PRIVACY POLICY – GDPR
Privacy policy regarding the processing of personal data.
We consider ensuring of the right to the protection of personal data as a fundamental commitment. Therefore, we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (UE) 2016/679 (General Data Protection Regulation or GDPR), as well as with any other applicable legislation on the territory of Romania. Since one of the key principles of this legal framework is transparency, we have prepared this document by means of which we inform you about the way in which we collect, use, transfer and protect your personal data, when you interact with us in connection with our products and services, including through our website or mobile applications.
We reserve the right to periodically update and modify the present Privacy Policy, in order to reflect any modifications of the way we process your personal data or any other modifications in legal requirements. In the event of any such changes, we will display on our website the amended version of the Privacy Policy, for which reason we kindly ask you to periodically check the contents of this Privacy Policy.
Who we are and how you can contact us
S.C. AVVERO LENTI S.R.L.
Str. ŞTEFAN CIUBOTĂRAŞU 17, C1, zona Galata, Iaşi CUI 3914150, J22/181/1993, email: info@avvero.ro, 0232 22 55 94
What categories of personal data we process
We generally collect your personal data directly from you, therefore you have control over what type of information you provide us with. By way of example, we receive information from you as follows:
When you place an order, you provide us with information such as: the product/service you want, surname and first name, delivery address, billing details, payment method, telephone number, bank card details etc. In case of registration on the platform through your Facebook or Google account. If you opt for one of these options, you will be directed to a page managed by Facebook Inc / Google LLC, where you will be informed by them with regard to the transfer of your data to the platform. You can consult the privacy policies for Facebook or Google by using the following links:
https://www.facebook.com/about/privacy
https://policies.google.com/privacy
We may also collect and further process certain information about your behavior while using our website or during your use of the smartphone application, in order to personalize your online experience and provide you with offers tailored to your profile. We invite you to find out more details related to this aspect by consulting the section regarding the purposes of processing below.
On our website and in the smartphone application we can store and collect information in cookies and similar technologies, in accordance with the Cookies Policy.
We do not collect and process in other ways sensitive data, included in the General Data Protection Regulation in special categories of personal data. We also do not wish to collect or process data from minors under the age of 16.
What are the purposes and grounds for processing
We will use your personal data for the following purposes:
To provide services for your benefit.
This general purpose may include, as appropriate, the following:
- a) Creation and administration of the account within the platform;
- b). Processing orders, including taking over, validating, shipping and invoicing them;
- c). Solving cancellations or problems of any nature, related to an order, purchased goods or services;
- d). Return of products in accordance with the legal provisions;
- e) Reimbursement of the value of the products in accordance with the legal provisions;
- h) Providing support services, including offering answers to your questions regarding your orders or the goods and services provided.
The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between us. Certain processing subject to these purposes is also required by the applicable law, including tax and accounting legislation.
For improving our services
We always want to offer you the best online user/shopping experience. To do this, we may collect and use certain information about your Buyer’s behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order or we may conduct, directly or with the help of some of our partners, studies and market research.
We base these activities on our legitimate interest in doing commercial activities, always ensuring that your fundamental rights and freedoms are not affected.
For marketing purposes
We want to keep you informed about the best offers for the products/services you are interested in. to this purpose, we may send you any type of message (such as: e-mail/text message/phone call/mobile push/web push/etc.) containing general and thematic information, information about similar or complementary products to those that you have purchased, information about offers and promotions, information about products added to “Account/My cart” section or to the “Account/Favorites” section, or for which you have shown interest in purchasing, and also other commercial communications such as market research or opinion polls and we may also post personalized recommendations on our website and in the smartphone application. In order to provide you with information of interest to you, we may use certain data regarding your buyer behavior (for example viewed products/products added to your wishlist/purchased) in order to create a profile for you. We always make sure that this type of processing is carried out in compliance with your rights and freedoms and that the decisions taken thereunder have no legal effect on you and do not affect you in a significant way.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw at any time by:
– Accessing the unsubscribe link displayed in the messages you receive from us; or by
– Contacting using the contact details described above.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our commercial activity. In any situation where we use information about you for our legitimate interest, we are careful and we take all necessary measures to ensure that your fundamental rights and freedoms are not affected. Nevertheless, you can always request us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will process your request.
To defend our legitimate interests
There may be situations in which we will use or transmit information in order to protect our rights and commercial activity. These may include:
-Measures to protect the website and users of the platform from cyber-attacks;
-Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;
-Measures for the management of other risks.
The legal basis for these types of processing is our legitimate interest in defending our commercial activity, and it is understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
We also, in certain cases, base our processing on legal provisions, such as the obligation to ensure the safekeeping of our property and values, as required by applicable law for this matter.
How long we keep your personal data
As a general rule, we will store your personal data as long as you have an account on the platform/as long as you use the platform. You may ask us to delete certain information or close your account at any time, and we will respond to such requests, subject to the retention of certain information, including after closing your account, in the situations in which the applicable legislation or our legitimate interests require to do so.
To whom we transmit your personal data
Where applicable, we may transmit or provide access to certain of your personal data to the following categories of recipients:
-courier service providers;
-payment/banking services providers;
-IT services providers;
-other companies with which we may develop joint programs for offering our goods and services on the market.
If we have a legal obligation or if it is necessary to defend a legitimate interest of ours, we may also disclose certain personal data to public authorities.
We make sure that the accessing of your personal data by third parties under private law is done in accordance with the legal provisions for data protection and confidentiality of information, based on contracts concluded with them.
How do we protect the security of your personal data
We are committed to ensuring the security of your personal data by implementing appropriate technical and organizational measures in accordance with the standards of the industry.
The transmission of your personal data is done by using state-of-the-art algorithms for encryption, the storage being done on secure servers, while ensuring at the same time data redundancy.
In order to process the payments, we use the services of PayU payment processor. Any information regarding the payments is encrypted using HTTPS technology with TSL 1.2 encryption. Despite the measures taken to protect your personal data, we warn you that the transmission of information over the internet, in general, or through other public networks is not completely secure, and there is a risk that the data could be viewed and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities of systems that are beyond our control.
What are your rights
The General Data Protection Regulation gives you a number of rights in relation to your personal data. You may request access to your data, the correction of any errors from our files and/or you may object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authorities or you may go to court. Where applicable, you may also benefit from the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information on each of these rights can be obtained by consulting the table below.
In order to exercise your rights, you may contact us by using the contact details listed above. Please note the following if you wish to exercise these rights:
Identity. We take seriously the confidentiality of all records which contain personal data. For this reason, we kindly ask you to send us your requests with regard to such records using the e-mail address connected to your account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees. We will not charge you a fee to exercise any right regarding your personal data, except for the case in which your request for access to information is unfounded, or if it is repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied, before we resolve your request.
Response time. We intend to respond to any valid requests within a maximum period of one month, except for the case in which this is particularly complicated or if you have made several requests, in which case we will respond within a maximum period of two months. We will let you know if we need more time than one month. We may ask you if you can tell us exactly what you want to receive or what you are concerned about. This will help us act faster and shorten the response time for your request.
Third party rights
We cannot comply with a request if it would negatively affect the rights and freedoms of other targeted persons.
Targeted rights
Access
You may ask us:
- to confirm if we process your personal data;
- to provide you with a copy of this data;
- to offer you any other information about your personal data, such as the data we have, what we use it for, who do we disclose it to, if we transfer them abroad and how we protect them, how long we keep them, what are your rights, how you can file a complaint, where we got your data from, to the extent in which the information has not already been provided to you by this information.
Correction
You may ask us to correct or complete your inaccurate or incomplete personal data.
It is possible we may try to verify the accuracy of the data before correcting it.
Deleting data
You can ask us to delete your personal data, but only if:
- they are no longer necessary for the purposes for which they were collected; or
- you have withdrawn your consent (if the data processing was based on consent); or
- you exercise a legal right to oppose; or
- it has been processed illegally; or
- we have a legal obligation to this regard.
We have no obligation to comply with your request to delete your personal data if the processing of your personal data is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defense of a right in court.
There are certain other circumstances in which we are not required to comply with your request to delete data, although these are the two most likely circumstances in which we may deny this request.
Restricting data processing
You can ask us to restrict the processing of personal data, but only if:
- their accuracy is challenged (see the rectification section), in order to allow us to verify their accuracy; or
- the processing is illegal, but you do not want the data to be deleted; or
- they are no longer necessary for the purposes for which they were collected, but you need them in order to establish, exercise or defend a right in court; or
- you have exercised your right to object, and the verification that our rights prevail is ongoing.
We may continue to use your personal data as the result of a request for a restriction, if:
- we have your consent; or
- in order to establish, exercise or ensure the defense of a right in court; or to protect the rights of S.C. AVVERO LENTI S.R.L. or of any other natural or legal person.
Data portability
You can ask us to provide you with personal data in a structured, commonly used, automatically readable format, or you may request that it be “ported” directly to another data operator, but in any case only if:
- the processing is based on your consent or on the conclusion or execution of a contract with you, and
- the processing is done by automatic means.
Opposition
You may object at any time, for reasons related to the particular situation in which you may be, related to the processing of your personal data under our legitimate interest, if you consider that your fundamental rights and freedoms prevail over that interest.
You may also object to the processing of your data for the purpose of direct marketing (including creating profiles) at any time, without giving any reason, in which case we will terminate such processing as soon as possible.
Automatic decision making
You may request that you not be the subject of a decision based exclusively on automatic processing, but only when that decision:
- produces legal effects related to you; or
- it affects you in another similar manner and to a significant extent.
This right shall not apply in the case in which the decision that was reached following the automatic decision-making:
- is necessary for us in order to conclude or enter into a contract with you;
- is authorized by law and there are adequate safeguards for you rights and freedoms; or
- is based on your explicit consent.
Claims
You have the right to submit a complaint with the supervisory authority related to the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are the following:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (The Natioan Supervisory Authority for Personal Data Processing) B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod poștal 010336, București, România
Telephone: +40.318.059.211 or +40.318.059.212;
E-mail:anspdcp@dataprotection.ro
Without prejudice to your right to contact at any time the supervisory authority, please contact us in advance and we promise to make every effort necessary in order to resolve any issue amicably.
Please note that you can contact the person resposible with data protection at S.C. AVVERO LENTI S.R.L., by submitting your request in any of the following ways:
-by e-mail, sent to: info@avvero.ro
-by telephone, by calling: 0232 22 55 94