Contact Members Join
AmCham Romania
Members only
Home |Privacy policy
Privacy policy

Privacy policy

AmCham Romania Policy Regarding the Protection of Personal Data

Welcome to AmCham Romania’s information center with regard to the protection of personal data.

This section of includes information regarding the type of personal data we collect, for what purpose, the duration of data storage and who can access such information.

Please refer to the Privacy Policy below for further information on:

About AmCham

The American Chamber of Commerce in Romania (hereinafter referred to as “AmCham”, “we” or other similar forms) is a non-profit, independent association, established in year 1993, with its registered office in Bucharest, 11 Ion Campineanu Street, Union International Centre, 4th floor, District 1, Tax code 6347859, having the capacity of personal data controller.

AmCham  has been for 25 years one of the most representative associations of the Romanian business community, being recognized as a promoter of the public-private dialogue on topics related to business, public policies having an impact on economy, the competitiveness of Romania or the dynamics of the commercial relations between the U.S.A. and Romania.

The mission of AmCham is to provide its members with a professional platform of interaction, collaboration, exchange of good practices and promotion for the purpose of development of businesses and commercial relations, as well as to represent the priorities of the affiliated companies, on subjects of common interest, in its relation with the Romanian authorities. is the portal of AmCham, which has a primary purpose the information of its members regarding the activity of the organization, its members and the benefits arising from the capacity of member. In order to reach this purpose, we come in contact with our members and readers, to whom we provide an interactive platform by means of which they can exchange opinions and information related to certain legal, economic or business-related issues.

The information given hereinafter is highly important since it explains why we need certain personal data to supply certain services and it requires a careful reading, since the concepts and principles we refer to are relevant both in the interaction with our website, as well as in the interaction with the online environment in general.

We shall also refer hereinafter to your rights in relation with your personal data that we process, as well as to the actions you may take to understand and control much better the volume of personal data which is processed in the online environment.

We shall explain as clearly as possibly, some concepts and ideas, actions and obligations, as well as many other elements meant to help you understand the purpose of our actions and the manner in which you can communicate to us what precisely bothers you or what should be changed.

Back to top

What does personal data mean?

According to the General Data Protection Regulation1 (GDPR), „personal data” means any information related to an identified or identifiable natural person (“data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identifier, such as a name, an identification number, positioning data, an online identifier or to one or several specific elements, specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

There is no list of personal data, and the GDPR does not impose the states to draw such a list, for the simple reason that a data can be in a certain context a personal data, and in another context, it can simply be an information without the value of a personal data2.

Further information to understand „what does personal data mean” can be obtained reading Opinion no. 4 from 2007 on the concept of personal data, delivered by the Working Group Article 29 for Data Protection.

Further information to understand „what does personal data mean” can be obtained reading Opinion no. 4 from 2007 on the concept of personal data, delivered by the Working Group Article 29 for Data Protection.

  1. Regulation no. 679 from 27 April 2016 of the European Parliament and the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of this data and for the repeal of Directive 95/46/EC, coming into force on 25 May 2018.
  2. Here are some examples of personal data: name; domicile or residence of a person; an e-mail address (including addresses of the type; the identity card or passport number; data regarding location (for example, the option regarding the location available on a mobile telephone)*; an IP address; a cookie; a person’s silhouette from CCTV recordings; a vehicle’s plate number.

Personal data processed by AmCham

AmCham processes personal data of data subjects (former, current and potential members, partners, collaborators, office visitors and visitors, invitees and participants to all type of events and actions organized by AmCham Romania, journalists, opinion leaders and and media representatives, representatives of the authorities and public institutions that AmCham interacts with) mainly using the methods below:

  1. The direct supply to You, by filling in the forms made available by AmCham (for example, after the registration as a member of the AmCham community, after requesting a service from the part of AmCham, or after subscribing to the AmCham newsletters) or following a contractual relation/collaboration.
  2. The acquisition of the information after using AmCham services (for example, the history of Your interactions with our newsletters to be able to understand and limit the newsletters sent to you to those you are interested in).
  3. By AmCham obtaining your personal data as a result of a direct or indirect interaction in the context of AmCham’s statutory framework, such as: following your participation to an AmCham event/meeting, by sending you a specific communitation or collaboration proposal. 

Back to top

Personal data directly supplied by You

AmCham processes personal data disclosed directly by you through the forms made available by AmCham (for example, following your registration as a member of the AmCham community, creating an user account on, requesting  a service from our part or following the subscription to the AmCham newsletters).

All these include certain fields which must be filled in by You, therefore AmCham processes your following personal data, as the case may be: surname and name, surname and name of your legal representatives, the details of the contact persons of the company, gender, citizenship, e-mail address, mobile/ fax number, job, address of the place of work, profession/ position, bank details, photograph, signature, data regarding the participation in a certain event held by AmCham, cookies and access password.

Also, it is possible in certain situations for AmCham to process additional tax information, in case that we are forced by law to submit tax statements in relation with the services ordered by You. In this case, we shall refer to Your address also (necessary to be mentioned on the tax invoice), but also to other tax data that the law forces us process in relation with the transaction in question. In this situation, the legal ground for the processing will be the obligation to comply with the provisions of the relevant law (Article 6(1) letter c) of the GDPR).

AmCham does not process sensitive categories of personal data.

The purposes for which AmCham processes this personal data of Yours are: the fulfilment of the purposes and statutory missions for which AmCham was established, communication, statistics, organization of courses, seminars, other events (including receptions, workshops, delegations, conferences and fairs), for educational purposes (for the organization of the program of professional training), the issuance of any financial-accounting documents, the conclusion of contracts or other acts necessary in the activity of AmCham, the promotion of some of the services or products of certain members of AmCham that you have agreed with in prior.

Also, AmCham processes personal data to allow access to the website and to provide the services you have opted for (for example, newsletters, replies on the forum, comments on articles, etc.). The legal ground for this processing is the conclusion and implementation of a contract in which you are a party – Article 6(1) letter b) of the GDPR (each time you perform the operations mentioned above, you agree with the terms and conditions of these services).

The legal grounds based on which we process Your personal data are:

  1. Your consent: we do not use your data to send to you any marketing communications unless you explicitly opt for such a form of communication (Article 6(1) letter a) of the GDPR. Even in such cases, we ensure you that you are provided with an easy to use option to unsubscribe (withdraw your consent) anytime, either through the communication itself, or by contacting us, as indicated in section 9.
  2. Compliance with a legal obligation: for example, the prevention and fight against money laundering, the submission of mandatory statements/ reports to tax authorities and other competent authorities (Article 6(1) letter c) of the GDPR).
  3. The implementation of a contract between AmCham and You or the company that you represent (Article 6(1) letter b) of the GDPR).
  4. The vested interest: In implementing its statutory mission, AmCham promotes the public-private dialogue on topics of general interest for the business community in Romania, therefore, it organizes various meetings between the data subjects and public authorities, companies, individuals and legal entities. Our website also provides you with the option to send us a message. The data you send after using this means of contact is processed based on our vested interest to reply the request and/ or to keep a record of Your claim, your request for consultancy and other similar. This data is kept for a period of 5 years.

Personal data supplied by You after using the website collects automatically certain types of data that it stores in its traffic reports. This data may include the IP address of the device used to visit us, the region or the general location from where you access the website, as well as the browser used, the operation system or the device used to access the website and the history of the pages you access. Also, we process statistical demographic data that help us identify the preferences of readers. also uses cookies you may read on in the section below.

The legal ground based on which we process Your above indicated data is the vested interest of AmCham to observe the measure in which the pages of the website comply with the display needs of Your particular device, to detect any potential issues of our servers when delivering pages to certain types of devices, to analyse tendencies and observe the manner in which users could enjoy a better navigation on our web pages.

Back to top

Cookies and other similar technologies

In the early days of internet, website did not have any memory. This is why, in the first variants of websites, it was not possible the authentication of visitors, nor the use of prompts, such as shopping baskets, in case of online stores or other mechanisms helping the user and the website to recognize other visits as well.

Cookies were invented precisely to fix this problem. They are small text files, placed on the device of the reader, that play the role of memory of the website.

Each time someone accesses a certain website, it can write or read from the cookie it placed on the device all kind of information that the reader has sent already to the website, directly or indirectly. Subsequently, other technologies were developed from here, concerning the same type of purpose. We have tried to describe every such technology below.

We use cookies and similar technologies on

"Direct" cookies are established by the domains you visit at that time (e.g. "Third" cookies are established by other domains than the ones of the websites you visit (e.g. other domains than, such as google analytics).

The mobile publicity code is a unique identifier (ID) set by the operation system of your mobile device. This ID helps applications you install on your device and which can contain advertisements to recognize you. Most of devices allow applications to access in a predefined manner the mobile publicity identifier. Nevertheless, you have the possibility to modify the settings of your device to prevent it from sharing this code with various applications. Check the section “Help” for operation systems to find out more on the administration of mobile publicity IDs. On Android devices, Publicity is the Android publicity ID, on iOS devices it is the publicity agent ID (IDFA).

Below we shall refer to cookies, local storage and mobile publicity ID, such as "cookies and similar technologies".

Below we shall refer to cookies, local storage and mobile publicity ID, such as "cookies and similar technologies".

Most cookies can be included in one of the categories below:

(a) Strictly necessary: These cookies are essential in the supply of services requested by readers. Without them, the website cannot be operated or it cannot deliver the supplied services.

Back to top

Below is a detailed description of the cookies which are strictly necessary and used by

Host (Family of cookies)

Name (cookie ID)

Domain placing the cookie

Purpose of the cookie

Duration of life of the cookie


It maintains the status of the session for requests for pages

Browser session | 60 min      from the setting/ resetting after the login

(b) Performance: These cookies collect information on the manner in which readers use a website, such as most popular pages, which method of connection between pages is the most efficient and whether users come across any messages of error on the websites. These cookies allow us to offer a high-quality experience to our readers, as well as to measure the audience of the pages. The information collected by these cookies do not identify users. They are conceived to improve the operation of our website.

This website uses Google Analytics, an analysis program for internet traffic provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyse the manner in which users use the website. The information generated by cookies on the use of (including your IP address) will be sent to and stored by Google on the servers from Ireland.

Google shall use this information in order to evaluate your activity on, to compile the reports on the website activity and to supply other services related to the activity of Google may also send this information to third parties, if this is required by law or if these third parties are empowered to process the information on behalf of Google. Google shall not associate your IP address with other data held by Google. You may refuse the use of cookies by selecting the corresponding settings from your browser. Nevertheless, retain that if you do this, you may not be able to use this website at its entirety decided not to activate the remarketing functions, respectively the reports on advertisements, not to perturb your privacy. Also, for the same reason, did not activate the User-ID function, meant to ensure the association of the interaction data on different devices and from several sessions. Plus, activated the anonymization function of your IP addresses, not to be used by Google for other purposes than that which is necessary to analyse the traffic of

 A detailed description of performance cookies used by is given below:

Host (Family of cookies)

Name (cookie ID)

Domain placing the cookie

Purpose of the cookie

Duration of life of the cookie

google analytics


Google Analytics

Used to distinguish users and sessions. The cookie is created when it executes the javascript library and there are no existing

   utma cookies. The cookie is updated each time data is sent to Google Analytics.

2       years from the setting/ resetting

google analytics


Google Analytics

Used to determine new sessions/ visits. The cookie is created when it is executed the javascript library and there are no _utmb cookies. The cookie is updated each time data is sent to Google Analytics

30      mins from the setting/ resetting

google analytics


Google Analytics

Not used in ga.js. Set for interoperability with urchin.js. From the point of view of history, this cookie module worked with the utmb cookie to determine whether the user is in a new session/ visit.

browser session

google analytics


Google Analytics

Used for the rate of request for acceleration.

10 mins

google analytics


Google Analytics

It stores the traffic source or the campaign which explains the manner in which the user has arrived on your website. The cookie is created when the javascript library is working and it is updated each time data is sent to Google Analytics.

6       months from the setting/ resetting

(c) Functional: These cookies recall your selections, to improve your experience. Below it is a detailed description of the functional cookies used by

Host (Family of cookies)

Name (cookie ID)

Domain placing the cookie

Purpose of the cookie

Duration of life of the cookie


It stores the time when a promotion is displayed for the user, in case it exists.

Possible values: session, 1 day/week/month,         2

days/weeks, 3 days, depending on the promotion


It retains whether the user has viewed the promotion or not; it is displayed when the time interval is reached

browser session


It retains the state of the login form (expanded/ displayed or narrowed/ hidden) – button “Members Only click to expand”

browser sessio


Back to top

Your options regarding cookies

Targeting and advertising cookies: These cookies collect information on your navigation habits to make advertisements relevant for you and your interests. They are also used to limit the number of views of an advertisement, as well as to help measuring the efficiency of publicity campaigns.

You have the possibility to adjust your privacy settings using the browser to block all cookies; nevertheless, this may seriously affect your navigation, since many websites might not operate properly. The browser can allow you to delete all cookies when you close the browser. This option though, leads to the removal of persistent cookies, which can store your preferences and customized settings for the websites you visit on a regular basis. Nevertheless, you are able to keep the desired cookies, since the browser allows you to indicate the website which are always or never authorized to use cookies.

Further details on the removal of cookies or the administration of cookies in different internet browsers can be found accessing the links below:

In order to opt for no more tracking by Google Analytics please visit: IAB has built the following website to offer specific information with regard to privacy issues related to internet advertising: Full information on the method in which organization use cookies is available at the address:

Back to top

To whom we transfer this information

We shall disclose your personal data only for the purposes and to the third parties listed below. We shall take appropriate measures to ensure your personal data is processed, secured and transferred in accordance with the legislation in force.

Disclosure to third parties

We shall send your personal data, if strictly necessary, on a need-to-know basis, to the following categories of third parties:

  1. companies supplying products and services (agents and operators), such as:
    1.  IT services: variours types of activities related to our IT infrastructure, the   maintainance/repairs, security, etc.
    2. Communication, PR, branding, market research services: analysis, publicity, strictly for the needs of;
    3. Infrastructure services (other parties managing the email newsletter, marketing or other types of marketing activities on our behalf, including by delivering correspondence, messages, invitations, announcements via email, regular mail or phone ) strictly limited to our legitimate needs.
    4. other types of support services related to our IT  systems, including the archiving of e-mails, telecommunication suppliers, back-up and recovery services in case of disasters and services of cybersecurity
  2. companies involved in the operation of our website.
  3. other parties, such as partners, collaborators, agents,  public authorities and institutions, accountants, auditors, lawyers and other external professional consultants, other types of service suppliers for AmCham whose activity involves the need to know this data or if the law forces us to make such disclosure.

Also, we shall disclose your personal data to third parties:

  • If you give us your consent for such disclosure;
  • To people who demonstrate that they act legally on your behalf, AmCham having in this respect a legal obligation;
  • If AmCham is vested to administer, grow and develop its activity.
  • If we are bound by law to disclose a certain type of information, in case of some legal requests of governmental officers, or in the situation in which we are bound to comply with the requirements of national security or application of law or to prevent unlawful activities.
  • to answer any claims, to protect our rights or the rights of a third party, to protect any person’s safety or to prevent any unlawful activity; or
  • to protect the rights, property or security of AmCham, our employees, clients, suppliers or other people.

AmCham does not transfer personal data out of Romania.

Back to top

Restrictions regarding the use of personal data by third parties

Any third parties to whom we disclose your personal data in accordance with the above provisions are limited (for example, by law and under contract) in their capacity to use such  personal data  only for the purposes precisely identified by us.

We shall always make sure that all third parties to whom we disclose your personal data are subjected to the obligations of privacy and security, according to the contracts concluded with them and the applicable laws. Nevertheless, to avoid any doubts, this cannot be applied when the disclosure is not our decision.

Except for the situations detailed expressly above, we shall never disclose, sell or rent your personal information to any third party.

Back to top

What are your rights?

GDPR recognises to data subjects a series of 8 important rights that you are allowed to exert:

  1. Right for information - art. 13 and 14 of the GDPR - it allows data subjects to know, even from the moment when the collection is made, the manner in which the data is going to be used, to whom it will be disclosed or transferred, what are the rights of data subjects with regard to the processed data etc.
  2. Right for access to data - art. 15 of the GDPR. It allows you to obtain, from our part, a confirmation whether any personal data related to you is processed or not and, if so, to obtain the access to the respective data and other useful information.
  3. Right for data removal - art. 17 of the GDPR. It allows you to obtain from our part the removal of the personal data related to you, without any undue delay. Still, there are exceptions from this rule, such as the case in which the data is processed to offer the public the right to information, for statistical or archiving purposes, for the fulfilment of a legal obligation, or for finding and defending a right before the court.
  4. Right for data modification - art. 16 of the GDPR. It allows to obtain from us, without any undue delay, the modification or completion of any unclear personal data related to you.
  5. Right for data restriction - art. 18 of the GDPR. This is a temporary right. In certain situations, between the moment when, for example, we make the decision to remove certain data (we no longer need personal data for processing purposes) and the actual removal of the data, you send us an application by which you oppose to the removal, claiming that you need this data to find, exert or defend a right before the court. Following such request, we shall “freeze” the data stopping its processing for a certain period of time.
  6. Right for data portability - art. 20 of the GDPR. You have the right to receive the personal data that concern you and which you have supplied to the controller in a structured format, used commonly and which can be read automatically, as well as the right to send this data to another controller, without any obstacles from our part. Otherwise said, your personal data will be given to you in a structured format, so you can decide whether you download them or, on the contrary, you send them to a different controller.
  7. Right for opposition - art. 21 of the GDPR. You have the right to oppose at any given time the processing of your personal data. For example, in all newsletters from (irrespective whether we talk about newsletters that provides us only with information or newsletters that promote services or products of you will always have the possibility to unsubscribe (art. 7 of the GDPR).We offer this option in all situations, irrespective whether the law binds us or not to it, because we find important that your interaction with AmCham shall exist only as long as you want it.
  8. Right for not being subjected to a decision based exclusively on automatic processing, including the creation of profiles – art. 22 of the GDPR, which can cause legal effects that concern the data subject or affect the data subject similarly in a significant measure. AmCham does not create such profiles to be followed by automated decisions with legal or significantly similar effect for the data subject.
  9. Right to submit claims to the competent supervisory authority (National Supervisory Authority for Personal Data Processing),

Back to top

Please also bear in mind the following:

Period for reply: We will try to reply your request within 30 days and we can extend this term for specific reasons, related to the complexity of your request. In all cases, if this period is extended, we shall inform you about the extension term and the reasons that lead to it.

Limited access: in certain situations, we may not be able to grant you access to all or some of your personal data due to legal provisions. If we deny your access request, we shall inform you about the reason.

No identification: in certain cases, we may not be able to search for your personal data because of the identifiers you supply through your application. In such cases, if we cannot identify you as data subject, we are not able to comply with your request to implement your legal rights described in this section, except for the case in which you supply additional information that might allow your identification. We shall inform you and offer you the possibility to provide such additional details.

Exertion of legal rights: To exert your legal rights, please access your Account on, section My Rights according to the GDPR, from where you will be able to get an instantaneous answer to your requests. If you are not pleased with this answer, please write us (including by electronic means) using the contact details supplied in the sections Contact below.

Data preservation period

AmCham complies with the terms of preservation of personal data, established for each category of data, according to the Archiving Register which can be consulted on the web page of AmCham here.



AmCham undertakes to protect your personal data against any loss, improper use, disclosure, modification, unavailability, unauthorized access and destruction and to take all reasonable measures to protect the privacy of this data, including by taking appropriate technical and organizational measures.

Organisational measures include the control of the physical access into our premises, the training of the personnel and the blocking of the physical files in storing lockers. Technical measures include encryption, passwords necessary to access our systems, certificates of security type SSL, for the encryption of data in transit etc.

During the supply of your personal data to you, the personal data can be transferred on the internet. Even though we make every effort to protect the personal data you provide us with, the transmission of information between you and us, online, is not completely safe (the device you use for writing to us might be monitored by third parties, for example, without having the possibility to take any measures in this respect).

Therefore, we cannot guarantee the security of your personal information send by means of the internet. So, you understand that any such transmission is made at your own risk. Once we receive your personal data, we shall use strict procedure and security characteristics to prevent any unauthorised access to it.

Back to top

Changes in the information note

We reserve the right, at our discretion, to modify our privacy practices and to update and perform any changes in this information note anytime. For this reason, we encourage you to keep returning to this note

This document is actual from the date indicated in the upper part of the document. We shall treat your personal data in a manner which is compatible with the information form based on which it was collected, except for the case in which we have your consent to treat it differently.

Contact details

Please address your queries on data protection and any requests under your legal rights at the following contact details:,

We shall perform an investigation and try to settle any request or claim related to the use or disclosure of your personal information.