Information note regarding the processing of personal data by the Agency for Monitoring and Evaluation of the Performance of Public Enterprises

 

The Agency for Monitoring and Evaluation of Public Enterprises (hereinafter referred to as AMEPIP) informs you about the processing of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 and national legislation on data protection and security personal, in force.

Preliminary specifications

Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his identity: physical, physiological, genetic, psychological, economic, cultural or social.

GDPR data means any operation or set of operations performed on personal data or sets of personal data with or without the use of automatic means, such as collection, recording, organization, structuring, storage, adaptation, or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.

Principles of personal data processing

  • The principle of "legality, fairness and transparency", in accordance with the processing of personal data is carried out in a legal, fair and transparent manner towards the data subject;
  • The principle of "purpose-related limitation", according to which the collection of personal data is done for specific, explicit and legitimate purposes, and they are not subsequently processed in a way incompatible with these purposes;
  • The principle of "limitation of data to a minimum", that is, personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • The principle of "accuracy", according to which personal data are accurate and updated when necessary; all necessary measures must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are deleted or rectified without delay;
  • The principle of "storage limitation" which requires that personal data be kept in a form that allows the identification of the persons concerned for a period that does not exceed the period of fulfillment of the purposes for which the data are processed;
  • The principle of "integrity and confidentiality" processing is carried out in a way that ensures adequate security of personal data including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical and organizational measures.

Purpose of GDPR

AMEPIP processes GDPR for the following purposes:

  • Purposes specific to the field of activity:

– monitoring actions;

- capitalization of documents concluded as a result of monitoring actions;

– responses to requests from state companies as well as public guardianship authorities;

- carrying out activities in the sphere of international relations in the field of activity;

- preparing responses to petitions, requests based on Law no. 544/2001 on free access to information of public interest;

- interpellations.

  • Administrative purposes:

– management of economic-financial and administrative resources;

- performing public procurement procedures;

– the management of human resources, in order to employ;

– educational and professional training activities;

- organization of events;

- archiving.

At the AMEPIP level, the processing of personal data is carried out, above all, in accordance with the provisions of art. 6, para. (1) lit. (c) and lit. (e) of the Regulation.

 

The legal grounds for the processing of personal data are the following normative acts:

  • OUG no. 109/2011 with subsequent amendments and additions;
  • Government Decision no. 617 of July 27, 2023 regarding the organization and operation of AMEPIP;
  • Law 176/2010 on integrity in the exercise of functions and dignities for the amendment and completion of Law no. 144/2007 regarding the establishment, organization and operation of the National Integrity Agency, as well as for the amendment and completion of other normative acts, with subsequent amendments and additions;
  • Government Ordinance no. 27/2002 on the regulation of the petition resolution activity, with subsequent amendments and additions;
  • Law no. 544/2001 on free access to information of public interest, with subsequent amendments and additions,
  • Law no. 287/2009 (Civil Code), republished, with subsequent amendments and additions;
  • Law no. 227/2015 (Tax Code), with subsequent amendments and additions;
  • Law no. 500/2002 on public finances, with subsequent amendments and additions;
  • Law no. 319/2006 on safety and health at work;
  • Law no. 153/2017 on the remuneration of staff paid from public funds, with subsequent amendments and additions;
  • Order of the Ministry of Labor and Social Justice 2169/2018 approving the methodology for transmitting data regarding the transmission of salary income of staff paid from public funds;
  • Law no. 98/2016 on public procurement, with subsequent amendments and additions;
  • Law no. 161/2003 regarding some measures to ensure transparency in the exercise of public dignities, public functions and in the business environment for sanctioning corruption, with subsequent amendments and additions;
  • Methodological rules for the application of laws.

The categories of persons concerned by the processing:

  • employees;
  • representatives of state companies;
  • petitioners.

In relation to the purposes mentioned above, AMEPIP processes the following personal data:

  • Name and surname;
  • Names and surnames of family members;
  • Sex;
  • Date and place of birth,
  • Citizenship;
  • Data from civil status documents;
  • Telephone;
  • Home address/residence;
  • E-mail;
  • Position/profession;
  • Job;
  • The name of the employer;
  • Family situation;
  • Economic and financial situations;
  • Image;
  • The quality held in commercial companies (administrator, associate);
  • Signature;
  • Data on professional training (diplomas, studies);
  • CNP - personal numerical code;
  • ID series and number.

AMEPIP also reserves the right to request other personal data if it is necessary to fulfill its duties, strictly in accordance with the legal provisions.

According to Regulation (EU) 2016/679 you benefit from: the right of access, the right to rectification, the right to delete data, the right to restrict processing, the right to data portability, the right to oppose and the right not to be subject to a decision based solely on processing automated.

To exercise these rights, you can apply with a written, dated and signed request sent by using postal services to the address: Strada G-ral. Ion Emanoil Florescu, no. 1, Sector 3, Bucharest; by using the electronic mail services at the address: contact@amepip.gov.ro.

At the same time, you have the opportunity to contact the National Supervisory Authority for the Protection of Personal Data, based in Bucharest, B-dul. G-ral. Gheorghe Magheru, no. 28-30, District 1.

The data protection officer appointed at the AMEPIP level can be contacted at the e-mail address cornelia.tane@amepip.gov.ro.

 

 

en_USEN
ro_RORO en_USEN
Skip to content