PRV  |

Facebook f Instagram Linkedin-in Youtube Twitter
ro RO en EN fr FR
Back
YOU ARE HERE:
Home
Privacy policy

Privacy policy

Document content

1. GENERAL INFORMATION

West University of Timişoara, hereinafter referred to as "UVT", is a state higher education institution, with legal personality, part of the national higher education system in Romania. UVT is the main higher education institution and research center in western Romania. 

UVT identification data

WHO: 4250670

Address: Timişoara, Vasile Pârvan Blvd. 4, Code: 300 223

Phone: 0256/ 592 168 (169, 170)

 Fax: 0256 / 592 310

UVT processes your personal data in order to achieve the main mission of the university, namely education and advanced research, in the sense of initiating and conducting legal relationships between the data subject and UVT.

Data collected by UVT is processed in accordance with the provisions Law 190/2018 on implementing measures for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), as amended, as well as national legislation applicable to data protection.

UVT, as a data controller, complies with the principles of personal data processing, namely:

  • The data is processed in a legal, fair and transparent towards the person concerned 
  • The data is collected in specified, explicit and legitimate purposes and are not further processed in a way incompatible with these purposes
  • The data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed 
  • The data is exact and, if necessary, Updated; all necessary steps must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  • The data is stored in aform that allows the identification of the persons concerned on a period that does not exceed the period necessary to achieve the purposes for which the data are processed
  • The data is processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures 

2. DEFINITIONS

According to Article 4 of Regulation (EU) 2016/679, the terms used are defined as follows:

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

"processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"operator" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;

"person authorized by the operator""processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"consignee" means the natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not a third party. However, public authorities to which personal data may be communicated in the context of a specific investigation in accordance with Union or national law shall not be considered recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules, in accordance with the purposes of the processing;

“third party” means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process personal data;

"consent"of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear statement, signifies agreement to the processing of personal data concerning him or her;"

"genetic data" means personal data relating to the inherited or acquired genetic characteristics of a natural person, which provide unique information on the physiology or health of that person and which results in particular from an analysis of a sample of biological material collected from the person concerned;

“biometric data” means personal data resulting from specific processing techniques relating to the physical, physiological or behavioural characteristics of a natural person which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data;

“health data” means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveals information about their health status;

3. PURPOSE OF DATA PROCESSING

UVT processes personal data for the general purpose of guaranteeing the proper conduct of its academic, administrative, scientific and social activities, in accordance with its mission and with applicable legislation in the field of education and data protection.

The data is processed for the purpose of concluding and executing any type of contract to which UVT is a party to, the fulfillment of legal obligations and in the legitimate interest of the University and all categories of persons. 

The data is processed so that UVT to be able to provide quality educational services to all students enrolled in its study programs. SThe bulk of the processing is related to the processing of admission applications and student registration details, the recording of legal and compliance data regarding the admission regulations at UVT level, the communication of results, the generation of anonymized or pseudonymized statistics, the creation of access accounts and the management of educational information, based on information completed by the candidate or taken through an automatic mechanism from third-party databases, according to the legal regulations in force.

We also process your data for research purposes, based on your consent, as well as to improve our communication with students and to fulfill our legal obligations.

Our goal regarding audio-video recordings using surveillance systems is to protect people and property in the field. UVT, the surveillance measures being justified by the legitimate interests of UVT or of the persons concerned. UVT has the obligation to manage, in safe conditions and only for the specified purpose, the personal data collected through video surveillance systems.

Personal data is processed for all purposes permitted by applicable law.

4. CONDITIONS OF LEGITIMACY

Any processing of personal data may only be carried out if at least one of the following conditions is met:

(a) The person concerned has given consent for the processing of his/her personal data for one or more specific purposes

! Consent should be given by an unambiguous action constituting a freely given, specific, informed and clear indication of the data subject's agreement to the processing of his or her personal data.

(b) Processing is necessary for execution of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract

(c) Processing is necessary for the performance of a legal obligation legal obligations which is up to the operator

(d) Processing is necessary to protect vital interests of the data subject or of another natural person

(e) Processing is necessary for completing a task which serves a public interest or which results from the exercise of official authority vested in the operator

(f) Processing is necessary for the purpose legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, in particular where the data subject is a child

5. CATEGORIES OF PERSONS WHOSE DATA UVT PROCESSES

UVT processes the personal data of the following categories of persons:

  • candidates for admission to UVT (for all university study cycles – bachelor's, master's, doctorate)
  • students declared admitted and enrolled at UVT (for all university study cycles - bachelor's, master's, doctorate)
  • teachers and researchers
  • administrative and auxiliary staff
  • employees or people in the hiring process
  • external collaborators/partners
  • participants in training programs
  • participants in events, conferences, activities organized by the university
  • other people who come into contact with UVT or who visit locations within UVT premises
  • UVT website visitors

6. VISITORS TO THE UVT CAMPUS

We use your personal data to ensure the security of you, our assets and our staff. In this case, we base our data processing on the legitimate interest, namely the protection of these premises, persons, assets and personnel.

Data processed in this context may be your name as well as other personal data that you can provide us directly, at our request, as well as your images recorded using the video surveillance system.

7. VISITORS TO THE UVT WEBSITE

In order to carry out information and communication activities closer to your interests through third parties, in this case the Google advertising network, when you access our site, we collect an IP address, the web pages visited, the date and time they were viewed, as well as the interaction with the content on this web domain, respectively. uvt.roThe technologies used to collect this data are called cookies. 

The UVT website may use both its own and third-party cookies to provide visitors with a better browsing experience and services tailored to each person's needs and interests.

A visit to the UVT website may place cookies for the purposes of:

  • Site performance cookies
  • Visitor analysis cookies
  • Cookies for geotargetting
  • Registration cookies
  • Session cookies
  • Cookies for advertising
  • Advertiser cookies

You can access UVT cookie policy at the following link: https://www.uvt.ro/politica-cookies/

8. TYPES OF PERSONAL DATA PROCESSED

The data that can be processed by UVT are:

  • Identification data:
    • first and last name
    • date and place of birth
    • personal identification number (CNP)
    • series, number, date of issue and validity of the identity document
    • citizenship
    • nationality
    • signature
    • sex
  • Contacts:
    • phone number
    • address (domicile/residence)
    • Email Address
  • Data regarding:
    • labor market status
    • professional training (diplomas, studies)
    • education and training
    • school situation
    • family situation (including marital status)
  • Data recorded in the CV
  • Data of persons in care, data of minors, data of other individuals in various relationships with employees
  • Bank details
  • Data obtained from photo and audio-video recordings
  • Special data, only in accordance with art. 9 para. (2) GDPR:
    • ethnic origin, for statistical purposes or with your consent for subsidized places with special regime
    •  medical data, including those regarding membership in a disadvantaged category based on disabilities
    •  personal data relating to criminal offences or convictions

9. RIGHTS OF DATA SUBJECTS

a) The right to transparency of information, communications and methods of exercising the rights of the data subject (art. 12 GDPR)

b) The right to be informed about your personal data or for which an interest is justified (art. 13 and art. 14 GDPR)

c) Right of access: The data subject has the right to obtain from UVT confirmation as to whether or not personal data concerning him or her are being processed and, if so, access to the data in question (art. 15 GDPR)

d) Right to rectification: The data subject has the right to obtain from UVT, without undue delay, the rectification of inaccurate personal data concerning him/her (art. 16 GDPR)

e) The right to erasure of data (“the right to be forgotten”): The data subject has the right to obtain from UVT the erasure of personal data concerning him or her without undue delay (art. 17 GDPR)

f) Right to restriction of processing: The data subject has the right to obtain from UVT the restriction of processing in the cases provided for in art. 18 GDPR. UVT communicates any rectification or deletion of personal data or restriction of processing, according to 19 GDPR)

g) Right to data portability: The data subject has the right to transmit the data provided to UVT to another controller (art. 20 GDPR)

h) Right to object: The data subject has the right to object to the processing of personal data, within the limits of the legislation in force (art. 21 GDPR)

i) The right not to be subject to a decision based solely on automated processing which produces legal effects concerning the data subject or similarly significantly affects him/her (art. 22 GDPR)

j) The right to file a complaint with the National Supervisory Authority for Personal Data Processing (art. 77 GDPR)

 

10. RECIPIENTS OF PERSONAL DATA

Personal data is intended for use by UVT, including the University's structures, but may also be transmitted to the following recipients, in compliance with the principles of the GDPR and the rights of the data subjects:

  • Ministries entitled/empowered to process this type of data
  • Central and local public authorities
  • Social services 
  • Health services (occupational medicine, occupational health and safety)
  • Partners and collaborators of UVT (within formal conventions)
  • Banking institutions, in the case of contractual relationships between UVT and the data subject
  • Educational Institutions, entitled to process this type of data
  • Service providers for UVT, entitled to process this type of data
  • Romanian police
  • Judicial bodies (Romania and the EU)

11. TRANSFERS OF PERSONAL DATA TO A RECIPIENT IN A THIRD COUNTRY

UVT may transfer to a third country or an international organization only in the following situations:

  • the third country in question ensures an adequate level of protection, according to the European Commission decision. Transfers carried out under these conditions do not require special authorizations – art. 45 para. (3) GDPR
  • in the absence of a decision by the European Commission, on the basis of appropriate safeguards and provided that enforceable rights and effective remedies exist for data subjects – art. 46 GDPR
  • in the absence of adequate guarantees or assurance of the level of protection:
    •  the data subject has explicitly expressed his/her consent to the proposed transfer, after being informed of the possible risks that such transfers may entail;
    •  the transfer is necessary for the performance of a contract between the data subject and UVT or for the application of pre-contractual measures adopted at the request of the data subject;
    • the transfer is necessary for the conclusion of a contract or for the performance of a contract concluded in the interest of the data subject between UVT and another natural or legal person;
    • the transfer is necessary for important reasons of public interest;
    •  the transfer is necessary for the establishment, exercise or defence of legal claims;
    • the transfer is necessary to protect the vital interests of the data subject or of other persons, when the data subject does not have the physical or legal capacity to express consent;
    • the transfer is made from a register which, under Union or national law, is intended to provide information to the public and which may be consulted either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions for consultation laid down in Union or national law in that specific case are met;

12. PERSONAL DATA RETENTION PERIOD

Personal data for which national and international legislation provides for a retention period will be stored in accordance with legal provisions.

For other types of data, according to the UVT Archival Nomenclature, the general retention period is 2 years. Data retention will be done in compliance with the rights of the data subjects. If there is a justified reason for extending the storage period beyond the aforementioned period, personal data will only be retained with the explicit consent of the data subject and/or will be anonymized.

The storage duration of data obtained through the video surveillance system is 30 days, except in situations expressly regulated by law or in thoroughly justified cases.

13. LEGISLATION

  • Regulation (EU) 2016 / 679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • Law no. 190/2018 on measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Higher Education Law no. 199/2023, with subsequent amendments
  • Law 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, as subsequently amended and supplemented
  • Law no. 129/2018 on the establishment, organization and functioning of the National Supervisory Authority for the Processing of Personal Data, as well as for the repeal of Law no. 677/2001 for the protection of individuals with regard to the processing of personal data and the free movement of such data
  • Law no. 544/2001 on free access to information of public interest, with subsequent amendments and supplements
  • Law no. 207/2015 on the Fiscal Procedure Code, with subsequent amendments and supplements
  • Law no. 53/2003 Labor Code, republished, with subsequent amendments and supplements;
  • Law no. 102/2005 regarding the establishment, organization and operation of the National Supervisory Authority for Personal Data Processing, with subsequent amendments and supplements;
  • Decision No. 133/2018 of the President of the Supervisory Authority on the approval of the Procedure for receiving and resolving complaints
  • ORDER no. 5.760/2024 for the approval of the Regulation on the organization and functioning of the National Commission for the Attestation of University Titles, Diplomas and Certificates (CNATDCU)
  • DECISION No. 301/ 2012 for the approval of the Methodological Norms for the application of Law No. 333/2003 on the guarding of objectives, goods, values ​​and the protection of persons

 

Internal regulations:

  • Charter of the West University of Timișoara
  • Internal Order Regulations of the West University of Timișoara
  • Organization and Operation Regulations of the technical-administrative, educational and research structures of the West University of Timișoara
  • Decisions of the National Data Protection Authority

14. TECHNICAL AND ORGANIZATIONAL MEASURES

UVT has implemented appropriate technical and organizational measures regarding data security, against unauthorized processing or alteration, against loss or destruction, as well as against unauthorized disclosure and access to personal data transmitted, stored or processed. In order to have access to the data management systems, users are the holders of a contractual form with rights and obligations, within UVT. Access is made based on an institutional email account, which is unique for each holder. 

 

UVT uses advanced security methods and technologies, including multi-factor authentication (MFA), specialized hardware equipment, along with policies applied to employees and work procedures to protect the processing of personal data, in accordance with the legal provisions in force.

Each employee of the West University of Timișoara has the obligation to maintain the confidentiality of all personal data that they become aware of in the exercise of the duties specific to the position held, an obligation that is included in the individual employment contract / job description.

At the same time, personal data is stored in protected management systems, with controlled access. Access to this data is allowed only to persons responsible for processing these types of data, based on keys, access credentials and, where appropriate, through special secure networks.

However, despite our efforts to store the information we collect in a secure operating environment that is not publicly available, we cannot guarantee the absolute security of this information during transmission or storage on our systems. In the event of a security breach that will endanger your privacy or personal information, we undertake to inform you in accordance with our legal obligations in this regard, either through the website or by other methods at our disposal.

 

The West University of Timisoara ensures the protection, integrity, availability, confidentiality and authenticity of personal data.

15. DATA PROTECTION OFFICER (DPO)

a) The Data Protection Officer, hereinafter referred to as the DPO, is the person who informs and advises, monitors compliance with the provisions of the Regulation, provides advice upon request, cooperates with the supervisory authority, analyzes requests from data subjects and formulates a response.

DPO contact details

Email: gdpr@e-uvt.ro

Phone: +4 0256 592724

Address: Vasile Parvan Boulevard 4, Timisoara 300223, 1st floor, room 119
Other relevant information can be accessed by following: https://gdpr.uvt.ro

b) Procedure for exercising the rights of data subjects in relation to the DPO

The data subject may submit a written request, whenever they wish to exercise their rights regarding the protection of personal data (under Articles 13-22 of the GDPR).

The request for exercising personal data protection rights is made in writing and must contain at least the following information:

  • identification data of the person making the request/complaint (surname, first name, CNP)
  • identification data of the data subject (surname, first name, CNP);
  • the capacity of the person who draws up the request/complaint, respectively the person concerned;
  • the subject of the request, through a complete description of the information/rectifications requested;
  • correspondence data for sending the response (correspondence address);
  • (email address);
  • date of application;
  • the signature of the person preparing the request/complaint.

Information provided pursuant to Articles 13 and 14 and any communication and any measures taken pursuant to articles 15-22 and 34 from GDPR are offered free of charge.

! If the requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive nature, UVT may:

  • either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the requested action;
  • or refuse to comply with the request.

 

c) National Supervisory Authority for Personal Data Processing

The National Supervisory Authority for Personal Data Processing, hereinafter referred to as ANSPDCP, receives, analyzes and resolves complaints related to the processing of personal data that fall under the GDPR.

You can contact ANSPDCP if:

  • Are you dissatisfied with the way UVT handled your request?
  • You have not received a response to your request.
  • You consider that the way your personal data is processed violates the legal provisions in force.

The electronic complaint form is available on the supervisory authority's website. www.dataprotection.ro.

16. UPDATING THE PRIVACY POLICY

We reserve the right to periodically review and update this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. Any update will be published on this page https://www.uvt.ro/politica-de-confidentialitate and will enter into force from the moment of publication, unless otherwise stated. The date of the last update will always be indicated at the beginning/end of the document.   

In the event of changes that we consider significant (for example, changes that affect your rights or introduce new processing purposes), we will proactively notify you before they become effective. The notification will be made through a visible method, such as displaying an announcement on the page https://gdpr.uvt.ro, a notification within the application/service, or by e-mail to the institutional address @e-uvt.ro.

Last update: 12.05.2025

Stay up to date with UVT news!

The UVT newsletter

  • +40 256 592 111
  • contact@e-uvt.ro
  • Student relations: info@e-uvt.ro
  • Bd. Vasile Pârvan no. 4, Timișoara, postal code 300223, Timiș county, Romania

Education

About UVT

Useful Links

Press magazine

Facebook f Instagram TikTok LinkedIn Youtube Twitter