PRIVACY POLICY
For the company PETRY RETAIL SRL, CUI: RO34061444, Nr. Reg. Com. J26 / 108/2015, with headquarters in Târgu Mureș, Mureș County, str. Scăricica no. 1, ap.1, the protection of your personal data is very important, so our company has adopted strong rules and principles in this regard.
We really appreciate our customers and their privacy. All personal information is used to ensure the efficient processing of orders placed on our website. Personal data is only used to contact and identify our customers and their needs. We will not give, sell, rent, or lend any personal information to any third party. Refusal to provide the data required for the conduct of business within the legal framework may result in our inability to deliver and invoice the ordered products or to provide certain support services.
This Information on the Personal Data Protection Policy provides you with detailed information regarding the protection of your personal data by SC PETRY RETAIL SRL, ("we").
We are responsible, as Data Controller, for the collection and processing of your personal data in connection with our activity of processing and executing orders. The purpose of this Personal Data Protection Policy Information is to inform you about the personal data we collect about you, the reasons why we use and share this data, how long we keep it, what your rights are and how you can use them. exercise.
Introduction
As you probably know, the European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("Regulation") becomes applicable on 25 May 2018. Its main purpose is to increase the level of protection of personal data and create a climate of trust that allows each person to control their own data.
Thus, we consider that it is a good time to inform you how we protect your personal data and how we adopt the provisions of the Regulation. For the purposes of the definition of art. 4.1 of REGULATION (EU) 2016/679 (General Data Protection Regulation, hereinafter referred to as GDPR) "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
Who are we, who processes personal data?
Your data will be managed by our company, PETRY RETAIL SRL, CUI: RO34061444, Nr. Reg. Com. J26 / 108/2015, with headquarters in Târgu Mureș, Mureș County, str. Scăricica no. 1, ap.1, representing the operator in accordance with GDPR and therefore responsible for data processing, described below. For questions or requests regarding data processing, please contact us at the contact details below.
Our commitment
We are firmly committed to respecting your rights and take the law on the protection of personal data and privacy seriously. We have included in our personal data protection policy the principles on which we are guided by the personal data of our customers and employees and information on how we collect, process, use and protect your personal data.
The purpose of the document
This document contains essential information on how to process personal data in our services. The data protection document is designed to inform you about the processing of your personal data and your rights regarding this processing in accordance with the General Data Protection Regulation no. 679/2016 / EU (“GDPR”) and the national legislation in force.
Why do we need personal data, what data do we collect with your consent?
We collect and process your personal data based on legal grounds and your explicit consent. You may withdraw your consent at any time. Among the legal grounds is the need to fulfill each other's contractual obligations in the conclusion of a distance business contract.
We process personal data only for legitimate purposes, such as:
- provide you with products.
- to fulfill your order
- submit materials for marketing purposes (eg information on developed products, offers, other information related to the supply of our products, etc.).
- to improve our goods and services
- to make business decisions
- to comply with various legal provisions
- for the observance and defense of our legal rights.
The processing of personal data is carried out on the basis of your consent expressed by the formulation of the order or expressly in the sense of the transmission of advertising material (Article 6 paragraph (1) letter (a) of the General Data Protection Regulation).
Specifically, the data collected with your express consent may be:
Name, surname, address, CNP, telephone, e-mail, order number, IP / ISP address, warranty invoice tax invoice, internal identification series to be able to carry out the sales activity on the webshop. This data can be accessed by third parties such as the courier company or the post office, payment processor.
We will request the following data from legal entities and companies: CUI / CIF, registration number (J), registered office and delivery address, telephone number, e-mail, IP address.
Name, surname, address, telephone, e-mail, no. order, fiscal invoice, guarantee certificate, internal identification series, CNP, bank account in case of possible reversals requested by the customer.
In order to improve our own business activities, our company carries out marketing activities, activities in which personal data of individual customers are processed, such as name and surname, order number and e-mail.
The processing of personal data is always based on the execution of contracts concluded with us, the need to comply with a legal obligation, our legitimate interest or a major public interest or, as the case may be, your consent, if you have expressed your choice. .
Also, your data can be recorded in our system if you communicate it by phone, at the beginning of the conversation you are asked to accept this, the continuation of the call being your agreement for the processing of data communicated by phone.
Regardless of the way in which your data reaches us, we are responsible for the safe and only for the purposes specified, the personal data that you provide to us about you, in accordance with our privacy policy.
Any information provided by you, as a beneficiary of these services, by the agreement expressed by accessing and using the site, will represent your consent, express that your personal data will be used by our company.
How do we process the data provided?
In accordance with the purposes set out above, the data provided, directly or indirectly, by natural persons shall not be used for purposes other than those originally specified, nor shall they be transmitted without discriminating against entities which the persons concerned have not designated for that purpose. .
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sexual life are permitted only with the express consent of the person concerned, if permitted by national law. Individuals have the right to receive information from individuals and businesses that hold some of their personal data in records, such as websites, databases, service providers, etc. ("Personal data controllers") and to correct or delete such data if they are incomplete or inaccurate.
The personal data of the users are accessible only to certain employees of the company, who have agreed in writing that they will use this data in good faith, according to the regulations in force only to carry out the commercial activity of the company.
Our company delivers the products through the courier and mail company. Only the data absolutely necessary for the efficient delivery by the mentioned third party are disclosed.
In the case of online payments, certain personal data will be disclosed to the payment processor. Our company will communicate only the minimum necessary data to this third party, and these entities are obliged to respect the confidentiality of personal data.
Agreement on the use of data in the webshop
If you become a user of our webshop, you give your consent to the saving, processing and use of your personal data.
Details regarding the use of the webshop are collected only for the period of your registration. These include: the duration of the visit, the items on our site searched, viewed and saved, the items purchased (order history), the movements on our site.
The collection, storage and processing of this data is done in order to individually configure your shopping experiences and constantly improve our offer, as well as to provide you with a number of comfort elements that increase the shopping experience.
By registering on our webshop, you give your express consent to our use of your email address and details of your use of our webshop as follows:
If you have not completed your shopping cart order on our webshop, we may send you an e-mail to remind you of this order.
We regularly send a personalized newsletter via email. For personalization purposes, we will use details about your use of the webshop. In our webshop you have the opportunity to review previous orders, save shopping carts and save favorites, rate certain products and comment on certain products in the webshop.
The processing of your personal data is carried out based on the consent given according to art. 6 para. 1, para. 1, lit. a of the GENERAL REGULATION ON DATA PROTECTION.
Beneficiaries of the data
For the provision of our services we use service providers, respectively empowered according to art. 28 GDPR, for example our hosting, platform and website maintenance service providers for advertising and advertising or our service providers for sending emails and SMS, contacting telephone or printing and publishing personalized advertising materials online.
We will only pass on the personal data of our customers to the companies with whom we conduct business and are essential to continue business (eg couriers and payment processor). We undertake, in accordance with the law, to verify that these third parties store and process personal data in accordance with the regulations in force.
The proxies that process your personal data are:
The e-commerce platform of our webshop
The host company of our online store
Online payment processors
Billing and management software
Delivery companies / couriers
Online payment processors
Integrated third parties (Google Analytics, _____________)
Accounting (Accounting Program)
We will not disclose the personal data of our customers to third parties, unless a court order explicitly requires this within the limits of the legal provisions. In these cases, the data may be provided to the Courts, Police or other official bodies of the Romanian state.
Our company does not make other transfers of personal data to other recipients, unless we have this obligation by law. For more information on the proper protection of international data transfer or copying, please contact us.
How long do we process personal data?
Your personal data is processed throughout our contractual relationship, voluntary or voluntary. Whenever you have the right and the possibility to request the modification or deletion of the candidate profile or profile, we will keep only those personal data that we must keep due to our legal obligations, obligations arising from the legal rules applicable to the field of activity and services provided. The personal data provided by you will be processed during our contractual relations / newsletter subscription, and if the legal provisions oblige us to keep the data for a certain period of time, during this period (eg the accounting documents are keep according to the accounting law for a period of 10 years). If our personal data is no longer necessary for us to comply with our contractual obligations or legal provisions, this data will be deleted periodically.
Data security
We are constantly working to increase the level of protection of personal data. We guarantee that your personal information is safe with us and our partners, as we have taken appropriate measures, both technical and organizational, in accordance with laws and regulations regarding the protection of personal data, to prevent any risk (eg destruction, loss, alteration, communication or unauthorized access to data). However, in the event of a data security breach, we have the obligation to inform the National Authority for the Supervision of Personal Data Processing within 72 hours of being notified of the breach.
Your rights
According to Regulation no. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation)
Right to be informed (Articles 13 and 14 of the GDPR)
What information must a data controller / operator provide in which personal data is collected from you?
If personal data is collected from you, the data controller must provide you with the following information:
1. Identity and contact details of the data controller (and, where applicable, of the representative controller);
2. Contact details of the data protection officer (the person responsible for personal data protection within the organization - if applicable);
3. Purpose (s) of processing and legal basis for processing;
4. Where the processing is based on the legitimate interests of the controller or a third party, the legitimate interests of the controller / operator;
5. Any other recipient of personal data;
6. Where applicable, details of any intended transfers to a third country (non-EU Member State) or international organization and details of decisions and guarantees of adequacy;
7. Retention period (as long as an organization holds the data) or, if this is not possible, the criteria used to determine the retention period;
8. Existence of the following rights:
the right of access
the right to rectification
the right to delete
the right to restrict processing
the right to data transferability / portability
the right to the Opposition
where the processing is based on consent, the right to withdraw the consent at any time, without prejudice to the lawfulness of the processing on the basis of the consent before its withdrawal;
the right to lodge a complaint with the supervisory authority;
Right of access to information (Article 15 of the GDPR):
You have the right to obtain the following information from the data controller:
1. Confirmation of the processing of personal data concerning you .;
2. In the case of the processing of personal data concerning you, a copy of the personal information;
3. If your personal data is processed, other additional information such as:
Purpose (s) of processing;
Categories of personal data;
Any recipient of personal data to whom personal data have been or will be disclosed, in particular recipients from third countries or international organizations;
The retention period or, if this is not possible, the criteria used to determine the retention period;
4. Existence of the following rights -
The right to rectification
The right to delete
The right to restrict processing
The right to portability
The right to opposition
The right to lodge a complaint with the supervisory authority
5. If personal data are not collected from the data subject, any available information regarding their source;
6. Existence of an automatic decision-making process, including profiling (not our case).
The right to the above information must not adversely affect the rights and freedoms of others.
Right to rectification (Articles 16 and 19 of the GDPR)
If your personal data is inaccurate, you have the right to rectify the data, by the controller, without undue delay.
If your personal data is incomplete, you have the right to complete the data, including by providing additional information.
Right of deletion (Articles 17 and 19 of the GDPR)
This is also known as the "right to be forgotten".
You have the right to delete your data, without undue delay, by the controller / data controller if one of the following reasons applies:
1. If your personal data is no longer needed in relation to the purpose for which it was collected or processed;
2. If you withdraw your consent for the processing and there is no other legal basis for the processing of the data;
3. If you object to the processing and there are no imperative legal reasons to continue processing;
4. If you dispute the processing and your personal data are processed directly;
5. If your personal data has been processed illegally;
6. If your personal data must be deleted in order to comply with a legal obligation;
7. If your personal data has been collected in connection with the offer of the information society - services for a child.
What happens when the data controller has made your personal data public and is obliged to delete the given data?
If the data controller has made your personal data public and for a reason above, he is obliged to delete the data:
- The data controller must communicate any rectification or deletion of your personal data to each recipient to whom the personal data were communicated, unless this is impossible or does not involve disproportionate efforts.
- If you request information about the recipients of your personal data, the data controller must inform the recipients.
- The data controller must take reasonable steps to inform other controllers who process your personal data that you have requested the deletion of any links or copies thereof.
Reasonable steps mean taking into account available technology and the cost of implementation, including the necessary technical measures.
Right to data portability (Article 20 of the GDPR)
In certain circumstances, you may have the right to obtain your personal data from a data controller in a network format that facilitates the re-use of your information in another context and to pass that data on to another data controller. which you choose without hindrance.
When is the right to data portability?
This right only applies if the processing of personal data (provided by the data subject) is carried out by automated means and you have given your consent either to the processing or to the processing carried out on the basis of a contract between you and the data controller. .
This right applies only in so far as it does not affect the rights and freedoms of others.
When this right applies, how should data controllers provide and transmit data?
Where this right applies, data controllers must provide and transmit personal data in a usable format. The data is structured and can be easily processed from a computer.
Under this right, you can ask a data controller to pass on your data to another data controller if the transmission is technically feasible.
6. Right to object to the processing of personal data (Article 21 of the GDPR)
When are you entitled to objections?
You have the right to object to certain types of processing of your personal data if such processing is carried out in connection with tasks of public interest, under the official authority or in the legitimate interests of others.
You have a strong right to object to the processing of your personal data if it relates to the processing of direct marketing purposes. If a data controller uses your personal data for the purpose of direct marketing for you, or profiling for direct marketing purposes, you may object at any time, and the data controller must stop processing as soon as they receive the objection.
You may also process your personal data for research purposes, except for processing that is necessary for the performance of a task performed in the public interest.
How can you object to processing?
In order to object / object to the processing, you must contact the data controller and state your reasons for objecting.
These reasons must relate to your particular situation. Where you object, the data controller must stop processing your personal data, unless the data controller can provide legitimate, legally compelling reasons to continue processing your data. Data controllers may also legally continue to process your personal data. process your personal data if this is necessary for certain types of legal obligations.
7. Right of restriction (Article 18 of the GDPR)
You have the right to restrict the processing of your personal data by a data controller. Where the processing of your data is restricted, it may be stored by the data controller, but most other processing, such as deletion, will require your permission.
How is this right applied?
This right applies in four ways. The first two types of processing restrictions apply where you have opted against the processing of your data in accordance with Article 21 or if you have challenged the accuracy of your data. In such cases, the restriction applies until the administrator / controller / data controller has established the accuracy of the data or the outcome of your objection. The third situation in which you can request restrictions refers to illegal processing. In these cases, if you do not want the data controller to delete the information, you can request the restriction of personal data. The fourth type of processing restriction applies if you request the restriction of data that is retained under a legal rule.
When you have obtained processing restrictions, what are the obligations of the data controller?
If you have obtained restrictions on the processing of your data, the data controller must inform you before lifting the restriction.
8. Your rights in connection with automatic decision-making, including profiling (Article 22 of the GDPR)
You have the right not to submit to a decision based solely on automatic processing. Processing is "automated" when it is performed without human intervention and in which it produces legal effects
or significantly affects you. Automatic processing includes profiling.
Regarding personal data, when is automatic / automated processing allowed?
Automatic processing is permitted only with your express consent, when required for the performance of a contract or when authorized by Union law or national law. We do not use automated processing methods.
You can exercise these rights, either individually or cumulatively, very easily, by sending a request to: PETRY RETAIL SRL, CUI: RO34061444, Nr. Reg. Com. J26 / 108/2015, based in Târgu Mureș, Mureș County, str. Scăricica no. 1, ap.1, petrybistro@gmail.com