GDPR and Terms

Starting from 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC – becomes applicable (hereinafter referred to as the “Regulation” or “GDPR”, being one of the biggest legislative changes at the EU level in the last 20 years.

GDPR Concepts:

  • the right to modification, restriction, portability and deletion (anonymization) of personal data;
  • detailed information of the persons concerned;
  • the existence of an explicit and granular consent of individuals for the processing of their data;
  • appropriate IT security measures
  • notification of the authority in the case of security breaches within 72 hours of becoming aware of them

What are cookies?

Cookies represent a small file, generally made up of letters and numbers (encoded), sent by a server to a web browser and then sent back (unmodified) by the browser, every time it accesses that server.

Cookies are created when the browser used by a user displays a certain website. The website transmits information to the browser, which creates a text file. Each time the user accesses the respective website again, the browser accesses and transmits this file to the web server where the respective website is hosted. In other words, the cookie can be seen as an identification card of the Internet user, which informs the website every time the user returns to that website.

The purpose of using cookies

Cookies can ensure a faster and easier interaction between users and websites. For example, when a user authenticates on a certain website, the authentication data is stored in a cookie; afterwards, the user can access the respective site without having to log in again.

In other cases, cookies can be used to store information about the activities carried out by the user on a certain web page, so that he can easily resume those activities when accessing the site later. Cookies tell the server which pages to show the user, so that he does not have to remember this or navigate the entire site from the beginning. Thus, cookies can be assimilated to “bookmarks” that tell the user exactly where he was on a website.

It is important to mention that websites in Romania have the obligation to publicly specify if they use cookies and for what purpose.

What types of cookies do we use?

Cookies specific to an online session

Web pages have no memory. A user who navigates from one web page to another will be considered by the website as a new user. The cookies specific to a session store an identifier that allows the user to move from one web page to another without having to enter the identification information each time (username, password, etc.). Session-specific cookies are stored in the user’s computer memory only during an Internet browsing session and are automatically deleted when the browser is closed. They can also become inaccessible if the session has been inactive for a certain period of time (usually 20 minutes).

Permanent, persistent or stored cookies

Persistent cookies are stored on the user’s computer and are not deleted when the browsing session is closed. These cookies can retain the user’s preferences for a certain website, so that they can be used in other Internet browsing sessions.

In addition to authentication information, persistent cookies can also retain details about the language and theme selected on a certain website, preferences regarding a website’s menu, favorite pages within a website, etc. When the user accesses a site for the first time, it is presented in default mode. Later, the user selects a series of preferences, which are then retained by cookies and used when the user accesses the site again. For example, a website offers its content in several languages. On the first visit, the user selects the English language, and the site retains this preference in a cookie. When the user visits the respective site again, the content will be automatically displayed in English.

Flash cookies

If the user has Adobe Flash installed on the computer, small files can be stored in the memory of the respective computer by websites that contain Flash elements (such as video clips). These files are known as “local shared objects” or “flash cookies” and can be used for the same purposes as regular cookies.

Cookies from the perspective of IT security and privacy protection

Although cookies are stored in the memory of the Internet user’s computer, they cannot access/read other information located in that computer. Cookies are not viruses. They are just small text files; they are not compiled as code and cannot be executed. Thus, they cannot self-copy, they cannot spread to other networks to generate actions and they cannot be used to spread viruses.

Cookie Legislation

Legislation regarding the use of cookies from the perspective of the European Union and Romania.

The European Union regulates through Directive 2002/58/EC on the processing of personal data and the protection of confidentiality in the electronic communications sector, amended by Directive 2009/136/EC, provides that:

“Art.5 – (3) The member states ensure that the storage of information or gaining access to the information already stored in the terminal equipment of a subscriber or user is allowed only on the condition that the subscriber or user in question has given his consent, after received clear and complete information, in accordance with Directive 95/46/EC, inter alia, regarding the purposes of the processing. This does not prevent the storage or technical access with the sole purpose of carrying out the transmission of the communication through an electronic communication network or if this is strictly necessary in order to provide the provider with an information society service expressly requested by subscriber or user.”

These provisions were transposed into the national legislation in Law no. 506/2004 on the processing of personal data and the protection of private life in the electronic communications sector, with subsequent amendments and additions:

“Art.4 – (5) Storing information or obtaining access to the information stored in the terminal equipment of a subscriber or user is allowed only with the cumulative fulfillment of the following conditions:

(a) the subscriber or user in question has expressed his consent;

(b) the subscriber or user in question were provided, prior to expressing the agreement, in accordance with the provisions of art. 12 of Law no. 677/2001, with subsequent amendments and additions, clear and complete information that:

to be presented in an easy-to-understand language and to be easily accessible to the subscriber or user;

to include mentions regarding the purpose of processing the information stored by the subscriber or user or the information to which he has access.

If the provider allows third parties to store or access information stored in the terminal equipment of the subscriber or user, the information in accordance with points (i) and (ii) will include the general purpose of the processing of this information by third parties and the way in which the subscriber or user can use the settings of the Internet browsing application or other similar technologies to delete the stored information or to deny third parties access to this information.

(51) The agreement provided for in para. (5) lit. a) it can also be given by using the settings of the Internet browsing application or other similar technologies through which it can be considered that the subscriber or user has expressed his consent.

(6) The provisions of para. (5) do not affect the possibility of storing or technical access to the stored information in the following cases:

when these operations are carried out exclusively for the purpose of transmitting a communication through an electronic communication network;

when these operations are strictly necessary in order to provide a service of the information society, expressly requested by the subscriber or user.”

Management, deactivation and deletion of cookies

Detailed information on how to manage, disable and delete cookies for the most important browsers is detailed below:

Internet Explorer

To delete cookies from Internet Explorer:

  • Open Internet Explorer for desktop;
  • Tap or click the Tools button, point to Safety, then tap or click Clear Browsing History;
  • Check the Cookies checkbox, then tap or click Delete;

To block or allow cookies:

  • Open Internet Explorer for desktop.
  • Tap or click the Tools button, then tap or click Internet Options.
  • Tap or click the Privacy tab, then under Settings, move the slider to the top to block all cookies or to the bottom to allow all cookies, then tap or click OK.

If you block cookies, certain pages may not be displayed correctly.

Mozilla Firefox

  • At the top of the Firefox window, click the Firefox button (Tools menu in Windows XP) and then click Options at the top of the Firefox window, click the Tools menu and select Options…;
  • Select the Privacy panel;
  • Set Firefox to: with the option Use custom settings for history;
  • Check the box Accept cookies from sites to activate cookies and uncheck it to deactivate them;

Choose the allowed storage duration of cookies:

  • Keep until: when it expires: Each cookie will be deleted when it reaches the expiration date, which is set by the site that issued it;
  • Keep until: when I close Firefox: Cookies stored on the computer will be deleted when Firefox is closed;
  • Save until: ask every time: Displays a message every time a site tries to send a cookie and asks if you want to store it or not;
  • Click OK to close the Options window;

Google Chrome

To control the cookie settings in Google Chrome, complete the following steps:

  • Click on the Chrome menu Chrome menu in the browser toolbar;
  • Select Settings;
  • Click on Show advanced settings;
  • In the “Privacy” section, click on the Content Settings button;
  • In the “Cookies” section, you can change cookie settings.