Skip to main content
Cluj-Napoca, Romania
+40 721 947 501

Privacy and data protection policy

1. Introduction

1.1 Background

When you use this website, you entrust us with your information. The purpose of this Privacy Policy is to explain what data we collect, why we collect it, and what we do with it.

This information is important. We hope you will read it carefully.

Through this policy, GREEN CATS ASSOCIATION/PISICILE VERZI commits, as a data controller, to respect the confidentiality of the personal data of any user – a natural person – who accesses this website, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), published in the Official Journal of the European Union no. L 119/1 of 04.05.2016 (hereinafter referred to as GDPR), together with the provisions of other applicable personal data protection laws (Law no. 102/2005, as amended, Law no. 190/2018, Law no. 506/2004, Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016, Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002).

To the extent that users are asked to provide any personal data, they will do so voluntarily.

GREEN CATS ASSOCIATION/PISICILE VERZI, as the personal data controller, is not responsible for unsolicited personal data received.

According to Article 4 of the GDPR, “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.2. Controller details

GREEN CATS ASSOCIATION/PISICILE VERZI is headquartered in Ilfov County, Voluntari City, Stefu Pompiliu Street, no. 40, with VAT number 43119243 and accounts opened at Banca Transilvania, RON IBAN: RO61BTRLRONCRT0594209501, EUR IBAN: RO11BTRLEURCRT0594209501.

Throughout this policy, GREEN CATS ASSOCIATION/PISICILE VERZI will be referred to as “the Controller” as per the GDPR definition mentioned above.

2. Definitions of terms and key applicable concepts

2.1. The GDPR specifically concerns the processing of personal data by data controllers.

2.2. Key terms defined in Article 4 of the GDPR:

2.2.1. “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2.2.2. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.2.3. “Data subject’s consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2.2.4. “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. Principles and purpose of processing

The processing of all personal data must align with the principles set out in the regulation. To implement the GDPR, it is essential that the principles outlined in Article 5 of the GDPR are understood. As these principles form the foundation of GDPR requirements, they must be known and understood by the Controller’s members, volunteers, and collaborators.

3.1. Personal data shall be processed lawfully, fairly and in a transparent manner (“lawfulness, fairness and transparency”). The Controller will not process data that is not legitimate. It will also be transparent about how personal data is processed and inform data subjects clearly and openly.

3.2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”). Data must only be processed for the legitimate reason for which it was originally collected. Processing beyond the original purpose is not allowed.

3.3. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”). Only the data required to fulfil the specific purpose should be collected.

3.4. Personal data shall be accurate and, where necessary, kept up to date. The Controller shall take all reasonable steps to ensure inaccurate data is erased or rectified without delay (“accuracy”).

3.5. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”). A retention period must be defined for each data set. Once the retention period expires, the data must be deleted.

3.6. Personal data shall be processed in a manner that ensures appropriate security of the data through suitable technical or organisational measures (“integrity and confidentiality”).

3.7. The Controller shall be responsible for and able to demonstrate compliance with these principles (“accountability”).

Personal data will only be processed when one of the legal bases outlined in Article 6(1) of the GDPR is met.

These legal bases are:

  • Consent of the data subject.
  • Processing necessary for the performance of a contract.
  • Processing necessary to comply with a legal obligation.
  • Processing necessary to protect the vital interests of the data subject or another person.
  • Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Processing necessary for the purposes of the legitimate interests pursued by the Controller or a third party, unless overridden by the data subject’s rights and freedoms, particularly if the data subject is a child.

The correct legal basis must be determined before data collection and processing begins.

4. Our commitment to confidentiality

4.1. Our policy on the protection and security of personal data is to process only the personal data necessary for carrying out our activities, including the proper management of this website, and to request users to provide only those personal data strictly required to fulfil these purposes.

4.2. We make every effort to protect this website, the services offered through it, and the personal data of users collected via this website from unauthorised access, alteration, disclosure, or destruction.

4.3. We will never disclose or sell confidential information to unauthorised third parties and will use all available means to ensure such information remains secure.

4.4. Whenever we collect personal data, the purpose of collection relates to informing users about our projects, our collaborators’ and beneficiaries’ projects, creating fundraising pages or donation forms, making online and offline donations, and generating statistics on website usage.

4.5. We will take all necessary measures to safeguard the security of voluntarily provided information and will not share this information with any other entity, natural or legal person, unless disclosure is permitted or required by applicable law.

4.6. We inform you that any data subject whose personal data is collected by accessing this website has, under Article 12 of the GDPR, the following rights:

Right to information

This right allows the data subject to request from the Controller details about the personal data being processed and the purpose of such processing. For example, a user may request a list of processors to whom their personal data has been transferred.

Right of access

This right allows the data subject to access their personal data processed by the Controller. It includes the right to view or obtain copies of their personal data.

To request a copy of your personal data held by us, please send a written, dated, and signed request by email to: contact@green-cats.org.

Before responding, we may ask you to confirm your identity and provide additional information. We will respond as soon as possible and within the legal deadlines.

Right to rectification

This right allows the data subject to request amendments to their personal data if they believe the data is outdated or inaccurate.

Right to withdraw consent

This right allows the data subject to withdraw previously given consent for the processing of their personal data for a specific purpose. This applies when the processing is based on:

  • Article 6(1)(a): “the data subject has given consent to the processing of their personal data for one or more specific purposes”;
  • Article 9(2)(a): “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject’s consent”.

This does not affect the lawfulness of processing based on consent before its withdrawal. In other words, previous processing remains lawful.

You can change or withdraw your consent at any time by submitting a written, dated, and signed request either to our postal address in Voluntari, Ilfov County, Stefu Pompiliu Street, no. 40, or via email to: contact@green-cats.org. Once we receive your request, we will cease the processing, unless we have a legal or legitimate reason to continue.

Right to object

This right allows the data subject to object to processing, including automated processing and profiling.

Right to erasure (“right to be forgotten”)

This right allows the data subject to request the deletion of their personal data. The Controller is required to comply without undue delay, within a maximum of 30 days. If a legal basis exists for retention, the subject will be informed and only the data subject to those requirements will be retained.

Right to data portability

This right allows the data subject to request the transfer of their personal data to another controller.

Right not to be subject to automated decision-making

This right allows the data subject to oppose processing that may lead to automated decision-making.

Right to lodge a complaint with the National Data Protection Authority (ANSPDCP)

Any complaints about GDPR violations will be documented and logged by the Customer Relations department and brought to the attention of the Controller’s management. The response will be communicated using the email address contact@green-cats.org, or another agreed communication method.

The internal compliance officer will review complaints and requests monthly. The resolution time is a maximum of 20 days from the date of registration.

If you have questions or concerns about how your personal data is handled, or you wish to exercise your legal rights, please contact the Controller’s Data Protection Officer, DATA PROTECTION OFFICER SERVICES SRL, at gdpr@hodos.eu or by post/courier at: Tîrgu Mureș, Târgului Street, no. 15, Mureș County.

The contact details for the Romanian Data Protection Authority (ANSPDCP) are as follows: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal, B-dul General Gheorghe Magheru no. 28-30, Sector 1, Bucharest, postal code 010336; phone: 031/8059211; fax: 031/8059602; email: anspdcp@dataprotection.ro; website: https://www.dataprotection.ro/.

5. Information we collect

5.1. We collect information to provide better services to all our users.

5.2. This website collects personal data through the following means:

Directly from you – when you fill in information on the website’s forms (e.g. contact form, comment form, newsletter subscription form, fundraising page creation form, online donation form, etc.).

Automatically through the use of this website – using automated methods that detect the device or connection you use to access the website:

Device information

This includes, for example, your IP address, browser type and version, browser plug-in types and versions, operating system and platform.

Log Information

When you use our services, we automatically collect and store certain information in server logs.

Location information

We use various technologies to determine your location, including IP address, GPS signals transmitted through your browser, or other sensors.

Cookies and similar technologies

We and our partners use different technologies to collect and store information when you access a service, including cookies and similar technologies that identify your browser or device.

5.3. The personal data processed when a user accesses this website include the following:

  • Full name, email address, phone number, and in some cases (such as when creating fundraising pages) date of birth and photos;
  • IP address;
  • Online session duration;
  • Pages visited;
  • Time spent on each page;
  • Search queries;
  • Date and time of the request;
  • Access details (URL used to access the website);
  • Browser type;
  • Browser language;
  • Operating system type;
  • JavaScript support used;
  • Screen resolution;
  • Colour processing capability;
  • Network location from which the website is accessed (for traffic monitoring and processing of necessary, functional, and marketing cookies).

5.4. Our organisation also processes personal data of individuals who want to get involved in fundraising activities by creating personal fundraising pages via the website https://green-cats.org/en/ and/or through microsites hosted on GREEN CATS/PISICILE VERZI subdomains, or of those who wish to donate through the online donation tools provided by the Association.

5.5. To create a personal fundraising page, individuals are required to complete the following personal information fields on https://green-cats.org/en/ or on the GREEN CATS/PISICILE VERZI microsites:

  • Full name
  • Date of birth
  • Email address
  • Phone number

To make a donation using the fundraising tools provided by the Association, individuals must complete fields with the following personal data:

  • Full name
  • Email address
  • Donation amount

5.6. When creating fundraising pages on GREEN CATS/PISICILE VERZI microsites, the Association will also process the employment status of the individual if the page was created as part of a collaboration between the Association and the employer of the data subject.

5.7. If a fundraising page is created by an employee of the Association, all data processing is also subject to the individual employment contract and the Association’s internal regulations.

5.8. In these cases, the Association, as a data controller, undertakes to comply with the following responsibilities (without being limited to):

  • Ensuring the data subject’s rights are respected (access, rectification, erasure, restriction, portability, objection, and complaint);
  • Notifying relevant parties of data breaches within 72 hours;
  • Meeting all mandatory documentation obligations in accordance with EU Regulation 679/2016.

5.9. The Association will process employee data only within the limits of fulfilling employment contracts and related legal requirements. Any additional processing requires a separate agreement.

5.10. Our policy is to collect only the data necessary for employment purposes and internal human resources management. Employees are expected to provide only relevant information.

5.11. Personal data may be shared or disclosed to third parties such as public authorities, auditors, or control bodies when legally required or to protect the Association’s legitimate interests.

5.12. Employees are obliged to process personal data in accordance with GDPR and national law in the course of their job duties.

5.13. Employees are forbidden from disclosing personal data obtained through their work, except where required by law.

5.14. Any GDPR violations by employees constitute a serious disciplinary offence and may lead to sanctions, including dismissal, even on a first offence.

6. How we use the information we collect

6.1. We use the information we collect across all our services to deliver, manage, protect, and improve them, to develop new services, and to protect this website, its administrators, and its users. We also use this information to provide you with personalised content, such as more relevant search results and tailored announcements.

6.2. Where permitted by law, we may combine information received from other sources (including social networks) with the information you provide to us and with the information we collect about you — including data collected via cookies.

6.3. We may use and combine this information to better understand your preferences as a user, to enhance your experience on this website, and to provide information, content, and offers tailored to your needs.

6.4. In addition to the above, your information may also be used in the following situations:

  • To respond to your questions and requests;
  • To process transactions related to online donations;
  • To comply with legal requirements associated with online donations;
  • To send notices about technical issues or service changes;
  • To detect, investigate, and prevent activities that may violate our policies or applicable laws.

7. Information we share

7.1. The personal data we process will not be shared with parties outside our organisation except in the following situations:

With your consent

We will share personal information with companies, organisations, or individuals outside our organisation when we have your explicit consent or when our Association has a legal obligation to do so.

To provide payment processing services

Where applicable, we may transfer or grant access to some of your personal data to third-party providers or partners so we can deliver the services you have opted into. These may include:

  • Courier service providers;
  • Payment or banking service providers (e.g., online payment processors).

Third parties to whom we provide your personal data are fully responsible for using that data in accordance with current legal regulations.

For legal reasons

We may access, use, store, or disclose personal data if we believe in good faith that it is reasonably necessary to:

  • Comply with applicable laws, regulations, legal processes, or enforceable governmental requests;
  • Enforce our Terms and Conditions, including investigating potential violations;
  • Detect, prevent, or otherwise address fraud, security, or technical issues.

8. Information security

8.1. We make every effort to protect this website, the services it offers, and our users from unauthorised access or from the unauthorised alteration, disclosure, or destruction of the information we hold.

8.2. We have implemented appropriate physical, administrative, and technical procedures designed to reasonably protect and secure the information collected online. These safety procedures include data encryption, firewalls, usage controls, access restrictions, and physical access control during the collection, transmission, and storage of personal information.

8.3. However, despite our diligent efforts, no method of transmitting information over the Internet or of electronic data storage is 100% secure, and we cannot guarantee absolute security.

9. Third-Party services and links

9.1. To provide our services, we use third-party service providers. These include:

Traffic analysis and monitoring

Applications are used to monitor and analyse user behaviour on the website. The information is used to improve our services. These services do not have access to your name or other personally identifiable information. For this purpose, we use: Google Analytics.

Online payment processing

For users who wish to support the Controller or the beneficiary organisations on this website through online donations, we use integrations with various online payment processors. You can consult the list of processors integrated with this website HERE, and view each processor’s privacy policy on their respective website.

9.2. In delivering services, we may include web links to third-party websites. These sites have their own privacy policies. As we do not control the websites to which we link, we recommend that you read their terms and privacy policies when visiting them.

10. Retention of personal data

10.1. Personal data will be retained for as long as the purpose for which it was collected remains valid or as long as required by applicable law.

10.2. The Controller will determine a specific retention period after the purpose has expired, to allow time for any complaints by data subjects to be addressed.

10.3. If a data subject requests the deletion of their personal data, the request will be recorded immediately. During the resolution process, the Controller will verify whether legal requirements for retaining the data still apply. If such requirements exist, only the necessary data will be retained, and the data subject will be informed.

10.4. The notification to the data subject will include the legally required retention period as well as their right to file a complaint with the supervisory authority if they disagree. If no legal requirement applies, the data will be deleted and the data subject will be notified.

10.5. Requests for deletion of personal data will be processed within a maximum of 30 days.

10.6. Upon request, personal data may be transferred to another controller as quickly as possible (no more than 30 days), and it will be deleted if there is no legal basis for retaining it.

11. Sensitive information and recommendations

11.1. The data that users upload on this website — on event pages, project pages, fundraising pages, messages accompanying online donations, comments, etc. — is displayed publicly.

11.2. Users of this website are responsible for the data they upload in fields and on pages that are publicly visible in any format (text, video, audio, photo).

11.3. The administrator of this website reserves the right to delete personal data uploaded by users that do not comply with the provisions of the GDPR.

11.4. Please note that publishing any personal data without the individual’s consent is prohibited.

11.5. To avoid any non-compliant situations, please carefully consider the data you intend to publish on this website. Additionally, we offer the following recommendations regarding sensitive data:

  • Do not publish sensitive medical information such as medical letters, health conditions, or treatment details, or photos or videos illustrating such information;
  • Do not publish sensitive data related to minors;
  • If you wish to create a fundraising page or make a donation on behalf of a minor through this website, please pay special attention to the sensitive information you are about to make public.

12. Useful links

Useful information regarding the implementation of the GDPR and the rights of data subjects whose personal data is processed by the Controller can be found by visiting the following websites:

For any other information related to the processing of personal data, any data subject may contact us by email at: contact@green-cats.org.

Last updated: 1 April 2022

Cookies

Green Cats
Green Cats

Together we make the world a better place, one cat at a time!

Green Cats is a non-governmental organisation, founded in 2020, dedicated to animal protection, with a primary focus on the protection of cats.

Contact
  Cluj-Napoca, Romania
+40 721 947 501
contact@green-cats.org
LinkedIn
Facebook
Instagram
TikTok
PayPal
Patreon
Galantom

Programmes

Neutering program
Medical emergencies

Get Involved!

Volunteering
  • Traits of a Green volunteer
  • What can you do as a volunteer?
  • How can you become a volunteer?
Fostering
  • How to become a fosterer?
  • What should you know before becoming a fosterer?
  • Why become a fosterer?
Adopt
  • How to adopt a cat?
  • What should you know before adopting?
Become a partner

About Us

Mission and values
Our team
Media appearances
Did you know
Donate

Donate by card

Donate by bank transfer

Name

Asociația Green Cats

IBAN RON

RO61BTRLRONCRT0594209501

IBAN EUR

RO11BTRLEURCRT0594209501

Donate via PayPal/Patreon

PayPal
Patreon

Redirect income/profit tax

Individuals

Formular230.ro

Legal entities

Contract

Create a fundraising page

galantom.ro

Donate food, litter and toys

Carrefour Cluj Stand (Blvd. 1 Decembrie 1918, 142)

See the map
Vet partners
EnergyVet
Echo Vet
Multiserv Animalia
SiriVet
USAMV
Feline Focus
Radiologie 4VET
Petsilvania Animals
Terms and conditions
Privacy and data protection policy

Asociația Green Cats / Pisicile Verzi

Pompiliu Ștefu 40, Voluntari, Ilfov | CRN 43119243 | Place of operation: Cluj-Napoca