Last update: August 10th, 2020

Procedure [GM-09] Data Protection

  1. CONTEXT

The European Parliament and the Council adopted a Regulation (EU) on 27 April 2016 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, superseding the Directive 95/46 / EC (General Data Protection Regulation - RGPD) and applicable on the territory of the European Union since May 25th, 2018.

Ensuring the personal data we require for our activities is stored securely is a priority of GEYC and since May 2018 we have implemented several changes in our procedures in order to comply with the GDPR.

  1. APPLICABILITY OF THE GDPR

GDPR applies to any organisation operating within the EU, as well as to any organisations outside the EU which offer goods or services to customers or businesses in the EU.

One of the major changes GDPR brings is providing consumers with a right to know when their data has been hacked. Organisations are required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.

Consumers are also promised easier access to their own personal data in terms of how it is processed, with organisations required to detail how they use customer information in a clear and understandable way.

The types of data considered personal under the existing legislation include name, address, and photos. GDPR extends the definition of personal data so that something like an IP address can be personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual.

  1. PRINCIPLES OF THE GDPR

During our activities, we:

  1. CATEGORIES OF PERSONAL DATA PROCESSED

4.1. Community members/other participants to our projects

Personal data belonging to the members of the GEYC Community and to the people who occasionally  participate in one of our projects is collected in order to process the project applications, manage the account of the Community members and provide them with updates regarding our activity. This personal data includes: name, surname, studies, telephone, e-mail address, signature, CV, professional experience, address, gender, picture, bank account, name, surname of parents/carers if the participant is underage, medical issues.

4.2. Partner organizations

Personal data belonging to the organizations we are working with is collected in order to manage the cooperation with them. This personal data can include: name, surname, telephone, e-mail address, signature, CV,  address, gender of the legal representatives and contact persons, bank account of the organization.

4.3.         GEYC Staff members

This category includes volunteers, collaborators, interns, trainees and employees.

The personal data collected for this category includes: name, surname, studies, telephone, e-mail address, signature, CV, professional experience, address, gender, picture, bank account, name, surname of parents/carers if the staff member is underage, medical issues.

For the employees and whenever required by the law, GEYC also collects an ID or passport copy.

4.4.         Real beneficiary

According to the relevant national legislation in Romania (OG 26/2000 and Law no. 129/2019), GEYC collects the following personal data for the associates, members of the Board of Directors, the General Manager and the Financial Controller (collectively called as the real beneficiary): name, surname, studies, telephone, e-mail address, signature, CV, professional experience, address, gender, picture, bank account, name, surname of parents/carers if the staff member is underage, medical issues.

  1. PURPOSES OF PROCESSING DATA

5.1.         Community members/other participants to our projects

The personal data belonging to our Community members and other participants is processed by  GEYC’s executive team in order to manage the projects, manage the profile of the Community members (GEYC-ID) and provide them with updates in accordance with their interests.

The data of the participants for specific projects can be made available to GEYC’s volunteers, only after signing a volunteering contract that clearly states the organizational procedures regarding data protection and that the misuse of the information is punishable by law.

Certain data may also be made available for the partner organizations in the context of mobility projects (name, surname, e-mail, phone number, date of birth, medical issues, etc), in order to ensure the proper management of the activity.

Certain data (name, surname, e-mail, date of birth) may also be recorded in the Youthpass database, in order to generate certificates for the participants.

The personal data will be stored until the participant requests them to be deleted through the GEYC-ID facility.

5.2.         Partner organizations

The personal data belonging to our partner organizations is processed by GEYC’s core team (General Manager, Project Manager, Project Responsible, Mobility Center Responsible) in order to ensure the proper management of the projects.  

The data may be transferred in the European Union’s databases (EU Login) when applying for grants, to evaluators and other partner organizations inside consortiums.

The data retention period will be set according to the instructions of the financier. In our internal database, the data will be stored for future collaboration until the partner organization requests their removal.

5.3.        GEYC Staff members

The personal data is collected in connection with the legal obligations in Romania and it is processed in line with the management of their activity as part of the GEYC team. In our internal database, the data will be stored:

5.4.         Real beneficiary

The personal data is collected in connection with the legal obligations in Romania and reported periodically to the Ministry of Justice in Romania and other relevant institutions if required.  

  1. DATA PROCESSING RIGHTS

  1. MEASURES

At GEYC, data processing is based on consent, which means that the subject has consented to processing of his or her personal data in the context of a written declaration. The request for consent is present in each registration or application form and is presented in a manner that is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

It is equally as important to offer the option to the participants at any given time to withdraw the consent.


“By submitting this form, I understand and agree that the personal data I have communicated will be strictly used for the proper conduct of the projects. GEYC collects your data so that we can process your project applications, manage your account, and provide you with updates according to your choices above.”

(Data processing notification in the GEYC Community Registration form)


The most important measure that we have taken is creating the GEYC-ID, a virtual profile of the GEYC Community members where all their data is stored:

  1. DATA PROTECTION OFFICER

You can contact us regarding matters related to data protection to the address alexandra.peca@geyc.ro .