GDPR Policy

Last updated: November 2025

1. Introduction & Scope

This GDPR Policy explains how ASOCIATIA SPHERIK (“the Association”, “we”, “us”, “our”) processes personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • Applicable Romanian data protection legislation

This Policy applies to all personal data collected through:

  • The website
  • Program and event registrations
  • Ticket purchases
  • Digital product and service purchases
  • Newsletter subscriptions
  • Contact forms
  • Donations
  • Partner collaborations and project participation

By using our website or services, you acknowledge and agree to the processing of your personal data as described in this Policy.

2. Data Controller

The data controller for all personal data processed under this Policy is:

ASOCIATIA SPHERIK
Registered office: 21 Garii Street, Cluj-Napoca, Romania
Email: contact@spherikaccelerator.com

3. What Is Personal Data

“Personal data” means any information relating to an identified or identifiable natural person, including but not limited to:

  • Name and surname
  • Email address
  • Telephone number
  • Billing information
  • IP address
  • User account details
  • Professional affiliation
  • Registration and participation data

4. Categories of Personal Data We Collect

We may collect and process the following categories of data:

  • a) Identification data: name, surname, username, organisation, role.
  • b) Contact data: email address, phone number, and address.
  • c) Transaction data: billing details, payment confirmations, invoices, and donations.
  • d) Technical data: IP address, browser type, device type, operating system, and cookies.
  • e) Program & Event data: applications, registrations, attendance records, certificates.
  • f) Marketing data: newsletter subscriptions, communication preferences.

5. How Personal Data Is Collected

We collect data through:

  • Website forms
  • Event and program registrations
  • Online purchases
  • Newsletter subscriptions
  • Cookies and analytics tools
  • Email and direct communication

6. Purposes of Data Processing

Personal data is processed strictly for legitimate purposes, including:

  • Managing program applications and participation
  • Event registration and ticket validation
  • Delivering digital products and services
  • Scheduling consultations and services
  • Processing donations
  • Issuing invoices and financial documentation
  • Customer support and communication
  • Legal and regulatory compliance
  • Marketing communications (with consent)
  • Website security and performance optimisation

7. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR)
  • Contract performance (Art. 6(1)(b))
  • Legal obligation (Art. 6(1)(c))
  • Legitimate interest (Art. 6(1)(f))

8. Data Sharing with Third Parties

We may share personal data only with:

  • IT and hosting providers
  • Payment processors
  • Accounting and legal service providers
  • Analytics and website optimisation tools
  • Public authorities, when legally required

All third parties are contractually bound to respect GDPR confidentiality and security standards.

9. International Data Transfers

Where necessary, data may be transferred outside the European Economic Area (EEA) only:

  • With appropriate safeguards
  • Under Standard Contractual Clauses
  • With GDPR-compliant processors

10. Data Security Measures

We implement appropriate technical and organisational measures, including:

  • SSL/TLS encryption
  • Secure cloud hosting
  • Access control and authentication
  • Regular system monitoring
  • Data minimisation practices

11. Data Retention Period

Personal data is stored:

  • Only as long as necessary to fulfil the processing purpose
  • According to legal archiving requirements
  • For marketing purposes until consent is withdrawn

12. Rights of the Data Subject

Under GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the supervisory authority

13. Exercising Your Rights

To exercise your rights, send a written request to:
contact@spherikaccelerator.com

Requests will be handled within 30 days, in accordance with GDPR.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects on users.

15. Complaints

If you believe your rights have been violated, you may file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP – Romania).

16. Changes to This Policy

We reserve the right to update this GDPR Policy at any time. Any changes will be published on the website and become effective upon publication.