Information note on the processing of personal data – GDPR

 

The information collected is presented in this document (hereinafter referred to as the “Information Note”). The purpose of this Information Note is to explain to you what data we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can exercise those rights. In collecting this information, we act as an operator and, by law, we are obliged to provide you with this information. We recommend that you read it carefully. By visiting our website, or by interacting with us by any means and / or through any communication channel (e-mail, telephone, social networks, etc.), you agree to this Privacy Policy and agree to use of your data as described below. This Privacy Policy does not cover other third party applications and websites that you may access by accessing the links on our website. This is beyond our control. We encourage you to review the Privacy Policy on any website and / or application before accessing it. If you do not agree with those described in this Privacy Policy, please do not visit our website and do not use the services offered by our website.

 

  1. Terms

 

For the purposes of this Information Note, the terms and expressions below have the following meanings:

 Personal data – means any information about a data subject – an identified or identifiable natural person;

 Target Person – an identified or identifiable natural person – is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier , or to one or more specific elements, proper to his physical, physiological, genetic, mental, economic, cultural or social identity;

 Operator – means the natural or legal person, public authority, agency or other body which, alone or together with others, establishes the purposes and means of processing personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;

 Recipient – means the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party.

 Processing – means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extracting, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, deleting or destroying;

 Restriction of processing – means the marking of stored personal data in order to limit their future processing;

 Consent of the data subject – himself but any manifestation of the free, specific, informed and unambiguous will of the data subject by which he accepts, by an unequivocal statement or action, that the personal data concerning him be processed;

 A.N.S.P.D.C.P. – National Authority for the Supervision of Personal Data Processing;

 GDPR – General Data Protection Regulation (RGPD);

 Cookie – is a special text, often encoded, sent by a server to a browser (web browser) and then sent back (unmodified) by the browser, each time it accesses that server. Cookies are used for authentication as well as for tracking user behavior, typical applications for retaining user preferences and implementing the “shopping cart” system.

 WEB beacon – is an electronic image, also called GIF with a single pixel (1×1) or blank. Web beacons may recognize certain types of information on the visitor’s computer, such as: the visitor’s cookie number, the date and time the page was viewed, and the description of the page where the Web beacon is located. You can inhibit Web beacons by rejecting associated cookies.

 

  1. Preliminary aspects

 

When you visit this website, whether the visit is from a computer (PC), smartphone or tablet, some data files will be stored – cookies, web beacons or similar technologies. We do not collect or process any information on the basis of which the visitor could be identified. We do not conduct advertising or information campaigns based on data collected through our website.

The purpose of this Information Note is to explain to you what data we process, why we process it and what we do with it in your capacity as a visitor and / or client of this website and in our capacity as data operator. Also, by reading this document you will know what your rights are and how you can exercise them legally. We take privacy seriously and never sell lists or email addresses.

The protection and confidentiality of personal data is very important to us. Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not provide information to third parties without informing you in accordance with legal provisions. We do not make exclusively automatic decisions that have a significant impact on you.

 

  1. About us

 

S.C. Rual Farm s.r.l., headquartered in12 Iovita Street, 3 Floor, District 5, Bucharest, Romania, registered at the Trade Register with no. J40 / 20518/2004, Unique Registration Code: RO17028553, phone. +40 21 314 0878, e-mail: office@rual.ro, registered at A.N.S.P.D.C.P. as a personal data controller at no. *****, e-mail responsible for data protection: office@rual.ro, is responsible for the processing of your personal data that we collect directly from you or from other sources.

 

In order for your data to be processed securely, we have made every effort to implement reasonable steps to protect it.

 

  1. Who are you?

 

According to the law, you, as a visitor to our website, are a “targeted person”, ie an identified or identifiable natural person. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller and you, the data subject.

 

Personal data is provided by you as a visitor when accessing our website.

 

  1. Our commitment to the protection of personal data

 

The protection of your personal data is very important to us. Therefore, we are committed to complying with European and national legislation on personal data protection, in particular Regulation (EU) 679/2016, also known as the GDPR and the following principles:

 Legality, fairness and transparency

We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed.

Access to the patient’s personal data is limited only to those employees who need that information for professional purposes.

 Control is yours

Within the limits of the law, we offer you the possibility to examine, modify, delete the personal data you have provided.

 Data integrity and purpose limitation

We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up to date.

 Security

We have implemented reasonable security and encryption measures to protect your information as best we can. However, keep in mind that no computer system, website, application or internet connection is completely secure.

 

  1. Changes

 

We may change this Information Note at any time. All updates and changes to this Policy are valid immediately upon notification, which we will make by posting on the site and / or e-mail notification and / or by other means permitted by law.

 

  1. Questions and requests

 

If you have any questions or concerns regarding the processing of your data or you wish to exercise your legal rights in relation to the data we hold or if you have any concerns about how we treat any privacy issues, you may write to us at e-mail. mail: office@rual.ro

 

  1. Personal data

 

We collect most of the information directly from you (for example, by filling out a form on the website). There may be situations where we collect data from third parties (i.e. partners, advertising platforms), such as procurement and interest information.

 

In addition to the information indicated above, we may also collect the following information, depending on the circumstances:

  • How you interact with our website or ads (for example, information about how and when you access our website or what device you use to access our website);
  • Information provided when filling in forms or questionnaires (data required for invoicing / delivery of orders, provided voluntarily, respectively name, surname, billing / delivery address, telephone, e-mail address);
  • The e-mail address required by customers to access their own account created on our website and to change customer data;
  • E-mail address, name and surname, for marketing purposes, respectively for sending by e-mail the offers and newsletters for the visitors who opt for the newsletter subscription;
  • All personal data in the order confirmation e-mail / warranty form / return form (respectively e-mail address, name, surname, billing / delivery address) are kept for the purpose of communicating with the customer to resolve certain situations return, warranty, etc.;
  • The content of messages sent to us through messaging and e-mail systems;
  • Interactions between you and us on social networks (for example, appreciations, distributions, comments);
  • Information we collect about you from other companies in the group or third parties that have obtained your consent or have any other legal right to share this information with us (including partners / publishing or advertising platforms and data aggregators who obtained that right);
  • If you make purchases on our website and opt for online payment by bank card of the value of the order / contract, this is done through the integrated EuPlatesc solution and certain payment information will be collected (card data, name, first name), but they will be stored by our processing partners in an encrypted way that we cannot read and cannot access that data. We will only be informed if the purchase was successful. Exception to this provision is the situation in which you will provide us with the details of your bank account for a refund in case of return of a product, in which case we will collect and process this data.

 

We may collect data through cookies or other similar technologies, such as:

  • IP address
  • The internet browser (browser) used
  • Geographical location
  • The web pages you access on our site
  • Other data

 

In this Policy, the term “cookie” is used broadly and includes similar technologies such as localStorage. Cookies contribute to the operation of this site and provide us with information about how you interact with it. We use this information to improve our site. We do not seek to identify individual users unless they offer to provide us with their contact details via a form or a request on the site.

 

There are different types of cookies that perform different functions and that generally improve the experience you have on the site. We may use cookies to find out if you have visited the site before or to store some preferences that you selected when you used the site. This site uses its own cookies as well as cookies added by third parties.

 

The cookies used on this site can be classified into three categories:

 

  1. Strictly necessary cookies. These are essential for the operation of some features of the site, such as sending the content of the forms c filled on the site. Without these cookies, we will not be able to offer you the services you request, such as the answer to the contact form. This category also includes cookies that allow us to offer you the services explicitly requested by you during an open session in the browser. These cookies do not collect information about you that could be used for marketing purposes or to monitor the places you have browsed the internet.

Strictly necessary cookies must be permanently activated in order to be able to store your preferences regarding the options regarding the use of cookies.

If you choose to disable these cookies, you will need to choose whether or not to use cookies each time you visit the page.

 

  1. Functional cookies. These are used to memorize the choices you make to provide you with new features that will enhance your site experience.

 

III. Analytical cookies. These cookies are used to collect information about how visitors use the site, for example the number of visits and the average duration of a visit.

 

Some cookies are primary cookies and belong to our website. Others are third-party cookies and belong to other domains. We only use primary cookies, except for third-party cookies associated with Google reCAPTCHA, Gooogle Analytics, and Google AdWords. Google reCAPTCHA is used to differentiate between human users and computers so that we can prevent SPAM actions. Google Analytics allows us to measure sales and conversions and, at the same time, provide us with up-to-date information about how visitors use our site, how they got to the site, and how we can get them to come back. . Google AdWords helps us to be present in the search for customers, just when they search on Google for the products or services we offer. Please see the Google Privacy Policy, which can be found at https://www.google.com/intl/en_en/policies/privacy/.

 

Web beacons. The pages of our site may contain small electronic files known as web beacons that allow us to record activities such as visiting a certain web page. Web beacons are used to track the use of this site and to monitor its performance.

 

Use of IP addresses. An IP address is a numeric code that identifies your computer on the Internet. We use your IP address and the type of browser you use to analyze your site usage pattern, detect site issues, and improve the services we provide to you. But without additional information, your IP address cannot identify you individually.

 

When you access this website, our cookies have been sent to your browser and stored on your computer. By using our website, you consent to the use of cookies and similar technologies. If you wish to delete them, you can do so with the help of your browser settings, however, please note that without cookies, you will not be able to take full advantage of all the functions of our site. How you delete cookies differs from browser to browser. You can access the Help menu in your browser for instructions.

 

  1. Why do we collect this information?

 

We collect your information for specific and legitimate purposes which include, but are not limited to, the following:

 In order to honor the orders / deliveries initiated by customers on our website;

 To provide and improve the services, the content and functionality of our website;

 To diagnose or fix technical problems of our website;

 To defend ourselves against cyber attacks;

 For the creation and / or maintenance of the accounts created on our website;

 For finding or claiming a right in court;

 For analytical and research purposes;

 In the legitimate interest of S.C. Rual Farm s.r.l. to streamline and optimize its activity.

 

Your refusal to provide this information may make it impossible to view the content of our website correctly or make it impossible to access all the functions offered by our website.

 

For all the purposes stated above, the customer must give his explicit consent to the processing of personal data, otherwise the purpose cannot be achieved.

 

  1. Who are the recipients of personal data?

 

The recorded information is intended for use by the operator – S.C. Rual Farm s.r.l. – and are communicated only to the following recipients: public authorities, only if they so request for the performance of an administrative or judicial act, courier companies and freight forwarders, if it has been carried out at an order of products to be delivered to the address indicated by the customer, with third-party sites that are in accordance with Directive 95/46 / EC, but also with the marketing agency that manages the campaigns for the rual.ro site.

We can also share cookies, with: ex Google Analytics, Google Adwords and Facebook Ads. Please read the Cookies Policy carefully.

To the extent permitted by data protection law, in order to fulfill our contractual and legal obligations we may transmit your personal data to national authorities, agencies, supervisors or other service providers. We will clearly indicate each recipient of the data if it is known at the time of processing.

 

  1. Legal grounds for processing

 

The processing of personal data is necessary to achieve our legitimate interests, but only if our interest takes precedence over your rights and interests. If we use the legitimate interest, we perform a legitimate interest analysis (balancing test) through which we can balance our interest and your interests. If our interests prevail, we will use the legitimate interest. In the event that your interests prevail, we will not use the legitimate interest, and to the extent that we fail to identify another correct legal basis, we will not carry out that activity of processing personal data.

 

In some cases, the processing of personal data may be necessary to protect the vital interests of you or another individual.

 

The information is lawfully processed in accordance with your consent to the processing of personal data.

 

From the point of view of EU Regulation 679/2016, the information is legally processed as follows:

 the transmission of certain information to state institutions is necessary based on the fact that the hospital fulfills its legal obligations (Article 6 (1) c) and complies with laws that are of public interest (Article 9 (2) g);

 the use of the specified emergency contact is made on the basis of vital interests (Article 6 (1) d);

 In the case of photography or video presentation, we use your consent (Article 6 (1) a). You have the right to cancel this type of processing at any time. If you withdraw your consent, we assure you that your image will not be processed in any future presentation, but documents already registered or printed based on your consent will not be withdrawn;

 in the case of video recordings we use the legal obligation (Article 6 (1) c) or our legitimate interest (Article 6 (1) f). This information will only be used to ensure the safety and security of you, your employees and your property.

 

  1. How and for how long do we keep personal information?

 

The personal data collected from you is kept in electronic form.

 

Personal data collected electronically are stored on IT&C equipment located inside the S.C. Rual Farm s.r.l. or to partners to whom we have outsourced certain services. We ensure that the information we hold is stored in secure locations, with an adequate level of security and with access allowed only to authorized personnel in accordance with legal requirements, with the internal regulations of S.C. Rual Farm s.r.l. and best practices in this area. We also ensure that the authorized persons are contractually obliged to implement technical and organizational data protection measures, if the data processed by them identifies or could identify a person.

 

We collect and process the personal data of the data subjects only for the period necessary to fulfill the purposes for which they were collected, in compliance with applicable legal provisions, as well as internal data retention procedures (including archiving rules applicable to SC Rual Farm srl), the development of the commercial contract, but not more than the termination of the contract or the last interaction with us. After the end of the period, personal data will be deleted or archived, secured and stored in accordance with applicable law.

 

Please note that in certain expressly regulated situations, we store data for the period required by law.

 

  1. How do we transmit your information?

 

We may disclose your data in compliance with applicable law to business partners or other third parties.

 

With these third parties we have clauses against privacy and security standards so that your data is protected. We will inform you of the identity of these companies before transmission, within a reasonable time and we will ensure that any transfer is legitimate, based on your consent or other legal basis.

 

We will also be able to provide your personal information to the prosecutor’s office, police, courts and other competent state bodies, based on and within the limits of legal provisions and as a result of express requests.

 

  1. Security of your data

 

The processing of personal data is carried out by automatic means, in compliance with legal requirements and under conditions that ensure security, confidentiality and respect for the rights of data subjects.

 

For the confidentiality and security of your data, registration and authentication on the online store involves a password.

rual.ro has a security certificate installed on the server on which personal data is collected.

 

Access to the database on which personal data is stored is made only by employees of the company S.C. Rual Farm s.r.l. by entering a username and password. Accounts of employees who are no longer part of S.C. Rual Farm s.r.l., will be deleted.

 

  1. What are your rights?

 

With regard to the processing of your personal data, in accordance with EU Regulation 679/2016 on the protection of individuals with regard to the processing of personal data, you have the following rights:

 The right to withdraw consent

You have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal;

 The right to be informed about the processing of your personal data

 The right to access data

You have the right to obtain from us a confirmation that personal data concerning you are processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of the GDPR.

 The right to rectify inaccurate or incomplete data

You have the right to obtain, from us, without undue delay, the rectification of inaccurate personal data concerning you.

 Right of erasure (“right to be forgotten”)

In certain circumstances, provided in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data (for example: when personal data are no longer necessary in relation to the purposes mentioned above, consent to the processing of personal data has been withdrawn and we no longer we can process on other legal grounds).

 The right to restrict data processing

In the cases provided in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing (for example: the data subject disputes the correctness of personal data, for a period that allows us to verify the accuracy of the data in question; the processing is illegal and the data subject personal requesting instead the restriction of their use; the data are no longer necessary for our processing, but the data subject requests them for a lawsuit).

 The right to transmit the data we have about you to another operator – data portability

In the cases provided in art. 20 of the GDPR, you have the right to request and obtain data portability.

 The right to object to the processing of data

In the cases provided in art. 21 of the GDPR, you have the right to object to the processing of personal data obtained on the basis of consent.

 The right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles

 The right to submit a complaint to us and / or to the competent authority on data protection, respectively to the National Authority for the Supervision of Personal Data Processing (A.N.S.P.D.C.P.) – e-mail: anspdcp@dataprotection.ro

 The right to go to court

 

Please note that:

 The rights listed above are not absolute. There are exceptions, so each request received will be analyzed. To the extent that the request is substantiated, we will facilitate your exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of the rights to lodge a complaint with the Supervisory Authority and to go to court.

 We will respond to the request within the legal deadline.

 If we are unable to identify you, and you do not provide us with additional information in order to identify you, we are not obligated to comply with the request.

 If you want to exercise your rights under EU Regulation 679/2016 and in order to be able to respond to you in an efficient way, you can do so by sending a written, signed and dated request in which you will have to provide us with your identity (full name, CNP, address) and indications regarding the information you request.

 

  1. Questions, requests and exercise of rights

 

If you have any questions or concerns regarding the processing of your information or wish to exercise your legal rights or have any other privacy concerns, please contact our Data Protection Officer at office@rual.ro or by a written and sent notification For the attention of the Person in charge of Personal Data Protection, to the address:  12 Iovita Street, 3 Floor, District 5, Bucharest, Romania.