CONFIDENTIALITY POLICY – REGARDING THE PROCESSING OF PERSONAL DATA
Last revision - [May 2019]
We consider ensuring the right to the protection of personal data as a commitment of Klushop, therefore we will devote all the resources and efforts necessary to process your data in full compliance with Regulation (EU) 2016/679 ("General Data Protection Regulation" or " GDPR "), as well as any other legislation applicable in the territory of Romania. As one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when interacting with us regarding our products and services, including through our website.
WHO ARE WE AND HOW YOU CAN CONTACT US
Klushop is the commercial name of KLU DESIGN INTL SRL, legal entity of Romanian nationality, having its registered office in Str. Ion Marcu Nr. 25-27, Et. 1, Ap. 7, Sector 6, Bucuresti, ROMANIA, with the order number in the Trade Register J40 / 5188/ 2018, unique fiscal registration code 39192050 (hereinafter "KLU DESIGN INTL SRL" or "us"). For the purpose of data protection legislation, we are an operator when we process your personal data.
Since we are always open to find out your opinions, as well as to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact the KLUSHOP Data Protection Officer by e-mail address at email@example.com or by post or courier at the above mentioned address of the registered office, mentioning: In the attention of the Klushop Data Protection Officer.
WHAT PERSONAL DATA CATEGORIES WE PROCESS
In general, we collect your personal data directly from you, so you have control over the type of information you provide us. By way of example, we receive information from you as follows:
• When you create a Klushop account, you send us: the e-mail address, first and last name;
• Within your personal page (My Account) from the Klushop platform you can add additional information, such as: mobile phone number, landline number, delivery addresses, billing addresses, etc.;
• When placing an order, provide us with information such as: the desired product, first and last name, delivery address, billing details, payment method, telephone number, bank card details, etc.
We may also collect and process certain information about your behaviour while visiting our website, to personalize your online experience and to provide you with offers tailored to your profile.
If you are a visitor to our website, we will process your personal data you provide:
• Directly in the context of using the site, such as the data you provide in the contact / questions / complaints section, as long as you contact us in this way.
• Indirectly, data such as: IP address, browser used, browsing duration, search history, operating system used, language and pages viewed, full URLs, click sequence to, through and from our site, information or products viewed / searched, the duration of visits to certain pages, information on the interaction with the pages (eg scrolling, clicks, mouse swipes), data on user behaviour.
We invite you to find out more details in this regard by consulting the section regarding the purposes of processing below.
On our website we can store and collect information in cookies and similar technologies, according to the Cookies Policy.
We do not collect and otherwise process sensitive data, included in the GDPR in special categories of personal data. Also, we do not want to collect or process data of minors. Klushop does not have the purpose of requesting information of any kind from persons under the age of 18 years. If, by mistake, we become in possession of such information and we are informed of this, we will obtain the appropriate parental consent to use this information or, if this is not possible, we will delete the information from our servers. If you would like to let us know the information regarding persons under the age of 18, please contact us by email at firstname.lastname@example.org.
What are the purposes and grounds for processing
We will use your personal data for the following purposes:
1. To provide the Klushop services to your benefit
This general purpose may include, as appropriate, the following:
• Creation and administration of the account within the Klushop platform;
• Processing of orders, including taking, validating, shipping and billing of orders;
• Solving cancellations or problems of any kind regarding an order, the goods or services purchased;
• Returning the products according to the legal provisions;
• Reimbursement of the value of the products according to the legal provisions;
• Providing support services, including providing answers to your Questions about your orders or Klushop goods and services.
The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between KLU DESIGN INTL SRL and you. Also, certain processing subordinated to these purposes is required by the applicable law, including tax and accounting legislation.
2. For the Improvement of our services
We always want to offer you the best online shopping experience. For this, we can collect and use certain information regarding your behavior of Buyers, we can invite you to complete satisfaction questionnaires following the completion of an order or we can carry out, directly or with the help of partners, studies and market researches.
We base these activities on our legitimate interest in conducting commercial activities, always taking care that your fundamental rights and freedoms are not affected.
3. For marketing
We want to keep you updated on the best offers for the products / services you are interested in. In this regard, we can send you any type of message (such as: e-mail / SMS / telephone / mobile push / webpush / etc.) containing general and thematic information, information on products similar or complementary to those you have purchased, information about offers or promotions, information about products added in the "Account / Order History and Details" section, or have shown interest in purchasing them, as well as other commercial communications such as market researches and opinion polls, and we can display personalized recommendations on the website. In order to provide you with information of interest to you, we may use certain data about your buyer behavior (eg products viewed / added to wishlist / purchased) to create your profile. We always make sure that these processes are carried out in compliance with your rights and freedoms, and that the decisions taken based on them have no legal effects on you and will not affect you to a significant extent.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time, by:
• Changing the settings in the client account in the "My Account" section;
• Accessing the unsubscribe link displayed in the messages you receive from us;
• or by contacting KLU DESIGN INTL SRL using the contact details described above.
In certain situations, we can base our marketing activities on our legitimate interest to promote and develop our commercial activity. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures so that your fundamental rights and freedoms are not affected. However, you can request us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will comply with your request.
4. To defend our legitimate interests
There may be situations in which we will use or transmit information to protect our rights and commercial activity. These may include:
• Protecting the website and users of the Klushop platform against cyber-attacks;
• Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
• Management measures for various other risks.
The general basis of these types of processing is our legitimate interest in defending our commercial activity, being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
Also, in certain cases we start processing on legal provisions, such as the obligation to ensure the protection of goods and values provided by the applicable legislation in this field.
HOW LONG TIME WE KEEP YOUR PERSONAL DATA
As a general rule, we will store your personal data as long as you have an account on the Klushop platform. You can request us at any time to delete certain information or to close the account, and we will respond to these requests, subject to the preservation of certain information including after closing the account, in situations where the applicable law or our legitimate interests require it.
TO WHOM WE TRANSMIT YOUR PERSONAL DATA
As the case may be, we may transmit or provide access to certain personal data of your own to the following categories of recipients:
• companies within the same group of companies as KLU DESIGN INTL SRL;
• courier service providers;
• payment / banking service providers;
• marketing / telemarketing service providers;
• market research service providers;
• insurance companies;
• IT service providers;
• to other companies with which we can develop joint programs to offer our goods and services on the market.
If we have a legal obligation, or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your data by third parties legal persons of private law is made in accordance with the legal provisions regarding data protection and confidentiality of information, based on contracts concluded with them.
IN WHICH COUNTRIES WE TRANSFER YOUR PERSONAL DATA
Currently, we store and process your personal data on the territory of Romania and Germany.
However, it is possible to transfer certain personal data of your own to entities located in the European Union or outside the Union, including in countries where the European Commission has not recognized an adequate level of protection of personal data.
We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, as the case may be, by other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data. transferred from inside the EU to the United States of America.
You can contact us anytime, using the contact details set out above, to find out more information about the countries in which we transfer your data, as well as the guarantees we have implemented regarding these transfers.
HOW DO WE PROTECT THE SECURITY OF YOUR PERSONAL DATA
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
The transmission of your personal data is done using state-of-the-art encryption algorithms and we store them on secure servers, while ensuring data redundancy.
To make payments we use the services of the payment processor Netopia Payments/ MobilPay. All payment information is encrypted, using HTTPS technology with TSL encryption.
Despite the measures taken to protect your personal data, we draw your attention that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, with the risk that the data may be viewed and used by third parties. unauthorized. We cannot be held responsible for such vulnerabilities of systems that are not under our control.
WHAT RIGHTS DO YOU HAVE
The General Data Protection Regulation will recognize a number of rights in relation to your personal data. You may request access to your data, correct any errors in our files and / or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to bring justice. If applicable, you may also benefit from the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information about each of these rights can be obtained by consulting the details presented below.
In order to exercise your rights, you can contact us using the contact details set out above. Please keep the following in mind if you wish to exercise these rights:
We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such registrations using the email address of the Klushop account. Otherwise, we reserve the right to verify your identity by requesting additional information that aims to confirm your identity.
We will not charge a fee to exercise your rights regarding your personal data, unless your request for access to information is unfounded, respectively repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before we solve your request.
Duration of response.
We set ourselves to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. It may be possible that we ask you if you can tell us exactly what you want to receive or what you are worried about. This will help us act faster and shorten the response time to your request.
THIRD PARTY RIGHTS.
We should not comply with a request if it would adversely affect the rights and freedoms of other referred people.
You can ask us:
• to confirm if we process your personal data;
• to make available a copy of this data;
• to provide you with other information about your personal data, such as the data we have, what we use, to whom we disclose, if we transfer them abroad and how we protect them, how long we keep them, what rights you have, how you can make a complaint, from where we obtained your data, to the extent that the information has not already been provided to you by this information.
You may ask us to rectify or supplement your inaccurate or incomplete personal data.
It is possible for us to try to verify the accuracy of the data before we rectify it.
Deletion of Data
You can ask us to delete your personal data, but only if:
• they are no longer necessary for the purposes for which they were collected; or
• you have withdrawn your consent (if the data processing is based on your consent); or
• pursue a legal right to oppose; or
• they were processed illegally; or
• we have a legal obligation in this regard.
We have no obligation to comply with your request for deletion of your personal data in case the processing of your personal data is required:
• for compliance with a legal obligation; or
• for finding, exercising or defending a right in court.
There are certain other circumstances in which we are not obligated to comply with your request for deletion of data, although these two above here are the most likely circumstances in which we could refuse this request.
Please note that, prior to exercising this right, you must download from your Klushop account and save all documents related to orders placed to Klushop, regardless of whether the billing was done to you or another natural or legal person (such as: invoices, warranty certificates). If you do not do this before you exercise your right to delete, you will lose all these documents and Klushop will be unable to make them available, as the case may be, because the process of deletion of the data, respectively of the Klushop account, with all the data and documents related to it, is an irreversible process.
RESTRICTION OF DATA PROCESSING
You can ask us to restrict the processing of personal data, but only if:
• their accuracy is challenged (see the rectification section), to allow us to check their accuracy; or
• processing is illegal, but you do not want the data to be deleted; or
• they are no longer necessary for the purposes for which they were collected, but you need them to find, exercise or defend a right in court; or
• You have exercised your right to oppose, and checking whether our rights prevail is in progress.
We may continue to use your personal data following a restriction request, if:
• we have your consent; or
• to ascertain, exercise or ensure the defense of a right in the court; or
• to protect the rights of Klushop or another natural or legal person.
PORTABILITY OF DATA
You can ask us to provide you with your personal data in a structured, commonly used and automatically readable format, or you can request that this to be "ported" directly to another data operator, but in each case only if:
• processing is based on your consent or on the conclusion or execution of a contract with you; and
• processing is done by automatic means.
You may object at any time, for reasons related to the particular situation in which you are, to the processing of your personal data based on our legitimate interest, if you consider that your fundamental rights and freedoms prevail over that interest.
Also, you can oppose at any time the processing of your data for the purpose of direct marketing (including the creation of profiles), without invoking any reason, in which case we will stop this processing as soon as possible.
AUTOMATIC DECISION MAKING
You can ask not to be the subject of a decision based solely on automatic processing, but only when that decision:
• produces legal effects on you; or
• it will affect you in a similar way and to a significant extent.
This right does not apply if the decision reached following the automatic decision making:
• it is necessary for us to conclude or carry out a contract with you;
• it is authorized by law and there are adequate guarantees for your rights and freedoms; or
• is based on your explicit consent.
You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are the following:
National Supervisory Authority for Personal Data Processing
(Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
28-30 G-ral Gheorghe Magheru Boulevard, Sector 1, ZIP CODE 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Without affecting your right to contact the supervisory authority at any time, please contact us prior to do that, and we promise that we will make every effort to resolve any problem amicably.
We remind that you can contact at any time the Klushop Data Protection Officer by sending your request through any of the following ways:
- by email at: email@example.com or
- by post or courier to the address: KLU DESIGN INTL SRL, Str. Ion Marcu Nr. 25-27, Et. 1, Ap. 7, Sector 6, Bucuresti, ROMANIA – mentioning on the envelope: In the Attention of the Klushop Data Protection Officer.