top of page

Protection of personal data

Confidentiality and protection of personal data
The Executive Unit for the Financing of Higher Education, Research, Development and Innovation (UEFISCDI) protects the confidentiality of personal data (DCP) brought to its knowledge. As part of this fundamental obligation, UEFISCDI undertakes to protect and properly use DCP that has been collected through its websites/platforms.

Our intention is to collect only the personal data that is minimally necessary to be able to carry out UEFISCDI activities in optimal conditions so that we can offer you services in line with your expectations.

Please read this section to learn more about how we collect, use, transmit and protect the DCP we have obtained.


The privacy policy of UEFISCDI is based on the following principles:

  • The processing of personal data is carried out in a legal, fair and transparent manner;

  • The collection of personal data is done for specific, explicit and legitimate purposes, they are not subsequently processed in a way incompatible with these purposes;

  • Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  • Personal data are accurate and updated where necessary;

  • Personal data are kept in a form that allows identification only for the period necessary to fulfill the purposes for which the data are processed;

  • Processing is carried out in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures.


Surposes in which personal data are processed by UEFISCDI are the technical implementation, financial implementation (payment) and monitoring for the National Research-Development and Innovation Plan for the period 2015 - 2020 (PNCDI III) as well as other national funding mechanisms/instruments and international, reporting, debt recovery, as well as ex-post monitoring for financing instruments previously run by UEFISCDI, in accordance with Order no. 5804 of November 23, 2016 regarding the approval of the Organization and Functioning Regulation, the list of functions and the organizational chart of the Executive Unit for the Financing of Higher Education, Research, Development and Innovation. Thus, data processing is carried out, without being limited to them (according to the specific mentions in the information packages),

  • receiving funding applications;

  • verification of funding applications;

  • selection of financed projects;

  • establishing contractual obligations;

  • approval of the start of the development of the financed projects;

  • carrying out field visits;

  • verifying the awarding procedures carried out by the beneficiaries;

  • reporting on the progress of the measures;

  • authorization of payment to beneficiaries;

  • making the payment to the beneficiaries;

  • recording payment commitments and payments;

  • IT management of payments made to project beneficiaries;

  • information and promotion of financing instruments;

  • evaluation of bids submitted within the award procedures;

  • execution of contracts for the purchase of services, goods or works.


The basis of the processing is constituted by the financing request, the financing, supply or service contract and the applicable legal provisions. Thus, in order to facilitate the carrying out of the activities related to the financing request, the financing contract, supply or provision and in order to fulfill legal obligations, we communicate this data to public authorities, third parties or authorized persons.

We also process personal data for the purpose of informing and promoting the services offered by UEFISCDI and the events we organize, the basis of this processing being your consent.

We specify that the information collected is only intended for use by UEFISCDI and is communicated only to the following categories of recipients: third-party providers involved directly or indirectly in the processes related to the above-mentioned purposes (IT service providers, consulting service providers, etc.), public authorities empowered by law or with which UEFISCDI has concluded collaboration protocols in order to fulfill the specific duties conferred by European and national legislation, as well as the European Commission, for the purpose of monitoring and controlling the funding programs run by UEFISCDI.
Your data may be transferred outside the country to the European Commission in accordance with applicable European law.

Depending on the purpose pursued, UEFISCDI processes the data of the following categories of persons:
• representatives (natural persons) of applicants and beneficiaries of national and international funds who submit projects to UEFISCDI;
• representatives (natural persons) of team members, beneficiaries of national and international funds involved in projects at UEFISCDI;
• representatives (natural persons) of suppliers or providers of services, goods or works, directly or indirectly involved in contractual relations with UEFISCDI;
• mass media representatives;
• representatives (natural persons) of public and private partners involved in the implementation of the PNDR.

We note that, in order to determine the period for which personal data will be processed and kept, we take into account the contractual period until the fulfillment of the contractual obligations and the purpose, the archiving terms provided by the legal provisions in the matter, as well as the period of national and international programs of funding carried out by UEFISCDI.

The personal data collected in the financing process of each competition (submission, evaluation, contract monitoring) are specified specifically in each information package related to each competition, depending on the objectives of the financing instrument as well as the reporting and monitoring objectives.


Collection and use of DCP
We obtain personal data about you as a result of:

  • participation in the project competitions that we run;

  • attendance at events organized by us;

  •  registration in the platforms we manage;

  • collaboration in various UEFISCDI projects, campaigns and initiatives;

  •  other situations related to institutional activity.

Once you have registered and/or submitted personal data on our platforms/event registration/participation forms, you have also agreed to their use and we undertake to keep them confidential. Your personal data is not used for any other purpose unless we obtain your permission or if it is requested by the institutions authorized by law.

UEFISCDI collects confidential personal information when required or permitted to collect such information by law. You are requested not to provide information to UEFISCDI under any circumstances, unless you agree to its use by UEFISCDI in a legitimate manner and to the transfer and storage of such information in UEFISCDI's databases. In the event that you would like to know whether the provision of confidential information to UEFISCDI is or may be necessary or appropriate for certain specific purposes, please contact UEFISCDI at the address indicated below.


Automatic collection of DCP

In some situations, UEFISCDI automatically collects certain types of information when you visit the website or register/create accounts on our platforms or through emails you send to our contact addresses. Automated technologies may include the use of log files generated at the web server level to collect IP addresses, cookies, and web beacon technologies. The collection of this information will allow us to better understand and improve the performance, level of use and efficiency of the UEFISCDI website and platforms and to measure the effectiveness of our dissemination activities.


IP addresses

An IP address is a number assigned to your computer whenever you access the Internet. It allows computers and servers to recognize and communicate with each other. The IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostics. This information can also be used in consolidated form to perform website trend and performance analyses.


A "cookie" is a short piece of text that a website places in your browser's cookie file that allows the website to remember who you are. Cookies cannot be used to run programs or introduce viruses on your computer UEFISCDI uses cookies exclusively in accordance with applicable laws. Cookies alone do not tell us your email address or otherwise identify you personally. If you visit the UEFISCDI website, we use cookies to make consolidated statistics that help us determine which areas of the site are preferred by the visitor. You have the option to accept cookies or not. You can set your browser to inform you when you receive a cookie or to reject it. However, you should know that if you do not accept cookies,you may not be able to fully access all the features of our website.

Technologies such as "Web beacons"

A web beacon is a small image file within a web page that can be used to collect certain information from your computer such as your IP address, the time when the content was visited, the type of browser and the existence of installed cookies previously by the same server. UEFISCDI uses web beacons exclusively in accordance with applicable laws. UEFISCDI or its service providers may use web beacons to track the effectiveness of third-party websites that provide us with recruitment or marketing services, or to perform consolidated visitor statistics and manage cookies. You have the option to make some web beacons unusable by rejecting the associated cookies. The web beacon may still record an anonymous visit from your IP address, but the information provided by the cookie will not be recorded. In some of our communications, we may confirm a recipient's email address through links embedded in the messages. We collect this information to measure user interest and facilitate future user information.

Transmission and transfer of DCP

We do not share personal information with unaffiliated third parties, except as necessary for our legitimate institutional needs, to respond to your requests and/or as required or permitted by law or professional standards. In some situations, UEFISCDI may also pass on DCP about you to other funding agencies. In addition, UEFISCDI may transfer certain DCP across geographic borders to other agencies that work with us in compliance with international DCP confidentiality requirements. UEFISCDI does not sell DCP to any third parties. Also, UEFISCDI will not transfer the DCP provided by you to any third parties for marketing purposes.


You have several options regarding the use of our website. You are not required to provide any DCP when you visit our website. If you opt for an electronic informative communication (newsletter), you are only asked for an e-mail address, with the possibility of unsubscribing at any time, following the instructions included in each communication. As specified above, if you wish to prevent cookies from tracking you as you browse our website, you can reset your browser to refuse all cookies or to indicate the transmission of a cookie. However, you should note that if you choose to refuse the presence of cookies, certain parts of our website may not operate at normal parameters.

UEFISCDI understands the importance of protecting the confidentiality of personal data relating to children, especially in an online environment.



If you have submitted personal data to UEFISCDI, you have the right to reasonable access to that data in order to rectify any inaccuracies or subsequent changes to it. You can also make a request to update or delete information about you by contacting, and we will use all reasonable and practical efforts to promptly respond to your request, as long as it complies with applicable laws and professional standards as well as transparency rules in accessing funds through financing mechanisms run by UEFISCDI.


Data security and integrity

UEFISCDI has implemented and implements/updates reasonable security policies and procedures to protect personal information against its loss, misuse, unauthorized alteration or destruction. As far as possible, access to your personal data is strictly limited to those people who have a need to know it. The persons who have access to these data maintain their confidentiality according to the UEFISCDI Code of Ethics. We will also retain DCP only for as long as necessary to comply with a request from an individual or until that individual requests their deletion, but subject to applicable legal time limits.


Links to other websites

We would like to inform you that the UEFISCDI website contains links to other websites, which are not governed by this Privacy Statement, but by other privacy statements that may be different. We recommend that users review the privacy policy of each website they visit before disclosing personal information.

Changes to this policy
UEFISCDI may change this Privacy Statement to reflect our current practices in this area. When we make changes to this statement, we will change the date the information was updated at the top of this page. We recommend that you periodically review this Privacy Statement to learn how UEFISCDI protects your information.

The GDPR regulation gives the user a series of rights, which we briefly present below :

  • the right to information and access to personal data, based on which you can obtain a confirmation from us that we process personal data or not, having access to the respective data and to information regarding the methods and purposes of their processing;

  • the right to data rectification, which can be exercised to obtain, without undue delay, the rectification of inaccurate data or the completion of incomplete personal data;

  • the right to data deletion (the right to "be forgotten"), by virtue of which the deletion of personal data can be obtained, without undue delay, for one of the following reasons:
    i. the data are no longer necessary to fulfill the purpose for which they were collected or processed;
    ii. the user withdraws his consent and there is no other legal basis for the processing;
    iii. the user objects to the processing and there are no legitimate reasons that prevail with regard to the processing;
    iv. personal data were processed illegally;
    v. personal data must be deleted to comply with a legal obligation;
    vi. the personal data were collected in connection with the provision of services to the information society.

  • the right to restrict processing can be exercised in the following situations:
    i. when the accuracy of the data is contested, for a period that allows us to verify their correctness;
    ii. the processing is illegal, and the user opposes the deletion of the data, requesting instead the restriction of their processing;
    iii. we no longer need the personal data for the purpose of processing, but the user requests it for establishing, exercising or defending a right in court;
    iv. when the user opposes the processing for reasons related to the particular situation in which he is, for the time interval in which it is checked whether in this case the legitimate rights of the operator prevail.

  • the right to opposition, according to which the user can oppose the processing of personal data, including the creation of profiles, for reasons related to the particular situation in which he is, in cases where the processing is necessary for the performance of a task that serves a public interest or when it takes place for the purposes of legitimate interests pursued by us or a third party. In these cases the processing will only be done if it is justified by legitimate and compelling reasons, which prevail over the interests, rights and freedoms of the user, or when the purpose of the processing is to establish, exercise or defend a right in court.

  • the right to data portability, which allows the user to receive the personal data concerning him and which he has provided in a structured, commonly used and machine-readable format and to transmit this data to another operator, under the conditions where the processing is based on consent or a contract and is carried out by automated means.


Pursuant to this right, personal data concerning the user may be transferred directly from one operator to another where this is technically feasible.


Modification of the personal data processing policy

This personal data processing policy can be updated as a result of changes in the relevant legislation in the field or changes in the structure and functions of the Application. If changes are made to the personal data processing policy, users will be notified by email and/or in-app notifications before the changes take effect.
We encourage users to check this page periodically to stay informed of the latest developments regarding our personal data processing practices.


Questions regarding the privacy policy and its application

UEFISCDI is committed to protecting the online privacy of your personal data. If you have questions or comments on how we manage your personal data, please contact us at . You can also use this address to send us any questions regarding compliance with our Online Privacy Statement.


Wherever terms such as, UEFISCDI, we, our and us/us appear on this website , they refer to the Executive Unit for the Financing of Higher Education, Research, Development and Innovation.


Terms and definitions
Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identification element such as a name, an identification number, location data, an online identifier , or to one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.

Processing: any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation , use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction

Consent: any manifestation of free, specific, informed and unambiguous will of the user by which he accepts, through a statement or through an unequivocal action, that the personal data concerning him be processed

User: natural person, with full exercise capacity, at least 18 years old, who expresses his consent for the use of DCPs registered at UEFISCDI.

Supervisory authority: independent public authority established by a Member State pursuant to Regulation (EU) 2016/679

UEFISCDI GDPR Terms and Conditions

bottom of page