top of page
PRIVACY POLICY

For the company PETRY RETAIL SRL, URC: RO34061444, trade register no. J26/108/2015, with headquarters in Târgu Mureș, Mureș county, Scaricica str. no. 1, ap.1, the protection of your personal data is very important, so our company has adopted strong rules and principles in this regard.

 

We value our customers and their privacy very much. All personal information is used to ensure the efficient processing of orders placed on our website. Personal data are used only for contacting and identifying our customers and their needs. We will not give, sell, rent, or loan any personal information to any third party. The refusal to provide the data requested for carrying out the commercial activity in a legal framework may determine our impossibility to be able to deliver and invoice the ordered products or to provide certain support services.

 

This Information on the Protection of Personal Data Policy provides you with detailed information regarding the protection of your personal data by SC PETRY RETAIL SRL, ("we").

 

We are responsible, as Data Controller - for the collection and processing of your personal data in connection with our activity of processing and executing the orders launched. The purpose of this Privacy Policy Notice is to inform you about the personal data we collect about you, why we use and share this data, how long we keep it, what your rights are and how you can exercise them.

 

Introduction

As you probably know, on May 25, 2018, the European Regulation 2016/679 on the protection of natural persons regarding the processing of personal data and the free movement of such data ("the Regulation") becomes applicable. Its main purpose is to increase the level of protection of personal data and create a climate of trust that allows each person to control their own data.

 

Thus, we consider it an appropriate time to inform you how we protect your personal data and how we apply the provisions of the Regulation. In the sense of the definition of art. 4.1 of REGULATION (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR) "personal data" means any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to its physical, physiological, genetic, psychological, economic, cultural, or social identity.

 

Who are we, who processes personal data?

Your data will be managed by our company, PETRY RETAIL SRL, URC: RO34061444, trade register no. J26/108/2015, with headquarters in Târgu Mureș, Mureș county, Scaricica str. no. 1, app.1, representing the operator in accordance with the GDPR and therefore responsible for the data processing, described below. For questions or requests regarding data processing, please contact us at the contact details you can find below.

 

Our commitment

We are firmly committed to respecting your rights and we take the legislation on the protection of personal data and privacy seriously. We have included in our personal data protection policy the principles by which we are guided with regard to the personal data of our customers and collaborators and information on how we collect, process, use, and protect your personal data.

 

Purpose of the document

This document contains the essential information about the way of processing personal data within the services offered by us. The data protection document is designed to inform you about the processing of your personal data and your rights regarding this processing in accordance with the General Data Protection Regulation no. 679/2016/EU (“GDPR”) and the national legislation in force.

 

Why do we need your personal data, what data do we collect with your consent?

We collect and process your personal data based on legal grounds and your explicit consent. You can withdraw this consent at any time. Among the legal grounds is the need to fulfill mutual contractual obligations within the conclusion of a distance commercial contract.


 

We only process personal data for legitimate purposes, such as:

  • to supply you with products

  • to fulfill your order

  • to send materials for marketing purposes (e.g. information about the developed products, offers, other information related to the supply of our products, etc.)

  • to improve our goods and services

  • to make business decisions

  • to comply with various legal provisions

  • for the respect and defense of our legal rights


The processing of personal data is carried out on the basis of your consent expressed by formulating the order or expressly for the purpose of sending advertising material (art. 6 para. (1) letter (a) of the General Data Protection Regulation).

 

Specifically, the data collected with your express consent can be:

Name, surname, address, PIN, phone, e-mail, order number, IP/ISP address, tax invoice, warranty certificate, internal identification series to be able to sell on the webshop. Third parties such as the courier company or the post office, payment processor may have access to this data.

 

We will ask for the following data from legal entities and companies: URC/TIN, registration number (J), registered office and delivery address, telephone number, e-mail, IP address.

 

Name, surname, address, telephone, e-mail, no. order, tax invoice, warranty certificate, internal identification series, PIN, bank account in case of possible cancellations requested by the customer.

 

In order to improve our own commercial activities, our company carries out marketing activities, activities in which personal data of natural customers, such as name and surname, order number and e-mail, are processed.

 

The processing of personal data is always based either on the execution of contracts concluded with us, on the need to comply with a legal obligation, on our legitimate interest or a major public interest or, as the case may be, on your consent, if you have expressed your option in this regard .

 

Also, your data can be registered in our system if you communicate them by phone, at the beginning of the call you are asked to accept this, the continuation of the call constitutes your consent to the processing of the data communicated by phone.


Regardless of the form in which your data reaches us, we are responsible for managing safely and only for the specified purposes, the personal data you provide us about you, according to our privacy policy.

 

Any information provided by you, as a beneficiary of these services, through the agreement expressed by accessing and using the site, will represent your express consent for your personal data to be used by our company.

 

 

How do we process the data provided?

In accordance with the purposes mentioned above, the data provided directly or indirectly by natural persons will not be used for purposes other than those initially specified, nor will they be transmitted without discrimination to entities that the persons concerned have not designated for this purpose .

 

The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of data regarding health or sex life is only permitted with the explicit consent of the person concerned, if national legislation authorizes it. Individuals have the right to receive information from individuals and businesses that hold some of their personal data on file, such as websites, databases, service providers, etc. ("personal data operators"), as well as to correct or delete said data, if it is incomplete or inaccurate.

 

The users' personal data are accessible only to certain employees within the company, who have committed in writing that they will use this data in good faith, according to the regulations in force, only to carry out the company's commercial activity.

 

Our company delivers the products through the courier and post office. Only the data absolutely necessary for efficient delivery by the mentioned third party is disclosed.

 

In the case of online payments, certain personal data will be disclosed to the payment operator. Our company will communicate only the minimum necessary data to this third party, and these entities are obliged to respect the confidentiality of personal data.



Agreement on the use of data within the webshop

If you register as a user of our webshop, you give your consent to the saving, processing and use of your personal data.

 

Details regarding the use of the webshop are only collected for the period of your registration. Among them are: the duration of the visit, the articles on our website searched, viewed and saved, the articles bought (order history), the movements on our website.

 

The collection, saving and processing of this data is carried out in order to individually configure your shopping experiences and constantly improve our offer, as well as to provide you with a series of comfort elements that enhance the shopping experience.

 

By registering on our webshop you give your implicit consent to our use of your e-mail address and details regarding your use of our webshop as follows:

 

If you have not completed the order of a shopping basket on our webshop, we have the possibility to send you an e-mail to remind you of this order.

 

We regularly send a (personalized) newsletter by e-mail. For personalization purposes, we will use details about your use of the webshop. In our webshop you can review previous orders, save shopping baskets and save favourites, rate certain products and comment on certain products in the webshop.

 

The processing of your personal data is carried out based on the consent given according to art. 6 para. 1, para. 1, lit. a of the GENERAL REGULATION REGARDING DATA PROTECTION.


 

Data beneficiaries

To provide our services, we use service providers, respectively authorized according to art. 28 GDPR, for example our service providers for hosting, platform and website maintenance services, for advertising and publicity or our service providers for sending e-mails and SMS, telephone contact or printing and online publication of personalized advertising materials.

 

We will only pass on the personal data of our customers to companies with whom we carry out business activities and it is essential to continue business activities (eg couriers and payment processor). We undertake, according to the law, to verify that these third parties store and process personal data in accordance with the regulations in force.

 

The authorized persons who process your personal data are:

  • The e-commerce platform of our webshop

  • The hosting company of our online store

  • Online payment processors

  • Billing and management software

  • Delivery companies/couriers

  • Online payment processors

  • Third parties integrated into the site (Google Analytics, _____________)

  • Accountant (Accounting Program)

We will not disclose the personal data of our customers to third parties, except in cases where a court order explicitly urges this within the limits of the legal provisions. In these cases, the data can be provided to the Courts, the Police or other official bodies of the Romanian state.

Our company does not carry out other transfers of personal data to other recipients, unless we have this obligation by law. For more information on the appropriate protection of international data transfer or copying please contact us.


 

How long do we process personal data?

Your personal data is processed throughout our contractual, benevolent or voluntary relationship. Whenever you have the right and the possibility to request the modification or deletion of the candidate profile or the profile, we will keep only those personal data that we have to keep due to our legal obligations, obligations stemming from the legal norms applicable to the field of activity and the services provided. The personal data provided by you will be processed during the period of our contractual relations/subscription to the newsletter, and if the legal provisions oblige us to keep the data for a certain period of time, during this period (e.g. the accounting documents are keep according to the accounting law for a period of 10 years). If the personal data are no longer necessary for us to comply with our contractual obligations or legal provisions, these data will be periodically deleted.

 

 

Data security

We make permanent efforts to increase the level of personal data protection. We guarantee that your personal information is safe with us and our partners, because we have taken appropriate measures, both technical and organizational in accordance with the laws and regulations regarding the protection of personal data, to prevent any risk (e.g. destruction, loss, alteration, communication or unauthorized access to data). If, however, a data security breach occurs, we have the obligation to inform the National Supervisory Authority for the Processing of Personal Data within 72 hours at the latest from when we became aware of the breach.


 

Your rights

According to Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).


The right to be informed (Articles 13 and 14 of the GDPR)

What information must a data controller/operator provide where personal data is collected from you?

 

If personal data is collected from you, the data controller must provide you with the following information:

1. The identity and contact details of the data controller (and, where applicable, the representative controller);

 

2. Contact details of the Data Protection Officer (the person responsible for the protection of personal data within the organization – if applicable);

 

3. The purpose(s) of the processing and the legal basis of the processing;

 

4. If the processing is based on the legitimate interests of the operator or a third party, the legitimate interests of the controller/operator;

 

5. Any other recipient of personal data;

 

6. If applicable, details of any intended transfers to a third country (non-EU member state) or international organization and details of suitability decisions and guarantees;

 

7. Retention period (how long an organization holds the data) or, if this is not possible, the criteria used to determine the retention period;

 

8. Existence of the following rights:

  • the right of access

  • the right to rectification

  • the right to erasure

  • the right to restrict processing

  • the right to transferability/portability of data

  • the right to Opposition

  • if the processing is based on consent, the right to withdraw consent at any time, without affecting the legality of the processing based on consent before its withdrawal;

  • the right to lodge a complaint with the supervisory authority;

 

 

The right of access to information (Article 15 of the GDPR):

You have the right to obtain the following information from the data controller:

1. Confirmation of the processing of personal data concerning you.;

 

2. In the case of processing personal data about you, a copy of the personal information;

 

3. If personal data about you is processed, other additional information, such as:

  • Purpose(s) of processing;

  • Categories of personal data;

  • Any recipient of personal data to whom the personal data has been or will be disclosed, in particular recipients from third countries or international organizations;

  • The retention period or, if this is not possible, the criteria used to determine the retention period;

4. Existence of the following rights 

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to portability

  • The right to opposition

  • The right to lodge a complaint with the supervisory authority

5. If the personal data is not collected from the data subject, any available information regarding its source;
 

6. The existence of an automated decision-making process, including profiling (not the case in our case).

 

The right to the above information must not adversely affect the rights and freedoms of others.


 

Right to rectification (Articles 16 and 19 GDPR)

If your personal data is inaccurate, you have the right to have the data rectified by the controller without undue delay.

If your personal data is incomplete, you have the right to complete the data, including by providing additional information.

 

 

Right to erasure (Articles 17 and 19 GDPR)

This is also known as the "right to be forgotten".

 

You have the right to have your data deleted without undue delay by the data controller/operator if one of the following reasons applies:

1. If your personal data is no longer necessary in relation to the purpose for which it was collected or processed;

 

2. If you withdraw your consent for processing and there is no other legal basis for data processing;

 

3. If you object to the processing and there are no imperative legal reasons to continue the processing;

 

4. If you object to the processing and your personal data are processed directly;

 

5. If your personal data has been processed illegally;

 

6. Where your personal data must be deleted to comply with a legal obligation;

 

7. If your personal data was collected in connection with the offer of the information society - services for a child.


What happens when the data controller has made your personal data public and is obliged to delete the given data?

If the data controller has made your personal data public and based on one of the above reasons, it is obliged to delete the data:

  • The data controller must communicate any rectification or deletion of your personal data to each recipient to whom the personal data was communicated, unless this is impossible or does not involve disproportionate efforts.

  •  If you request information about the recipients of your personal data, the data controller must inform about the recipients.

  • The data controller must take reasonable steps to inform other controllers processing your personal data that you have requested the deletion of any links or copies thereof.

 

Reasonable steps means taking into account the available technology and the cost of implementation, including the necessary technical measures.


 

The right to data portability (Article 20 of the GDPR)

In certain circumstances, you may have the right to obtain your personal data from a data controller in a network that facilitates the re-use of your information in another context and to transmit this data to another data controller on which you choose without any hindrance.

 

 

When do you have the right to data portability?

This right only applies if the processing of personal data (provided by the data subject) is carried out by automated means and where you have given your consent either to the processing or to the processing carried out on the basis of a contract concluded between you and the data controller .

 

This right applies only to the extent that it does not affect the rights and freedoms of others.

 

 

When this right applies, how must data controllers provide and transmit data?

Where this right applies, data controllers must provide and transmit personal data in a usable format. The data is structured and can be easily processed on a computer.

 

Under this right, you can ask a data controller to transmit your data to another data controller, if the transmission is technically feasible.


 

6. The right to object to the processing of personal data (Article 21 of the GDPR)

 

 

When do you have the right to object?

 

You have the right to object to certain types of processing of your personal data where this processing is carried out in connection with tasks in the public interest, under official authority or in the legitimate interests of others.

 

You have a strong right to object to the processing of your personal data where it relates to processing for direct marketing purposes. If a data controller uses your personal data for the purpose of marketing directly to you, or profiling for direct marketing purposes, you have the opportunity to object at any time and the data controller must stop the processing as soon as they receive the objection.

 

You may also be subject to the processing of your personal data for research purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

 

 

How can you object to processing?

 

To object to processing, you must contact the data controller and specify your reasons for objection.

 

These reasons must be specific to your particular situation. Where you have raised an objection, the data controller must stop processing your personal data, unless the data controller can provide compelling legitimate, legal reasons to continue processing your data. Data controllers can also lawfully continue to process your personal data if this is necessary for certain types of legal, legal obligations.

 

 

Right to restriction (Article 18 GDPR)

 

You have the right to restrict the processing of your personal data by a data controller. Where the processing of your data is restricted, it may be stored by the data controller, but most other processing, actions, such as deletion, will require your permission.

 

 

How does this right apply?

 

This right applies in four ways. The first two types of processing restrictions apply where you have opted out of processing your data in accordance with Article 21 or where you have contested the accuracy of your data. In these cases, the restriction applies until the administrator/controller/data operator has established the accuracy of the data or the outcome of your objection. The third situation in which you can request restrictions refers to illegal processing. In these cases, if you do not want the data operator to delete the information, you can request the restriction of personal data. The fourth type of processing restriction applies if you request the restriction of data that is retained on the basis of a legal rule.

 

 

When you have obtained processing restrictions, what obligations does the data controller have?

 

If you have obtained restrictions on the processing of your data, the data controller must inform you before lifting the restriction.



 

8. Your rights in relation to automated decision-making, including profiling (Article 22 GDPR)

 

You have the right not to submit to a decision based solely on automated processing. Processing is "automated" when it is carried out without human intervention and where it produces legal effects or significantly affects you. Automatic processing includes profiling.



 

Regarding personal data, when is automatic/automated processing permitted?

 

Automatic processing is permitted only with your express consent, when necessary for the performance of a contract or when authorized by Union or national law. We do not use automated processing methods.


 

You can exercise these rights, either individually or cumulatively, very easily, by sending a request to: PETRY RETAIL SRL, URC: RO34061444, trade register no. J26/108/2015, with headquarters in Târgu Mureș, Mureș county, Scaricica str. no. 1, apartment 1, petryurbangrill@gmail.com.

bottom of page