A. Introduction
This Confidentiality or Privacy policy is meant to explain to you what data we process, why we process it and what we do with it. We take your privacy seriously and we never sell lists or email addresses. Being fully aware that the personal information belongs to you, we do everything we can to store it securely and process it with care. We never disclose information to third parties without informing you.
B. Other services
This Confidentiality policy does not cover third party apps and websites that you can access by clicking the links on our website. This thing is beyond our control. We encourage you to read the Confidentiality policy on any website and/or app before you provide them with personal data.
C. Who are we?
SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA, with registered seat at no. 14, PAVILIOANELE C.F.R. Street, BRASOV from Brasov County, with Sole registration number 31358913 and Registered with the Trade Register under no. F08 /934 /2015 (hereinafter called “SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA”) is responsible with processing your personal data that it collects directly from you or from other sources.
In accordance with the legislation, our company is a personal data controller. In order to process you data securely, we have make all efforts to implement reasonable measures to protect your personal information
D. Who are you?
In accordance with the legislation, you, a natural person user of our products or a person that is in any kind of relation with us, are a “data subject”, i.e. an identified or identifiable natural person. In order to be completely transparent with regard to data processing and to allow you easy exercise of your rights, at all times, we have implemented measures to facilitate communication between us, the data controller and you, the data subject.
E. Changes
We may change this Confidentiality policy at any time. All updates and amendments of this Policy are valid immediately after notification, which we will ensure by posting on the website and/or by email.
F. Questions and requests
If you have questions or need clarifications regarding the processing of your data or you wish to exercise your legal rights with regard to the data that we hold or if you have concerns regarding the way in which we deal with any confidentiality issue, you can email us to contact@claudiaszanto.com
G. Our commitment
The protection of your personal information is very important for us. That is why we are committed to follow the principles below:
Legality, equity and transparency – We process your data legally and correctly. We are always transparent on the information that we use, and you are informed properly.
You are in control – Within the law, we offer you the possibility to review, change, erase the personal data that you have shared with use and to exercise all other rights.
Data integrity and limitation of scope – We use the data solely for the purposes described at the time of collection or for new purposes compatible with the initial ones. In all cases, our purposes are compliant with the legislation. We take reasonable measures to ensure that the personal data are correct, complete and updated.
Security – We have implemented reasonable security and encryption measures, so as to better protect your information. However, please not that no web page, no app and no internet connection is 100% secure.
H. What kind of information do we collect about you?
You can use the Platform without disclosing personal data. However, if you wish to receive our products, you will be requested to provide your data as part of a sign-in process.
The data requested can include: full name, telephone number, email address, home address.
It is possible that we collect data using cookies or other similar technologies, such as IP address, internet browser, announcements that you clicked, location, web pages that you access on our website.
I. Why do we collect this information?
We collect your information for determined and legitimate reasons including, without limitation, the following:
- Entering into, or performance of, a contract between you and us;
- Account registration;
- To answer to your questions and requests;
- For marketing purposes, however only if we have your prior consent;
- To provide and improve the services and products that we provide;
- To troubleshoot or remedy technical issues;
- To offer customized publicity and content;
- To protect ourselves against cyber attacks;
- To create and/or maintain accounts;
- For compliance with a legal obligation;
- For the establishment or defense of legal claims.
I.1. What are the legal grounds for data processing?
- You have given your consent for personal data processing – Please note that you can withhold your consent at any time by following the unsubscribe instructions in each email or by written request emailed to contact@claudiaszanto.com
- Processing is necessary for entering into, or performance of, a contract between you and us – Such as entering into a Contract for the sale and purchase of one or more products on the Platform, through the launch of an Order by the Customer and its acceptance by SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA, in observance of the legal provisions and of the terms and conditions for online sale of SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA products, or to take measures, at your requests, before entering into a Contract.
- Processing is necessary in order to comply with a legal obligation – Such as, for instance, keeping accounting documents for a 10 year period.
I.2. How do we disclose your data?
- SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA can transfer the Data, by disclosure or by granting certain remote access rights, only through secured apps, to third parties, such as affiliated entities and other business partners of SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA, which act as processors and process personal data for and on behalf of SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA (such as, Data storage on cloud serves, legal and financial advisers, technical service providers or shipping assistance service providers), with which SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA has entering into the necessary contractual agreements in accordance with the EU and national regulations.
- We can also disclose your personal data to business partners as a result of a joint effort to provide a product or service.
- We will transfer Data to third parties exclusively to the extent necessary for achieving the applicable Processing Purposes for which your personal data are collected and processed.
- The personal data collected and processed in the Processing Purposes described in this Confidentiality Policy can be stored on servers located abroad or transferred to affiliated entities headquartered outside the territory of the European Union. In the event of Data transfer to third party states, SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA will communicate the transfer intention and the third party states, the purposes of the transfer and the request for consent, when such consent is necessary in accordance with the legal provisions in force.
- SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA can disclose the Data in compliance to legal provisions or in response to a request from a court of law or other public authority.
J. How long do we store the data?
The personal data collected and used for Product delivery by SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA will be stored over a period of 5 years from the termination of contractual relations or any other longer period imposed by applicable laws, regulations or norms on the obligations to keep accounting documents or requests from public authorities.
Immediately after the end of the applicable storage period, the data will be:
- erased or destroyed; or
- anonymized; or
- transferred to an archive (except when this is forbidden by law or by the applicable regulation on keeping the records).
The personal data collected and used to create your account will be erased immediately, if you close your account.
In order to ensure that the Data is not kept longer than necessary, SZANTO CLAUDIA-MIOARA PERSOANA FIZICA AUTORIZATA will review the Data regularly and, if necessary, will erase them.
K. What security measures have we taken?
As part of Platform administration, we have taken technical and organizational measures to ensure a level of security corresponding to the risks presented by Data processing, in particular due to misuse, accidental destruction, illegal or unauthorized accessing, loss, alteration, disclosure, intentional or accidental handling, third party access, erasure or modification. To this end, we have developed and implemented data security policies and other confidentiality practices. In addition, our security procedures are constantly being reviewed according to the new technological evolutions.
For additional information on our security practices, please fill in the contact form in the Contact section of the Platform.
You will be notified on data securities breaches, within a reasonable time period after the discovery of such breach, except when a competent public body determines that the notification would prevent a criminal investigation or would affect the national security. In this case, the notification will be postponed, in accordance with the instructions of that body. We will respond promptly to your questions regarding such data security breach.
L. What are your rights?
- Right to withdraw consent
The data subject is entitled to withdraw his or her consent when the consent is used as legal ground for data processing (e.g. when the processing is not based on another legal ground allowed by GDPR, such as a legal or contractual obligation).
Before we exclude the data subject’s data from processing, we need to confirm that the request for consent is indeed the legal ground for processing. If not, the request may be requested on the grounds that the processing does not require the data subject’s consent. Otherwise, the request has to be admitted.
In numerous cases, consent giving and withdrawal will be available in electronic format –online, and this procedure will not be necessary.
When consent concerns a child (defined by GDPR as being a person below the age of 16 years), consent giving and withdrawal have to be authorized by the holder of parental responsibility over the child.
- Right to be informed on the processing of your data
When personal data are collected from the data subject or obtained from other sources, it is mandatory to inform the data subject on the purpose for which the data are being used and on the data subject’s rights over the data.
- Right of access by the data subject
The data subject has the right to ask the company what data it processes about him or her, to access such data and to the following information:
- The purposes of the processing
- The categories of personal data concerned
- The recipients or categories of recipient of the data, if any, in particular recipients in third countries or international organizations
- The storage period for which the personal data (or the criteria used to determine that period)
- The data subject’s right to rectification or erasure of his or her personal data and the right to restriction of processing or to object to such processing.
- The data subject’s right to lodge a complaint with a supervisory authority
- Information as to their source, if the data are not collected from the data subject
- The existence of automated decision-making, including profiling and, in this case, the envisaged consequences
- Where the data are transferred to a third country or to an international organization, information on the appropriate safeguards
In most cases, the decision making process for such requests will be simple, unless we conclude that the request is clearly unfounded or excess. However, information compiling could require the help of the data owners.
- Right to rectification of inaccurate or incomplete data
If the personal data is inaccurate, the data subject is entitled to request the rectification and completion of incomplete personal data based on information provided by him or her.
If necessary, we will take measures to validate the information provided by the data subject to ensure that they are correct before we modify them.
- Right to erasure (“right to be forgotten”)
We offer the data subject the right to ask us to the erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation;
the personal data have been collected in relation to the offer of online services to children.
We will reach a decision regarding such requests on a case by case basis, as to whether the request can or should be rejected on one of the following grounds:
- the data are necessary for exercising the right of freedom of expression and information;
- the data are necessary for compliance with a legal obligation;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest;
- for the establishment, exercise or defense of legal claims.
Right to restriction of processing
The data subject can exercise the right to restriction of processing in the following situations:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing is restricted, the data will remain stored, however may only be processed with the person’s consent. By way of exception, the data may be processed for the establishment, exercise or defense of legal claims or for reasons of important public interest of the Union or of a Member State (provided the data subject is informed in this respect). Other organizations processing personal data on our behalf also have to be informed on the restriction.
- Right to send the data we have on you to another controller
The data subject has the right to receive the personal data concerning him or her in a “structured, commonly used and machine-readable format” (article 20 of GDPR and to transmit those data to another party, such as another service provider. This applies to personal data for which processing is based on the data subject’s consent, on the legal ground of a contract or if the processing is carried out by automated means.
- Right to object to data processing
The data subject has the right to object to processing which is based on one for the following legal grounds:
- For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- For the purposes of the legitimate interests pursued by the controller
Once the object has been made, the organization has to present the grounds for the processing and to suspend the processing until a decision has been made (rule). The organization will no longer process the personal data, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the organization will cease to process them.
- Right not to be subject to a decision based solely on automated processing, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The data subject also has the right to express his or her point of view, to request human intervention and to contest the decision.
There are exceptions to this right, when the decision:
- Is necessary for entering into, or performance of, a contract;
- Is authorized by Union or Member State law;
- Is based on the data subject’s explicit consent;
In the cases referred to in points (1) and (2), the organization will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
- Right to an effective judicial remedy
The data subject also has the right to an effective judicial remedy where he or she considers that his or her rights have been infringed.
- Right to lodge a complaint with a Supervisory Authority It is important to know that:
- If you gave your consent for direct marketing, you can withdraw it at any moment by following the unsubscribe instructions in each email/text or other electronic message.
If you wish to exercise your rights, you can do so be written request, signed and dated, emailed to contact@claudiaszanto.com
The rights listed above are not absolute. There are exceptions, this is why each request received will be reviewed in order to decide whether it is grounded. To the extent that it is grounded, we will facilitate to you the exercise of your rights. If the request is ungrounded, we will reject it, however we will inform you on the reasons for the refusal and on the rights to lodge a complaint with the Supervisory Authority and to an effective judicial remedy.
We will attempt to respondent to the request within 30 days. However, the term may be extended due to various matters, such as the complexity of the request, the large number of requests received or the impossibility to identify you in due time.
If, despite all our efforts, we are unable to identify you, and you fail to provide us with additional information to allow us to identify you, we are not obliged to respond to the request.
M. Questions, requests and exercise of rights
If you have questions or need clarifications regarding the processing of your information or wish to exercise your legal rights or if you have other confidentiality related concern, you can email us at contact@claudiaszanto.com