General Policy Regarding the Protection of Personal Data


  1. The processing basis consists of the contractual relations between the Controller: CREDIDAM and the members;

The data provided under the contractual relationship will be processed until you decide to request their deletion or you will exercise another guaranteed legal right. The general retention period complies with the applicable law.

  1. Rights

In accordance with the provisions of the Regulation 2016/679/EU, as data subject/person concerned, you have the following rights:

  • The right of access – means that you have the right to receive a confirmation / denial from us that we process or not the personal data concerning yourself and, if affirmative, you have access to such data and to the information on how they are processed.
  • The right of data portability – refers to the right to receive personal data in a structured, commonly used and automatically readable format and the right to have this data transmitted directly to another operator (controller, processor), if this is technically feasible and reasonable. The right to data portability is applicable insofar as you, the data subject / person concerned, have provided us with your personal data.
  • The right to object – refers to the right to oppose the processing of personal data. However, if there is a legal justification for processing, which prevails over the interests and rights guaranteed by this right, either there is a public interest or the purpose is to find, exercise or defend a right.
  • The right of rectification – refers to the correction, without undue delay, of inaccurate personal data or of data containing inaccuracies or which are not up to date. The rectification will be communicated to each recipient to whom the data were transmitted, unless this proves impossible or involves disproportionate efforts.
  • The right to erasure (“the right to be forgotten”) – means that you have the right to request that we delete your personal data, without unjustified delay, if one of the following reasons apply: they are no longer necessary for fulfilling the purposes for which they were collected or processed; you withdraw your consent and there is no other legal basis for processing; This right is not an absolute one and is subject to the internal regulations and laws of Romania, as there are cases in which it cannot be exercised (for example: data processing on contractual basis and for economic-financial reasons);
  • The right to restrict the processing – it may be exercised if the person disputes the accuracy of the data, the data are obtained illegally or are no longer necessary for the purpose for which they were collected. Restriction for inaccuracy is performed over a period that allows us to verify the correctness of the data; Data restriction means marking them and not further use.

By processing the personal data that belongs to you, CREDIDAM and our suppliers do not carry out profiling activities, within the meaning of Regulation 2016/679/UE.

All personal data processed by CREDIDAM are legally held and the processing is carried out in a transparent manner that allows the data subject / person concerned to exercise his or her guaranteed legal rights.

In order to exercise your right, you may draft a written and signed document stating your requests either in person or by e-mail. CREDIDAM will respond within 30 days as of the date receipt of your request. If there are reasonable suspicions regarding the person who submitted the request, we may take the necessary steps to clarify and confirm that the request has been transmitted by the data subject / person concerned.

Complaints regarding the processing of personal data can be addressed to the National Supervisory Authority for the Processing of Personal Data, please find additional details at www.dataprotection.ro

For any additional information regarding the Regulation 2016/679/EU, you may access the following website: www.dataprotection.ro

This document represents CREDIDAM’s General Policy on the Protection of Personal Data.

This document may be subject to amendment in order to keep it in compliance with legislation changes and/or to reflect how CREDIDAM processes personal data.


Address: Str. C.A.Rosetti, nr.34, sector 2, postal code: 020015, Bucharest
Phone: +4021 307 9200
Fax: +4021 318 5813
E-mail: dpo@credidam.ro
Website: www.credidam.ro

CONTACT DETAILS of the National Supervisory Authority for the Processing of Personal Data

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211
President’s Office: +40.318.059.220
Fax: +40.318.059.602
E-mail: anspdcp@dataprotection.ro
Website: http://www.dataprotection.ro