Overview

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable starting from May 25, 2018. This Regulation expressly repeals Directive 95/46/CE, thus replacing the provisions of Law no. 677/2001 (currently repealed).

The regulation is directly applicable in all member states, protecting the rights of all natural persons located on the territory of the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data concerning legal entities and, in particular, enterprises with legal personality, including the name and type of legal entity and the contact details of the legal entity.

Personal data is defined as any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.

The processing of personal data involves any operation or set of operations performed on data or sets of personal data, with or without the use of automated means, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction , consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Operator identity

Taking into account article 4 point 7 of the Regulation, which defines the notion of “operator” as the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing , the operator that processes personal data through this website is DEVSNIT IGNITED SRL, based in Str. Blaj No. 6 Bl. H Ap. 11, registered at the Trade Registry Office J17/69/2018, having CUI 38727368, legally represented by Alexandru Munteanu, with contact details [email protected], +40 774 081 794, .

Collection of personal data

What personal data is collected

The operator of this website collects, stores and processes the following personal data of / about you:

  • Name surname
  • Contact details (such as email, phone, fax)
  • IP

Obtaining Consent

Overview

In order for the processing of personal data to be legal, the GDPR requires that it be carried out on the basis of a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the valid consent expressed by the data subject in advance. In the latter case, the operator is required to be able to prove that the person in question has given his consent for the respective processing. The consent expressed under the rule of Directive 95/46/EC remains valid if it meets the conditions provided by the GDPR.

Consent must be given by a statement or by an unequivocal action that constitutes a freely expressed, specific, informed and clear manifestation of the data subject’s consent to the processing of his personal data. If the data subject’s consent is given in the context of a statement, in electronic form or in writing, which also relates to other matters, the request for consent must be presented in a form that clearly differentiates it from the other matters, can be done even by checking a box. In order for the processing of personal data to be legal, the GDPR requires that it be carried out on the basis of a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the valid consent expressed by the data subject in advance. In the latter case, the operator is required to be able to prove that the person in question has given his consent for the respective processing. The consent expressed under the rule of Directive 95/46/EC remains valid if it meets the conditions provided by the GDPR.

Cookies

Cookies are used on this site. They do not harm your computer and do not contain viruses, but have the role of contributing to an easier, more efficient and safer use of the site. They are small text files that are saved on your computer and are saved by the browser you use.

Many of the cookies used are called “session cookies”, which are automatically deleted after visiting this site. Others remain in your computer’s memory until you delete them, making it possible for your browser to recognize them on a subsequent visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions that you want to use (such as the shopping cart) are stored in accordance with the provisions of art. 6 paragraph 1 lit. f) of the GDPR, according to which the processing is legal only if and to the extent it is necessary for the purposes of the legitimate interests pursued by the operator or a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies, to ensure an optimization without technical errors. Other cookies (such as, for example, those used to analyze your browsing behavior) are also stored and will be treated separately in this document.

Contact form

If you send us questions via the contact form, we will collect the data entered in the form, including the contact data you provide, in order to answer your and others’ subsequent questions. We do not transmit this information without your permission. Therefore, we will process all the data you enter in the contact form only with your consent [in accordance with the provisions of art. 6 para. 1 lit. a) GDPR1]. You can revoke your consent at any time, an informal email to this effect is sufficient. Data processed before receiving your request may be processed lawfully. We will keep the data you provide on the contact form until:

  • request data deletion;
  • revoke your consent to their storage or if
  • the purpose for storing it is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contact by e-mail, phone or fax

If you contact us by e-mail, telephone or fax, your request, including all the personal data you will provide, will be stored and processed by us for the purpose of solving your request, based on your consent.

Therefore, we will process all the data you provide based on the following legal provisions contained in the GDPR, respectively:

  • only with your consent – in accordance with the provisions of art. 6 para. 1 lit. a) GDPR
  • for the execution of a contract or in the pre-contractual stage – in accordance with the provisions of art. 6 para. 1 lit. b) GDPR
  • for the fulfillment of the purpose and legitimate interest pursued by us, namely that of efficient processing of the requests sent by you – in accordance with the provisions of art. 6 para. 1 lit. f) GDPR.

We will keep the data you provide in this way until:

  • request data deletion;
  • revoke your consent to their storage or if
  • the purpose for its storage is no longer valid, in all situations except for the mandatory data retention periods.

The purpose of processing the collected data

Part of the data collected on this site is used to:

  • Providing the services we offer for your benefit (for example, to solve problems of any nature related to our products and services, to provide support services, etc.)
  • Optimum operation and optimization of this site (statistical and analytical) – We always want to give you the best experience on our site, which is why we may collect and use certain information related to the degree of satisfaction you have had while browsing this site, we may invite you to fill out feedback surveys or the like.
  • Advertising and promotion activities in the online environment. You can ask us at any time, through the means described in this document, to stop processing your personal data for marketing purposes, and we will comply with your request as soon as possible.
  • Periodic user information – We want to keep you informed about our offers. In this regard, we may send you any type of message containing general and topical information, information regarding offers or promotions, as well as other commercial communications such as market research and opinion polls. For communications of this type, we have as a basis the consent previously obtained from you. You can change your mind and withdraw your consent at any time.

The processing of personal data is carried out in accordance with the provisions of the General Regulation on Data Protection, based on both the consent of the data subject and reasons for the compliant execution of contracts or the realization of the legitimate interests of the operator (unless the interests prevail or the fundamental rights and freedoms of the data subject, which require the protection of personal data, especially when the data subject is a child).

User rights

Your rights regarding personal data and the means of exercising them are: The right to information, The right to access, The right to rectification, The right to delete data, The right to restrict processing, The right to data portability, The right to opposition, The right not to is the subject of a decision based exclusively on automatic data processing, Right to lodge a complaint and address to the courts, Right to withdraw consent.

  • The right to information – you can request information on the processing activities of your personal data, on the identity of the operator and its representative or on the recipients of your data;
  • The right of access – you can obtain from the operator a confirmation that personal data concerning you is being processed or not and, if so, access to the respective data and the following information: the purposes of the processing; the categories of personal data concerned; recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients from third countries or international organizations; where possible, the period for which the personal data is expected to be stored or, if this is not possible, the criteria used to establish this period; the right to request the operator to rectify or delete personal data or restrict the processing of personal data or the right to oppose the processing, etc.
  • The right to rectification – you can rectify inaccurate personal data or complete them;
  • The right to delete data – you can obtain the deletion of data, if their processing was not legal or in other cases provided by law;
  • The right to restrict processing – you can request the restriction of processing if you dispute the accuracy of the data, as well as in other cases provided by law;
  • The right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a machine-readable format or request that said data be transmitted to another operator
  • The right to opposition – you can object, in particular, to data processing based on the legitimate interest of the operator;
  • The right not to be the subject of a decision based solely on automatic data processing – you can request and obtain human intervention regarding said processing or you can express your own point of view regarding this type of processing;
  • The right to lodge a complaint and to address the courts – you can lodge a complaint against the way of processing personal data to the National Authority for the Supervision of Personal Data Processing and / or you can address the courts for the respect of your rights;
  • The right to withdraw consent – ​​where the processing is based on your consent, you can withdraw it at any time. The withdrawal of consent will only have effects for the future, the processing carried out prior to the withdrawal still remaining valid.

Obligations of the data controller

Hosting/Hosting

The personal data registered on this website are stored on our own servers. The processing of the data provided and stored complies with the following legal provisions:

  • Art. 6 para. 1 lit. a) GDPR – the processing of personal data is based on your consent, obtained after correct and complete information;
  • Art. 6 para. 1 lit. f) GDPR – data processing is carried out for the purpose of the legitimate interests pursued by us.

Data encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you by the lock window (“lock icon”) that appears in the browser bar and by changing the address of the respective browser from http:// to https://. Once encryption of this type is activated, the transmitted or transferred data will not be able to be seen by third parties.

According to the GDPR, if the breach of the security of personal data is likely to generate a high risk for your rights and freedoms, the operator of this website will inform you, without undue delay, about this breach, unless the supplementary provisions become relevant from the same Regulation (art. 34 paragraph 3).

The data protection officer

As the provisions of the GDPR are not applicable (art. 37 paragraph 1 – according to which the Operator and the person authorized by the operator appoint a data protection officer whenever:

  1. the processing is carried out by a public authority or body, with the exception of courts acting in the exercise of their jurisdictional function;
  2. the main activities of the operator or the person authorized by the operator consist of processing operations which, by their nature, scope and/or purposes, require a periodic and systematic monitoring of the persons concerned on a large scale; or
  3. the main activities of the operator or the person authorized by the operator consist in the large-scale processing of special categories of data under Article 9 or of personal data relating to criminal convictions and offences, referred to in Article 10)

Regarding the obligation to appoint a Data Protection Officer, for any information or clarifications regarding the operation of this website, please contact us on the following dates:

  • Name: Munteanu Alexandru
  • Email: [email protected]
  • Phone: +40 774 081 794
  • Fax:
  • Mailing address: Str. BLaj No. 6 Bl. H Ap. 11

Records of processing activities

According to the GDPR Regulation, the operator or the person authorized by the operator should keep, for a reasonable period, records of the processing activities under his responsibility. Thus, these records will include all the following information:

  • the name and contact details of the operator
  • the purposes of the processing;
  • description of categories of data subjects and categories of personal data;
  • the categories of recipients to whom the personal data were or will be disclosed;
  • if applicable/possible:
    • transfers of personal data
    • the expected deadlines for the deletion of different categories of data
    • a general description of technical and organizational security measures

The obligation detailed above does not apply to an enterprise or organization with less than 250 employees, unless the processing it carries out is likely to generate a risk for the rights and freedoms of the data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Adequate technical and organizational measures

Taking into account the current state of technology, the context and purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the operator implements appropriate technical and organizational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing.

Notification of the supervisory authority in case of personal data security breach

According to art. 33 para. 1 of the GDPR, if there is a breach of personal data security, we will notify the National Authority for the Supervision of the Processing of Personal Data without undue delay and, if possible, within 72 hours at most from the date we became aware of it, unless it is unlikely to generate a risk for the rights and freedoms of natural persons.

Informing the data subject about the data security breach of personal data

Related to the provisions of art. 34 of the GDPR, if the breach of the security of personal data is likely to generate a high risk for the rights and freedoms of natural persons, we will inform the data subject without undue delay about this breach, except in situations where:

  • appropriate technical and organizational safeguards have been implemented and these measures have been applied to personal data affected by the personal data breach, in particular measures to ensure that the personal data becomes unintelligible to anyone who does not is authorized to access them, such as encryption;
  • further measures have been taken to ensure that the high risk for the rights and freedoms of the previously mentioned data subjects is no longer likely to materialize;
  • it would require a disproportionate effort. In this situation, a public information is carried out instead or a similar measure is taken by which the persons concerned are informed in an equally effective way.

Social Media

Facebook plugins (Like & Share Button)

This service uses social plugins (“plugins”) managed by the social network facebook.com. Plugins can be identified by a Facebook logo (a white “f” on a blue board or a “thumbs up” sign) or are labeled by adding the phrase “Facebook Social Plugin”. The list and layout of Facebook plugins can be seen here:  https://developers.facebook.com/docs/plugins/ . As long as you use the Like extension, you will like our website’s Facebook page without having to leave it. To the extent that you use the Share extension, you will share our site or certain content from it on your personal Facebook page without having to leave the site.

Through the plugin, Facebook receives the information that you access on our website. If you are also logged in to Facebook at the same time, Facebook can attribute the actions taken on the page to your account and, implicitly, to you personally. When you interact with the plugins, for example by clicking the Like button or sharing certain content from the website, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, it is still possible for the social network to obtain and store your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Facebook. We have no control over the nature and purpose of this transmitted data, as well as over its further processing. Regarding the purpose and extent of data collection, processing and further use of data by Facebook, as well as permissions and settings to protect privacy.

If you do not want Facebook to associate your visit to this website with your Facebook account information, you can log out.

Instagram Plugin

This service uses social plugins (“plugins”) managed by the Instagram social network, functions provided by Instagram Inc., with headquarters at 1601 Willow Road, Menlo Park, CA 94025, USA. Plugins can be identified by an Instagram logo or are labeled by adding the phrase “Instagram Social Plugin”.

Via the plugin, Instagram is informed about the actions you take on our page. If you are also connected to your personal account on the social network at the same time, it can attribute the actions taken on your Instagram account page and, implicitly, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not a member of Instagram, it is still possible for it to obtain and store your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Instagram. We have no control over the nature and purpose of this transmitted data, as well as over its further processing. Regarding the purpose and scope of data collection, processing and further use of data by Instagram, as well as permissions and settings to protect user privacy, you can consult Instagram’s privacy policies at:  https://help.instagram.com/155833707900388 .

If you are a member of Instagram and do not want it to collect your data through the plugin and link it to the data already stored on Instagram, you must log out of the social network before visiting this site.

The Tumblr plugin

This site uses certain Tumblr plugins, which are operated by Tumblr Inc., located at 35 East, 21st. Street, 10th Floor, New York, NY 10010, USA. These plugins allow you to publish a post or page on Tumblr. When you visit this site using Tumblr, your browser establishes a direct connection to Tumblr’s servers. We have no influence on the volume of data accessed by Tumblr and transmitted through this plugin. From my own experience, it is possible that the IP address and URL of that site are transmitted.

More information can be found in Tumblr’s privacy policy:  https://www.tumblr.com/privacy

Twitter plugin

This service uses social plugins (“plugins”) managed by the social network twitter.com. Plugins can be identified by a Twitter logo.

Through the plugin, Twitter receives the information that you access on our page. If you are also connected to the social network at the same time, Twitter can attribute the actions performed on the page to your Twitter account and, implicitly, to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Twitter and stored. Even if you are not a Twitter member, it is still possible for it to obtain and store your IP address.

By clicking on one of the plugin buttons, you can express your consent to their use and therefore to the transfer of personal data to Twitter. We have no control over the nature and purpose of this transmitted data, as well as over their subsequent processing. Regarding the purpose and extent of data collection, further processing and use of data by Twitter, as well as permissions and settings to protect user privacy, you can consult Twitter’s privacy policies at:  https://twitter.com/en/privacy .

If you are a member of Twitter and do not want it to collect your data via the plugin and link it to data already stored on Twitter, you must log out of the social network before visiting the site.

Google+ plugin

This service uses social plugins (“plugins”) managed by the social network Google+. Plugins can be identified by a Google+ logo.

Through the plugin, Google receives the information that you access on our page. If you are also connected to the social network at the same time, Google can assign the actions performed on the page to your Google+ account and, implicitly, to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Google+ and stored there. Even if you are not a member of Google+, it is still possible for it to obtain and store your IP address.

By clicking on one of the plugin buttons, you can express your consent to their use and therefore to the transfer of personal data to Google+. We have no control over the nature and purpose of this transmitted data, as well as over their subsequent processing. Regarding the purpose and extent of data collection, processing and further use of data by Google+, as well as permissions and settings to protect user privacy, you can consult the Google+ privacy policies at:  https://policies.google.com/privacy ?hl=en .

If you are a member of Google+ and do not want it to collect your data through the plugin and link it to the data already stored on Google+, you must log out of the social network before visiting the site.

Pinterest plugin

This service uses social plugins (“plugins”) managed by the social network Pinterest.

Through the plugin, Pinterest receives information about your activity on our website. If you are also connected to the social network at the same time, Pinterest can attribute the actions performed on your account page and, implicitly, to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Pinterest and stored there. Even if you are not a member of Pinterest, it is still possible for it to obtain and store your IP address.

By clicking on one of the plugin buttons, you can express your consent to their use and therefore to the transfer of personal data to Pinterest. We do not have control over the nature and purpose of the transmitted data, as well as over their subsequent processing. Regarding the purpose and scope of data collection, processing and further use of data by Pinterest, as well as permissions and settings to protect user privacy, you can consult Pinterest’s privacy policies at:  https://policy.pinterest.com/en /privacy-policy .

If you are a Pinterest member and do not want Pinterest to collect your data through the plugin and link it to data already stored on Pinterest, you must log out of the social network before visiting the site.

Newsletter

In order to receive a newsletter, it is necessary to indicate a valid e-mail address, together with specific information by which the owner of this address can be identified. Also, your consent is required for sending the newsletter and, therefore, we inform you that any other personal data will be collected and stored only based on your consent. The data thus collected are processed only for the purpose of sending the newsletter and will not be transmitted to third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of art. 6 para. 1 lit. of the GDPR.

Mailchimp

This site uses MailChimp services to send newsletters, as MailChimp is a service that can be implemented to organize and analyze the sending of newsletters.

As a way of operating, when you enter data for the purpose of subscribing to the newsletter, the information is stored on MailChimp servers in the United States, this service being provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp holds a certification that complies with the “EU-US-Privacy-Shield”. The “Privacy-Shield” is an agreement between the European Union (EU) and the United States of America (USA) aimed at ensuring compliance with European data protection standards in the United States.

Moreover, MailChimp can also be used to analyze the performance of newsletter sending campaigns and to obtain statistical data on these campaigns, with the role of adaptation and efficiency. Thus, if you open an e-mail that was sent via MailChimp, a file that was integrated into the e-mail (a so-called web beacon) is connected to MailChimp’s servers in the United States. As a result, it can be determined whether or not a newsletter was opened and which link was subsequently opened. Technical information is also recorded at the time (eg access time, IP address, browser type and operating system).

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

MailChimp uses the Standard Contractual Clauses as an adequate data protection guarantee, in accordance with the level of protection guaranteed by the GDPR. For more information, go to https://mailchimp.com/legal/data-processing-addendum/#Annex_C and the full privacy policy available here: https://mailchimp.com/legal/data-processing-addendum/ .

Plugins and Tools

Youtube

Our website uses plugins of the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you visit a page on our website where a YouTube plug-in has been integrated, a connection to the YouTube servers will be established. Consequently, the YouTube server will be notified, which of the pages have been visited by you

In addition, YouTube will be able to insert different cookies, with the help of which it will be possible to obtain information about the visitors of our website. Among other things, this information will be used to generate video statistics with the aim of improving the ease of use of the site and preventing fraud attempts.

If you are signed in to your YouTube account while visiting our website, you allow YouTube to directly assign your browsing patterns to your personal profile. You have the option to prevent this by signing out of your YouTube account.

The use of YouTube is based on our interest in presenting your online content in an attractive manner. According to art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character. Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) should be based on the Standard Contractual Clauses (SCC) of the European Commission.

For more information on how YouTube handles user data, see YouTube’s Data Privacy Policy at:  https://policies.google.com/privacy?hl=en .

Google reCaptcha

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether data entered on our site (for example, information entered in a contact form) is provided by a human user or an automated program. To determine this, reCAPTCHA analyzes the behavior of website visitors based on a variety of parameters. This analysis is automatically triggered as soon as the website visitor enters the website. For this analysis, reCAPTCHA evaluates a variety of data (eg IP address, time the website visitor spent on the website or user-initiated cursor movements). The data tracked during these analyzes is sent to Google. reCAPTCHA analyzes run entirely in the background. Site visitors are not alerted that an analysis is in progress. The data are processed based on art. 6 para. 1 lit. f) GDPR. Website operators have a legitimate interest in protecting the operator’s web content against misuse by automated industrial espionage systems and against SPAM.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

Google reCatpcha uses Standard Contractual Clauses as an adequate data protection guarantee, in accordance with the level of protection guaranteed by the GDPR. For more information, see Google’s Data Privacy Statement available here: https://policies.google.com/privacy   and here https://policies.google.com/terms?hl=en

Online chat

Chat platforms – Facebook Messenger

On this website we use Facebook Messenger, a free instant messaging application, thus ensuring the instant exchange of text messages with one or even more people or computers at once. It is an American messaging app and platform developed by Facebook, Inc. Originally developed as Facebook Chat in 2008, the company revamped its messaging service in 2010.

Through Facebook Messenger, we can provide you with fast support by allowing you to interact with us, including by tracking purchases, receiving notifications and initiating personal conversations with the company’s customer service representatives.

The legal basis for the processing of personal data through Facebook Messenger is represented by art. 6 para. 1 lit. f) of the Regulation, based on our legitimate interest in the legality of the processing. In relation to the processing of personal data, Facebook Ireland can be contacted online or by post at the following address Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data collected through Facebook Messenger is used, among other things, to provide, personalize and improve the chat, to enable the provision of analysis services, but also to communicate with you.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

Facebook Messenger complies with the provisions of the GDPR and the Standard Contractual Clauses (SSC) approved by the European Commission, constantly taking into account its decisions regarding data transfers to the United States and other countries. The European Commission has recognized countries such as Andorra, Argentina, Canada (trade organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection.

More information is available here https://www.facebook.com/privacy/explanation and here  https://www.facebook.com/legal/EU_data_transfer_addendum

WhatsApp

Through WhatsApp, we ensure effective communication with our customers. For those who live in a country in the European Economic Area (which includes the European Union) and any other country or territory included (collectively the “European Region”), Whatsapp is operated by WhatsApp Ireland Limited, based at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

According to the WhatsApp policy, which can be consulted and analyzed here: https://www.whatsapp.com/legal/#privacy-policy , Whatsapp Ltd. being part of the Facebook Companies, through this service personal data is collected and processed personally in compliance with the security and privacy principles applicable at European level (in particular, RGPD) or at international level (if we are talking about services provided by Whatsapp Inc. – EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework) .

Through Whastapp, the following are processed:

  • data provided by the users themselves (such as those related to the users account – phone number, profile name, photo – user connections. As for the messages sent, they are not stored on the WhatsApp servers, except for those not could be sent (for example, for an offline user) and which are stored for a period of 30 days before being deleted.
  • automatically collected data (information on the user’s “last seen status”, user preferences stored through cookies, IP address, information related to the browser, some information related to transactions and payments – for the terms and conditions regarding payments, we recommend see https://www.whatsapp.com/legal/?eea=0#payments-in ).

The legal basis for the processing of personal data through Whatsapp is represented by art. 6 lit. f) of the Regulation, based on our legitimate interest in the legality of the processing.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

WhatsApp uses the Standard Contractual Clauses as an adequate data protection guarantee, in accordance with the level of protection guaranteed by the GDPR, according to the information available here https://www.whatsapp.com/legal/#privacy-policy-our-global-operations

Audio-Video Communications

Audio-Video communication services

We use specific tools for online conferences to communicate with our customers. If you choose to communicate with us through one of these tools, your personal data will be collected and processed both by us and by the respective provider.

These tools collect any information you provide (for example, your email address or phone number). Other information is also processed such as the duration of the conference, the time spent in the respective conference, the number of participants, other information specific to the operation of these tools, but also technical data (such as: IP addresses, the type of devices used, the type and version of the operating system, details about the camera and microphone used, but also data and content information – text messages, voice messages, photos and uploaded files, etc.).

The legal grounds for processing personal data through these tools are represented by:

Art. 6 lit. b) from the Regulation, to communicate effectively with our contractual partners and with current or potential clients;

Art. 6 lit. f) of the Regulation, based on our legitimate interest in the legality of processing, from the perspective of simplifying and speeding up communication with us.

However, we would like to inform you that we do not have full control over all procedural and legal aspects regarding the processing of personal data, so please consult the privacy policies of the providers of such video-audio tools communication. To the extent that your consent has been requested, the use of that tool will be based on this consent, until it is withdrawn.

Regarding the storage period of the data processed as a result of using these tools, outside of the legal storage periods, at your request or if the storage is no longer necessary, the personal data will be deleted by us. However, for more details on the storage of data by the providers of audio-video communication tools for their own purposes, please contact them and study their privacy policies.

Zoom

We use Zoom to facilitate communication with you. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, see Zoom’s privacy policy: https://zoom.us/en-us/privacy.html .

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

The transmission of data to the United States of America by Zoom is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://zoom.us/de-de/privacy.html .

Skype

We use Skype to facilitate communication with you. The provider of this service is Skype Technologies SARL (also known as Skype Software SARL, Skype Communications SARL, Skype Inc. and Skype Limited) which is a telecommunications company based in Luxembourg City, Luxembourg ( 23-29 Rives de Clausen, L -2165) and in Palo Alto, CA, United States.

Details on the processing of personal data can be found here: https://privacy.microsoft.com/en-us/privacystatement

Microsoft Teams

We use Microsoft Teams to facilitate communication with you. Microsoft Teams is a business communication platform developed by Microsoft as part of the Microsoft 365 family of products.

Microsoft has adhered to the EU-US and Swiss-US Privacy Shields transfer principles, but the Privacy Shield Framework as a legal basis for transfers of personal data must be interpreted and applied in light of the CJEU ruling in case C-311/ 18.

Details on the processing of personal data can be found here: https://privacy.microsoft.com/en-us/privacystatement

Google Meet

We use Google Meet to facilitate communication with you. The provider of this service is Google Inc., based in the United States of America, 1600 Amphitheater Parkway, Mountain View, CA 94043. In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited incorporated and operating in under the laws of Ireland (registered number: 368047), with registered office at Gordon House, Barrow Street, Dublin 4, Ireland.

For more details on the processing of personal data, we recommend that you consult the policy available here:  https://policies.google.com/privacy

Advertising and Analytics

Google Analytics

This website uses the functions of the web analysis service Google Analytics. The provider of this service is Google Inc., based in the United States of America, 1600 Amphitheater Parkway, Mountain View, CA 94043.

Google Analytics uses so-called cookies. Cookies are text files that are stored on the computer and that allow an analysis of the use of the website by users. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States, where it is stored.

The storage of Google Analytics cookies and the use of this analysis tool is based on Art. 6 para. 1 lit. f) GDPR. The operator of this website has a legitimate interest in analyzing user patterns in order to optimize both the online services offered and the operator’s advertising activities.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

The transfer of data to the United States of America is based on the Standard Contractual Clauses (SCC) of the European Commission.

IP anonymization

On this site we have activated the IP anonymization function. As a result, the IP address will be abbreviated by Google in the member states of the European Union or in other states that have ratified the Convention on the European Economic Area before it is transmitted to the United States. The full IP will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google will use this information to analyze your use of this website, to generate reports on website activities and to provide other services to the operator of this website in connection with the use of the website. The IP address transmitted together with Google Analytics from your browser will not be merged with other data held by Google.

Browser plug-ins

You have the option to prevent the archiving of cookies by making relevant changes to your browser software settings. However, we must point out that in this case you may not be able to use all the functions of this website. In addition, you have the option to prevent the recording of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the plug- in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en 

Objection to data recording

You have the option to prevent the recording of your data by Google Analytics by clicking on the following link. This will lead to the placing of an opt-out cookie, which prevents the recording of your data during future visits to this site: deactivation of Google Analytics.

For more information about the handling of user data by Google Analytics, see the Google Data Privacy Statement at: https://support.google.com/analytics/answer/6004245?hl=ro .

Demographic parameters provided by Google Analytics

This website uses the “demographic parameters” function provided by Google Analytics, through which reports are generated that provide information on the age, gender and interests of website visitors. The sources of this information are interest-based advertising generated by Google, as well as visitor data obtained from third-party service providers. This data cannot be assigned to a specific individual. You have the option to deactivate this function at any time by making relevant changes to the advertising settings in your Google account, or you can generally prohibit the recording of your data by Google Analytics.

Archiving period

User- or incident-level data stored by Google related to cookies, user IDs or advertising IDs (eg DoubleClick cookies, Android advertising IDs) will be anonymized or deleted after . For details, click on the following link: https://support.google.com/analytics/?hl=en#topic=3544906

Google Analytics Remarketing

Our website uses Google Analytics Remarketing functions in combination with Google AdWords and Google DoubleClick functions, which work on all devices. The provider of these solutions is Google Inc., based in the United States of America, 1600 Amphitheater Parkway, Mountain View, CA 94043.

This function allows the connection of advertising target groups generated with Google Analytics Remarketing with the functions of Google AdWords and Google DoubleClick, which work on all devices. This makes it possible to display personalized interest-based advertising messages based on past usage and browsing patterns on a device (e.g. mobile phone) in a manner tailored to both you and any of your devices. (eg tablet or PC).

If you have given us your consent, Google will link your web browser and app progress to your Google Account for this purpose. Therefore, the same personalized advertising messages may be displayed on each device you sign in with your Google Account.

To support this feature, Google Analytics records the authenticated user IDs of temporarily logged in Google Analytics data to define and compile target groups for ads to be displayed on all devices.

You have the option to permanently object to remarketing / targeting across all devices by opting out of personalized advertising in your Google Account. To do this, follow this link: https://www.google.com/settings/ads/onweb/ .

Consolidation of the data recorded in your Google account will take place exclusively on the basis of your consent, which you can give to Google and also revoke (Article 6 para. 1 lit. GDPR). Data registration processes that are not consolidated in your Google account (for example, because you do not have a Google account or you have opposed data consolidation), data registration is based on Art. 6 para. 1 lit. f) GDPR. Legitimate interest resides in the fact that the website operator has a legitimate interest in the anonymous analysis of the website visitor for advertising purposes.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

The transfer of data to the United States of America is based on the Standard Contractual Clauses (SCC) of the European Commission.

For more information and pertinent data protection regulations, see Google’s data privacy policies at: https://policies.google.com/technologies/ads?hl=en .

Google Ads and Google Conversion Tracking

This site uses Google Ads. Ads is an online promotional program of Google Inc. – 1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America (“Google”).

In connection with Google Ads, we use a tool called Conversion Tracking. If you click on an ad published by Google, a cookie will be placed for conversion tracking purposes. Cookies are small text files that the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google will be able to recognize that the user has clicked on an ad and has been connected to this page.

Another cookie is assigned to each Google Ads client. These cookies cannot be tracked through Ads customer websites. The information obtained with the help of conversion cookies is used to generate conversion statistics for Ads customers who have opted in to use conversion tracking. Users receive the total number of users who clicked on their ads and were linked to a page equipped with a conversion tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not wish to be involved, you have the option to object to this use by easily deactivating the Google conversion tracking cookie through your web browser in accordance with your user settings. If you do this, you will not be included in your Conversion Tracking statistics.

The storage of “Conversion” cookies and the use of this tracking tool are based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in analyzing user patterns in order to optimize the operator’s web offers and advertising.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

The transfer of data to the United States of America is based on the Standard Contractual Clauses (SCC) of the European Commission.

To see more detailed information about Google Ads and Google Conversion Tracking, see Google’s data privacy policies at: https://policies.google.com/privacy?hl=en .

You can configure your browser in such a way that you are notified at any time when cookies are placed and you can allow cookies only in certain cases or exclude the acceptance of cookies in certain cases or for all situations and you can, of also enable the automatic deletion of cookies after closing the browser. If you disable cookies, the functions of this website may be limited.

Facebook Pixel

To measure conversion rates, our website uses the Facebook visitor activity pixel, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This tool allows the tracking of page visitors after they have been connected to the provider’s website after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.

For the operators of this site, the data collected is anonymous. We are not in a position to reach any conclusions about the identity of the users. However, Facebook archives the information and processes it so that the connection to the respective profile is possible, and Facebook is able to use the data for its own promotional purposes in accordance with the Facebook Data Usage Policy. This allows Facebook to display ads both on and off Facebook pages. The operators of this site have no control over the use of this data.

The use of Facebook Pixel is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in effective advertising campaigns, which also include social media.

Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems) , the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.

Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro .

The transfer of data to the United States of America is based on the Standard Contractual Clauses (SCC) of the European Commission. In Facebook’s data privacy policies, you will find additional information about protecting privacy at: https://www.facebook.com/about/privacy/ .

You also have the option to disable the “Custom Audiences” remarketing feature in the Ad Settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do this, you must first log in to Facebook.

If you do not have a Facebook account, you can opt out of user-based advertising through Facebook on the website of the Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/ro/optiunile-mele .

Conclusion

This policy regarding the processing of personal data is generated in accordance with the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, but also with the other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy regularly for correct and up-to-date information regarding the processing of personal data.

For more details regarding this GDPR Policy, as well as to exercise any of the aforementioned rights, a written notification can be sent to the contact details indicated above.