Data Protection (GDPR) – UNIT Party

• Lawfulness, fairness and transparency – data is processed lawfully and with full information to the data subject.
• Purpose limitation – data is collected only for specific, explicit and legitimate purposes.
• Data minimization – only data strictly necessary for the activities of the UNIT Party is collected.
• Accuracy – data must be correct and up to date.
• Storage limitation – data is retained only as long as necessary for the declared purpose or to meet legal obligations.
• Integrity and confidentiality – security measures are implemented to protect against unauthorized access or data loss.
• Accountability – the UNIT Party is responsible for demonstrating compliance with these principles (Art. 5 GDPR).

Data processing by the UNIT Party is carried out in accordance with GDPR and Law no. 190/2018 on the implementation of the Regulation. Since May 25, 2018, controllers are no longer required to register with the Romanian Data Protection Authority (ANSPDCP), but full compliance with GDPR remains mandatory. The legal basis for processing may include: the consent of the data subject (Art. 6(1)(a)), legal obligations (Art. 6(1)(c)), legitimate interest (Art. 6(1)(f)) or other grounds provided by the Regulation.

• Right of access – to know what data is processed and for what purpose.
• Right to rectification – correction or completion of inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – deletion of data when no legal basis exists for processing.
• Right to restriction – to limit processing in certain cases.
• Right to data portability – transfer of your data to you or to another controller.
• Right to object – you may object to processing, particularly for direct marketing.
• Rights regarding automated decision-making and profiling – you have the right not to be subject to automated decisions.
• Right to lodge a complaint – with the ANSPDCP or the competent courts.

In Romania, the competent authority is ANSPDCP (National Supervisory Authority for Personal Data Processing). It monitors GDPR implementation and may apply penalties for non-compliance.

Violations of GDPR may result in administrative fines of up to EUR 20 million or 4% of annual global turnover (Art. 83 GDPR). The UNIT Party is required to implement adequate policies and technical measures to prevent such situations and demonstrate compliance.

This GDPR policy may be updated periodically to reflect legislative or regulatory changes. Any updates will be published on the website, and registered users will be notified by email of significant changes.