Processing of personal data
In accordance with the provisions of the Regulation (EU) No. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR"), of the internal normative acts approved for the implementation of the GDPR, we have the obligation to process your personal data that you have provided us safely, in good faith and in accordance with the legal provisions in force, exclusively for the fulfillment of the specified purposes.Personal data operator
The personal data operator is Daniela Barb Fashion SRL (the "Company"), based in Bucharest, Sector 4, Bulevardul Gheorghe Şincai Boulevard nr. 15B, etaj 4, apartament 34, cod postal 040314, registered with the Bucharest Trade Register under no. J40/8059/2014, Sole registration code 33357817, duly represented by Barb Daniela-Nicoleta, in her capacity of administrator.
Daniela Barb Fashion SRL is a Romanian company incorporated and operating in accordance with the Romanian law, which, in its capacity as an operator, stores in good faith the personal data of its clients in accordance with the applicable regulations, fully respecting the principles of personal data processing for legitimate purposes, in accordance with Article 5 of the General Data Protection Regulation and internal normative acts approved for the implementation of GDPR.Categories of processed personal data
We collect your personal data directly from you, so you have control over the type of information you provide us. The types of processed personal data include:a) Upon registering on the website, you must provide us with: your first and last name and e-mail address; we also give you the option to register on the website with your Facebook, Google, or Amazon account. If you choose one of these options, you will be redirected to a page managed by Facebook Inc., Google LLC, or Amazon Services LLC, where you will be informed about the transfer of your data to our website. You can review the privacy policies of Facebook, Google or Amazon on their websites.
b) On your client page (My Account Section) of the website, you can insert additional information such as: delivery addresses, phone number;
c) When placing an order, you should provide information, such as: ordered products, first name and last name, delivery address, billing details, payment method, phone number etc.
We do not collect or otherwise process sensitive data included by GDPR in special categories of personal data. We also do not wish to collect or process data of minors who are under the age of 16.The purposes and legal basis for the processing
Firstly, we process your personal data for the purpose of selling our products through the website shop.danielabarb.ro. Data processing for this purpose may include, as appropriate, the following: creating and managing your client account; handling of orders, including picking, shipping and billing thereof; resolving cancellations / returns or issues of any kind relating to an order; returns of products according to the legal provisions; reimbursement of the value of the products according to the legal provisions, etc. Data processing for these purposes is necessary for the conclusion and performance of a contract between our company and you. Certain processing is also required by fiscal and accounting regulations.
Secondly, we process your personal data for marketing purposes. In this regard, we may send you any type of message (such as: email/SMS/telephone, etc.) containing information about offers or promotions or information on the products you were interested in purchasing. Data processing for marketing purposes is based on your prior consent. You can withdraw your consent at any time via an email with this subject sent to firstname.lastname@example.org.
Thirdly, we can process your personal data in order to protect our rights and commercial activity through measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities, as well as measures for the management of various other risks. The general basis for these types of processing is our legitimate interest in defending our commercial activity.Duration of processing
Your personal data will be stored for a limited time, in a safe place and in accordance with legal requirements, as follows:a) fiscal-accounting documents containing personal data will be stored during the contractual relationship with our company and for a period of 10 years after its termination, according to the financial and accounting legislation;
b) data processing for direct marketing purposes will take place from the moment you have given your consent to the processing of personal data for direct marketing and until you withdraw your consent;
c) processing of the personal data provided on the website registration, as well as the additional information provided in the "My Account" section will be made for the entire period between the date of the registration on the website and the date of deletion of the client account created by you upon registration on the website; to delete the account created on the website, please send an email from the email address used for registration to email@example.com with the subject "Delete account" and we will delete the account you created and confirm such deletion of your account by email within 2 working days of the date of your request;
d) the processing of personal data for the other purposes set out in Section 3 above will take place during the contractual relationship with our company and for a period of 1 year after its termination.
Transmission of personal data
We may transmit or give access to certain personal data to the following categories of recipients:
- courier service providers (currently, Fan Courier);
- payment/banking services providers (currently, Netopia/MobilPay.ro operator);
- marketing service providers;
- insurance companies;
- IT service providers (for example, Shopify e-commerce platform).
If we have a legal obligation or if it is necessary in order to protect our legitimate interest, we can also disclose certain personal data to public authorities.
We will always ensure that access to your data by third party private legal entities is given in accordance with the legal provisions on personal data protection and only on the basis of contracts concluded with them.Transfer of personal data
Currently, we store and process personal data on the territory of Romania.
However, it is possible to transfer certain of your personal data to entities located in the European Union, the European Economic Area (EEA) or even outside the European Union / EEA, but only for purposes related to deliveries made to you outside the Romanian territory.Security of personal data
We ensure the security of personal data by implementing technical and organizational measures adapted to industry standards. Processing and storing data is made by using the Shopify.com platform.
For your complete information, in your capacity of data subject, you have the following rights related exclusively to your personal data as provided for in the General Data Protection Regulation:a) Right of access - the right to obtain confirmation from the operator whether or not you process the personal data concerning you and, if so, you can access that data and information on the way the data is processed;
b) Right to data portability - the right to receive personal data in a standard, structured, commonly used and readable form, and the right for your data to be transmitted to another operator without hindrance from the operator, if such data is processed automatically, based on your consent in accordance with art. 6 par. (1) lit. a), respectively under a contract according to art. 6 par. (1) lit. b) RGPD;
c) Right to oppose - the right to oppose, for reasons related to your particular situation, to the processing of personal data concerning you, including the profiling based on such data, when the processing is carried out pursuant to art. 6 par. (1) lit. (e) and (f) of the RGPD, namely to achieve a legitimate interest of the operator or to carry out a task which is in the public interest;
d) Right to rectification - correcting, without undue delay, inaccurate personal data. You have the right to obtain the complementation of incomplete personal data, including by providing a supplementary statement, and the rectified data will be communicated to each recipient who has received the data, unless this proves to be impossible or involves disproportionate efforts;
e) Right to deletion of data („the right to be forgotten”) - the right to request the deletion of personal data without undue delay in cases where: the data are no longer necessary for the purposes for which they were collected or processed; you withdraw your consent and there is no other legal basis for processing; you oppose to the processing and there is no legitimate legal basis that prevail; personal data has been processed illegally; personal data must be deleted for compliance with a legal obligation; personal data has been collected in connection with the provision of information society services. Deletion of data will be communicated to each recipient who has received the data, unless this proves impossible or involves disproportionate efforts;
f) Right to restriction of processing - refers to the case where the person disputes the accuracy of the data, for a period that allows the operator to verify the accuracy of the data; if the processing is illegal and the person opposes to the deletion of personal data, instead requesting the restriction of their use; if the operator no longer requires personal data for processing, but the person requests them for the establishment, exercise or defence of a right in court; if the person has opposed to the processing for the period of time that it is verified that the legitimate rights of the operator prevail over the person's rights;
g) The right not to be the subject of a decision based solely on automatic processing, including the creation of profiles, which produces legal effects that concern you or will affect you to a significant extent, except for the processing concerning the conclusion or the performance of a contract with you, such processing is authorized by the applicable legal provisions or the data processing is based on your consent.
h) The right to withdraw your consent. When processing your personal data is done based on your agreement, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing made based on your consent prior to its withdrawal.
All these rights may be exercised by written, signed and dated request, sent to Daniela Barb Fashion SRL, Bucharest, Sector 4, Bulevardul Gheorghe Şincai nr. 15B, etaj 4, apartament 34, cod postal 040314, or by e-mail at firstname.lastname@example.org.
Also, in your capacity of data subject, you are entitled to address to the National Authority for the Supervision of Personal Data Processing (București, Sector 1, Bulevardul Gheorghe Magheru nr. 28-30, cod postal 010336, telephone: +4 031 805 92 11 or +4 031 805 92 12, e-mail: email@example.com) and to the courts.
If you submit a request for the exercise of your data protection rights, the operator will respond to such request within 30 days, under the terms of the General Data Protection Regulation.
The personal data operator guarantees that it processes your data under legitimate conditions while implementing appropriate technical and organizational measures to ensure the integrity and confidentiality of the data under Art. 25 and 32 of the General Data Protection Regulation.