PROCESSING OF PERSONAL DATA
The Romanian Police, according to Law no. 218/2002, exercises attributions regarding the protection of the fundamental rights and freedoms of the person, of the private and public property, the prevention and discovery of crimes, the observance of public order and tranquility, according to the law. According to the legal provisions in force, the Romanian Police has the obligation to respect the privacy and security of the processing of personal data of each person.
Legal framework on the protection of personal data
On 4 May 2016, the data protection package was published in the Official Journal of the European Union:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR);
- Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
Regulation (EU) 2016/679 entered into force on 25 May 2016 and is applicable from 25 May 2018. The provisions of the Regulation are directly applicable in the territories of the EU Member States, without, in principle, the need for transposition or implementation measures. However, the Reference Regulation provides that in certain situations implementing provisions are required at national level or Member States are empowered to adopt certain legal provisions. Thus, the Law no. 190/2018 on measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, which entered into force on 31 July 2018.
Directive (EU) 2016/680 entered into force on 5 May 2016 and has been transposed into national law by Law no. 363/2018 on the protection of individuals with regard to the processing of personal data by the competent authorities for the purposes of the prevention, detection, investigation, prosecution and combating of criminal offences or the execution of criminal penalties, educational and security measures, and on the free movement of such data.
Regarding the scope of the two legal instruments, we specify that they are complementary, the GDPR having general application with the exception of:
- activities not covered by Union law;
- the activities carried out by the Member States falling within the scope of Chapter 2 of Title V of the EU Treaty;
- activities carried out by a natural person in the course of an activity exclusively personal or domestic;
- activities carried out by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal sanctions, including the protection against and prevention of threats to public security (area covered by Directive (EU) 2016/680).
The Romanian Police have in its structure central units, territorial units and educational units which processes personal data. Thus, within the Romanian Police there are distinct data controllers: The General Inspectorate of the Romanian Police (I.G.P.R.), The General Police Directorate of Bucharest, the county police inspectorates, the police schools and the training centers.
The General Inspectorate of the Romanian Police., as a controller of personal data, is responsible for the implementation and compliance with the rules of personal data processing in the processing carried out at the level of central units.
Purposes for which personal data are processed
In order to fulfill its duties, the General Inspectorate of the Romanian Police. processes personal data in the activities of:
- prevention, detection, investigation, repression of criminal offences and other activities carried out in the field of criminal law;
- prevention, finding and sanctioning of contraventions;
- maintaining and ensuring public order and tranquility;
- keeping records of persons suspected of preparing, committing or having committed criminal acts, offences, stolen, lost or hijacked objects, except for motor vehicles, car registration plates as well as weapons and ammunition;
- keeping records of persons obtaining authorizations for the possession and/or marketing of metal detectors and data on metal detectors;
- ensuring compliance with the legal regime of arms and ammunition;
- keeping records of vehicles registered in circulation on the territory of Romania that belong to persons who have the capacity of debtor and on which the bailiff has ordered the attachment;
- guidance, supervision and control of compliance with traffic rules on public roads;
- storage and processing of personal data of drivers of motor vehicles and mopeds registered in other states and used on the territory of the country without transcription of the property right in the Romanian records;
- transmission of additional information on persons and property related to alerts in the Schengen Information System;
- issuing authorizations / licenses according to their competences;
- accreditation of media representatives;
- monitoring/security of persons, premises and/or public/private goods;
- human resources management;
- management of economic, financial and administrative resources.
The General Inspectorate of the Romanian Police. has received the approval of the National Supervisory Authority for Personal Data Processing for the processing of personal data by using portable audio-video systems of "Body Worn Camera" type, in order to guide, supervise and control the observance of traffic rules on public roads, as well as to maintain public order and safety, through patrolling activities. For more details click here.
In order to carry out the above activities, the General Inspectorate of the Romanian Police constitutes, organizes and holds, according to its legal attributions, record-keeping systems and uses automatic and manual means of processing personal data, under the law, in compliance with human rights and the application of the principles of legality, equity and transparency towards the data subject, ensuring the protection of processed data.
The General Inspectorate of the Romanian Police collects personal data, with or without the consent of the data subject, in order to fulfill the duties of the service, according to the law. Where the processing is based on the consent given by the data subject to the processing of his or her personal data for one or more specific purposes, the data subject shall have the right to withdraw consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
Categories of personal data processed by the General Inspectorate of the Romanian Police
- CNP - personal identification number
- Series and number of identity card / passport
- Data on the commission of offences
- Data on criminal convictions / security measures
- Data on disciplinary / administrative sanctions
- Data on contravention sanctions
- Data on criminal record
- Name and surname
- Surname and surname of family members
- Nickname / pseudonym
- Date and place of birth
- Data from civil status acts
- Data from the driver's license / certificate of registration
- Physical/anthropometric features
- Home address/residence
- Profession Job
- Family situation
- Military situation
- Economic and financial situation
- Data on owned assets
- Bank data
- The quality held in companies (associate, administrator)
- Images of stamps used to commit crimes
- Data on the phenomenon of counterfeiting of currency or other values
- Geolocation data / traffic data
- Photos of persons
- Unique registration code, communication terminals
- Brand and model of the car, chassis series
- Habits / preferences / behavior
- Data on the following goods: stolen vehicles, hijacked or lost; craft, aircraft, industrial equipment, outboard engines and containers; stolen, hijacked or lost firearms, official documents in white stolen, embezzled or lost; issued identity documents (passports, identity documents, driving licenses, residence permits, travel documents) stolen, misappropriated or lost; banknote (registered tickets); stolen, hijacked, lost or cancelled vehicle registration certificates or registration plates; real estate and payment values such as cheques, credit cards, bonds or shares that have been stolen, misappropriated, lost or cancelled;
- Number of pension file
- Number of social insurance / health insurance
- Data on professional training – diplomas – studies
Special categories of personal data processed by the General Inspectorate of the Romanian Police
- Personal Health data
- Genetic data
- Biometric data
- Data on racial or ethnic origin
- Data on political opinions
- Data on religious confession/philosophical beliefs/trade union membership
- Data on sex life or sexual orientation
Processing of national identification numbers
- CNP - personal identification number
- Series and identity card number
- Number of passport / driver's license
- Social or health insurance number
Categories of recipients of personal data
- Data subject
- Legal representatives of the data subject
- Central or local public enforcement authorities
- Debt collection/debt collection/debt recovery agencies
- Insurance/reinsurance authorities
- Law enforcement authorities of the Schengen Member States
- Social and health services
- Education institutions and education
- Banking societies
- Professional organizations
- Associations and foundations
- Employer/potential employer of the data subject
- recipients in third countries, or international organizations: INTEROPL, EUROPOL
Storage period of personal data
As a general rule, the data are stored only for the period necessary to achieve the purpose for which they are collected, but maximum retention periods can also be established, through normative acts, regulations and internal provisions, with the approval of A.N.S.P.D.C.P.
Rights of data subjects
As a guarantee of achieving the stated purpose of Law no.363/2018/EU Regulation no. 679/2016, the rights of the data subject are:
- the right to information (Art. 12, 13, 14 of Law no. 363/2018 and Art.13, 14 GDPR);
- the right of access by the data subject (Art. 16 of Law no. 363/2018 and Art. 15 GDPR);
- the right to rectification (art. 18 of Law no. 363/2018 and art. 16 of GDPR);
- the right to erasure - "the right to be forgotten" (art. 18 of Law no. 363/2018 and art. 17 of the GDPR);
- the right to restriction of processing (art. 18 of the Law on data No. 363/2018 and art. 18 GDPR);
- notification obligation regarding rectification or erasure of personal data or restriction of processing (art. 18 of Law no. 363/2018 and art. 19 of GDPR);
- the right to data portability (Art. 20 GDPR);
- the right to object (Art. 21 GDPR);
- The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, (Art. 22 GDPR);
- the right to file a complaint with a supervisory authority (Art. 57 of Law no. 363/2018 and Art. 77 GDPR);
- the right to appeal to justice (Art. 58 of Law no.363/2018 and Art.79 GDPR).
For more details on the rights of the data subject and how to exercise them, please visit the section Exercise of the data subject`s rights.
At the level of the General Inspectorate of the Romanian Police, there is the Personal Data Protection Department. The data protection officers responsible are:
Chief Commissioner of Police CONSTANTIN UDREA – coordinator
Chief Commissioner of Police CARMEN FRANDEȘ
Police Commissioner GABRIEL MARIN
For the contact details of the General Inspectorate of the Romanian Police. click here.
For further information you can contact us at: 021/208.25.25 (central), interior 26559.
What is the National Supervisory Authority for Personal Data Processing and what are its tasks?
According to the law on establishment, organization and functioning (Law no. 102/2005), the National Supervisory Authority for Personal Data Processing (A.N.S.P.D.C.P.) is the public authority with legal personality, autonomous and independent from any other authority of the public administration, as well as from any natural or legal person in the private sector.
The Authority's main objective is to protect the fundamental rights and freedoms of natural persons, in particular the right to respect for family and private life in connection with the processing of personal data and the free movement of such data. This right has a complex content, of great importance for the freedom and personality of the citizen, guaranteed by the art. 26 of the Romanian Constitution
The lawfulness of the processing of personal data falling under the scope of the GDPR and the legislation transposing the Directive is monitored and controlled by the Supervisory Authority.
According to Art. 57 (f) of the GDPR, the supervisory authority "shall handle complaints submitted by a data subject, a body, an organization or an association in accordance with Article 80 of the GDPR, and shall investigate to an appropriate extent the subject matter of the complaint and shall inform the compliant of the progress and outcome of the investigation, within a reasonable time, in particular if it is necessary to conduct a more thorough investigation or coordinate with another supervisory authority".
A.N.S.P.D.C.P. facilitates the submission of complaints referred to in point (f) through measures such as the provision of a complaint submission form that can be filled in also electronically, without excluding other means of communication.
The performance of the tasks of the supervisory authority shall be free of charge for the data subject. When the requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the supervisory authority may charge a reasonable fee based on the administrative costs or may refuse to provide an answer.
Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his l residence, place of employment or alleged infringement, if considered that the processing of personal data concerning him or her is in breach of the Regulation.
To file an A.N.S.P.D.C.P. complaint click here.
For other any other details:
Headquarters: B-dul G-ral Gheorghe Magheru 28-30, district 1, zip code 010336, Bucharest
Phone: 031.805.92.11, 031.805.92.12; Fax: 031.805.96.02
* Update on 09.11.2022