PRIVACY POLICY
GENERAL
Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document - GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable starting from May 25, 2018. This Regulation expressly repeals Directive 95/46/CE, thus replacing the provisions of Law no. 677/2001 (currently repealed).
The regulation is directly applicable in all member states, protecting the rights of all natural persons located on the territory of the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data concerning legal entities and, in particular, enterprises with legal personality, including the name and type of legal entity and the contact details of the legal entity.
Personal data is defined as any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
The processing of personal data involves any operation or set of operations performed on data or sets of personal data, with or without the use of automated means, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction , consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
IDENTITY OF THE OPERATOR
Taking into account article 4 point 7 of the Regulation, which defines the notion of "operator" as the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing , the operator that processes personal data through this website is Assist Control S.R.L., based in Tamasi, Corbeanca, Str. Frasinului, no. 11, Ilfov County, registered at the Trade Registry Office J23/225/2012, having CUI 29625873, legally represented by Alex SCHÜTZ, with contact details:
Contact: Contact Form
TEL: +4915228498888.
Informing the data subject about the data security breach of personal data
Related to the provisions of art. 34 of the GDPR, if the breach of the security of personal data is likely to generate a high risk for the rights and freedoms of natural persons, we will inform the data subject without undue delay about this breach, except in situations where:
· adequate technical and organizational protection measures have been implemented and these measures have been applied in the case of personal data affected by the personal data breach, in particular measures ensuring that the personal data become unintelligible to any person who is not authorized to access them, such as encryption;
· further measures have been taken to ensure that the high risk for the rights and freedoms of the previously mentioned data subjects is no longer likely to materialize;
· would require a disproportionate effort. In this situation, a public information is carried out instead or a similar measure is taken by which the persons concerned are informed in an equally effective way.
PLUGINS AND TOOLS
Youtube
Our website uses plugins of the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
If you visit a page on our website where a YouTube plug-in has been integrated, a connection to the YouTube servers will be established. Consequently, the YouTube server will be notified, which of the pages have been visited by you.
In addition, YouTube will be able to insert different cookies, with the help of which it will be possible to obtain information about the visitors of our website. Among other things, this information will be used to generate video statistics with the aim of improving the ease of use of the site and preventing fraud attempts.
If you are signed in to your YouTube account while visiting our website, you allow YouTube to directly assign your browsing patterns to your personal profile. You have the option to prevent this by signing out of your YouTube account.
The use of YouTube is based on our interest in presenting your online content in an attractive manner. According to art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.
Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character. Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) should be based on the Standard Contractual Clauses (SCC) of the European Commission.
For more information on how YouTube handles user data, see YouTube's Data Privacy Policy at: https://policies.google.com/privacy?hl=en.
Google Web Fonts
This site uses Web Fonts provided by Google to ensure consistent use of fonts on this site.
When you access a page on this website, your browser will load, as a result of establishing a connection with Google's servers, the web fonts necessary for the correct display of text and fonts. Thus, the use of Google Web Fonts is based on art. 6 para. 1 lit. f) GDPR, there is a legitimate interest in the uniform presentation of the font on this website. If there is a consent expressed in this regard (for example, consent to the archiving of cookies), the data will be processed exclusively on the basis of art. 6 para. 1 lit. a) GDPR.
For more information on how Google Web Fonts handles user data, see the Privacy Policy available at: https://policies.google.com/privacy?hl=en.
Google reCaptcha
We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on our website. The provider is Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). The purpose of reCAPTCHA is to determine whether data entered on our site (for example, information entered in a contact form) is provided by a human user or an automated program. To determine this, reCAPTCHA analyzes the behavior of website visitors based on a variety of parameters. This analysis is automatically triggered as soon as the website visitor enters the website. For this analysis, reCAPTCHA evaluates a variety of data (eg IP address, time the website visitor spent on the website or user-initiated cursor movements). The data tracked during these analyzes is sent to Google. reCAPTCHA analyzes run entirely in the background. Site visitors are not alerted that an analysis is in progress. The data are processed based on art. 6 para. 1 lit. f) GDPR. Website operators have a legitimate interest in protecting the operator's web content against misuse by automated industrial espionage systems and against SPAM.
Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character. Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Google reCatpcha uses Standard Contractual Clauses as an adequate data protection guarantee, in accordance with the level of protection guaranteed by the GDPR. For more information, see Google's Data Privacy Statement available here: https://policies.google.com/privacy and here https://policies.google.com/terms?hl=en
Advertising and Analytics
Google Analytics
This website uses the functions of the web analysis service Google Analytics. The provider of this service is Google Inc., based in the United States of America, 1600 Amphitheater Parkway, Mountain View, CA 94043.
Google Analytics uses so-called cookies. Cookies are text files that are stored on the computer and that allow an analysis of the use of the website by users. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States, where it is stored.
The storage of Google Analytics cookies and the use of this analysis tool is based on Art. 6 para. 1 lit. f) GDPR. The operator of this website has a legitimate interest in analyzing user patterns in order to optimize both the online services offered and the operator's advertising activities.
Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character.
Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
The transfer of data to the United States of America is based on the Standard Contractual Clauses (SCC) of the European Commission.
IP anonymization
On this site we have activated the IP anonymization function. As a result, the IP address will be abbreviated by Google in the member states of the European Union or in other states that have ratified the Convention on the European Economic Area before it is transmitted to the United States. The full IP will be transmitted to one of Google's servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google will use this information to analyze your use of this website, to generate reports on website activities and to provide other services to the operator of this website in connection with the use of the website. The IP address transmitted together with Google Analytics from your browser will not be merged with other data held by Google.
Archiving period
User- or incident-level data stored by Google related to cookies, user IDs or advertising IDs (eg DoubleClick cookies, Android advertising IDs) will be anonymized or deleted after 14 months. For details, click on the following link: https://support.google.com/analytics/?hl=en#topic=3544906
Other advertising and analytics services
Google Analytics Remarketing
Our website uses Google Analytics Remarketing functions, which work on all devices. The provider of these solutions is Google Inc., based in the United States of America, 1600 Amphitheater Parkway, Mountain View, CA 94043.
This function allows the connection of advertising target groups generated with Google Analytics Remarketing, which works on all devices. This makes it possible to display personalized interest-based advertising messages based on past usage and browsing patterns on a device (e.g. mobile phone) in a manner tailored to both you and any of your devices. (eg tablet or PC).
If you have given us your consent, Google will link your web browser and app progress to your Google Account for this purpose. Therefore, the same personalized advertising messages may be displayed on each device you sign in with your Google Account.
To support this feature, Google Analytics records the authenticated user IDs of temporarily logged in Google Analytics data to define and compile target groups for ads to be displayed on all devices.
You have the option to permanently object to remarketing / targeting across all devices by opting out of personalized advertising in your Google Account. To do this, follow this link: https://www.google.com/settings/ads/onweb/.
Consolidation of the data recorded in your Google account will take place exclusively on the basis of your consent, which you can give to Google and also revoke (Article 6 para. 1 lit. GDPR). Data registration processes that are not consolidated in your Google account (for example, because you do not have a Google account or you have opposed data consolidation), data registration is based on Art. 6 para. 1 lit. f) GDPR. Legitimate interest resides in the fact that the website operator has a legitimate interest in the anonymous analysis of the website visitor for advertising purposes.
Considering the Judgment of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield (Privacy Shield) does not have an appropriate character. Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It also issued a set of contractual clauses for data transfers from EU operators to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
The transfer of data to the United States of America is based on the Standard Contractual Clauses (SCC) of the European Commission.
For more information and relevant data protection regulations, see Google's data privacy policies at: https://policies.google.com/technologies/ads?hl=en.
E-COMMERCE AND PAYMENT METHODS
Ecommerce
We process personal data as much as is necessary to conclude or modify a contractual relationship with our company/the company that administers this site, respecting the provisions of art. 6 para. 1 lit. b) from GDPR1. Thus, we process (collect, record, structure, store, modify, extract, etc.) personal data from the moment of accessing this website only for the purpose of facilitating access to our products or services and/or to collect their consideration.
The data of our customers will be deleted after a period of 3 years (personal data processed for the purpose of executing the assumed contractual obligations) or 10 years (in compliance with the provisions of the Accounting Law no. 82/1991).
Online payments
According to the Regulation, "in order to maintain security and prevent processing that violates this regulation, the operator or the person authorized by the operator should assess the risks inherent in the processing and implement measures to mitigate these risks, such as encryption" - recital 83. So that the availability of strong and effective encryption is a must to guarantee the protection, confidentiality and integrity of personal data.
During the process of purchasing the products sold through this website, your bank details are safe!
We use secure encryption methods, data being transmitted via highly secure connections to financial institutions. So the data provided by you for making payments are not transmitted to third parties and are not saved in databases.
STRIPE
According to the information on the website https://stripe.com/en-gb-de/privacy , the protection of personal data is a priority. A complete list of processed data can be found in Stripe's own Policy, the processing of personal data being done with the ultimate purpose of making the online payments requested by you or of which you are the beneficiary.
The purposes for which Stripe processes your data are:
User authentication;
Authorization of online payments;
Collection - transfer of authorized amounts;
Cancellation of authorized payments;
Full or partial reimbursement of payments received;
To perform anti-fraud security checks;
Automatic notification by e-mail and/or SMS of the result of the transaction;
To respond to your requests or questions
To provide access to additional services that may improve the eCommerce experience and control of online payments made through our systems;
To comply with legal obligations
With regard to the transfer of personal data by Stripe, it will only be carried out when it is necessary for the provision of services or to comply with certain obligations of Stripe as an online payment service provider. The legal basis for data processing is, first of all, art. 6 para. 1 lit. a) GDPR, but also art. 6 para. 1 lit. b) or f) GDPR.
Conclusion
This policy regarding the processing of personal data is generated in accordance with the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, but also with the other applicable national legal provisions.
We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy regularly for correct and up-to-date information regarding the processing of personal data.
For more details regarding this GDPR Policy, as well as to exercise any of the aforementioned rights, a written notification can be sent to the contact details indicated above.
This document was updated on 28.12.2023.
T: Mobile | Contact: Contact Form
@2023 VTW | Privacy Policy; Terms and Conditions