Privacy Policy

Last updated: February 18, 2026

1. Introduction

The Religious Association – Union of Christian Apostolic Churches of Romania (U.B.C.A.R.), as a personal data controller, respects the right to data protection of all data subjects, in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law No. 190/2018.

This privacy policy describes how we collect, use, store, and protect your personal data when you visit our website or interact with our services, in compliance with the Internal Regulation on the Processing of Personal Data of U.B.C.A.R.

2. Data Collected

We collect the following categories of personal data:

• Data provided directly: Name, email address, phone number, message submitted through the contact form, as well as data entered in membership or tax redirection forms (Form 230).
• Data collected automatically: IP address, browser type, pages visited, date and time of access (through essential cookies).

We do not intentionally collect personal data of minors without the consent of parents or legal guardians (Art. 12 of the internal GDPR Regulation).

3. Purpose of Processing

Your data is processed for the following legitimate purposes (in accordance with Art. 8 of the internal GDPR Regulation):

• Responding to inquiries submitted through the contact form.
• Processing membership (affiliation) requests.
• Facilitating the redirection of 3.5% of income tax through Form 230.
• Ensuring the proper functioning of the website.
• Improving the user experience on our site.
• Internal and external communication with members and supporters.

4. Legal Basis

Data processing is carried out based on one of the following legal grounds, pursuant to Art. 6 GDPR (Art. 10 of the internal Regulation):

• Consent of the data subject — freely given, specific, informed, and revocable at any time.
• Performance of a contract or pre-contractual steps at the request of the data subject.
• Compliance with a legal obligation of the controller (tax, accounting, archival obligations).
• Protection of vital interests of the data subject or of another natural person.
• Legitimate interest of U.B.C.A.R., insofar as it does not override the fundamental rights and freedoms of the data subject.

5. Data Retention

Personal data is retained only for the period strictly necessary to fulfill the purposes for which it was collected, in compliance with legally prescribed terms (Art. 15 of the internal GDPR Regulation):

• Accounting and tax documents — 10 years.
• Member records — for the duration of membership + 3 years after cessation.
• Volunteer and collaborator data — for the duration of the contract + 3 years.
• Photo-video data — maximum 2 years, except for archival or historical materials.
• Archives of religious, historical, or cultural value — indefinitely, in compliance with the National Archives Law.

6. Your Rights

In accordance with GDPR (Chapter III of the internal Regulation, Art. 17–26), you have the following rights:

• Right to information — to be informed about the processing of your data.
• Right of access — to obtain confirmation that your data is being processed and access to it.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — to request deletion of data when it is no longer necessary or consent has been withdrawn.
• Right to restriction of processing — to request limitation of processing under certain conditions.
• Right to data portability — to receive your data in a structured, commonly used format.
• Right to object — to object to processing on grounds relating to your particular situation.
• Right to object to direct marketing — an absolute right, pursuant to Art. 26¹ of the internal Regulation.
• Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

7. Cookies

Our website uses only essential cookies necessary for proper functionality (e.g., language preference). We do not use marketing or tracking cookies.

8. Data Transfers and Sharing

We do not sell, rent, or share your personal data with third parties, except as required by law (Art. 13 of the internal GDPR Regulation).

Data may be transmitted to service providers, public authorities, or contractual partners only on a legal basis and with respect to the principle of minimization. Any transfer to third countries is carried out only under the conditions of Art. 44–49 GDPR, with adequate protection safeguards.

9. Photographs and Video Recordings

During religious, educational, or social events, photographing and filming of participants is carried out with respect for the right to privacy and to one's image. Materials are published only with the consent of the data subjects or on the basis of prior general notice (Art. 14 of the internal Regulation).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data (in accordance with Chapter V of the internal Regulation, Art. 47–65), including:

• Secured IT systems (complex passwords, two-factor authentication, encryption).
• Regular backups.
• Role-based access control and authorization.
• Periodic staff training on data protection.

11. Security Incidents

12. Data Protection Officer (DPO)

U.B.C.A.R. has designated a Data Protection Officer (DPO) in accordance with Art. 37–39 GDPR, who monitors compliance and can be contacted at: ubcarromania@gmail.com

13. Contact

For any questions regarding this policy or to exercise your rights, you can contact us at:

14. Full Internal Regulation

This policy is a summary of the Internal Regulation on the Processing of Personal Data (GDPR) of U.B.C.A.R. The full document, comprising 107 articles, can be downloaded below or consulted at the organization’s central office.

The Regulation was drawn up in compliance with Regulation (EU) 2016/679 (GDPR), Romanian Law No. 190/2018, and relevant national legislation.