Terms of Use – Privacy Policy – Privacy Policy
Property right
All information on this site is the exclusive property of Vistlinie SRL’s registered trademark VISTLINE. No material on this site may be reproduced in part, fully edited without the express written consent of Vistlinie SRL. All rights reserved Vistlinie SRL.
Visitor Information
As a user, you understand and agree to the following responsibilities:
Provide true, accurate, and complete data about you, as required by the registration form when appropriate;
to maintain and update, when the situation requires, the registration data to be true, accurate, and complete. You will also undertake not to do the following:
2a. publish materials containing viruses or other programs with the intent to destroy this system and any system or information;
2b. Publish copyrighted material if you are not the author, or if you do not have permission from the author to publish the material in question;
2c. Publish obscene, defamatory, threatening or pitiful material to another
user, natural or legal person, material or information prohibited by law in
force;
2d. Publish an image or statement that is inconsistent with applicable law.
In the event of non-compliance with these conditions, Vistlinie SRL dissociates itself from their author, deletes the information and can act legally.
Collection and processing of personal data
3.1 Use of personal data
All personal data collected during the visits to this site are processed according to the legislation in force in the state where this site is maintained, namely the Republic of Moldova. By accessing the registration form by which you submit your personal information, you will be informed of the participation in various actions (information, promotional, advertising, entertainment etc.) organized by VISTLINE and Vistlinie SRL and its partners and you agree to the following:
that the personal data required to be collected, stored and processed by Vistlinie SRL registered with State Registration Chamber number 302431;
personal data to be used for an indefinite period, as well as for subsequent contact;
receive from VISTLINE and Vistlinie SRL and its partners various advertising materials, information, proposals and invitations to participate in various activities, as well as various objects, products and / or product samples through any channel of information dissemination, and in any other context.
3.2 Informing the data subjects about their rights
Vistlinie SRL undertakes to comply with the provisions of Law no. 133 of 08.07.2011 – regarding the protection of personal data and the free circulation of these data, provisions applicable to any processing / use of any data collected through this site.
The users of this site are guaranteed the rights provided by Law no. 133 of 08.07.2011 regarding the protection of individuals with regard to the processing of personal data and the free circulation of such data.
VISTLINE and Vistlinie SRL respectively reserve the right to use and transmit to third parties any type of personal data including: full name, mobile phone, email address, personal photos of users of Vistline.md site and other sites associated with Vistlinie SRL. Therefore, Vistlinie reserves the right to personally autilize or sell or transmit to any third party any personal data of users of Vistline.md and other sites associated with Vistlinie SRL.
Any request for the foregoing may be made only in writing, by a signed and dated request, to: – Vistlinie SRL, Chişinău, Str. Metropolitan Bănulescu Bodoni 45, Office 305.
All persons who transmit personal data to this site are entitled to the above rights, in accordance with the Law no. 133 from 08.07.2011.
This site may include links to other sites whose content is not under the control of Vistlinie SRL. Therefore, Vistlinie SRL does not assume and accept any liability and liability for the content and use of these websites, nor for the privacy policy of these sites, as these policies may differ from Vistlinie SRL’s policy regarding to privacy.
This site is protected by methods and techniques that provide maximum security. Personal information sent by users of this site is protected by both online and offline use of the site. The confidentiality of your data will be treated with the utmost diligence and accountability and in accordance with the legislation in force in the Republic of Moldova.
Vistlinie SRL reserves the right to revise and update, subject to the laws of the Republic of Moldova, any terms and conditions of this website without prior notice.
Changes to the privacy policy
Vistlinie SRL reserves the right to revise and update these rules at any time without notice or prior acceptance of users.

Republic of Moldova
PARLIAMENT
LEGE Nr. 133
from 08.07.2011
on the protection of personal data
Published: 14.10.2011 in the Official Gazette Nr. 170-175 Art Nr: 492 Date of Effect: 14.04.2012
This law creates the legal framework necessary for the implementation of Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Parliament adopts this organic law.
Chapter I
GENERAL DISPOSITIONS
Article 1. Purpose of the law
The purpose of this law is to ensure the protection of the fundamental rights and freedoms of the individual with regard to the processing of personal data, in particular the right to inviolability of intimate, family and private life.
Article 2. Scope
(1) This law regulates the legal relations that occur in the processing of personal data which are part of a record system or which are intended to be included in such a system, carried out wholly or in part by automated means , as well as other means than automated ones.
(2) The scope of this law extends to:
a) the processing of personal data carried out within the activities carried out by operators located on the territory of the Republic of Moldova;
b) the processing of personal data carried out within diplomatic missions and consular offices of the Republic of Moldova, as well as by other operators located outside the territory of the country but on territories where the domestic law of the Republic of Moldova is applied under the public international law;
c) the processing of personal data by operators located outside the territory of the Republic of Moldova, using the means located on the territory of the Republic of Moldova, unless such means are used only for the purpose of transit through the territory of the Republic of Moldova of the personal data are subject to such processing;
d) the processing of personal data in actions for the prevention and investigation of criminal offenses, enforcement of convictions and other criminal or contraventional actions under the law.
(3) The provisions of this law are applicable to the person empowered by the operator, without excluding the right to bring legal action against the operator.
(4) The scope of this law does not extend to:
(a) the processing of personal data by operators solely for personal or family needs, in so far as the rights of data subjects are not infringed;
b) the processing of personal data assigned to the state secret in the established way, except for those mentioned in paragraph (2) lit. d);
c) Transfrontier processing and transmission of personal data relating to perpetrators or victims of genocide, war crimes and crimes against humanity.
Article 3. Main notions
The terms and expressions used in this law have the following meanings:
personal data – any information relating to an identified or identifiable individual (subject of personal data). An identifiable person is a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to his or her physical, physiological, psychological, economic, cultural or social identities;
special categories of personal data – data revealing the racial or ethnic origin of a person, her political, religious, or philosophical beliefs, social affiliation, health or sex life data, and criminal convictions, procedural coercive measures or contravention sanctions;
processing of personal data – any operation or series of operations performed on personal data by automated or non-automated means such as collecting, recording, organizing, storing, preserving, restoring, adapting or modifying, extracting, consulting, using , disclosure by transmission, dissemination or in any other way, joining or combining, blocking, deleting or destroying;
personal data recorder system – any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or distributed according to functional or geographic criteria;
operator – a natural or legal person governed by public or private law, including the public authority, any other institution or organization which, individually or jointly with others, determines the purposes and means of processing personal data expressly provided by Legislation in force;
operator – natural person or legal person governed by public or private law, including the public authority and its territorial subdivisions, processing personal data on behalf of and on behalf of the operator on the basis of instructions received from the operator;
third party – a natural or legal person governed by public or private law, other than the subject of personal data, than the operator or person empowered by the controller, and only the person under the direct authority of the operator or the person empowered to process data personal character;
recipient – any natural or legal person governed by public or private law, including the public authority and its territorial subdivisions, to whom personal data are disclosed, whether or not it is a third party. The authorities in the field of national defense, state security and public order, criminal prosecution bodies and courts with personal data in the exercise of the competences established by the law are not considered as recipients;
the consent of the subject of personal data – any manifestation of free, express and unconditional will in written or electronic form, according to the requirements of the electronic document, whereby the personal data subject accepts to process the data concerning it;
depersonalizing data – modifying personal data so that details of personal or material circumstances no longer allow it to be attributed to an identified or identifiable individual, or to allow attribution only under the conditions of an investigation requiring disproportionate time, resources and labor costs.
Chapter II
BASIC CONDITIONS FOR PROCESSING, STORAGE
AND USE OF PERSONAL DATA
Article 4. Characteristics of personal data
1. Personal data processed shall be:
a) processed correctly and according to the law;
b) collected for specified, explicit and legitimate purposes and subsequently not processed in a way incompatible with these purposes. Subsequent processing of personal data for statistical purposes, historical or scientific research is not considered to be incompatible with the purpose of collection if it is carried out in compliance with the provisions of this law, including notification to the National Center for Personal Data Protection and respecting the safeguards regarding the processing of personal data, provided by the rules regulating the statistical activity, the historical and the scientific research;
(c) appropriate, relevant and not excessive in relation to the purpose for which they are collected and / or further processed;
(d) accurate and, if necessary, updated. Inaccurate or incomplete data from the point of view of the purpose for which it is collected and subsequently processed shall be erased or rectified;
(e) stored in a form which permits the identification of the subjects of personal data for a period not exceeding the time required to achieve the purposes for which they are collected and subsequently processed. The storage of personal data for a longer period, for statistical purposes, of historical or scientific research, shall be done in compliance with the guarantees regarding the processing of personal data provided by the norms regulating these domains and only for the period necessary for the achievement of these purposes .
(2) Operators are obliged to observe and ensure the implementation of the provisions of para. (1).
Article 5. Processing of personal data
(1) The processing of personal data shall be carried out with the consent of the subject of personal data.
(2) Consent to the processing of personal data may be withdrawn at any time by the subject of personal data. Withdrawal of consent can not have retroactive effect.
(3) In case of inability to exercise or the limited exercise capacity of the subject of personal data, the consent regarding the processing of personal data shall be granted, in written form, by its legal representative.
(4) In the event of the death of the subject of personal data, the consent to the processing of his data shall be given in written form by his successors if such consent was not given by the subject of personal data in his / her lifetime.
(5) The consent of the subject of personal data is not required in cases where processing is required for:
a) execution of a contract to which the subject of personal data is a party or for taking action prior to the conclusion of the contract at its request;
b) fulfillment of an obligation on the operator according to the law;
c) protecting the life, physical integrity or health of the subject of personal data;
d) the performance of tasks of public interest or resulting from the exercise of the powers of public authority with which the operator or third person to whom the personal data are disclosed;
e) the legitimate interest of the controller or the third party to whom his personal data are disclosed, provided that such interest does not prejudice the interests or the fundamental rights and freedoms of the subject matter of personal data;
f) Statistical, historical or scientific research purposes, provided that personal data remain anonymous throughout the processing.
Article 6. Processing of special categories of data
personal
(1) The processing of special categories of personal data is prohibited, except when:
a) the subject of personal data has given his / her consent. In case of limited exercise or limited exercise of the personal data subject, processing of the special categories of personal data is done only with the written consent of the legal representative;
b) processing is necessary to fulfill the obligations or specific rights of the operator in the field of labor law, observing the guarantees provided by the law and taking into account the fact that the possible disclosure to a third party of the personal data processed for this purpose can be carried out only if there is a legal obligation on the operator to do so;
c) Processing is necessary for the protection of the life, physical integrity or health of the subject of personal data or of another person, if the subject of personal data is in a physical or legal capacity to give consent;
d) the processing is carried out in the context of legitimate activities by public associations, parties and other social-political organizations, by trade unions, employers’ associations, philosophical or religious organizations, non-commercial cooperative organizations, provided that the processing refers only to their members or to the persons with whom they have permanent contacts about their purposes and provided that the data are not disclosed to third parties without the consent of the subjects of personal data;
e) processing refers to data made public on a voluntary and manifest basis by the subject of personal data;
f) processing is necessary for establishing, exercising or defending a personal right to the subject of personal data;
g) processing is necessary for the purpose of ensuring the security of the state, provided that it is carried out in compliance with the rights of the subject of personal data and the other guarantees provided by the present law.
(2) The National Center for the Protection of Personal Data may, for justified reasons, prohibit the processing of special categories of personal data, even if the data subject has given his / her consent and has not been withdrawn, provided that the prohibition not be removed by one of the cases set out in paragraph (1) lit. b) -g).
Article 7. Data processing with character
staff on health
(1) The processing of personal data regarding the state of health is allowed, by way of derogation from the provisions of art. 6, where:
(a) processing is necessary for the purposes of preventive medicine, medical diagnosis, management of care or treatment for the subject of personal data or the management of health services which are in the interest of the personal data subject;
(b) processing is necessary for the protection of public health.
(2) Medical cadres, health care institutions and their medical staff may process personal data regarding the health condition without the authorization of the National Center for Personal Data Protection only if the processing is necessary for protecting the life, physical integrity or health of the subjects personal data. If the stated purposes relate to other persons or society in general, and the subjects of personal data have not given their consent in writing and unequivocally, the authorization of the Center shall be obtained in the manner established by law.
(3) Personal data regarding the state of health may be processed for the purposes indicated in paragraph (1) by or under the supervision of a medical establishment subject to professional secrecy or by or under the supervision of another person subject to an equivalent obligation of professional secrecy.
(4) Personal data regarding the health condition are collected from the subject of personal data or when such processing is necessary according to par. (1).
Article 8. Processing of personal data
relating to criminal convictions, measures
procedural coercion or sanctions
offenses
(1) The processing of personal data relating to criminal convictions, coercive procedural measures or contravention sanctions may be carried out only by or under the control of public authorities, within the limits of the powers granted and under the conditions established by the laws governing these areas.
(2) The Register of Forensic and Criminological Information is kept by the Ministry of Internal Affairs.
Article 9. Processing of personal data
having an identifying function
The processing of a physical identification number (IDNP) of a physical person, fingerprints or other personal data having a general applicability identification function may be performed under the following conditions:
a) the subject of personal data has given his / her consent;
(b) processing is expressly provided for by law.
Article 10. Processing of personal data
and freedom of speech
The provisions of art. 5, 6 and 8 shall not apply where the processing of personal data is solely for journalistic, artistic or literary purposes if it relates to data that have been made public on a voluntary and manifest basis by the subject matter of the data personally or on data that is closely related to the status of a public person of the subject of personal data or the public character of the facts in which he is involved, under the terms of the Freedom of Expression Law.
Article 11. Storage and use of data
staff at the end of their operations
processing
(1) The terms and conditions for the storage of personal data shall be determined by legislation taking into account the provisions of art. 4 par. (1) lit. e). Upon expiration of the storage term, personal data is to be destroyed in the manner prescribed by law.
(2) The personal data from the state registers, from the date when their use ceases to exist, may remain in storage receiving the status of archive document.
(3) Upon completion of personal data processing operations, if the subject of such data has not consented to another destination or further processing, they shall be:
a) destroyed;
(b) transferred to another operator, provided that the original operator ensures that the subsequent processing has purposes similar to those in which the initial processing was carried out;
c) transformed into anonymous data and stored exclusively for statistical purposes, historical or scientific research.
(4) After the death of the subject of personal data, the data may be used, with the consent of the successors, for archive purposes or for other purposes provided by law.
Chapter III
RIGHTS OF THE DATA SUBJECT
WITH PERSONAL CHARACTER
Article 12. Information on the subject of the data
personal
1. Where personal data are collected directly from the data subject, the operator or person empowered by the controller shall be required to provide the following information, unless he already has the relevant information:
1) the identity of the operator or, where appropriate, of the person empowered by the operator;
2) the purpose of processing the collected data;
3) additional information such as:
a) recipients or categories of recipients of personal data;
(b) the existence of rights of access to data, data interference and opposition, and the conditions under which they may be exercised;
c) if the answers to the questions with which the data are collected are mandatory or voluntary, as well as the possible consequences of the refusal to respond.
(2) Where personal data are not collected directly from the data subject, the operator or person empowered by the operator is obliged, at the time of data collection or, if it is intended to be disclosed to third parties, at the latest first disclosure, provide the subject of personal data with information on the categories of data to be collected or disclosed and the information indicated in paragraph (1) with the exception of point 3) c).
(3) The provisions of paragraph (2) shall not apply where:
(a) the personal data subject holds that information;
b) the processing of personal data is done for statistical purposes, historical or scientific research;
c) the provision of information is impossible or involves a disproportionate effort to the legitimate interest that might be harmed;
d) the registration or disclosure of personal data is expressly provided for by law.
Article 13. Right of access to data with
personal character
(1) Any subject of personal data shall have the right to obtain from the operator upon request, without delay and free of charge:
a) confirmation that the data concerning it are processed or not by it, as well as information about the purposes of the processing, the categories of data envisaged and the recipients or categories of recipients to whom the data are disclosed;
(b) communicating, in an intelligible form and in a way that does not require additional equipment, the personal data undergoing processing, as well as any available information on the origin of such data;
c) information on the operating principles of the mechanism for the automated processing of data concerning the subject of personal data;
d) information on the legal consequences of the processing of personal data for the subject of such data;
e) information on how to exercise the right of intervention on personal data.
2. Where personal data relating to health are processed for the purpose of scientific research, unless there is a risk of prejudice to the rights of the subject of personal data and if the data are not used to make decisions or measures with respect to a particular person, the communication of the information provided in paragraph (1) may be made within a period longer than that established by the Law on Access to Information in so far as it may affect the research or its outcome, but not later than when the research is completed. The subject of personal data must consent to the processing of health data for the purposes of scientific research as well as the possible postponement for this reason of disclosure of the information provided in paragraph (1).
Article 14. The Right to Interfere with Data
personal
Any subject of personal data has the right to obtain from the operator or the person empowered by him, on request and free of charge:
(a) rectification, updating, blocking or deletion of personal data the processing of which is contrary to this law, in particular due to the incomplete or inaccurate nature of the data;
b) notifying third parties to whom personal data have been disclosed about the operations performed in accordance with subparagraph a), except in cases where such notification proves to be impossible or involves a disproportionate effort in relation to the legitimate interest which might be harmed.
Article 15. Exceptions and Restrictions
(1) The provisions of art. 4 par. (1), art. 12 paragraph (1) and (2), Articles 13, 14 and 28 shall not apply where the processing of personal data is carried out within the framework of the actions provided for in Art. 2 par. (2) lit. d) for the purpose of national defense, state security and the maintenance of public order, the protection of rights and freedoms of the subject of personal data or other persons, if by their application the effectiveness of the action or the objective pursued in exercising the legal powers of the public authority is impaired.
(2) The processing of personal data for the purposes set forth in paragraph (1) may not exceed the period necessary to achieve the objective pursued.
(3) After the cessation of the situation justifying the application of par. (1) and (2) of this Article, operators shall take the necessary measures to ensure the respect of the rights of the subjects of personal data referred to in Art. 12-14.
(4) The public authorities shall keep records of the application of the exceptions stipulated in paragraph (1) and informs the National Center for Personal Data Protection, within 10 days, of the personal data processed under the terms of this Article.
Article 16. The right of opposition of the subject
personal data
(1) The subject of personal data has the right to oppose at any time, free of charge, for legitimate and legitimate reasons related to his / her particular situation, that the personal data concerning him / her are to be processed, except in the cases in which the law establishes otherwise. If the opposition is justified, the processing performed by the operator can no longer refer to this data.
(2) The subject of personal data has the right to oppose at any time, free of charge and without any justification, that the data that it intends to be processed for commercial prospecting. The operator or person empowered by the operator is required to inform the subject of the right to oppose such work before disclosing to third parties personal data.
Article 17. The right not to be subjected to a
individual decisions
1. Everyone has the right to seek the annulment, in whole or in part, of any individual decision which produces legal effects on his rights and freedoms, based solely on the automatic processing of personal data intended to assess certain aspects of his personality , such as professional competence, credibility, behavior and the like.
(2) The person may be subject to the decision provided in par. (1) where:
a) the decision is authorized by a law that establishes the measures that safeguard the legitimate interest of the subject of personal data;
b) the decision is taken in connection with the conclusion or performance of a contract, provided that the request for the conclusion or performance of the contract submitted by the personal data subject has been satisfied.
Article 18. Access to justice
Any person who has suffered damage as a result of the processing of personal data that has been unlawfully committed or has been violated of the rights and interests guaranteed by the present law has the right to sue the court for the repair of material and moral damages.
Chapter IV
ORGANIZATION OF CONTROL OF PROCESSES
OF PERSONAL DATA
Article 19. The processing control body
personal data
(1) The control over compliance with the processing of personal data with the requirements of the present law shall be carried out by the National Center for Personal Data Protection (hereinafter referred to as “Center”) acting on impartiality and independence.
(2) The Center is a legal person, has a stamp and a letterhead with the image of the State Emblem of the Republic of Moldova. The permanent office of the Center is located in Chisinau.
(3) The regulation of the Center, its structure and its personnel are approved by the Parliament.
(4) The budget of the Center shall be approved by a decision of the Parliament, after its examination and positive approval in the parliamentary commission.
(5) The Parliament submits to the Government the approved budget of the Center to be included in the draft law of the state budget for the following year.
Article 20. The Center’s attributions and rights
(1) The Center has the following tasks:
a) monitor and monitor the enforcement of information protection legislation, in particular the right to information, access to data, data interference and opposition;
b) authorizes the processing of personal data in the cases provided by law;
c) issue the necessary instructions to bring the processing of personal data in accordance with the provisions of this law, without prejudice to the competence of other bodies;
d) provide the subjects of personal data with information about their rights;
e) order the suspension or termination of the processing of personal data carried out in violation of the provisions of the present law;
f) keeps the register of personal data operators, the form and content of which is approved by the Government; the register is public, except for the information provided in art. 23 par. (2) lit. it);
g) issue orders in the field of personal data protection and standardized forms of notifications and registers;
h) receives and analyzes notifications regarding the processing of personal data;
i) carries out the control of the lawfulness of personal data processing in accordance with a regulation which it elaborates and approves;
j) makes proposals for the improvement of the legislation in force in the field of protection and processing of personal data;
k) cooperates with public authorities, the mass media, public associations and similar institutions from abroad;
l) centralizes and analyzes the annual activity reports of public authorities on the protection of individuals with regard to the processing of personal data;
m) notify the law enforcement bodies of indications of committing offenses related to the violation of the rights of the subjects of personal data;
n) finds contraventions and concludes protocols according to the Code of Contravention of the Republic of Moldova;
o) informs the public authorities about the situation in the field of protection of the rights of the subjects of personal data, also responds to their inquiries and interpellations;
p) performs the control over the fulfillment of the Requirements to ensure the security of personal data in their processing within the personal information information systems, approved by the Government;
q) periodically informs the institutions and the society about its activity, about the priority issues and concerns in the field of the protection of the rights of the person;
(r) assist and execute requests for assistance with regard to the implementation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;
s) performs other duties provided by the law.
2. The Center shall have the following rights:
a) requests and receives free of charge from natural or legal persons from public and private law the information necessary for the exercise of its duties;
b) obtain from the operators the support and the information necessary for the performance of its duties;
c) attract specialists and experts in areas requiring special knowledge to participate in the process of prior checking and control of the lawfulness of the processing of personal data and conclude confidentiality agreements with them;
d) requires operators to rectify, block or destroy unidentifiable or illicit personal data.
(3) Operators, irrespective of their legal form of organization, shall submit to the Center the requested materials and documents regarding the protection of personal data within 15 days, unless otherwise specified in the request.
Article 21. Organization of the Center’s activity
(1) In the course of its activity, the Center shall ensure the confidentiality of the personal data which have become known to it.
(2) For the purpose of collecting the information necessary for the fulfillment of the control tasks, the Center staff shall have the right of access to the personal data processed by the operators and / or authorized persons in the premises and the territory in which the personal data record systems are located by them, to the processing equipment, programs and applications, as well as to any document or record concerning the processing of personal data, in accordance with the law.
(3) Annually, until March 15, the Center shall submit to Parliament, to the President of the Republic of Moldova and to the Government the activity report for the previous year, which shall be published free of charge in the Official Gazette of the Republic of Moldova and on the Center’s website.
Article 22. Leadership of the Center
1. The Center shall be headed by a Director, appointed by Parliament on a proposal from the President of Parliament, a parliamentary faction or a group of at least 15 Members, with the vote of the majority of the elected Members for a term of five years. The appointed person may serve as director not more than two consecutive terms.
(2) The Director performs the general management of the Center, employs and issues the staff of the Center under the conditions of the Law on the public function and status of the civil servant, establishes his duties, organizes the preparation of the annual reports and presents them to the plenary of the Parliament, represents the institution in the country and abroad.
(3) In the exercise of his / her duties, the Director shall be assisted by a deputy, appointed by Parliament on a proposal from the Director of the Center, with the vote of the majority of the elected deputies for a term of five years. In the absence of the Director of the Center, the Deputy Director temporarily carries out his duties.
(4) Every person holding the citizenship of the Republic of Moldova may be appointed as Deputy Director or Deputy Director, having at least 5 years of university degree in law and professional experience in the field of the defense of human rights and freedoms.
(5) The position of director and deputy director of the Center shall be public dignity functions, the remuneration of which shall be according to the Law on the salary system in the budgetary sector.
(6) During their mandate, Director and Deputy Director of the Center can not be members of political parties or other social-political organizations can not engage in activities other public or private, except in teaching and research, may not have directly or indirectly, transferable securities to commercial companies or undertakings the object of which is the Center’s competence.
(7) The exercise of the terms of office of a director and a deputy director shall cease upon the expiry of their term, except in the cases of termination of the performance of the duties ahead of schedule. Where the term of office is expired, the Director and the Deputy Director of the Center shall continue to be in office until such time as those of their successors take up such duties.
8. The terms of office of the Director and Deputy Director of the Center shall be terminated beforehand in the event of:
a) resignation;
b) incompatibility with other public or private functions;
c) dismissal from office;
d) impossibility to exercise the mandate for medical reasons, ascertained by medical examination;
e) death.
(9) The proposal for the dismissal of the director of the Center may be submitted by the President of Parliament, a parliamentary faction or a group of at least 15 Members in the following cases:
a) serious breach of the functional obligations provided by the legislation;
b) a final conviction decision in the case of committing a crime.
(10) The proposal for the dismissal of the deputy director of the Center may be submitted by the director of the Center, by a parliamentary faction or by a group of at least 15 deputies in the cases provided for in paragraph (9). The decision of revocation shall be adopted by the vote of the majority of the elected deputies.
Chapter V
CONTROL OF DATA PROTECTION
WITH PERSONAL CHARACTER
Article 23. Notification of the Processing Center
personal data
(1) Operators shall be obliged to notify the Center, personally or through persons empowered by them, before processing personal data intended to serve a purpose. The processing of other categories of personal data than those previously notified will be subject to a new notification.
2. The notification shall contain the following information:
a) the name or the name and domicile or headquarters of the operator in the Republic of Moldova and of the person empowered by him / her, if any;
b) the purpose of the processing;
c) the description of the subjects of personal data, the description of the data to be processed and the source of such data;
d) the existence of the consent of the subject of personal data regarding their processing;
e) how the subjects of personal data are informed about their rights; the estimated date for the completion of processing operations and the subsequent use of personal data;
f) recipients whose personal data are intended to be disclosed to them;
g) guarantees regarding the transmission of personal data to third parties;
h) proposals for cross-border transfers of personal data that are intended to be made;
i) persons responsible for the processing of personal data;
j) specification filing systems of personal data related to processing, and possible links with other data processing or other systems for recording personal data, whether exercised or not or whether they are located or not on the territory of the Republic of Moldova;
k) the reasons justifying the application of the provisions of art.10 and art.12 para. (3) where the processing of data is exclusively for journalistic, artistic or literary purposes or for statistical purposes, historical or scientific research;
l) general description of the measures taken to ensure the security of the personal data processing according to the provisions of art. 30.
(3) Where personal data that are processed are to be transferred to other States, the notification shall additionally include:
a) the categories of data to be transferred;
(b) the country of destination for each category of data.
(4) The public authorities performing personal data processing in connection with the activities indicated in art. 2 par. (2) lit. d) for the exercise of the legal attributions within their sphere of competence or for the fulfillment of the obligations assumed by international agreements to which the Republic of Moldova is a party shall be obliged to submit an information declaration which shall contain:
a) the name and the seat of the operator or, as the case may be, of the person empowered by him;
b) the purpose and legal basis of the processing;
c) the categories of personal data subject to processing.
5. Notification shall not be required if the processing is aimed at keeping a register intended to inform the general public and open to consultation with the public or any person demonstrating a legitimate interest, provided that the processing is limited to the data necessary for the maintenance of that register.
6. The Center may also establish other situations where notification is not required or where notification may be effected in a simplified form only if:
1) the processing, taking into account the nature of the personal data, does not affect the rights of the subjects of personal data, provided that:
(a) the purpose for which such processing is carried out;
b) the data to be processed;
c) categories of subjects of personal data;
d) recipients to whom personal data will be transmitted;
e) the period of storage of personal data;
2) the processing is carried out under the conditions of art. 6 par. (1) lit. d).
(7) In the case of the processing of personal data not subject to notification, the operator or the person empowered by the latter shall, upon request, submit to the subject of personal data the information provided in paragraph (2) lit. a) -k), except for the situation stipulated in paragraph (5).
(8) Upon primary notification, each operator shall receive a registration number which shall be indicated on all acts by which personal data are collected, stored or transmitted.
Article 24. Prior checking
(1) If, on the basis of notification, the Center finds that the processing falls within one of the categories mentioned in paragraph (2) shall make a preliminary check and shall notify the operator or the person authorized by him / her within 5 days from the date of the notification.
(2) The categories of personal data processing operations subject to cross-border transmission as well as the categories of personal data processing operations that pose special risks to the rights and freedoms of persons are subject to prior checking as follows:
(a) processing of special categories of personal data as well as genetic, biometric and geographic data of persons, including for purposes of scientific research;
b) the processing of personal data by electronic means aimed at assessing aspects of personality, such as professional competence, credibility, behavior and the like;
c) the processing of personal data by electronic means within accounting systems aiming at the adoption of individual automated decisions in connection with the analysis of the solvency, the economic-financial situation, the facts capable of attracting disciplinary, contraventional or criminal proceedings of natural persons, carried out by private persons;
d) the processing of personal data of minors in commercial prospecting activities;
(e) the processing of personal data referred to in point a) and personal data of minors collected through the Internet or e-mail.
3. The prior verification shall be carried out on the basis of the information provided in the notification by the operator or the person empowered by the latter. The Center may request further information on the origin of personal data, the automated processing technology used, the security measures for the processing of personal data.
(4) The duration of the preliminary check may not exceed 45 days. If necessary, taking into account the complexity of personal data processing operations, the Center may extend the pre-verification period by a further 45 days, which is the case for the operator or the person empowered to do so.
Article 25. Authorization of processing operations
of personal data
(1) Within 7 days from the date of completion of the preliminary verification, the Center shall issue the decision on the authorization or refusal to authorize the operations provided for in art. 24 paragraph (2).
(2) The content and form of the authorization shall be approved by the Center. The processing of personal data without authorization or beyond its limits is forbidden.
(3) The decision on the refusal to authorize the processing of personal data must contain the reasons justifying the refusal and, if necessary, the way of removing the circumstances that prevent the processing of such data. The decision to refuse to authorize the processing of personal data may be challenged in the administrative litigation court.
(4) The refusal to authorize the processing of personal data does not preclude the possibility for the operator to notify the Center repeatedly after the removal of the circumstances that prevented the processing of the data.
Article 26. Control of the lawfulness of data processing
personal
(1) The control of the lawfulness of the processing of personal data (hereinafter referred to as “control”) is aimed at verifying the compliance with the requirements and the fulfillment of the conditions stipulated by the present law by the operator or the person empowered by him / her.
(2) Control shall be carried out by the Center on the basis of an approved annual plan, which shall be published on its website.
(3) About the intention to carry out the control, the Center shall inform the operator or the person authorized by him / her 5 days before commencement of the inspection, except for the cases stipulated in art. 27 par. (2) and (4).
(4) If, as a result of the inspection carried out, violations are found, the Center shall issue the decision to suspend the processing of personal data, which shall contain instructions for bringing the processing of personal data in accordance with the provisions of this law .
(5) The processing of personal data processing operations shall be suspended until the circumstances that served as the basis for the decision have been removed. The operator or the person empowered by the operator is obliged to remove those circumstances within 30 days of the issuance of the suspension decision.
(6) If the operator or the person empowered by him / her has not removed the circumstances which have served as grounds for suspension within the time limit set in par. (5), the Center issues the decision to terminate personal data processing operations, with or without the provision of blocking or destruction of untrustworthy or unlawfully obtained personal data.
(7) The decision to suspend or terminate the processing of personal data processing may be contested in the court of administrative jurisdiction.
Article 27. Receipt and settlement procedure
complaints by the Center
(1) The subject of personal data that considers that the processing of its data does not comply with the requirements of the present law may submit a complaint to the Center within 30 days from the detection of the violation.
(2) In the process of solving the complaint, the Center may hear the subject of personal data, the operator and, where applicable, the person authorized by the controller and the witnesses, may also order an unannounced check.
(3) Upon examination of the complaint, the Center shall issue a reasoned decision stating either the lack of violation of the provisions of the legislation or the suspension of personal data processing operations, or the rectification, blocking or destruction of untrue or illicitly obtained data. The decision shall be communicated to the interested parties within 30 days of receipt of the complaint.
(4) The provisions of paragraph (2) and (3) shall also be applied in an appropriate manner in the event that the Center becomes aware of a violation of the rights of the subjects of personal data recognized by this law.
(5) The operator, the person empowered by him / her or the subject of personal data may contest the decision of the Center in the administrative contentious court.
Article 28. Operator records
personal data
(1) For the purpose of recording the processing of personal data, the Center shall establish and maintain a personal data record register, which shall contain the information set out in art. 23 par. (2). Any change to that information will be communicated to the Center within 5 days, which will make the appropriate entries in the personal data recorder register.
2. The registry of personal data controllers shall be open to consultation with the public, except for the compartment containing information on security and confidentiality measures. The method of consultation is established by the Center.
(3) The registration of the operators, as well as the modifications of the information entered in the personal data recorder’s register, shall be made free of charge.
Chapter VI
CONFIDENTIALITY AND SECURITY
PROCESSING OF DATA WITH CHARACTER
PERSONAL
Article 29. Confidentiality of personal data
personal
1. Operators and third parties having access to personal data shall be bound to ensure the confidentiality of such data, except in the following cases:
a) processing refers to data made public voluntarily and manifestly by the subject of personal data;
b) personal data has been depersonalized.
2. Any person acting on behalf or otherwise under the authority of the controller may process personal data only on the basis of the operator’s instructions, unless acting on the basis of a statutory obligation.
(3) The management of the Center and its staff shall be obliged to ensure that professional secrecy is not disclosed in respect of the confidential information to which they have access, including after termination of their activity.
Article 30. Security of data processing
personal
(1) When processing personal data, the operator is obliged to take the necessary organizational and technical measures for the protection of personal data against destruction, modification, blocking, copying, spreading, as well as against other illegal actions, measures meant to ensure a level adequate security with regard to the risks presented by the processing and the nature of the processed data.
2. Where the processing of personal data is carried out on behalf of and on behalf of the controller, it shall empower a person who will ensure compliance with the safeguards relating to appropriate technical and organizational security measures concerning the processing to be carried out.
(3) The processing of personal data by the person empowered by the operator shall be regulated by a contract or other legal act in particular to ensure that:
(a) the person empowered shall only act on the instructions of the operator;
b) the obligations stipulated in paragraph (1) shall also be attributed to the person empowered.
(4) The requirements for ensuring the security of personal data in their processing within the personal data information systems shall be established by the Government.
Article 31. Depersonalization of data with
personal character
(1) For statistical purposes, historical, scientific, sociological, medical, legal documentation, the operator depersonalizes personal data by withdrawing from it the part which allows the identification of the individual, transforming them into anonymous data, which can not be associated with an identified or identifiable person.
(2) In the event of depersonalization, the confidentiality regime established for that data shall be abolished.
Chapter VII
TRANSFRONTAL TRANSMISSION
OF PERSONAL DATA
Article 32. Cross-border transmission of data
personal
1. This Article shall apply to the transmission to another State on any medium or medium of personal data which is the subject of processing or which is collected for the purpose of processing.
(2) Personal data intended for transmission to another state are protected in accordance with this law.
(3) Cross-border transmission of personal data which are processed or to be processed after transmission may only take place with the authorization of the Center in the manner established by law and only if the State of destination ensures an adequate level the protection of the rights of the subjects of personal data and of the data to be transmitted.
4. The level of protection shall be determined by the Center taking into account the conditions under which the transmission of personal data, in particular its nature, the purpose and duration of the proposed processing or processing, the State of destination, its legislation, as well as the professional rules and security measures observed in the State of destination.
(5) If it finds that the level of protection offered by the State of destination is unsatisfactory, the Center shall order the interdiction of the transmission of data.
(6) The Center may authorize, in the manner established by law, the transfer of personal data to a state whose legislation does not provide for a level of protection at least equal to that offered by the legislation of the Republic of Moldova if the operator provides sufficient guarantees regarding the protection and the exercise of the rights of the subjects of personal data which are determined by contracts concluded between operators and the natural or legal persons to whom the transfer is made.
(7) The provisions of paragraph (3) to (6) shall not apply where the transfer of personal data is made on the basis of a special law or an international treaty ratified by the Republic of Moldova, especially if the transfer is for the purpose of preventing or investigating offenses. The special law or the international treaty must contain safeguards to protect the rights of the personal data subject.
(8) The provisions of paragraph (1) to (6) shall not apply where the processing of personal data is solely for journalistic, artistic or literary purposes if such data has been made public on a voluntary and manifest basis by the subject of personal data, or are closely linked to his public personality or to the public character of the facts in which he is involved.
(9) Transmission of personal data to States which do not provide an adequate level of protection can only take place:
a) with the consent of the subject of personal data;
b) if it is necessary to conclude or execute an agreement or contract between the subject of personal data and the operator or between the operator and a third person in the interest of the subject of personal data;
c) whether it is necessary to protect the life, physical integrity or health of the subject of personal data;
(d) if it is made out of a register intended to inform the general public and open to consultation with the public or any person demonstrating a legitimate interest, provided the conditions laid down by law for consultation in particular cases are met;
e) when it is necessary for the satisfaction of a major public interest, such as national defense, state security or public order, for the proper conduct of the criminal proceedings or for the establishment, exercise or defense of a right to justice, provided that personal data is processed in connection with this purpose and only for the period necessary to achieve this purpose.
Chapter VIII
LIABILITY
Article 33. Liability for the breach
to this law
For violation of this law, guilty persons are liable under civil, contravention or criminal law.
Chapter IX
FINAL AND TRANSITORY PROVISIONS
Article 34
(1) This law shall enter into force six months after the date of its publication.
(2) On the date of entry into force of this law, the Law no.17-XVI of 15 February 2007 on the protection of personal data (Official Gazette of the Republic of Moldova, 2007, No. 107-111, Art.468 ), with subsequent amendments.
(3) The Government, within 6 months:
a) elaborate and submit to the Parliament proposals on bringing the legislation in force in accordance with the present law;
b) shall enact its normative acts in accordance with this law;
c) ensure the alignment of the normative acts of the central public authorities with this law.
(4) Personal data processing operations initiated prior to the entry into force of this law shall be notified to the Center within 30 days of its entry into force for mandatory registration.

THE PRESIDENT OF THE PARLIAMENT Marian LUPU
Nr. 133. Chisinau, July 8, 2011.