From May 25, 2018, the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “Regulation”) will apply in all the countries of the European Union. The purpose of the Regulation is to provide a uniform and coherent legal framework across the European Union, which should not require further implementation measures at national level.
BLUGENTO SA, headquartered in Romania, Str. Câmpul Pâinii, no. 3-5, County Cluj-Napoca, Cluj, Trade Register No. J12/1919/2016, Tax Identification No. RO36072180, legally represented by Băbășan Sergiu Lucian, as Data Controller, is responsible for the operation of the website www.zentoshop.com
This web page is dedicated exclusively to users above the age of 16
In order to comply with our obligations arising from the Regulation and considering that personal data protection is a major and ongoing concern to us, we have created this document, which describes the categories of personal data that we collect when you access our web page, the purpose and grounds for data processing, the duration of the processing, where we store and with whom we share such data, as well as your rights as a Data Subject, these aspects being implemented to ensure the protection of your fundamental rights and freedoms and particularly your right with respect to personal data security.
- “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
We assure you that your personal data are processed in a lawful, fair and transparent manner, solely for the explicit purposes brought to your attention.
THE COMPANY, as Controller, processes personal data in a manner that ensures the proper security of such data, including the protection against unauthorised or unlawful processing, loss, accidental destruction or damage, by implementing appropriate technical and organisational measures.
2. Personal data that we process. Purpose. Grounds. Duration of processing.
We only collect from you the personal data that are necessary in order to allow you to access our web page, to process your orders, to give you access to our products and to keep you updated on our products, services and offers (direct marketing), to the extent permitted by the applicable laws or based on your consent.
As a rule, we process the following data about you:
- Full name
- Contact address and delivery address
- Phone number
- E-mail address
- IP address
Each category of data is collected for specific, explicit and legitimate purposes, will not be subsequently processed in a manner that is inconsistent with these purposes and will only be processed for as long as necessary to fulfil the processing purposes.
In order to be in line with the transparency principle as concerns the processing of your personal data, we present below the manner, the purposes and the legal grounds (legal basis) of our data processing activities.
CREATING AN ACCOUNT
We need such personal data for pre-contractual purposes, in order to allow you to access our products and to place an order, the grounds for such processing being represented by the contractual obligation. Unless you agree to the processing of your personal data THE COMPANY will not be able to process and deliver your orders.
Your personal data will be stored during the entire existence period of the account, until its deletion, but no longer than 3 years from the last login date or the last order. We will notify you accordingly before closing your client account and deleting all the data linked to it. If you place an order after creating your account, your data will be stored for a period of 3 years since the last order date; this represents the limitation period.
The personal data processed upon the creation of your account are not subject to a decision based solely on automated processing, including profiling, will not be disclosed to any third party and will not be transferred to any third country or international organisation.
PLACING AN ORDER
When you fill in and complete the order form, we request and collect your name, surname, contact address, delivery address, phone number, e-mail address and IP.
We need such personal data for contractual purposes, in order to process your orders, to deliver your products at the mentioned address, to fulfil our warranty obligations in respect of the products, or to allow you to return the products. The grounds for such processing are represented by the contractual obligation of the parties, as established in the Terms and Conditions. Unless you agree to the processing of your personal data THE COMPANY will not be able to process and deliver your orders.
Moreover, we need your personal data in order to fill in and remit the invoices in connection with the products delivered to you. Your online payment details will not be available to or stored by THE COMPANY, but only by the provider of electronic payment services or by another entity authorised to store the card identification details, of whose identity you will be notified prior to inserting your card details for online payment. The only payment-related details that we will store are those regarding the date when the transaction is initiated or completed and the payment status. Subject to the legal requirements, your personal data required for the issuance of payment documents will be transmitted to our IT service providers and used for the purpose of filing the requested tax and accounting statements with the tax authorities.
Your data will be stored during the entire period of the contractual relationship and for a period of 3 years since the last order date; this represents the limitation period.
In order for us to fulfil our obligations in a timely and appropriate manner, your personal data will be disclosed to our reliable and carefully selected business partners:
- the provider of external server data storage services, located in Romania;
- the provider of accounting services;
- the provider of communication and e-mail correspondence services;
- the provider of mobile communication services located in Romania, through which we stay in contact with you;
- the agreed shipping companies;
- the online payment processors.
The personal data processed upon the creation of your account are not subject to a decision based solely on automated processing, including profiling and will not be transferred to any third country or international organisation.
NEWSLETTER – DIRECT MARKETING
Subscribing to and unsubscribing from the BRAND newsletter is free, optional and solely based on your consent. The newsletter is a form of periodical notification via electronic channels only (e-mail, SMS), with regard to the Goods, Services and Promotions of the Seller available during a specific period, but with no commitment on behalf of the Seller as concerns the information content of such newsletter.
For the purpose of marketing services, the data we collect from you are your e-mail address, phone number and full name. Such data will be used solely for keeping you up to date regarding our products, services and offers. The legal grounds for personal data processing are represented by your consent and the duration of such processing equals the entire existence of the consent.
You may withdraw your consent at any time, by sending an e-mail to firstname.lastname@example.org or by accessing the unsubscribe link in the e-mail received from us, which results in the cessation of processing. The withdrawal of your consent will not affect the lawfulness of the processing carried out prior to such withdrawal.
Your data will not be transferred to any other controller or processor, or to any third country or international organisation.
Cookie files allow us to save your e-mail address, so that you are automatically recognized and logged in on your next visit.
But you can also access our web page without cookie acceptance.
If you do not want your computer to be recognized, you can block the storage of cookies on your hard drive by configuring your web browser to disable cookies. For detailed instructions on cookies, you may check your browser support page. Should you not accept cookies, this may cause functional restrictions related to our offers.
When you access web pages that contain plug-ins, your browser creates a direct connection to the servers of the respective providers. The plug-in content is transferred from the respective provider to your browser and embedded on the web page. By integrating plug-ins, the provider is notified that your browser has accessed our web page. This happens irrespective of whether you have a profile on the respective social network or you have just logged in.
If you are already logged in, the social network may assign the visit on our website to your profile. For example, if you use plug-ins and you click the “Like” button or make a comment on Facebook, the related information is sent directly to the respective provider and stored.
Further details regarding the purpose and volume of the collected data, the subsequent use and processing of such data through the respective provider, your rights and privacy settings are available in the data protection guidelines of the respective provider.
3. Personal data security
Personal data security is a top priority for us. We assure you that we process your personal data in line with the Regulation principles, in a manner that ensures the proper security of the data, including the protection against unauthorised or unlawful processing, loss, accidental destruction or damage, by implementing appropriate technical and organisational measures and by applying adequate internal policies in terms of data protection.
This website applies all the security measures required for the protection of our users’ personal data. The personal data filled in on our website will be protected both in offline and in online mode. All personal data will be processed via secure pages using SSL encryption and displaying a lock icon at the bottom of the Microsoft Internet Explorer browser window.
4. Your rights as a Data Subject
Regulation 679/2016 aims to ensure the protection of natural persons with regard to their fundamental rights and freedoms, in particular their right to the protection of personal data.
You are entitled to exercise any of the following rights in order to ensure the protection of your personal data:
-the right of access: you may request information regarding the categories of personal data processed, the purposes of the processing, the recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of automated decision-making, including profiling;
-the right to rectification: should there be any errors regarding your personal data, you have the right to obtain their rectification or to have incomplete personal data completed. We will notify such rectification to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
-right to restriction of processing: you have the right to request the restriction of processing in the following situations: you contested the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the undersigned company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing, pending the verification whether the legitimate grounds of the controller override yours.
-right to erasure: you may request the erasure of your personal data if: they are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw the consent on which the processing is based and where there is no other legal ground for the processing; you object to the processing and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation; the personal data have been collected in relation to the offer of information society services.
-right to data portability: you may request the transfer of your personal data to another controller, where the processing is based on your consent and the processing is carried out by automated means.
-right to object: you may object at any time to the processing of your personal data for direct marketing purposes, including profiling, in which case your personal data will be erased.
-right not to be subject to a decision based solely on automated processing, including profiling.
You may exercise these rights by sending a request to THE COMPANY, as controller, at our headquarters, or at the e-mail address email@example.com, or by using the options available on our website (link to export and delete).
If you consider that your rights have been violated, you may file a complaint with the National Supervisory Authority for Personal Data Processing.
5. Contact details
This Policy is supplemented by the other specific policies of THE COMPANY and by the Terms and Conditions available on our website. Any change in the provisions of this policy will be notified to the users by e-mail, in order to ensure that they are permanently updated regarding the information that we collect, how we use it and in what circumstances, if any, we disclose it. The users may agree or disagree with the use of the information for other purposes. We will use the information in accordance with the policy based on which it was collected.
This notification is limited to our web page and is not valid for the websites of third-party controllers, which may be accessed via this website. We have no control of the processing of data by such third-party controllers and we decline any responsibility or liability in relation to the respective web pages.