All information contained in this material relates to and is valid in relation to activity on the Platform, hereinafter referred to as the Platform or the website.

We inform you that your personal data that you make available to us will be processed. In this regard, please read this document to ensure that the data you choose to provide to us is secure and to inform you about how it will be collected, used and protected.

The security of your personal data is an important concern for us, so we strictly comply with the legal provisions in force on the protection of individuals with regard to the processing of personal data and the free movement of such data. We are committed to processing your personal data in accordance with Regulation (EU) 679/2016 (GDPR).

Please be informed that we may periodically update and amend this Personal Data Protection Policy (“Policy”) without having to ask for your prior consent. In the event of any such changes, we will post the updated version of the Personal Data Protection Policy on the Site, and it is up to you to check the Policy whenever you access the Site to ensure that you are aware of the latest version.

If you have any questions or concerns, please contact us at e-mail address:; phone +40-264-590.554, phone/fax: +40-264-590.555 or by post/mail to: Eremia Grigorescu, no.77, Cluj-Napoca, Cluj county, Romania.


  1. Data Controller
  2. Personal data collected
  3. Purpose for which we process personal data
  4. Grounds for processing
  5. Duration of storage and processing of personal data 
  6. Security measures
  7. Transmission of data to other parties
  8. Your rights referring to the personal data you provide to us
  9. Contact data of the Data Protection Officer
  10. Data of minors
  11. Cookie Policy 

1. Data Controller

The Civitas Foundation for Civil Society Cluj, a private legal entity established under Romanian law, headquartered in Cluj-Napoca, Eremia Grigorescu, no. 77, Cluj county, Romania, with fiscal code 24260911, e-mail address:; phone +40-264-590.554, phone/fax: +40-264-590.555.


2. Personal data collected

In order to make it possible for us to create your user account, please note that we need you to provide us with your e-mail address.

Depending on the position in which you are using the Platform, we need the following additional data for its optimal functioning:

If you use the Platform as a Backer: first name, last name, email address, dates of invoicing and delivery of rewards (home address, delivery address, telephone number).

If you are using the Platform as an Initiator: details of representatives (first name, last name), email address, bank account details, details appearing in the photographic and videographic materials provided (image, voice) data from identity documents, data from Company documents.

When you use the Platform, we automatically collect certain information about your device, such as browser information, IP address, time zone and some cookies installed on your device.

We use Google Analytics to help us understand how our customers use the Platform. You can read more about how Google uses your personal information here: You can also opt out of Google Analytics here:

We do not collect and process sensitive data, defined as such by the GDPR.

We do not want to collect or process data from minors under the age of 18. Please do not create an account on the Platform and do not provide us with any information if you are under the age of 18. We will immediately delete any account that we discover has been created by a minor.


3. Personal data collected

We request and process personal data to: 

  • make it possible to create your account on the site, run the Campaigns and operate the site;
  • ensure the payment of Campaign funding amounts;
  • invoicing and delivery of the rewards, informing you of the status of the delivery of the rewards;
  • send newsletters, materials related to our services – if you give your consent to do so;
  • provide responses to complaints;
  • evaluate the services offered on the site.


4. Personal data collected

The operator has the right to process personal data for the purposes outlined above:

  • because the data processing is necessary to make possible the creation of the account, the functioning of the site and the access to the services offered on the Site (remote conclusion of the contract for the provision of services), payment of campaign funding, the provision of answers to the complaints made, if applicable, and delivery of the rewards granted by the Initiators;
  • because you have given your consent by checking the relevant check boxes.

Where the processing of data is not necessary for the conclusion and performance of our legal relations, we will not process personal data for any of the above purposes unless we have your consent to do so.


5. Duration of storage and processing of personal data

We process and store personal data for as long as necessary to fulfil the purposes for which the data was collected and in any case for as long as required by applicable legal regulations.

In this regard, by way of example, we inform you that your data will be stored for at least the duration for which the information is used to grant you access to the site, if you have created an account on the Platform. Also, if you have given your consent to the processing of your personal data for marketing purposes, your data will be processed at least until the moment you agree to withdraw your consent to the processing of your data for this purpose.

After the end of the period in which your data is processed for the purposes listed in Chapter 3 of this document, part of your data (excluding the necessary ones) will continue to be stored for the period provided for by law regarding the obligation to archive data/accounting documents and also for the period of the extinctive prescription period provided for by the Romanian Civil Code. We regularly update our database so that we do not store data that are no longer needed for the purposes for which they were collected.


6. Security measures

The Company ensures appropriate technical and legal measures to guarantee an effective protection of the personal data of the persons providing us such data.

We commit to keeping your personal data safe and we take reasonable measures for this purpose, including against unauthorized access, unauthorized use of data, destruction, loss or alteration.

We systematically instruct our employees on the importance of personal data protection, we provide internal procedures in this regard and we make all efforts to ensure that our partners, as well, manage appropriate processing measures when it comes to the personal data they receive during our contractual relations.


7. Transmission of data to other parties

We might transmit the personal data you provide to us to affiliated companies and/or to other partners and collaborators with whom we have established contractual relations in order to carry out our activities and to fulfil our legal obligations such as: software service providers, accounting services, legal services, marketing services, courier services, Internet and mobile telephone services, payment processors authorized by us to mediate payments (mobilpay), specialists in the field of activity in which we operate, contracted by us to provide a better quality of our services and other such suppliers.

We can also transmit some of the collected personal data to the competent authorities or public institutions when required by the law or to courts of law when we defend ourselves in court or we are asked to do so by the court.

For information on the partner payment processor’s privacy policy, you can access the following links:

If, as a Backer, you have chosen one of the rewards offered by the Initiator you have selected to back, your data will be disclosed to that Initiator for the purpose of invoicing and shipping the reward.

As an Initiator of a Campaign that has reached its Funding Objective, you will have access to the personal data of your Backers. Please note that you have the right to use this data solely for the purpose of invoicing and shipping the rewards to your Backers. The processing of the personal data of the Backers will be carried out by you, as the Initiator, in full compliance with the legal provisions on the protection of personal data and any instructions received from the Operator. We inform you that access to the personal data of the Backers is granted to you subject to compliance with the following obligations at least:

  1. To ensure all technical and organizational security measures relating to the processing of personal data and to comply with the security rules, so that the processing of personal data of the Backers complies with the requirements set out in the legislation applicable to the processing of personal data;
  2. To ensure that your staff carrying out personal data processing operations will be established on a “need to know” basis. In this regard, you will limit and allow access to personal data only to employees who need to know it;
  3. Take all necessary measures against unauthorized use, reproduction, disclosure, transfer or publication of personal data;
  4. Report immediately to the Controller, but no later than 24 hours, by email, any security incident found in the personal data transmission and processing system, as well as any incident relating to possible misuse or improper use;
  5. Do not transmit documents or files containing personal data in an unauthorized manner.

After the rewards have been delivered, you are obliged to destroy the personal data of the Backers and to communicate to the Controller an e-mail confirming the destruction of such data. This requirement does not apply to the extent that you are required by law to retain some or all of the data for a period of time, in which case you will protect the data from further processing except as required by law.


Transfer of personal data outside the country

In line with the operations described above, your personal data can be transferred outside the country to member states of the European Union (“EU”) or the European Economic Area (“EEA”).

Thus, we inform you that any transfer made by the Controller to an EU member state or an EEA state will observe the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (“GDPR”).

The personal data mentioned in this information notice is not transferred to states that do not ensure appropriate protection in terms of personal data processing.


8. Transmission of data to other parties

We commit to ensuring personal data security by adopting appropriate technical and organizational measures, in compliance with industry standards. The platform is aligned to the GDPR requirements.

We ensure and respect the rights granted to you by the laws in force.

The right to receive information – you can request information and details about the personal data processing activities. We are at your service at the following address: Eremia Grigorescu, no. 77, Cluj-Napoca, Cluj county, Romania, by e-mail at the address:

We pay attention to ensuring your right to receive clear, transparent, easy to understand and accessible information about the way in which we process your data, including details about the rights you hold in this regard and which are presented in this document.

The right to rectification – should you notice that your personal data processed by us is incorrect, incomplete, inaccurate, you can rectify them or you can supplement them by sending a simple rectification request to the e-mail address:

The right to delete data (“right to be forgotten”) – your data can be deleted if it was not processed legally or in other cases set out by the law. Data deletion can take place in any of the following situation:

  1. a) we no longer need the personal data for the fulfilment of the purposes for which we previously processed it;
  2. b) you withdraw your consent based on which we previously processed your data and there is no other legal ground on which we can base a future processing;
  3. c) you oppose data processing when we process the data for direct marketing purposes (including profiling for direct marketing purposes);
  4. d) you oppose the processing of data based on our legitimate interest and we cannot prove that we have legitimate reasons which justify the processing and which prevail over your interests, rights and freedoms;
  5. e) the personal data is processed in contradiction with the law;
  6. f) the personal data must be deleted to comply with our legal obligations.

We can reject the request to delete your data if:

(a) we have to comply with legal obligations to store the data;

(b) the data is necessary to acknowledge, exercise or defend our rights in court.

The right to restrict processing – you can request the restriction of data processing if:

  1. a) you contest the accuracy of data for a period which allows us to check data accuracy;
  2. b) the processing is illegal, but you oppose the deletion of personal data and in exchange you request restriction;
  3. c) if the Controller does not need your personal data for processing purposes, but you request it in order to observe, exercise or defend a right in court or before the arbitration authorities;
  4. d) if you opposed processing, for the period of time during which we check if our legitimate rights prevail over your rights.

The right to oppose – you can oppose especially to the processing of data which is founded on our legitimate interest.

The right to data portability – under certain conditions, you can receive the personal data you provided to us in a machine-readable format or you may request for the data to be sent to another controller.

The right to submit a complaint – you can submit a complaint about personal data processing to the National Authority for the Supervision of Personal Data Processing (ANSPDCP).

You can find the contact details and information about ANSPDCP on the website:

The right to withdraw a consent – if the processing is based on your consent, you can withdraw it at any time, without affecting the active campaigns in which you are involved and for which your consent is valid.

The withdrawal of consent will produce effects only in the future, while the processing carried out before the withdrawal remains valid.

The right not to be subject to automatic decisions or supplementary profiling when it comes to automatic decisions: you can request and obtain human intervention concerning the respective processing or you can express your own opinion about this kind of processing.

You can exercise these rights either individually or together, very easily, by simply sending a request to the following address: Eremia Grigorescu, no. 77, Cluj-Napoca, Cluj county, Romania, by email at the address:


9. Transmission of data to other parties



10. Data of minors

We do not want to collect or process data of minors who are not yet 18 years old. Please do not create an account on the website and do not provide any information if you are not 18 years of age. We will immediately delete any account created by a minor.

10. Cookie Policy

The website uses Cookies to provide a better browsing experience to its visitors and services adjusted to the needs and interests of each visitor.

A ”cookie” is a small, usually encrypted file located in the files of the web browser you use. ”Cookies” are created by online content creators for website users in order to help them browse the internet in a more efficient way and to give access to certain functions.

These files are not viruses. Because these files do not contain codes, they cannot be executed and cannot access other files or folders on your computer. If they store information about the user’s internet browsing, both specific addresses and browsing on various websites, ”cookies” can be used as a form of spyware. Anti-spyware software, being aware of this possible problem, eliminate certain ”cookies” after routine checks.

Why do we use ”cookies”?

We use ”cookies” to provide better a browsing experience to the users of this website and services adjusted to their needs and interests, for statistical analyses regarding the way in which the website is used, to improve the website/application. Cookies help us:

  • customize certain settings such as: the language in which a website is viewed, the currency in which certain prices or fees are expressed, maintaining the options for various products/services;
  • they offer valuable feedback about the way in which the website is used by users, so that we can make it even more efficient and accessible to users;
  • they allow multimedia or other types of applications from other websites to be included in a certain website in order to create a more valuable, useful and pleasant browsing experience;
  • they improve the efficiency of online advertising.

Sometimes, ”cookies” can be used to keep track of your visits on third-party web pages.

What kind of ”cookies” we use?

When it comes to storage, from a temporal point of view we use:

  • permanent cookies: these remain on the user’s device for a fixed period of time, specified in the cookie. They are used each time the user visits the address which created that file.
  • session cookies: these files are temporary. They allow the operators of websites to connect the actions a user carries out during an internet browsing session.

Also, when it comes to functionality, we use four different types of cookies:

  • Strictly necessary cookies: these are essential to allow browsing on the website and to use its applications. In their absence, the users could not use basic services such as creating an account or using the shopping cart. These files do not gather information about users that might be used for marketing purposes or to follow the user on the internet.
  • Performance cookies: these collect statistic data anonymously regarding the manner in which the website is used. They do not contain personal data and are used to improve the experience of users when they browse the website.
  • Functionality cookies: by means of these cookies, the operator allows the users to choose different options and characteristics of the website. For example, some functionality cookies provide the possibility to memorize a password, language preferences, region, to provide personal information about current location or data about weather or traffic from the user’s location.
  • Advertising and targeting cookies: these are used to improve the relevance of the advertising delivered to you. They can also limit the number of displays of an advertisement considered irrelevant or follow the efficiency of an advertising campaign by gathering statistics regarding the number of accesses by the users. Also, an important function that some of these cookies have is to provide security in online transactions. Usually these cookies are used by third-party operators, making a connection between the webpages visited by the users, but cannot trace the identity of the user because no connection is made between the online profile and the processed data.

We have third-party cookies on our website/application. Third parties, such as advertising companies or the providers of external services, such as internet traffic analysis, can use cookies or other similar plugins to gather information about your visit on our website.

How can you deactivate “cookies”?

First, you should know that once the cookies are deleted, all the preferences and settings for the website are deleted. Also, certain webpages will not work properly or some functions will disappear in case you eliminate the cookies.

For these reasons, we do not recommend that you reject cookies when you visit our website. Most browsers accept cookies automatically, but you can change this option depending on the browser you use. To do so, usually you have to access the “settings” or “preferences” option of your browser.

For further details, you can access one of the links below:

Security and confidentiality issues

Cookies are NOT viruses! They do not consist of bits of code, so they cannot be executed and cannot run alone, cannot duplicate or replicate on other networks to run or replicate again.

Generally, browsers have integrated confidentiality settings that provide different levels of cookie acceptance, validity period and automatic deletion after the user visited a certain website.

Cookies are not dangerous, but because they constantly send information in both ways between the browser and the website, if a hacker or unauthorised person intervenes in the data transmission path, the information contained by cookies can be intercepted. Although very rarely, this still can happen if the browser connects to the server using an unencrypted network (e.g. a non-secured Wi-Fi network).

Other attacks based on cookies involve incorrect cookie settings on servers, which can be exploited by the hackers.

It is important to know that cookie deactivation will not allow the access of users to the most widespread and used websites such as Gmail, Yahoo, YouTube and others.

There are a few basic security measures which you can adopt to browse safely with the help of cookies:

  • customize the settings of your browser regarding cookies to reflect a security level that is comfortable to you when it comes to the use of cookies. You can set long expiry deadlines for the storage of browsing history and personal access data.

If you use the computer together with other persons, you can set the browser to erase individual browsing data each time you close the browser.

  • install and constantly update anti-spyware applications.
  • make sure that your browser is permanently updated. Many attacks based on cookies occur by exploiting the weaknesses of old browser versions.

The Company has the right to change the Personal Data Protection Policy at any time, without a previous notification, by posting the updated version on the website. You are required to read the Terms of Use, the Personal Data Protection Policy and the Cookie Policy every time you access the website.