From the 2018, Regulation no. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) together with Law no. 190/2018 regarding the measures for the implementation of Regulation 2016/679 (hereinafter referred to as “GDPR”) are applicable in all Member States of the European Union.
GDPR applies to the website www.bestoftransylvania.eu, with the purpose of informing those interested about the processing of personal data by S.C. Best of Transylvania S.R.L., as a personal data Operator, with its address at Dobresti Village, Dobresti Commune, DJ702 Nr. 6A, Arges County, Romania, European Unique Identifier (EUID) ROONRC.J3/2165/2020, Unique Registration Number: RO43506371 (hereinafter referred to as “Operator”).
If you have questions or requests regarding the processing of personal data, you can contact us by sending an e-mail to: firstname.lastname@example.org.
- What is personal data
Personal data (“Personal Data”) is any information about an identified or identifiable individual. The different information that, corroborated, can lead to the identification of a certain person also constitute personal data. An identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identification element, such as: name, surname, home address, identity card number, data of his physical, physiological, genetic, mental, economic, cultural or social identity.
- How we collect personal data
The Operator undertakes to maintain the confidentiality of the personal data provided by you through the website www.bestoftransylvania.eu or in the online media S.C. Best of Transylvania S.R.L. (Facebook, Instagram, YouTube, LinkedIn, Twitter or WhatsApp), as provided by the legal provisions above.
Personal data are collected in the following ways:
1.Direct: We usually process personal data that you have voluntarily provided to us:
- when you contact us in writing to request information on our activity or the actual placement of a request for the products/services presented, regardless of their nature at: email@example.com;
- when you subscribe to the newsletter;
- when searching on the website www.bestoftransylvania.eu;
- when accessing the various social networks in which there are accounts of S.C. Best of Transylvania S.R.L. through the redirect links presented within the website;
- when calling the existing telephone numbers within the website in the “contact” section;
- when you create a user account (buyer or reseller) through the website or when you register through the Facebook account;
- when filling in the form related to contacting the Operator available in the “contact” section of the website;
- when evaluating the Operator’s products.
2. Indirect: We may process data that you have not voluntarily provided to us:
- when you visit our site or when you interact in any way with it through cookies.
- What categories of personal data do we process?
Contact details: we collect this personal data about you when you actively send us information, for example when you interact with us by e-mail regarding the products/services provided by the Operator, when you place an order by phone or when you request information regarding a certain order, when you fill in the contact form within the website, when you create an account through the website, when you register on the website through Facebook, when you fill in the newsletter section or when you evaluate Operator’s products.
In the situation of creating an account, the processed data are the following: name, surname, e-mail, the company that you represent, password for creating the account, telephone. In the situation where the registration on the website, as a user, takes place through the Facebook account, the personal data are the following: the name of the Facebook account, the profile image. When you fill in the contact form available through the website, the personal data collected are: name, surname, e-mail, telephone, the company that you represent, as well as other personal data that can be provided through the message sent and that cannot be exhaustively specified. When you subscribe to the newsletter to find out the news, the Operator will process your e-mail address.
At the time of placing an order by phone, the following personal data may be processed by the Operator: name, surname, the company that you represent, e-mail address, telephone, delivery address (city, county, street, number, apartment, postal code) as well as any other personal data that cannot be exhaustively listed at this time (for example, the person who will receive the package on behalf of the person who initiated the order).
When evaluating a product, the Operator may process personal data such as name, surname and any other personal data that may be transmitted through the message.
Social media profile: when you interact with our website through various social media networks, such as when through our site you access its Facebook account or appreciate the page on Facebook or when you follow us or share content on Facebook, Instagram or similar, we may receive personal data from those social networks, including your profile data, username associated with the account and, to the extent that you contact us through the messaging service of the social network, the Operator will process your identity data such as phone number/e-mail address and any other information provided through the messaging service.
You can refuse to accept cookies by activating the appropriate setting in your browser.
For more details, please access the Cookies Policy.
To the extent that the personal data of the contact persons designated by the data subject regarding: legal or conventional representatives, collaborators, employees, associates, shareholders and/or other natural persons to the Operator for or in connection with the development are disclosed relations between the parties, considering the fact that the Operator does not have the means to directly inform these categories of persons, the person providing the data has the obligation to inform them about the processing of personal data, according to the details presented in of this section. Thus, measures will be taken to ensure that this disclosure is made in accordance with any applicable requirements, including those regarding information, so that the Operator can process personal data for appropriate purposes, without fulfilling any other formality.
- What are the legal arguments for data processing?
We can base our processing activities on the following grounds:
- Pursuant to art. 6 para (1)(a) of the GDPR Regulation: We may process personal data based on the consent expressed by the data subject. Such processing also takes place when the data subject subscribes to the newsletter provided by the Operator;
- Pursuant to art. 6 para (1) (b) of the GDPR Regulation: We may process personal data in order to execute a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract. Such a situation may arise when the data subject creates an account in order to benefit from the services provided by the Operator;
- Pursuant to a legal obligation according to the provisions of art. 6 para. (1) (c) of the GDPR Regulation: We may process personal data in order to fulfil our legal obligations as a professional. For example, your personal data may be processed in accordance with the tax legislation that imposes a certain storage period in connection with the data deriving from the contracts concluded by the Operator;
- Pursuant to art. 6 para (1) (f) of the GDPR Regulation: The processing of personal data is carried out for the purpose of the legitimate interests pursued by the Operator. Thus, your personal data are processed in order to respect the legitimate interest of the Operator, such as for example that of tracking the status of an order.
- How we communicate personal data to third parties
Your personal data may sometimes be transferred even outside Romania, under legal or contractual obligations. We may communicate personal data collected through the site of third parties in order to improve the quality of services we provide or to benefit from the help of specialists in fulfilling our obligations under the specific legislation in a particular field, or according to ongoing contracts. Your data may be transmitted, for example, to our partners such as the accounting firm.
The recipient companies that process personal data within the European Union/European Economic Area are subject to the same legal provisions and offer the same level of protection as that offered by the Operator. The provisions of the GDPR also apply to the territory of the United Kingdom until the end of the transition period which expired on 31.12.2020.
These third parties have, in their turn, obligations similar to those of the Operator regarding the protection of personal data, either they are in turn Operators of personal data, or they are authorized persons, who process the data on behalf of the Operator.
However, if in order to fulfil the purposes established by the Operator it will be necessary to transfer the personal data of our customers to recipients outside the European Union/European Economic Area or countries that do not offer an adequate degree of protection, the Operator will request those recipients to protect personal data according to the requirements of the GDPR Regulation.
We constantly ensure that our partners present sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing of your personal data meets all legal requirements.
The personal data indicated above may be made available or transmitted to third parties and in the following situations:
- public authorities, auditors or institutions with competences in carrying out inspections and controls on our activity, which request us to provide information, in virtue of legal obligations;
- for compliance with a legal requirement or for the protection of our rights and activities.
- The place and manner of storing personal data
The Operator keeps the personal data he collects in secure environments. Personal information is protected from unauthorized access, disclosure, use, modification or destruction by any natural/legal person.
The Operator shall take appropriate technical and organizational measures to ensure the security of personal data, such as access controls, data encryption, transfer in strict compliance with confidentiality requirements, etc.
Personal data are stored on the server of the company that ensures the maintenance of the website and the company. The Operator has taken all necessary measures to ensure that the company hosting the personal data fulfils its obligations imposed by specific legislation.
- Refusal of processing and its consequences
If you do not provide us with the requested personal data, you will not be able to benefit from the services provided by the Operator, and we will not be able to meet your requests. In order to be able to send you marketing communications, we need the related contact data, so that you can receive offers and communications about our services.
- What rights do you have regarding personal data
Any person may exercise any of the following rights, by means of a written request, signed and dated or in electronic format free of charge:
- The right of access, means that you have the right to obtain a confirmation from us that we process personal data concerning you as well as access to those data and information on how the data is processed and other information provided by law;
- The right to request rectification or updating when data are inaccurate or incomplete;
- The right to delete data (the right to be forgotten) means that you have the right to request that we delete your personal data, without undue delay, if we no longer need it;
- The right to restrict the processing means the marking of the stored personal data in order to limit their future processing, in the cases expressly provided by law;
- The right to data portability refers to the right to receive personal data in a structured, commonly used and automatically readable format and the right to have this data transmitted directly to another Operator, if this is technical feasible;
- The right to object refers to the right to oppose the processing of personal data when the processing is necessary for the performance of a task that serves a public interest or when it considers a legitimate interest of the Operator;
- The right to withdraw your consent regarding those data that have been processed based on the previous consent, without affecting the legality of the processing activities performed until that moment;
- The right to submit a complaint to the Operator or the right to submit a complaint to the supervisory authority: The National Authority for the Supervision of Personal Data Processing, with its address at Blvd. Gheorghe Magheru, no. 28-30, Sector 1, postal code 010336, Bucharest, Romania or by e-mail at firstname.lastname@example.org;
- The right to be notified in case of data security breaches, if the Operator concludes that the rights of the data subject have been affected following the investigation of the internal security breach.
The above rights can be exercised at any time. To exercise these rights, we encourage you to send us a written request, dated and signed or in electronic format to the following address: email@example.com.
We ask the persons who send such requests to the Operator to mention either in the subject of the e-mail, or on the envelope in which the documents/requests will be sent, information such as “data protection”.
The Operator will analyse your requests and requests and will respond within a maximum of 30 days. If you consider that the answer is not a favourable one, you can contact the Romanian National Authority for the Supervision of Personal Data Processing and the competent court.
The Operator assumes no responsibility if you are misled by unauthorized third parties who present themselves as representatives of the Operator. Please inform us immediately if you find out about such behaviour from a third party.
- For what period we will keep the personal data
We will store your personal data only for the time necessary to achieve the processing purposes set out above, while respecting the legal requirements in force. Once the purpose of the processing has ceased and the legal obligations of the Operator have been fulfilled, the data will be deleted in accordance with the legal procedures.