PRIVACY AND GDPR POLICY IN FORCE FROM FEBRUARY 2023
§ 1. GENERAL PROVISIONS
- The controller and owner of the SEREINE.COM website (the “Site”/”site”/”website”) is SEREINE FASHION S.R.L., with registered office at: Romania, Bucharest, District 2, Blvd. Dimitrie Pompei no. 9-9A, block 2, groundfloor, room 1, entered into the trade register under number J40/25057/2022, VAT No. 47372680, e-mail email@example.com, contact phone number +40731114098.
- The Controller shall take all reasonable measures to ensure that his cooperating partners, subcontractors and other cooperating entities give a guarantee that appropriate security measures are applied each time they process the personal data to the Controller's order.
§ 2. PERSONAL DATA CONTROLLER AND CONTACT DATA
- The Controller of the data collected through:
- other channels of communication with the Client, e.g. the call center;
is SEREINE FASHION S.R.L., with registered office at: Romania, Bucharest, District 2, Blvd. Dimitrie Pompei no. 9-9A, block 2, groundfloor, room 1, entered into the trade register under number J40/25057/2022, VAT No. 47372680, e-mail firstname.lastname@example.org, contact phone number +40731114098,
- If you wish to contract the Controller in any matter related to the personal data protection, or you wish to exercise your rights concerning your data processed by the Controller, you can contact us:
- by traditional mail sent to the following mentioned address:
- Romania, Bucharest, District 2, Blvd. Dimitrie Pompei no. 9-9A, block 2, groundfloor, room 1;
- by email: email@example.com ;
- by phone: +40731114098 (Mon-Fri. 8:00 a.m.– 6:00 p.m.)
§ 3. WHAT PERSONAL DATA ARE PROCESSED BY THE CONTROLLER
- Personal data - means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. They include the following information: IP address, title, name, address, e-mail, phone number.
- We process the personal data of:
- a) the Site users, including Account holders,
- b) Clients,
- c) Contractors,
- d) Newsletter subscribers,
- e) persons who gave their consent to marketing communication,
- f) contacting persons but also persons who gave the Controller their Personal Data through other communication channels, e.g. through the website https://www.instagram.com/ and https://www.facebook.com (including mobile apps), the terms of operation of which are based on the regulations available in particular at https://www.facebook.com/legal/terms, provided by, respectively, Facebook Inc. or Facebook Ireland Limited (hereinafter also referred to as the ‘Facebook Service’). Facebook Service’s and Instagram’s Personal Data Protection and Use Principles are available at: https://www.facebook.com/policy.php. The Controller has no influence over the text of Facebook Service’s legal regulations, including those concerning the Personal Data.
§ 4. DATA COLLECTION SCOPE, PURPOSE, LEGAL BASIS AND STORAGE PERIOD
- The Personal Data are processed by the Controller in order to facilitate the use of the functionalities of the Site, including automatic processing during the Site use, i.e. in order to:
- Provide and display content in the Site – for this purpose, we process the personal data in the form of: IP address, cookies; we process the data in accordance with Art. 6(1) (f) of the GDPR – the Controller’s legitimate interest is to run the Site,
- Provide the account services – for this purpose we process the personal data in the form of: email address, password, IP address, cookies, name, in accordance with Art. 6 (1) (b) of the GDPR; the Data collected for this purpose shall be processed no longer than the period of provision of the account service,
- Conclude and perform an agreement through the intermediation of the Site – for this purpose, we process the personal data in the form of: IP address, cookies, email address, name, address details (street, house number, town and postal code, country), invoicing details, payment details, contact phone number, order number or other data provided by the Service Provider at the Website or during the contact with the client; we process the personal data in accordance with Art. 6 (1) (b) of the GDPR; the data collected for this purpose shall be processed for no longer than 6 years.
- Discharge the Controller’s duties as the seller and the service provider – for this purpose, we process: the name, the order details, the payment details, e-mail, phone, address - street, house number, town and postal code, country, bank account number, invoicing details or details for another document, e.g. VAT number, personal ID number; we process the data in accordance with Art. 6 (1) - (b), (c) and (f) of the GDPR, as the case may be– in particular with regard to the obligations related to the tax law provisions; the Data collected for this purpose shall be processed not longer than for a period of 5 years counted from the end of the calendar year in which the deadline for the payment of taxes related to the agreements made with the Controller expired.
- Send to the electronic mail address as indicated by the client a pre-ordered Newsletter, as well as send commercial information via indicated channels of communication [email, text message, phone] - for this purpose, we process the contact details, e-mail address, phone number. order details, name, address (street, house number, town and postal code), IP address, cookies, order details and the output data - we process the personal data on the basis of consent given in accordance with Art. 6 (1) (a) of the GDPR , for a period of time not longer than 5 years. If you provided us with information about your professional title, we shall use such data to customize the e-mails we will send you.
- Pursue the Personal Data Controller’s legitimate interest in accordance with Art. 6 (1) (f) of the GDPR, i.e.:
- to discharge the complaint-related obligations of the Site, to handle the complaints concerning the products,
- to run and operate the Site and to ensure the safety of its use, including a detection of abuses, and to make analyses, statistics, questionnaires, satisfaction surveys,
- to prepare and present adverts, offers and information tailored to the interests and needs of the data subjects and in particular for the Controller to send the pre-ordered Newsletter to the client-indicated electronic mail address;
- to determine, defend and pursue claims, to archive the data.
The data collected for this purpose shall be processed not longer than for a period of 6 years.
- The client’s activities on the Site, including his or her personal data, are registered in system logs (chronological electronic data records containing information about events and activities relating to the Site used to provide the e-services by the Controller). The information registered in logs is processed for the purposes of the Controller's legitimate interest (Art. 6 (1) (f) of the GDPR) for a period of time of up to 12 months mainly for purposes related to the operation of the Site and are processed for maintenance, technical, analytic and statistical purposes as well as for the purposes related to the need to ensure the safety of the IT system operation and management.
- The personal data shall be stored as long as there is a legal basis for their processing, unless the legal regulations in force should require a longer period of storage, e.g. for them to be used in legal proceedings the subject data and the Controller will be parties to.
- Upon the expiry of the storage period or for want of any other legal basis for processing, the personal data shall be deleted or rendered anonymous.
§ 5. RECIPIENTS
- In relation with the service provision, the personal data shall be disclosed to external entities supporting the Controller’s activities, and in particular to:
- providers responsible for the IT system support (IT support related to the online store operation, email hosting, maintenance services, server services),
- entities such as banks and payment operators – handling electronic payments and payment cards – in case of a Client who uses electronic payments or payment cards at the Website, the Controller makes the personal data collected available to an entity processing the above-mentioned payments at the Website to the Controller’s order in the scope as necessary to process the payments,
- marketing agencies and providers of IT systems used to support marketing activities (in the scope related to marketing services for those data subjects that have consented to the Controller`s marketing activities),
- providers of accounting, legal and advisory services who provide the Controller with accounting, legal or advisory support (in particular an accounting firm, a law firm or a debt collection agency).
- The data recipient may also be providers of social network plugins, scripts or similar tools located at the Website page and allowing the browser of the Site user to download the content from the providers of the above-mentioned plugins and to provide for that purpose to those providers the personal data of the visitors, including also: Facebook Ireland Ltd. – The Controller uses at the Site the plugins of the social networks Facebook and Instagram and, in this relation, it collects the personal data of the User using the Site and makes them available to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) in the scope of and in accordance with the principles of privacy accessible at: https://www.facebook.com/about/privacy/ (the data comprise information about the activities at the Site – including information about the device, websites visited, purchases. Adverts displayed and the way of using the services – irrespective of the fact whether or not the online store user has a Facebook account and is logged in at Facebook).
- The data recipients may also be public authorities or entities carrying out public tasks, e.g. in case a fraud is reported – appropriate law enforcement entities, but also in the scope and for the purposes as provided for by law, e.g. the audit or control proceedings with regard to the Controller, the anti-money laundering act.
§ 6. TRANSFER OF DATA OUTSIDE THE EEA
Personal data may be transferred outside the European Economic Area only under the terms referred to in Art. 46, Art. 47 or 49 of the GDPR. The Controller transfers the personal data outside the EEA only when it is necessary and only ensuring an adequate level of protection, mainly through: a cooperation with the data processors in the countries with reference to which a decision of the European Commission has been issued as appropriate; an application of standard contractual clauses as issued by the European Commission; an application of binding corporate rules as approved by competent supervisory authorities. The Controller shall always provide information about his intention to transfer the personal data outside the EEA at the data collection stage.
§ 7. PROFILING
The Personal Data are processed in an automated form and it also includes the profiling for the purposes of the so-called ordinary profiling (e.g. adjustment of the messages, banners to one’s interests), – in order to better customize the information and marketing message about the Controller, his products and services and about the entities related to the Controller. We make every effort to ensure that our promotional, information and marketing materials were valuable to the data subject, therefore, in order to adjust the marketing information to the given client’s individual preferences and interests [presentation of adverts, offers, promotions (discounts)], we rely on the information about the Site use, e.g. by analyzing how often you visit the Site, or on details concerning the order, the activities in the Controller's sale channels (computer’s IP, cookies, preferred purchase options), the interest in the Controller’s offer/newsletter or product /service range, social and demographic data (e.g. sex, age, location). We make every effort to ensure that the information obtained as a result of profiling by means of automated IT systems constituted a basis for an analysis of the clients’ expectations and determined the Controller’s lines of action without any significant impact on the clients’ decisions.
§ 8. VOLUNTARY PROVISION OF PERSONAL DATA
The Personal Data shall be given freely when the provision thereof is necessary for the pursuit of one or more of the personal data processing purposes as laid down in § 4 (1) herein above, which the Controller will not be able to do in case the personal data are not provided. For the avoidance of doubt, providing data for processing purpose § 4 (1) let. (e) herein above, is strictly voluntary and will not impede the execution of any of the other processing purpose stated in § 4 (1) herein above.
§ 9. PERSONAL DATA PROTECTION RIGHTS OF THE DATA SUBJECT
- In case you want to exercise your rights please address all your correspondence using the contact data specified in § 2 herein above. At the same time, you are requested to send us all the necessary information allowing us a unique identification of the entity exercising their rights.
- Each data subject whose data the Controller is processing has:
- The right to be informed, which the Controller is doing through this policy, which may be subject to change at the Controller`s discretion,
- the right of access to the personal data, including a right to obtain a copy of them,
- the right to request rectification,
- the right to obtain erasure of the personal data (‘the right to be forgotten’),
- right to request limitation of the personal data processing,
- the right of portability of the personal data to another controller, if the processing is carried out on the basis of a contract [Art. 6 (1) (b) of the GDPR] or a consent [Art. 6 (1) (a) of the GDPR],
- the right to object to the personal data processing, in particular to direct marketing based on point (f) of Art. 6 (1) of the GDPR. The right to object to personal data processing for purposes based on point (f) of Art. 6 (1) of the GDPR on grounds relating to a particular situation,
- the right to lodge a complaint to the President of the Personal Data Protection Office.
- the right to withdraw the consent at any time. The consent withdrawal does not affect the lawfulness of data processing based on consent before its withdrawal. The consent may be withdrawn at any time without affecting the lawfulness of the processing,
- 10. COOKIES AND SIMILAR TECHNOLOGY
- The Policy is subject to regular reviews and updates. In case the Policy is updated, the client shall be duly advised of this fact by a display on the Site of appropriate information or by e-mail. In some cases, the client may be advised in advance about the Policy update and the continuation of the use of the Site services shall be deemed an acceptance of the updated version of the Policy.
- The User who refuses to accept the terms and conditions of the services of the Site after the amended Policy has come into force may cease to use the services of the Site.