PRIVACY POLICY
Data protection is a very important aspect for us. The use of our Internet pages is possible without the indication of personal data, however, if anyone wishes to use our services through the site, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis or a contract for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, IP address, location or telephone number of the data subject, must be carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with data protection specific to each country. Through this privacy policy, we want to inform you about the nature, purpose and basis of the processing of personal data and the rights you have.
In order to comply with the provisions of the General Data Protection Regulation (GDPR), we have implemented numerous technical and organizational measures designed to ensure the most complete protection of personal data processed through this website. However, data transfer over the Internet can, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, each data subject has the freedom to transfer personal data to us through alternative means, e.g. by telephone, in writing, etc.
Our data protection policy uses the terms used by the European legislator to adopt the General Data Protection Regulation (GDPR). We want our Data Protection Policy to be legible and easy to understand for everyone. In order to achieve this objective, we first explain the terminology used.
In the present data protection policy, we use, among others, the following expressions:
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one that can be identified, directly or indirectly, especially by reference to an identifier such as a name, identification number, location data, an online identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social factors of that natural person.
The data subject is any identified or identifiable natural person whose personal data is processed by the data controller or data processor.
Processing is any operation or set of operations that is carried out with personal data or with personal data sets, whether or not by automatic means, such as collection, registration, organization, structuring, storage, adaptation or modification, retrieval, consultation, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.
The restriction of processing is the selection of stored personal data, in order to limit future processing.
Profiling means any form of automatic processing of personal data consisting of the use of personal data to evaluate certain personal issues relating to a natural person, in particular to analyze or anticipate aspects regarding the performance of the natural person in the workplace, the situation economic, health, personal preferences, interests, behavior, location or travel.
Pseudonymization is the processing of personal data so that personal data can no longer be assigned to a particular data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to provide that personal data cannot be attributed to an identified or identifiable natural person.
The controller or controller responsible for the processing is the natural or legal person, the public authority, the agency or another body which, alone or together with others, determines the purposes and the means of processing the personal data; where the purposes and means of such processing are laid down by Union or Member State law, the operator or specific criteria for its appointment may be provided for by Union or Member State law.
Authorized person - The processor is a natural or legal person, a public authority, an agency or other body that processes personal data on behalf of the operator.
The beneficiary is a natural or legal person, a public authority, an agency or another body, to whom the personal data are disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data in an investigation, in accordance with Union or Member State law, are not considered beneficiaries; the processing of this data by the respective public authorities must be in accordance with the applicable data protection rules in accordance with the purposes of processing.
May have the status of a third person, a natural or legal person, a public authority, an agency or a body, other than the data subject, the operator, the authorized person, who, under the direct authority of the operator or the authorized person, is authorized to process data personal.
The consent of the data subject is any specific, informed and unambiguous indication of the data subject's wishes by which he, by a statement or by a clear affirmative action, accepts the processing of personal data concerning it.
This principle requires that personal data be processed legally, correctly and transparently in relation to the data subjects.
This principle requires that personal data must be collected only for the specified, explicit and legitimate purposes.
According to this principle, personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
, which provides that the personal data are correct and are updated where necessary.
This principle requires that personal data be kept in a form that allows the identification of the data subjects for the maximum period of time necessary to process the data.
, so that they are complete, confidential and available.
This principle establishes that the operator is responsible for complying with the principles listed in Article 5 (1) of the GDPR and must be able to demonstrate their observance.
SC eRetail Romania SRL
Adress: 307375, str. Azurului, no. 20, loc. Sânandrei, Timis County, România
Tel: +40 372 129 877
Email: office@eRetail.ro
Website: www.eRetail.ro
Our websites use cookies. Cookies are text files that are stored in a computer system through an Internet browser. Many websites and servers use cookies. Many cookies contain a code called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the Internet browser in which the cookie was stored. This allows websites and servers visited to differentiate the individual browser of the topic from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified using the unique cookie ID.
By using cookies, we can provide users of this site with more user-friendly services, which would not be possible without the use of cookies.
Through a cookie, the information and offers on our site can be optimized according to the user. Cookies allow us, as mentioned above, to recognize the users of our website. The purpose of this recognition is to facilitate the use of our website. As an example, the website user does not have to enter access data every time the website is accessed, because the data has already been retrieved, and the cookie is stored in the user's computer system. Another example is a shopping cart cookie in an online store. The online store remembers the items a customer has placed in the virtual shopping cart through a cookie.
The data subject may, at any time, prevent the use of cookies by our website through an appropriate Internet browser setting. In addition, cookies already set can be deleted at any time from your Internet browser. This is possible in all popular Internet browsers. If the data subject disables the setting of cookies in the Internet browser used, not all the features of our site can be fully used. To learn more about this topic, visit the Cookie Policy on the site.
Our website collects a series of general information and data when an automatic user or system requests it. This general data and information is stored in the server log files.
The collected data can be:
(1) the types of browser and versions used;
(2) the operating system used;
(3) the website from which a system of access to our website arrives (the so-called references);
(4) the date and time of access;
(5) Internet protocol address (IP address);
(6) Internet service provider of the access system;
(7) any other similar data and information that may be used in the case of attacks on our computer systems.
This data and general information are required for:
(1) the correct provision of the content of the site;
(2) optimizing the content of the site;
(3) providing the long-term viability of our information systems;
(4) providing the authorities with the information necessary for the investigation in the event of a cyber attack.
Therefore, we analyze data and statistical information anonymously, in order to increase our data security and security and to ensure an optimal level of protection of the personal data we process. The anonymous data of the server log files are stored separately from all the personal data provided.
Our website allows fast electronic contact and direct communication with us through an email address (e-mail address). If a data subject contacts us by e-mail or through a contact form, the transmitted personal data is automatically stored. Such personal data voluntarily transmitted by data subjects are stored for the purpose of processing or contacting that person. There is no transfer of personal data to third parties.
We process and store the personal data of the data subject only for the period necessary to achieve the purpose for which they were collected, except when the storage period is imposed by national or European legal norms.
If the purpose for which the data were collected has been achieved, or if the storage period required by national or European legal rules has expired, the personal data are automatically erased, in accordance with the legal requirements.
THE RIGHT TO BE INFORMED
Once you have consented and become a data subject, you have the right to be informed about everything that happens to your personal data, what it is used for, access it, modify it, and even revoke consent for a particular organization. At the same time, you have the right to access your personal data whenever you want.
THE RIGHT OF ACCESS
Based on this right you can request information regarding all aspects regarding your personal data, collected by the operator (whether your data is processed or not, where they come from, who processes them, for what purpose, for what period of time, where they are stored). Also based on this right you can request a "copy" of personal information, which have been processed.
RIGHT TO RECTIFICATION
You can request the rectification, modification of your personal data processed by the operator, after the operator, through internal procedures has verified your identity.
THE RIGHT TO BE FORGOTTEN (THE RIGHT TO REMOVE DATA)
Another important right is to erase (or forget) data. The general principle is that a person has the right to request the erasure of personal data. This right is not an absolute one, which means that there are circumstances in which the data will not be erased at the request of the data subject. For example, if the personal data are used for complying with a legal obligation or for the safety of public health, for scientific research then the right to delete the data may be denied to the data subject.
THE RIGHT TO RESTRICT DATA PROCESSING
According to the GDPR, a person has the right to restrict the processing of personal data under various circumstances. For example, a data subject may restrict the processing of personal data when he or she thinks they are inaccurate. In this case, the person will be able to restrict the processing of the data until their accuracy is verified. Another case of data processing restriction is the time when the data subject objects to the processing.
PORTABILITY OF DATA
You also have the right to data porting. In the absence of other contractual conditions (of which you should be informed before consenting to data processing) you can move your data from one provider to another in an easy and fast way.
RIGHT TO OPPOSITION
This right includes: the right to oppose processing and the right to oppose the automatic decision-making process and the creation of profiles.
RIGHTS RELATED TO THE AUTOMATED DECISION PROCESS AND PROFILE CREATION
This right wants to defend the people of certain decisions with potential negative that could be taken without human intervention. The GDPR defines the creation of profiles as any automated form of processing in order to evaluate certain personal aspects of the individual, such as job performance, health, personal preferences, economic situation, location and others. If an organization uses profile creation, it must take certain security measures. For example, to use correct mathematical or statistical procedures, personal data to be secured, measures to allow anomalies to be corrected with a minimum risk of errors. Remember, the automated decision-making process should never be applied to a child.
THE RIGHT TO WITHDRAW CONSENT
By a manifestation of will symmetrical to the one by which you gave your consent, you will be able to withdraw it at any time, and we will take this withdrawal into account.
When exercising any of these rights, if there are no legal impediments, we will comply with the provisions of the GDPR Regulation, operating those requested by the data subject and informing the data subject about the steps taken.
Article 6 (1) letter a of GDPR Regulation serves as a legal basis for the processing operations for which you consent to us, for a certain processing purpose.
If the processing of personal data is necessary for the execution of a contract to which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or for the provision of services, processing is carried out on the basis of Article 6 paragraph 1 letter b of the GDPR Regulation. The same is true for the processing operations that are necessary to perform the pre-contractual measures, for example in the case of tendering.
If our company is subject to a legal obligation that requires us to process personal data, such as the fulfillment of fiscal obligations, processing is done on the basis of art. 6 (1) letter c of GDPR Regulation.
In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor was injured in our company and their name, age, health insurance data or other vital information should be forwarded to a doctor, hospital or other third party. In this hypothesis, the processing will be based on Art. 6 (1) letter d of the GDPR Regulation.
Finally, processing operations could be based on Article 6 (1) (f) of GDPR Regulation, if the processing is not carried out for any of the reasons mentioned above, if the processing is necessary for the purposes of the interests legitimate pursued by our company or a third party, unless these interests contravene the interests or fundamental rights and freedoms of the data subject who need the protection of personal data. Such processing operations are especially permitted because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is the client of the operator (recital 47 of sentence 2 GDPR).
If the processing of personal data is based on Article 6 (1) (f) of the GDPR Regulation, it is our legitimate interest to conduct our business in the interest of all our employees and shareholders.
The criteria used to establish the period of storage of personal data are defined by the purpose of the collection and the legal basis. After the expiry of the respective period, the corresponding data are deleted, if they are no longer necessary for the execution or conclusion of a contract, or if the data subject has not consented to the storage of this data for a certain period of time.
We are a responsible company and we do not make automatic or profiling decisions.