Privacy policy

By accepting this privacy policy, you express your consent to the processing of your personal data according to the purposes and under the conditions mentioned in this document. 

This privacy policy applies to the personal data we collect when you access or use the website , whose provider is the Harghita County Development Agency.

Contact details of the Harghita County Development Agency: 

Harghita County Development Agency 

Headquarters: 530140, P-ta Libertăţii no. 5, Miercurea Ciuc, Harghita

Telephone: +40266-207784; 


The Harghita County Development Agency collects, processes and stores personal data in the EU, being able to demonstrate at any time compliance with European Union legislation and the principles established in this document. 

All personal data processing activities carried out by the Harghita County Development Agency are in accordance with the provisions of Regulation (EU) 2016/679 regarding the protection of natural persons with regard to the processing of personal data and regarding the free movement of such data and repeal of Directive 95/46/EC (General Data Protection Regulation).

Terms and definitions 

Personal data – any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identification element such as a name, an identification number, location data, an online identifier, or to one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.

Processing – any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy.

Consent – any manifestation of free, specific, informed and unambiguous will of the website user, by which he accepts, through a statement or through an unequivocal action, that his personal data be processed.

Operator – Harghita County Development Agency, which processes personal data in the EU, according to the legislation and this policy.

User – natural person, at least 16 years old (or the legal minimum age to access or use an online service, without the provider of that service having the legal obligation to obtain the consent of one of the parents or the guardian), who expresses consent to use the site according to the operator’s policies and who authenticates or not on the  site by creating a profile.

Supervisory Authority – independent public authority established by a Member State pursuant to Regulation (EU) 2016/679 

Eventya Publishing Platform, hereinafter referred to as the Platform – integrated system, consisting of a suite of website-type software applications, which is subject to copyright legislation, being registered in the National Register of Computer Programs, according to certificate series 799029BM no. 09135 from 02.04.2018


The personal data processing policy of the Harghita County Development Agency is based on the following principles: 

1. The processing of personal data is carried out in a legal, fair and transparent manner.

2. The collection of personal data is done for specific, explicit and legitimate purposes, they are not subsequently processed in a way incompatible with these purposes. 

3. Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. 

4. Personal data is rigorously accurate and updated where necessary.

5. Personal data are kept in a form that allows identification only for the period necessary to fulfill the purposes for which the data are processed. 

6. The processing is carried out in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures. 

Who is responsible for processing personal data?

The responsibility for processing personal data rests with the Harghita County Development Agency, as the provider of the website It decides what data it processes, for what purpose and how this processing takes place. 

The owner of the Platform on which the website runs can be responsible for the processing of personal data, in the situations in which it acts for the execution of the obligations stipulated in the contract signed with the Harghita County Council.

The owner of the Platform is the Harghita County Development Agency, an institution subordinate to the Harghita County Council, with headquarters in Miercurea Ciuc, PiațaLibertății no. 5, Harghita county, registered at the Trade Registry Office next to the HarghitaCourt with CIF 35365620.

For details on the processing of personal data by the Harghita County Development Agency, you can access, Privacy Policy Section. 

The legal basis for the processing of personal data 

Personal data are processed on the basis of the express, freely expressed, specific and unequivocal consent of the user of the website, in accordance with the provisions of the legislation in force and under the terms of this policy. 

May constitute the basis of processing: a contract, a request from the user before entering into a contract, the need to comply with a legal obligation, the legitimate interest of the operator or a third party, the need to protect the vital interests of the user or another natural person ,the performance of a task that serves a public interest.

What data do we collect and for what purpose? 

We collect personal data both from users who log in by creating accounts on the website , and from those who access the site without authentication. In case of authentication, we collect the following personal data:

• name and surname – used to create the user account, visible on the website

• picture – the profile picture is automatically collected from the social profile when the user logs in to the website via Facebook or Google Account. Once logged in, regardless of the authentication method, the user can add or change their profile picture;

• email address – it is collected automatically from the Facebook or Google account, when authenticating through Social Media. It can be entered manually by the user when authenticating by email and password. A user’s email address is not publicly displayed anywhere on the website, being used only for authentication; 

• information about the device used by the user (operating system, type of phone (model), network from which it enters, GPS location (optional, if he has given his consent on the website / ), this information being used only for statistical purposes; 

• phone number – is required only to use the incident reporting module for the website The phone number is not made public, but is used to validate the person only once, when they send the first notification. The phone number of the person who made the notification is public only for the employees of the Harghita County Development Agency, who take the notifications, to contact him by phone, if necessary. For unauthenticated users, the following data is collected:

• information about the device used by the user (operating system, type of phone (model), network from which it enters, GPS location (optional, if he has given his consent on the website / ), this information being used only for statistical purposes.

In addition to the personal data referred to above, we obtain data from the analysis of how our services are used, as follows:

• information about the device used by the user (operating system, type of phone (model), network from which it enters, GPS location (optional, if he has given his consent on the website /), this information being used only for statistical purposes; • data collected in Google Analytics, used for statistical purposes to determine user behavior patterns; 

• data obtained by using the “REMINDER” function at events, stored for statistical purposes to make lists of popular events; 

• data obtained by creating collections of locations and events, stored for statistical purposes to determine popular locations or events. The Harghita County Development Agency does not process personal data on the website that reveal racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership of trade unions and the processing of genetic data, biometric data for the unique identification of a natural person, health data or data on a natural person’s sex life or sexual orientation. What data do we collect for creating a profile on the website and what do we make public? When creating a profile on the website, the following personal data are required: 

• name and surname; 

• email; 

• profile picture (when authenticating through one of the 2 social platforms: Facebook or Google). In the user account, which is public on the website, we publicly display the following information: 

• name and surname; 

• profile photo.

For what purpose are personal data processed?

We process personal data for: 

• user validation, by sending a confirmation SMS, in the case of using the incident reporting module to the Harghita County Development Agency; 

• geolocation, in the case of the user who has accepted the provision of GPS location, to view/order various locations on the map or in the list, depending on their distance from them.In the location lists we display the distance in kilometers from the user’s location to the point of interest. 

In the case of using the incident reporting module to the Harghita County Development Agency, the purpose of the processing is to automatically determine the location of the reported incident on the map.

• push notifications – users can receive push notifications in the following situations: 

1. when I “follow” a location or an event organizer on the website this case, they are notified when that entity publishes a new event or offer; 

2. when they give “Going” to an event, they will be notified, depending on the reminder they set themselves; 

3. when I “follow” other users on the website, regarding the activity on the website

4. when another user of the platform “follows” you on the website, you will receive a notification;

5. general notifications sent by publishers who publish content on the website

• weekly newsletter, for which users can subscribe from: 

1. application (from the list of events a web page opens where the name, surname and email are requested. These data end up in the list of Mailchimp subscribers, who will receive a weekly newsletter);

2. the public website (in the footer of the website is a newsletter subscription form. It is filled in with name, surname and email. These data end up in the list of Mailchimp subscribers, who will receive a weekly newsletter). 

• statistics and reports – user data on the website are processed: 

1. with the help of Google Analytics, generating automatic statistics necessary for marketing purposes for better promotion of the site

2. to generate reports for marketing purposes. In both situations, the statistical data remain anonymous and are not made public. How is personal data collected and processed? The collection of personal data is carried out:

• automatically, when creating the user account through social platforms (Facebook or Google), taking: name, first name, email, picture, data about the device used, GPS location (optional); 

• manually, when creating the user account by email and password, providing name, surname, email; picture can be added later – optional. The phone number for using the incident reporting module is added for additional validation. The processing of personal data is carried out: 

• automatically, through Google Analytics and Fabric, for statistical purposes; 

• manually, in order to prepare marketing reports. The statistical data of the users remain anonymous and are not made public. For what period do we store personal data? Personal data is stored for an indefinite period.

The user can at any time request the modification or deletion of personal data by using the contact form on the website

Deleting the account involves the automatic deletion of personal data (name, surname, email, picture, password, phone number), created collections and followed pages.

Currently, work is being done to introduce a button to delete the account, which will allow to delete it (and implicitly the personal data I referred to above) by the user himself.

To whom do we transfer personal data and for what purpose? 

We transfer personal data to: 

Google Analytics (outside the EU), where user data is stored for statistical and marketing purposes; 

Fabric (outside the EU), where data about crashes of the website and about users is stored, so that what does not work on the website can be fixed /; 

Amazon (Frankfurt, EU), where the user’s profile pictures are stored (where applicable), being a private storage service; 

Google Cloud (EU), where the server and database are located. 

What security measures have we implemented?

We are constantly concerned with the implementation of security measures that are required to minimize the risks of unauthorized access to data and implicitly the impact on the privacy of users: 

• SSL standard for data flow encryption; 

• OAUTH standard for user authentication; 

• calls secured by authorization key (HMAC); 

• limiting the number of IPs from which it can be accessed

Cookies policy 

For details on our cookie policy, access the link:

User rights 

The regulation gives the user a series of rights, which we briefly present below:

1. the right to information and access to personal data, based on which you can obtain a confirmation from us that we process personal data or not, having access to the respective data and to information regarding the methods and purposes of their processing;

2. the right to rectification of data, which can be exercised to obtain, without undue delay, the rectification of inaccurate data or the completion of incomplete personal data; 

3. the right to deletion of data (the right “to be forgotten”), by virtue of which the deletion of personal data can be obtained, without undue delay, for one of the following reasons:

i. the data are no longer necessary to fulfill the purpose for which they were collected or processed; 

ii. the user withdraws his consent and there is no other legal basis for the processing;

iii. the user objects to the processing and there are no legitimate reasons that prevail with regard to the processing; 

iv. personal data were processed illegally; 

v. personal data must be deleted to comply with a legal obligation; 

vi. the personal data were collected in connection with the provision of services to the information society. 

4. the right to restrict processing can be exercised in the following situations:

i. when the accuracy of the data is disputed, for a period that allows us to verify their correctness;

ii. the processing is illegal, and the user opposes the deletion of the data, requesting instead the restriction of their processing; 

iii. we no longer need the personal data for the purpose of processing, but the user requests it for establishing, exercising or defending a right in court; 

iv. when the user opposes the processing for reasons related to the particular situation in which he is, for the time interval in which it is checked whether in this case the legitimate rights of the operator prevail.

5. the right to opposition, under which the user can oppose the processing of personal data, including the creation of profiles, for reasons related to the particular situation in which he is, in cases where the processing is necessary for the performance of a task that serves an interest publicly or when it takes place for the purpose of legitimate interests pursued by us or a third party. In these cases the processing will only be done if it is justified by legitimate and compelling reasons, which prevail over the interests, rights and freedoms of the user, or when the purpose of the processing is to ascertain, exercise or defend a right in court. When the processing of personal data is aimed at direct marketing, the user has the right to object at any time to the processing of data for this purpose, including the creation of profiles, to the extent that it is related to direct marketing. 

6. the right to data portability, which allows the user to receive the personal data concerning him and which he has provided in a structured, commonly used and machine-readable format and to transmit this data to another operator, provided that the processing is based on consent or a contract and is carried out by automated means. 

Pursuant to this right, personal data concerning the user may be transferred directly from one operator to another where this is technically feasible. Modification of the personal data processing policy 

This policy can be updated as a result of changes in the relevant legislation in the field or changes in the structure and functions of the site

If changes are made to the personal data processing policy, users will be notified by e-mail, notifications within the site or through the website, before the changes enter into force. We encourage users to check this page periodically to stay informed of the latest developments regarding our personal data processing practices.

How can you contact us? 

For concerns or questions regarding the processing of personal data, you can contact the Harghita County Development Agency with a written request, at the address in P-ta Libertăţii no. 5, Miercurea Ciuc, Harghita county or email .

If you wish to make complaints regarding the processing of personal data, you can write to us at the same address, and we will respond within the legal correspondence period, in accordance with our internal policies and procedures. 

In the unlikely event that you consider that your rights regarding the processing of personal data have been violated and the Harghita County Development Agency has not handled the complaint properly, you can contact a supervisory authority for the processing of personal data.

The National Supervisory Authority for the Processing of Personal Data in Romania is headquartered in Bucharest, bld. Gender. Gheorghe Magheru no. 28 – 30, sector 1, postal code 010336.