GDPR

Privacy policy regarding personal data processing
datelor cu caracter personal

CONTED SA assures you that it will process your data in an honest, transparent and informed manner, and certifies that it will respect the rights conferred by Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”) for the protection of persons with on the processing of personal data and the free movement of such data.

 

Who we are

CONTED SA, legal person of Romanian nationality, having its registered office in Dorohoi, Str. 1 December 1918 No. 8, Botoșani county, with serial number in the Trade Register J07 / 107/1991, unique fiscal registration code RO622445 (hereinafter “Conted” or “us”). For the purposes of data protection law, we are the operator when we process your personal data.

For any questions or concerns related to this Policy, the way in which CONTED SA processes your data or your rights, you can contact us by e-mail at  data.protection@conted.ro or by mail: Str. 1 Decembrie 1918, Nr. 8, Dorohoi city, Botoșani county, postal code 715200.

 

Personal data we process

We collect the following types of personal data from you:

  • Name and surname
  • E-mail
  • Phone number
  • Billing address
  • Delivery address
  • Order number
  • Invoice number
  • Product code
  • Product name
  • Amount
  • Name and surname of the IBAN account holder
  • IBAN account
  • The bank

 

Why do we need them

We need your personal information to provide you with the following services:

  • Name and surname - to be able to issue your invoices and to be able to deliver your orders
  • Email - to be able to send you order information
  • Billing address and delivery address - to be able to issue your invoices and deliver your orders
  • Order number - to be able to identify your order
  • Invoice number - automatically generated by the system
  • Product code - the code of the products on the invoice
  • Product name - the name of the products on the invoice

In our legitimate interest to be able to offer you the return service and according to the law we need to process the following personal data

  • Name and surname - to be able to contact you
  • Order number - to be able to identify your order
  • Invoice number - to be able to identify your order
  • E-mail - to send you information about return
  • Phone number - to be able to contact you if there are any issues regarding the return
  • Address from the identity document - mandatory for delivery of money on return
  • Product code - the product code for the return
  • Product name - the name of the products for return
  • Quantity of products - quantity of products for return
  • Reason for return - optional, to better understand the cause of the return
  • Name, first name IBAN account holder - required to make the payment
  • IBAN account - required to make payment
  • Bank - required to make payment

 

How do we process your data

Data you provide us directly

Each time you place an order we will collect and process the following data:

  • name and surname;
  • delivery address;
  • phone number.

When we confirm your order, or let you know that the products have reached the pick-up points, we will process:

- telephone number and, if applicable, e-mail address to inform you about the status of your order / delivery.

Legal basis for data processing - (Execution of the contract)

In order to fulfill your orders, to deliver the products to the indicated address, to execute our warranty obligations associated with the products, or, as the case may be, to make a return of products.

The details of the card you use to pay for purchases will not be accessible and will not be stored by CONTED SA.

In case of returns / cancellation of the order we collect and process:

- The IBAN and the bank where you opened the bank account, in order to refund the money paid for the returned products / canceled orders.

Legal basis for data processing - (Execution of the contract)

We deliver your products to the address indicated, through the courier services, with which we strictly share the data necessary for the delivery of the products:

  • name surname;
  • delivery address;
  • phone number;
  • the amount payable by cash on delivery (if applicable).

Legal basis for data processing - (Execution of the contract)

Fulfilling our obligations related to the management and delivery of products to the customer under the agreed conditions and times.

In order to be able to provide you with support regarding your orders, we will identify you by confirming:

  • first and last name;
  • your email address and phone number;
  • Order ID.

We will process the same data in order to resolve your complaints.

Legal basis for data processing - (Execution of the contract)

Fulfilling our responsibilities / activities during the execution of the contract.

 

Data that we collect automatically

We process your data for the annual financial audit, as well as for the submission of tax and accounting statements to the tax authorities.

Legal basis for data processing - (Legal obligation)

For compliance with the legal obligations imposed by the applicable legal provisions in fiscal and accounting matters.

When we defend our rights in court to recover amounts due, or when we protect our interests against unjustified claims / claims, we will process your data necessary for the formulation of objections, written conclusions, requests and specific documents.

Legal basis for data processing - (Legitimate interest)

Exercising any defenses / rights before the courts, or public / control authorities or institutions.

Exceptionally and in accordance with the law, we will provide to the competent authorities and institutions, within formal procedures / investigations or other steps provided by law, according to the procedure provided by law, your following data: name, surname, address, e-mail, telephone. CONTED SA will document any such steps.

Legal basis for data processing - (Legal obligation)

To comply with the specific legal obligations imposed by the applicable legal provisions on protection against fraud, money laundering and terrorism.

 

As long as we keep your personal data

CONTED SA processes your data for the period necessary to fulfill the purposes for which it was collected and in accordance with our personal data retention policies. In some cases, some legal provisions may impose or allow us to keep the data for a longer period.

The data retention period depends mainly on the following:

  • for what period we need your data to provide you with the requested products and to fulfill our obligations to you and for the purposes mentioned above in this Policy;
  • legal or contractual obligations require us to keep your data for a certain period of time (for example the periods prescribed by law for the protection of our rights in court).

 

Who do we share your data with?

Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients:

- employees who need to know them;

– courier service providers;

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

 

In which countries we transfer your personal data

We currently store and process your personal data in Romania.

 

How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.

We store your personal data on secure servers, while ensuring data redundancy.

Despite the measures taken to protect your personal data, we warn you that the transmission of information via the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data may be seen and used by third parties. unauthorized parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.

 

What rights do you have regarding your data?

We want to make sure that you have full control over your data at all times and that you can effectively exercise your rights under GDPR.

GDPR offers you, as a data subject, the rights described below. Before processing any request regarding your rights, we will make sure that you are the owner of the data on which you choose to exercise these rights, and for this purpose we may ask you for some information / data to verify your identity, or we may request more many details about your request. We will be able to keep the correspondence we have with you to ensure that we keep track of requests and responses to your rights.

The right to be informed. You have the right to receive clear, transparent, easy to understand and easily accessible information on how we process your data, including details of your rights, as a data subject. This information about the data, the purpose and the way we process your data is also included in this Policy.

The right to access your data. You have the right to access the data we process about you, without charging any fee for the first data provision. If you need copies of the data already provided, we will be able to charge a reasonable fee taking into account the administrative costs of providing the data. We will have the right to refuse excessive or repeated and unjustified requests. To exercise your right of access, you can send us your request by e-mail to: data.protection@conted.ro

The right to rectification of data. If you identify that your data that we process is incorrect, incomplete or inaccurate, you can send us a rectification request to the e-mail address: data.protection@conted.ro

The right to object to processing based on a legitimate interest. You may object at any time to any data processing when we rely on our legitimate interest in such processing. See "What is the legal basis for data processing?" from the text above to identify situations in which our processing is based on our legitimate interest. You can exercise this right in writing by sending a written request to the e-mail address: data.protection@conted.ro

The right to delete data (the right to be forgotten). You have the right to ask us to delete your data in any of the following situations:

  1. personal data are no longer necessary to fulfill the purposes for which we previously processed them;
  2. oppose the processing of data based on our legitimate interest and we cannot prove that we have legitimate reasons justifying the processing and prevailing over your interests, rights and freedoms;
  3. personal data are processed against the law;
  4. personal data must be deleted in order to comply with our legal obligations. This is not an absolute right. We may reject your request to delete data if: (I) we are required to comply with any legal obligations to retain data; or (II) if we have the data necessary to establish, exercise or defend our rights in court. You can exercise this right in writing by sending a written request to the e-mail address: protection@conted.ro

The right to restrict processing. You have the right to obtain from us the restriction of data processing in one of the situations described below.

  1. the accuracy of the data is contested by you (visa person), for a period that will allow us to verify the correctness of the data;
  2. the processing of data is illegal and you (the data subject) oppose the deletion of data and request us to restrict the processing of such data;
  3. we no longer need your data, but it is requested by you (the data subject) to establish, exercise or defend legal claims;
  4. you (the data subject) raise some objections regarding the processing of data based on our legitimate interests, on the basis of verifying whether the legitimate reasons of the controller exceed those of the data subject (ie yours).

You can exercise this right in writing by sending a written request to the e-mail address: data.protection@conted.ro

The right to portability. When we process your data based on your consent or performance of the contract, and automatically, you will have the right to request the transfer of your data: (I) to you or (II) to another operator indicated by you. Specifically, you will only be able to request the porting of personal data from those that you have actively provided to us directly. You can exercise this right in writing by sending a written request to the e-mail address: data.protection@conted.ro.

The right to make complaints to the supervisory authority. You have the right to file any complaints with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) on the way we process your personal data. However, we hope that you will decide to talk to us first, before submitting any complaints to ANSPDCP. The protection of your data is very important to us and we will take all necessary measures to solve any problem regarding the control and security of your data. You can also ask ANSPDCP, the data protection supervisory authority in Romania, with various questions. You can find some guidelines and guidelines on your rights on the authority's website www.dataprotection.ro.

Last update July 30, 2020.