Personal data processing Policy
1. Website Owner
INOMEA SRL (hereinafter referred to as the “Controller”) is the owner/administrator of the website www.rosamundiperfumery.com (hereinafter referred to as the “Website”), which sells the Controller’s products that may be purchased by online orders, after certain personal data is supplied, as required in order to open an account for submitting orders and/or using the Website.
Name of Website Owner: INOMEA SRL
Address of the registered office: Intrarea Medic Col. Stoenescu nr. 5, Sector 5, cod 050457, Bucharest, Romania
Sole registration number (CUI): 36474684
Registered with the Trade Register under number: J40/11491/2016
2. Data subject
2.1. Any person accessing the Website, who opens an account in order to place purchase orders for the Products and/or for using the Website and who supplies personal data to the Controller will be hereinafter referred to as the “Data Subject”.
2.2. The Personal Data Processing Policy (hereinafter referred to as the “PDP Policy”) is applicable to any of the Data Subjects.
3. Subject matter
3.1. The Controller identified in Chapter 1 of the PDP Policy will process the Data Subjects’ personal data, in accordance with Law no. 677/2001 on protecting persons when their personal data is processed and on the free movement of such data, as amended and completed (hereinafter referred to as the “Law”) and with Law no. 506/2004 on personal data processing and on protecting intimacy in the field of electronic communications.
4. Personal data processing
4.1.1. Both the Controller, and the person empowered by it must process and manage the personal data supplied by the Data Subject in order for the Website to be properly used, securely and for the indicated purposes only, in observance of the Romanian legal provisions.
4.1.2. The data requested by the Controller, such as first and last name, e-mail address and/or complete postal address, mobile telephone number, e-mail, as well as information regarding the bank card when the Data Subject opts for this payment method when placing an Order, is information necessary for creating a new account, for signing the Sale and Purchase Agreement, particularly for identifying the Data Subject, for invoicing the Products purchased from the Website and also for the delivery thereof. If the Data Subject refuses to supply such data to the Controller, it will not be able to use the Website and the placed Order will not be completed.
4.1.3. By accessing the Website, the Data Subjects accept that the data supplied will be processed for the purpose of delivering the placed order, of improving the services or of learning more information on how the Website is used or in order to make statistics regarding the sale of certain Products, the place where the Data Subjects originate from, their age, the frequency with which various websites or certain Products are accessed, offers etc. This information allows that a profile of the Website visitors to be created. The Data Subjects agree with the data processing for the mentioned purposes.
4.1.4. The information regarding the Data Subject may be sent to any third party authorized under the law or appointed by the Controller, only so as to verify the Data Subject’s identity, the validity of the order, the method of payment used and the delivery of the ordered products. Following such verification, the Controller may request a copy of the Data Subject’s ID, and/or any other information regarding and used to determine the Data Subject’s identity. Under the legal conditions and under the PDP Policy, the Data Subject is entitled to access, to rectify and to delete the personal data concerning him/her which is processed by the Controller, all these rights being detailed under Section 4.2 below.
4.1.5. The PDP Policy comprises the necessary information regarding the nature and purpose of the processing of the Data Subject’s personal data, which are supplied to the Controller via the Website, the origin of such information and the use of the information deriving from the use of the Website, and also the rights that the Data Subject holds in connection therewith.
4.1.6. The PDP Policy is applicable to all personal data and navigation data collected and processed by the Controller or by the person empowered by it, when the Data Subjects use the Website. Thus, by using the Controller’s Website, the Data Subjects express their consent regarding the provisions of the PDP Policy.
4.1.7. At all times, the Controller is able to amend the PDP Policy and such amendments will be effective immediately. Therefore, in order to always be correctly informed, the Controller recommends the Data Subjects to read the PDP Policy regularly, each time they access the Website. For additional information regarding personal data processing, the Data Subjects are encouraged to contact the Controller by calling +40 738 660 355, 10:00 - 17:00.
4.2. Rights related to personal data processing
4.2.1. The Controller informs the Data Subjects that they have the following rights in connection with the processing of the personal data that they supply, in accordance with Law no. 677/2001 on protecting persons when their personal data is processed and on the free movement of such data, as amended and completed, and of Law no. 506/2004 on protecting personal data and intimacy in the sector of electronic communications:
184.108.40.206. Right of information (Art. 12): The Controller shall supply to the Data Subject at least the following information, unless this person already holds such information: the identity of the Controller and of its representative; the purpose of the data processing; additional information, such as: the data recipients or the categories of recipients of the data; whether the supply of all requested data is mandatory and the consequences of any refusal to supply it; the existence of the rights provided herein for the data subject, particularly of the right of access, of intervention on the data and of opposition, as well as the conditions under which they may be exerted.
220.127.116.11. Right of access to the data (Article 13): any Data Subject is entitled to obtain from the Controller, on demand and free of charge for one request per year, a confirmation of the fact that the data that concern it are processed or not by it.
18.104.22.168. Right of intervention on the data (Article 14): any Data Subject is entitled to obtain from the Controller, on demand and free of charge, the rectification, update, blocking or deletion, as the case may be, of the data the processing of which is not compliant with the law, particularly of the incomplete or inaccurate data; the conversion into anonymous data of the data the processing of which is not compliant with the Law; the notification to the third parties that the data of any operation carried out in accordance with Article 14 (1) letters a) or b) was disclosed to if such notification does not prove impossible or does not imply an effort that is disproportionate versus the legitimate interest that could be damaged.
In order to exert this right, the Data Subject will submit a written application to the Controller, which will be dated and signed. In its application, the applicant may indicate whether he/she wishes for the information to be delivered to it to a certain address, including an electronic address, or via a correspondence service that ensures personal delivery. The Controller must disclose the measures taken regarding the data subject’s request, and, if applicable, the name of the third party to whom the personal data regarding the data subject was disclosed, within 15 days after the receipt of the request, in observance of a possible option expressed by the applicant in his/her application.
22.214.171.124. Right of opposition (Article 15): For grounded and legitimate reasons related to his/her particular situation, at all times, the Data Subject is entitled to oppose the processing of the data referring to him/her, unless legal provisions set forth otherwise.
126.96.36.199. Right to not be subjected to an individual decision (Article 17): The Data Subject is entitled to request and obtain the cancellation of any decision that is legally effective with respect to him/ her and that was taken solely based on personal data processing, by automated means, aimed at assessing some aspects of its personality, as well as his/her professional competence, credibility, behavior or any other aspects, as well as the reassessment of any other decision with respect to him/ her, which materially affects him/her, if the decision was adopted exclusively based on data processing that meets the condition above.
188.8.131.52. Right to take legal action (Article 18): The Data Subject is entitled to take legal action in court in defense of any rights guaranteed by the law that were breached.
4.2.2. By reading the PDP Policy, the Data Subject took note of all rights provided by the law, namely the right to have access to data, the right of intervention, the right of opposition, the right to not be subjected to an individual decision, the right to take legal action, as detailed above, and that all these right are observed and guaranteed by the Controller.
4.3. Categories of personal data and purpose of the processing thereof
4.3.1. The personal data collected from Data Subjects by the Controller are as follows: first and last name, date of birth, complete postal address, mobile telephone number, e-mail, data regarding the bank card when the Data Subject opts for this payment method. This is information necessary for creating a new account on the Website , for concluding the Sale and Purchase Agreement, particularly for identifying the Data Subject, for invoicing the Products purchased from the Website and also for the delivery thereof. If the Data Subject refuses to supply such data to the Controller, it will not be possible to meet the Order.
4.3.2. The Controller may also request additional, optional information, such as the products preferred by the Data Subjects, the previously used products, the products in the Data Subject’s Wish List, etc.
4.3.3. The Controller may ask the Data Subject to submit the following information: gender, date and place of birth, data in the civil status documents, occupation, image, voice, personal identification number, series and number of the ID/passport etc.
4.3.4. The personal data supplied by the Data Subjects to the Controller may be used, in accordance with the consumers’ rights, to receive information via e-mail or telephone regarding the products sold by the Controller, for advertising purposes, for market researches, for statistics, sale monitoring as well as to analyze the Data Subject’s behavior. By supplying the data requested by the Controller, the Data Subject consents to receiving e-mails or messages with the Controller’s commercial offers regarding the products and services thereof.
4.3.5. The Controller may regularly send to the Data Subjects the offers regarding its Products or contact them for market surveys. The Data Subjects are entitled to unsubscribe any time from such communications by using the Unsubscribe button / link in the e-mails or by sending an e-mail to email@example.com. If the Data Subjects choose to unsubscribe, they will no longer be up to date with the Controller’s promotions and discounted prices.
4.3.6. Without indicating personal data, such as names and addresses of the Controller’s Website visitors, the Controller may collect and publish information regarding the Website visitors’ profiles. Moreover, the Controller could collect information for statistic purpose, in order to improve the services and to find out more on how the Website is used, as well as in order to create statistics regarding the sale of certain products, the city or country where the Data Subjects come from, the age thereof, the frequency of accessing various websites or certain products, offers etc. All such information that allows for a profile of the Website user to be created may be kept by the Controller in order to be used for comparative internal analyses and statistics, for an optimization of the quality of the offered services.
4.4. Collection, processing, storing and transferring the personal data
4.4.1. The personal data are collected by the Controller or by the person empowered by it starting with the moment the Data Subjects signs up on the Website using the form for creating a Website Account, when the Order is placed, when answering questionnaires or when the Controller contacts the Data Subjects by telephone.
4.4.2. The information collected by the Controller requested in order to meet the orders placed by the Data Subjects or to answer their requests are marked on the data collection forms by an asterisk (*).
4.4.3. In order to better meet the Data Subjects’ demands, by offering customized services, the Controller will use the data supplied by them on the Website in real time, when directly contacted through the Website. When the Data Subjects read the section of their account and the data registered on the Website, the Controller’s servers automatically recognize the IP address of the Data Subject’s device or the number that identifies the telephone used by the Data Subject to connect to the Internet. In order to prevent this, the Data Subjects must sign out from their account.
4.4.4. The Controller or the empowered person keeps the data collected for a period that does not exceed the time required for the purpose of such collection.
4.4.5. The personal data indicated in the PDP Policy is intended to be used by the Controller and by the person empowered by it and may be transferred to other states . The Data Subject expressly and unequivocally represents that he/she agrees with such transfers and processing.
4.5. Disclosure of personal data
4.5.1. The Controller or the person empowered by it may disclose the personal data supplied by the Data Subjects on the Website to the Controller’s affiliates, to the third parties performing services contracted by the Controller, including but not limited to the processing and delivery of the Orders submitted on the Website and the payments made by the Data Subject, the processing of banking data regarding cards, the hosting of the Website, the analysis of the data supplied on the Website, services for Data Subjects, including but not limited to the e-mail or telephone communication services, audit or other similar services.
4.5.2. The Data Subjects represent that they unconditionally accept, by filling in the form for creating an account and/or placing an order for products on the Website, that the personal data thus supplied can be included in the Controller’s database, thus expressly agreeing that all personal data should be stored, used, and processed temporarily by the Controller, its affiliates and collaborators in order for the latter to perform/carry out the activities indicated under article 4.5.1., but not limited to them.
4.5.3. The data indicated in the PDP Policy shall only be disclosed by the Controller to third parties for the purpose required for the third parties to carry out the services for the Controller or in the Controller’s name. The Data Subject is entitled to oppose the processing of his/her personal data and to request the complete or partial deletion thereof by the third parties processing it.
4.6. Security and confidentiality of the personal data
4.6.1. The Controller will apply the adequate measures to keep confidentiality of the processed personal data, to protect it and to ensure an adequate level of security as regards the risks of processing the collected data.
4.6.2. The Controller will take the security measures to prevent the loss and destruction of the personal data and will take measures to stop the access of unauthorized persons to such data.
4.6.3. Nevertheless, the Controller does not control all risks associated to the operations carried out by the Data Subjects online as regards the risks associated with the use and operation of the Internet.
5.1. The Data Subjects accept that all elements of the Controller’s Website rosamundiperfumery.com, all content information and materials thereof, the trademarks used by the Controller, as well as any other messages, images, videos, code structure, buttons, graphic and design elements, selection and use criteria of the Website are protected by intellectual property rights in favor of the Controller. Using the Website does not imply that the Controller grants the Data Subjects any intellectual property rights over the Website or any content thereof.
5.2. The Data Subject shall not reproduce, convert, modify, disassemble, distribute, lease, rent or make available, by any form of public communication, any of the elements indicated under point 5.1., shall not allow public access to any of these elements, shall not exploit, in any way, either directly or indirectly, the materials, elements and information obtained through the Controller’s Website, unless expressly authorized by the Controller.
5.3. The Data Subject is entitled to inform the National Supervisory Authority for Personal Data Processing in connection with any act that in his/her opinion affects his/her protected rights.
5.4. Any possible dispute between the Data Subject and the Controller will be first settled amicably and insofar such a settlement is not possible, the litigation will be settled by the competent courts in Romania. Moreover, these provisions do not leave out the possibility for other competent institutions to intervene.
5.5. Any notifications, complaints, or suggestions in connection with the personal data processing, the PDP Policy, the Controller’s Website, as well as in connection with other matters that the Controller could be held liable for must be sent to firstname.lastname@example.org.
5.6. Please download the PDP Policy: https://www.rosamundiperfumery.com/politica-de-prelucarare-a-datelor-cu-caracter-personal/.