time via the unsubscribe link in every email you receive or by contacting us directly atoffice@cccluj.ro .

Given that the Regulation primarily prohibits “the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the unique identification of a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation” (pursuant to Article 9(1)), the situations in which the processing of such data is permitted are then established:

a. the data subject has given explicit consent;

b. processing is necessary for the purposes of fulfilling the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection

c. processing is necessary to protect the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent;

d. the processing is carried out in the course of their legitimate activities and with appropriate safeguards by a foundation, an association, or any other non-profit body with political, philosophical, religious, or trade union aims, provided that the processing relates solely to members or former members of that body or to persons with whom it has regular contact in connection with its purposes, and that the personal data are not disclosed to third parties without the consent of the data subjects;

e. the processing relates to personal data which have been manifestly made public by the data subject;

f. the processing is necessary for the establishment, exercise, or defense of a legal claim in court or whenever courts act in the exercise of their judicial functions;

g. the processing is necessary for reasons of substantial public interest, based on Union or national law, which is proportionate to the objective pursued, respects the essence of the right to data protection, and provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject;

h. the processing is necessary for purposes related to preventive or occupational medicine, the assessment of an employee’s working capacity, the establishment of a medical diagnosis, the provision of medical or social care or treatment, or the management of health or social care systems and services, pursuant to Union or national law or pursuant to a contract with a healthcare professional and subject to compliance with the conditions and safeguards set out in the Regulation;

i. the processing is necessary for reasons of public interest in the area of public health, such as protection against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices, pursuant to Union or national law, which provides for appropriate and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; or

j. the processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, is proportionate to the objective pursued, respects the essence of the right to data protection, and provides for appropriate and specific measures to protect the fundamental rights and interests of the data subject.

LEGAL BASIS FOR PROCESSING

The processing of personal data is carried out on the basis of the following legal grounds provided for in Regulation (EU) 2016/679 (GDPR):

Art. 6(1)(a) – Consent of the data subject (for newsletter subscriptions, non-essential cookies);
Art. 6(1)(b) – Performance of a contract or pre-contractual measures at the data subject’s request (for information, requests for collaboration);
Art. 6(1)(c) – Compliance with a legal obligation (where legislation requires data retention);
Art. 6(1)(f) – The legitimate interests of the controller (for website security and fraud prevention).

PURPOSE OF PROCESSING THE COLLECTED DATA

Some of the data collected on this site is used for:

Providing the services we offer through our website (for example, to resolve any issues related to our projects, to provide support services, etc.)
Ensuring the optimal functioning and optimization of the website (statistical and analytical purposes) – We are constantly striving to provide you with the best experience on our website, which is why we may collect and use certain information regarding your level of satisfaction while browsing this site, and we may invite you to complete suggestion surveys or similar forms.
Online advertising and promotional activities. You may request at any time, through the means described in this document, that we cease processing your personal data for marketing purposes, and we will comply with your request as soon as possible.
Periodic user updates – We want to keep you informed about our activities by providing free materials and up-to-date information about our projects and events. To this end, we may send you any type of message containing general and topic-specific information, details about offers or promotions, as well as other communications such as market research and opinion polls. For communications of this type, we rely on the consent obtained in advance. You may change your mind and withdraw your consent at any time.
To protect our legitimate interests. There may be situations where we use or share information to protect our rights and business. These may include: measures to protect our website and its users from cyberattacks; measures to prevent and detect fraud attempts, including the transmission of information to the relevant public authorities; measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based both on the data subject’s consent and on the need to fulfill contractual obligations or to pursue the controller’s legitimate interests (unless the data subject’s interests or fundamental rights and freedoms, which require the protection of personal data, prevail, particularly when the data subject is a child).

Processing of Minors’ Personal Data

The services offered through this website are intended exclusively for individuals who are at least 16 years of age. Pursuant to Article 8 of the GDPR, consent to the processing of personal data in the context of information society services is valid for individuals who have reached the age of 16. For individuals under the age of 16, processing is lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility.

The operator of this website does not intentionally collect personal data from individuals under the age of 16 and does not sell products to individuals under this age without the consent of a parent or legal guardian. If you are a minor under the age of 16, please do not use this website and do not provide us with personal data without the consent and supervision of a parent or legal guardian.

If you are aware that a minor under the age of 16 has provided us with personal data without the consent of a parent or legal guardian, please contact us atoffice@cccluj.ro , and we will delete this data as soon as possible.

OBTAINING CONSENT

For the processing of personal data to be lawful, the GDPR requires that it be based on a legitimate ground, such as the performance or conclusion of a contract, compliance with a legal obligation, or valid consent previously given by the data subject. In the latter case, the controller is required to be able to demonstrate that the data subject has given consent for such processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions set forth in the GDPR.

Consent must be given by a statement or by a clear affirmative action constituting a freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of their personal data. If the data subject’s consent is given in the context of a statement, in electronic or written form, that also addresses other matters, the request for consent must be presented in a form that clearly distinguishes it from the other matters, and may even be provided by checking a box.

For the processing of personal data to be lawful, the GDPR requires that it be carried out on the basis of a legitimate ground, such as the performance or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of valid consent previously expressed by the data subject. In the latter case, the controller is required to be able to demonstrate that the data subject has given consent for such processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions set forth in the GDPR.

DATA RETENTION PERIOD

Personal data is stored for as long as necessary to fulfill the purposes for which it was collected or for as long as required by applicable law. In the absence of specific legal requirements, data is stored:

Contact data (forms): up to 3 years from the last interaction;
Newsletter data: for the duration of the subscription, and in accordance with Mailchimp’s policy after unsubscription;
Server log files: in accordance with internal security policies, generally for a maximum of 12 months;
Cookies: in accordance with the specific duration of each cookie (detailed in the following sections).

We review the collected data, analyzing to what extent their retention is necessary for the stated purposes, the legitimate interests of the data subjects, or the fulfillment of legal obligations by the Controller. After the expiration of the periods mentioned above, the data will be deleted or anonymized, unless there is a legal obligation to archive it for a longer period or another legal basis for continuing the processing.

DISCLOSURE OF PERSONAL DATA TO OTHER RECIPIENTS

The Controller discloses personal data (only if necessary and strictly to the extent required) to public entities and authorities, including, but not limited to: ANAF (National Agency for Fiscal Administration), ISU (Inspectorate for Emergency Situations), Police, Prosecutors’ Offices, Courts, City Hall, Local Council, County Council, Ministries, ANPC (National Authority for Consumer Protection), ANSPDCP (National Supervisory Authority for Personal Data Processing) in the exercise of its supervisory and control duties, accountants, auditors, lawyers, and other external consultants acting as authorized representatives or independent processors, as applicable.

We do not transfer data to third countries or international organizations, except in situations where the existing collaboration agreement requires it.

Thus, based on existing collaborative relationships and in order to perform our activities to the highest standards, we will share the provided data with:

• our partners and collaborators (billing services, marketing services, web hosting services, etc.),

• as well as to other online service providers (various tools and plugins), as mentioned in this Policy.

RIGHTS OF DATA SUBJECTS

Your rights regarding personal data and the means to exercise them are: Right to information, Right of access, Right to rectification, Right to erasure, Right to restriction of processing, Right to data portability, Right to object, The right not to be subject to a decision based solely on automated processing, The right to file a complaint and to bring the matter before the courts, The right to withdraw consent.

Right to information—you may request information regarding the processing of your personal data, the identity of the controller and its representative, or the recipients of your data;
Right of access – you may obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, if so, access to such data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the period for which the personal data are expected to be stored or, if this is not possible, the criteria used to determine that period; the right to request the controller to rectify or erase the personal data or to restrict the processing of the personal data, or the right to object to the processing, etc.
Right to rectification—you may correct inaccurate personal data or have it completed;
Right to erasure – you may request the erasure of your data if the processing was unlawful or in other cases provided for by law;
Right to restriction of processing—you may request the restriction of processing if you contest the accuracy of the data, as well as in other cases provided by law;
Right to data portability – under certain conditions, you may receive the personal data you have provided to us in a machine-readable format, or you may request that such data be transmitted to another controller;
Right to object—you may object, in particular, to data processing based on the controller’s legitimate interest;
The right not to be subject to a decision based solely on automated processing of data—you may request and obtain human intervention regarding such processing or express your own opinion regarding this type of processing;
The right to file a complaint and to bring a legal action—you may file a complaint regarding the manner in which your personal data is processed with the National Supervisory Authority for Personal Data Processing and/or bring a legal action to ensure your rights are respected;
Right to withdraw consent – in cases where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will only take effect for the future; processing carried out prior to withdrawal remains valid.

To exercise any of these rights, please contact us at:office@cccluj.ro . Your request does not need to follow a specific format, but it must include: your first and last name, the contact information where you wish to receive a response, a clear description of the right you wish to exercise, and, if possible, a copy of an identification document (to verify your identity and prevent unauthorized access to your data).

We will respond to your request within a maximum of 30 calendar days from the date of receipt. In particularly complex cases or in the event of a high volume of simultaneous requests, this period may be extended by an additional 60 days, provided that we inform you of this extension and the reasons for it within 30 days of receiving the request, in accordance with Article 12(3) of the GDPR.

The response to your request is free of charge. If your requests are manifestly unfounded or excessive (particularly due to their repetitive nature), we may either charge a reasonable fee taking into account administrative costs or refuse to comply with the request, providing justification for the refusal and informing you of your right to file a complaint with the ANSPDCP.

If you are not satisfied with the response you received or if you believe your rights have been violated, you have the right to file a complaint with: The National Supervisory Authority for Personal Data Processing (ANSPDCP) 28-30 General Gheorghe Magheru Blvd., Sector 1, Bucharest Phone: +40.318.059.211 Email:anspdcp@dataprotection.ro Website: www.dataprotection.ro

You also have the right to bring a claim before the competent courts in Romania or in the EU member state where you have your habitual residence.

COOKIE POLICY

What are cookies?

Cookies are small text files stored on your device (computer, phone, tablet) when you visit a website. They allow the website to recognize you on your next visit, remember your selected preferences, and provide a personalized experience.

Categories of cookies used

The websites of the Centrul Cultural Clujean may use the following categories of cookies:

Strictly necessary cookies – essential for the basic functioning of the website. Do not require consent;
Functional cookies – remember user preferences (e.g., selected language). May require consent depending on their nature;
Analytical cookies – collect data on how the website is used, for statistical purposes. Require consent;
Marketing/advertising cookies – used to personalize ads and profile interests. Require consent;
Security cookies – used to prevent fraud and protect sessions. They generally do not require consent, but some may be linked to third-party services.

Cookies used on the https://cccluj.ro/ website

The website uses the following cookies:

Cookie	Description	Duration	Type	Consent
PHPSESSID	Identifies the user’s unique session ID in PHP applications. Deleted when the browser is closed.	Session	Functional	Recommended
pll_language	Remembers the language selected by the user (Polylang plugin).	1 year	Functional	Recommended
elementor	Saves the page display settings (Elementor plugin). It is used for tracking.	Permanent	Functional	⚠️ Required
popup-impressions-count	Tracks the number of times a popup is displayed to prevent it from reappearing.	Session	Functional	⚠️ Required
wpEmojiSettingsSupports	Checks if the browser can display emojis correctly (WordPress).	Session	Functional	Not required

Google Maps Cookies (Contact Page – cccluj.ro)

The Contact page integrates Google Maps, which may set security, preference, and marketing cookies. Note: Google cookies marked with ⚠️ are enabled only upon consent. Data protection authorities recommend blocking Google cookies until consent is given, if the map is not essential for the website’s functionality.

Cookie	Description	Duration	Type	Consent
SECURITY COOKIES
__Secure-3PSIDTS	Security token for fraud prevention	~1 year	Security	✅ Not required
__Secure-3PSIDCC	User data protection cookie	~1 year	Security	✅ Not required
__Secure-1PSIDTS	Security token for session validation	~1 year	Security	✅ Not required
__Secure-1PSIDCC	Cookie to protect against unauthorized access	~1 year	Security	✅ Not required
__Secure-1PSID	Maintains the secure session of the user logged in to Google	~2 years	Security	✅ Not required
SSID	Stores authentication information for Google services	~2 years	Security	✅ Not required
SIDCC	Additional security cookie to protect user data	~1 year	Security	✅ Not required
SID	Google account authentication and protection cookie	~2 years	Security	✅ Not required
SEARCH_SAMESITE	Ensures the correct transmission of cookies in a cross-site context	~6 months	Security	✅ Not required
HSID	Used to prevent fraudulent access to Google accounts	~2 years	Security	✅ Not required
AEC	CSRF protection — ensures that requests are made by the user, not by malicious sites	~6 months	Security	✅ Not required
FUNCTIONAL COOKIES
__Secure-STRP	Used for fraud prevention and personalization	~6 months	Functional	⚠️ Required
__Secure-BUCKET	Used for traffic balancing and service optimization	~6 months	Functional	⚠️ Required
PREFERENCE COOKIES
__Secure-ENID	Stores preferences and unique identifiers for personalization	~13 months	Preferences	⚠️ Required
NID	Stores user preferences (e.g., language, SafeSearch); may support ad personalization	~6 months	Preferences	⚠️ Required
ANALYTICAL COOKIES
DV	Used for performance monitoring and analysis	~1 day	Analytics	⚠️ Required
MARKETING / ADVERTISING COOKIES
__Secure-3PSID	Creates interest profiles for advertising and personalization	~2 years	Marketing	⚠️ Required
__Secure-3PAPISID	Enables ad personalization on third-party sites	~2 years	Marketing	⚠️ Required
__Secure-1PAPISID	Used for ad personalization and measuring ad effectiveness	~2 years	Marketing	⚠️ Required
SAPISID	Used to personalize ads and create an interest profile	~2 years	Marketing	⚠️ Required
APISID	Enables the personalization of advertising content	~2 years	Marketing	⚠️ Required

COOKIE CONSENT MANAGEMENT

On your first visit to our website that uses cookies requiring consent, you will be informed via a dedicated banner. You can choose to:

Accept all cookies;
Reject non-essential cookies;
Customize your preferences regarding the categories of cookies you accept.

Strictly necessary cookies are enabled by default, as they are essential for the website to function. Withdrawing consent for optional cookies does not affect the lawfulness of previous processing.

You can also manage or delete cookies directly from your browser. Detailed instructions are available on the websites of the major browser providers: Chrome, Firefox, Safari, and Edge.

Contact Form

If you send us questions via the contact form, we will collect the data entered in the form, including the contact information you provide, in order to respond to your questions and any follow-up inquiries. We do not share this information without your permission. Therefore, we will process all data you enter in the contact form only with your consent [in accordance with the provisions of Art. 6(1)(a) of the GDPR]. You may revoke your consent at any time; an informal email to that effect is sufficient. Data processed prior to receiving your request may be processed lawfully.

We will retain the data you provide in the contact form until:

you request the deletion of the data;
you withdraw your consent to its storage, or
the purpose for storing it no longer applies.

Any mandatory legal provisions, particularly those regarding mandatory data retention periods, are not affected by the above.

Contacting us by email or phone

If you contact us via email or phone, your request, including all personal data you provide, will be stored and processed by us for the purpose of resolving your inquiry, based on the consent you have provided.

Therefore, we will process all data you provide in accordance with the following legal provisions of the GDPR, namely:

only with your consent—in accordance with the provisions of Article 6(1)(a) of the GDPR
for the performance of a contract or during the pre-contractual phase—in accordance with the provisions of Article 6(1)(b) of the GDPR
to fulfill the legitimate purpose and interest we pursue, namely the efficient processing of requests you submit—in accordance with Article 6(1)(f) of the GDPR.

We will retain the data you provide in this manner until:

you request the deletion of the data;
you withdraw your consent to its storage, or if
the purpose for storing it is no longer valid, in all cases except for mandatory data retention periods.

DATA CONTROLLER’S OBLIGATIONS

Hosting

Personal data recorded on this website is stored on a dedicated server of hosterion.ro.

The processing of the data provided and stored complies with the following legal provisions:

Art. 6(1)(a) GDPR – the processing of personal data is based on your consent, obtained following accurate and complete information;
Art. 6(1)(f) GDPR – data processing is carried out for the purposes of our legitimate interests.

Regardless of the purpose for which personal data is processed, the principles of lawfulness, fairness, and transparency are observed, as well as the principle that the personal data processed is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

For more information regarding the processing of personal data, please visit our Privacy Policy or request information at: office@cccluj.ro

Data Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. You can recognize this encryption by the lock icon that appears in the browser bar and by the change in the browser address from http:// to https://.

Once this type of encryption is activated, the data transmitted or transferred cannot be viewed by third parties.

In accordance with the GDPR, if a personal data breach is likely to result in a high risk to your rights and freedoms, the operator of this website will inform you, without

undue delay, of this breach, unless the supplementary provisions of the same Regulation (Art. 34(3)) apply.

Data Protection Officer

Since the provisions of the GDPR (Article 37(1)—according to which the controller and the processor’s authorized representative

by the controller shall designate a data protection officer whenever:

a. the processing is carried out by a public authority or body, with the exception of courts acting in their judicial capacity;

b. the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, scope, and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or

c. the core activities of the controller or the processor consist of the processing on a large scale of special categories of data pursuant to Article 9 or of personal data relating to criminal convictions and offenses, as referred to in Article 10) regarding the obligation to appoint a Data Protection Officer, For any information or clarification regarding the operation of this website, please contact us at the following details:

Phone: +40 372 773 603
Email address: office@cccluj.ro
Mailing address: 3 Fluierașului Street, Cluj-Napoca, Romania, postal code 400073

Records of processing activities

In accordance with the GDPR, the controller or the processor should maintain, for a reasonable period of time, records of the processing activities under its responsibility. Thus, these records shall contain the following information:

the name and contact details of the controller;
the purposes of the processing;
a description of the categories of data subjects and the categories of personal data;
the categories of recipients to whom the personal data have been or will be disclosed;
if applicable/possible:
transfers of personal data
the expected time limits for the erasure of the various categories of data
a general description of the technical and organizational security measures

The obligation described above does not apply to an enterprise or organization with fewer than 250 employees, unless the processing they carry out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing involves special categories of data or personal data relating to criminal convictions and offenses.

Appropriate technical and organizational measures

Taking into account the state of the art, the context and the purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.

Notification to the supervisory authority in the event of a personal data breach

In accordance with Article 33(1) of the GDPR, in the event of a personal data breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where feasible, no later than 72 hours after we become aware of it, unless it is unlikely to pose a risk to the rights and freedoms of natural persons.

Notifying the data subject of a personal data breach

In accordance with the provisions of Article 34 of the GDPR, if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject without undue delay of this breach, except in situations where:

appropriate technical and organizational protection measures have been implemented, and these measures have been applied to the personal data affected by the personal data breach, in particular measures ensuring that the personal data becomes unintelligible to any person who is not authorized to access it, such as encryption;
further measures have been taken to ensure that the high risk to the rights and freedoms of the data subjects mentioned above is no longer likely to materialize;
would require a disproportionate effort. In this situation, a public notice is issued or a similar measure is taken to inform data subjects in an equally effective manner.

TOOLS & PLUG-INS

Facebook Plug-ins (API)

This website uses social plugins (“plugins”) managed by the social network facebook.com. The plugins can be identified by a Facebook logo (a white “f” on a blue background or a “thumbs up” sign) or are labeled with the phrase “Facebook Social Plugin.” The list and appearance of Facebook plugins can be viewed here: https://developers.facebook.com/docs// . If you use the Like button, you will like our website’s Facebook page without having to leave it. If you use the Share extension, you will share our website or specific content from it on your personal Facebook page without having to leave the website.

Through the plugin, Facebook receives information about your activity on our website. If you are logged into Facebook at the same time, Facebook can associate the actions you take on the page with your account and, by extension, with you personally. When you interact with the plugins—for example, by clicking the Like button or sharing specific content from the site—the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, there is still a possibility that the social network may obtain and store your IP address.

By clicking on one of these buttons, you consent to the use of this plugin and, consequently, to the transfer of personal data to Facebook. We have no control over the nature and purpose of this transmitted data, nor over its subsequent processing.

In light of the judgment of July 16, 2020 (delivered in Case C-311/18 – Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems), the Court of Justice of the European Union ruled that the protection provided by the EU–US Privacy Shield is not adequate.

Consequently, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCCs). The Commission has issued two sets of Standard Contractual Clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from data controllers in the EU to data processors established outside the EU or the EEA. For more information on these Clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Facebook uses Standard Contractual Clauses as an appropriate safeguard for data protection, in accordance with the level of protection guaranteed by the GDPR.

Effective July 10, 2023, the European Commission adopted Adequacy Decision No. 2023/1795 on the EU-US Data Privacy Framework (DPF), which constitutes a new legal basis for the transfer of personal data from the European Union to companies in the United States certified under the DPF. Meta Platforms is certified under the DPF, so data transfers may be based, as appropriate, on this adequacy decision, in addition to or as an alternative to the Standard Contractual Clauses mentioned above. Information regarding the certification can be found at: https://www.dataprivacyframework.gov/s/participant-search

For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum, regarding the purpose and scope of data collection, the processing and further use of data by Facebook, as well as permissions and settings for protecting your privacy.

Instagram

This website uses social plugins (“plugins”) operated by the social network Instagram, a service provided by Instagram Inc., located at 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins can be identified by an Instagram logo or are labeled with the phrase “Instagram Social Plugin.”

Through the plugin, Instagram is informed about the actions you take on our page. If you are logged into your personal social media account at the same time, Instagram may associate the actions taken on the page with your Instagram account and, by extension, with you personally. When you access the plugins, the relevant information is transferred from your browser to the social network and stored there. Even if you are not an Instagram member, there is still a possibility that Instagram may obtain and store your IP address.

By clicking on one of these buttons, you consent to the use of this plugin and, consequently, to the transfer of personal data to Instagram. We have no control over the nature and purpose of this transmitted data, nor over its subsequent processing. Regarding the purpose and scope of data collection, the processing and further use of data by Instagram, as well as the permissions and settings for protecting user privacy, you can consult Instagram’s privacy policies at: https://help.instagram.com/519522125107875.

In light of the Judgment of July 16, 2020 (rendered in Case C-311/18—Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU–US Privacy Shield is not adequate.

Instagram uses Standard Contractual Clauses as an appropriate safeguard for data protection, in accordance with the level of protection guaranteed by the GDPR.

For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

Newsletter

To receive a newsletter, you must provide a valid email address along with specific information that identifies the owner of that address. We also require your consent to send you the newsletter; therefore, please note that any other personal data will be collected and stored only with your consent. The data collected in this manner is processed solely for the purpose of sending the newsletter and will not be disclosed to third parties.

Subscription to the newsletter is carried out exclusively via a two-step confirmation process (double opt-in): after entering your email address in the subscription form, you will receive an automatic confirmation email at the address provided. Your subscription becomes effective and your data will be processed for marketing purposes only after you confirm your request by clicking the link in this confirmation email. This procedure is intended to prevent unauthorized registrations and to ensure that the processing of your data for marketing purposes is based on free, specific, informed, and unambiguous consent, in accordance with Article 6(1)(a) of the GDPR and the provisions of Article 12 of Law No. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector. We record and store: the IP address from which the subscription was made, the date and time of the subscription, the date and time of confirmation, as well as the content of the completed form. This record serves as proof of consent and as a means of investigating any unauthorized use.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Article 6(1)(a) of the GDPR.

You may exercise your right to withdraw consent for the transmission of newsletters at any time by clicking the “unsubscribe” link within the newsletter. We will continue to store data collected prior to unsubscription; mandatory retention periods remain in effect and will be observed. Data we have stored for other purposes (e.g., email addresses for member registration) are not affected.

MailChimp

This site uses MailChimp services to send newsletters, as MailChimp is a service that can be used to organize and analyze newsletter distribution.

When you enter data to subscribe to the newsletter, the information is stored on MailChimp’s servers in the United States; this service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Furthermore, MailChimp can also be used to analyze the performance of newsletter campaigns and to generate statistical data regarding these campaigns, with the aim of adapting and optimizing them. Thus, if you open an email sent via MailChimp, a file embedded in the email (a so-called web beacon) connects to MailChimp’s servers in the United States. As a result, it can be determined whether or not a newsletter was opened and which link was subsequently clicked. Technical information is also recorded at that time (e.g., access time, IP address, browser type, and operating system).

Therefore, the transfer of personal data to the United States and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCCs). The Commission has issued two sets of Standard Contractual Clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from data controllers in the EU to data processors established outside the EU or the EEA. For more information on these Clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

MailChimp uses Standard Contractual Clauses as an appropriate safeguard for data protection, in accordance with the level of protection guaranteed by the GDPR. For more information, visit https://mailchimp.com/legal/data-processing-addendum/#Annex_C and view the full privacy policy available here: https://mailchimp.com/legal/data-processing-addendum/.

Google Web Fonts

This site uses Web Fonts provided by Google to ensure consistent font usage on this site.

When you access a page on this website, your browser will load the web fonts necessary for the correct display of text and fonts by establishing a connection with Google’s servers. Thus, the use of Google Web Fonts is based on Article 6(1)(f) of the GDPR, as there is a legitimate interest in the uniform presentation of fonts on this website. If consent has been given in this regard, the data will be processed exclusively on the basis of Article 6(1)(a) of the GDPR.

For more information on how Google Web Fonts handles user data, please refer to the Privacy Policy available at: https://policies.google.com/privacy?hl=en.

Further details regarding GDPR compliance through the use of Google Web Fonts can be found in Google’s Statement dated November 18, 2022.

Google Maps

This website uses Google Maps, a mapping and location service, via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.

To ensure data protection on our website, you will find that Google Maps has been deactivated when you visit our website for the first time. A direct connection to Google’s servers will not be established before you activate Google Maps yourself, i.e., with your consent in accordance with Article 6(1)(a) of the GDPR. This will prevent the transfer of data to Google during your first visit to our website. Once you have activated the service, Google Maps will store your IP address. As a rule, it is subsequently transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.

In light of the Judgment of July 16, 2020 (rendered in Case C-311/18—Data Protection Commissioner v. Facebook Ireland Limited, Maximilian Schrems), the European Court of Justice ruled that the protection provided by the EU–US Privacy Shield is not adequate.

Google Maps uses Standard Contractual Clauses as an appropriate safeguard for data protection, in accordance with the level of protection guaranteed by the GDPR. For more information, please see Google’s Privacy Policy at the following link: https://policies.google.com/privacy.

CONCLUSION

This policy regarding the processing of personal data is drafted in accordance with the provisions of Regulation No. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as with other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend reviewing the Policy regularly to ensure you have accurate and up-to-date information regarding the processing of personal data.

For more details regarding this GDPR Policy, as well as to exercise any of

mentioned above, a written notice may be sent to the contact details indicated above.

CONTACT AND COMPLAINTS

For any questions, requests, or complaints regarding the processing of personal data, you may contact us:

Centrul Cultural Clujean

3 Fluierașului Street, Cluj-Napoca, Romania, ZIP code: 400073

Email:office@cccluj.ro

Web: https://cccluj.ro/

Last updated: March 2026

Checkbox on contact form/newsletter subscription

☐I agree and have read the Privacy Policy, particularly regarding the consent given for the processing of my personal data.

Cookie pop-up

Banner template:

Text:

Cookies strictly necessary for the technical functioning of the website are stored without prior consent, based on the legitimate interest of the controller (Art. 6(1)(f) GDPR and Art. 4(5) of Law No. 506/2004). All other categories of cookies are enabled only after the user has given explicit consent.

The preferences you set are saved and can be changed at any time by accessing the cookie settings section at the bottom of the website (Cookie Settings). You may withdraw your consent at any time without any negative consequences for you. More information here

Tastează și apasă Enter pentru căutare