PRIVACY POLICY
Your data security is paramount to us, which is why we take seriously and diligently handle every aspect regarding the protection of your data. Furthermore, we strive to provide you with a unique experience both in our online store and at every branch you visit across the country, contributing to choosing the best solution for your home.
Starting from May 25, 2018, the implementation of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) known as GDPR (General Data Protection Regulation) is enforced.
Why are my data processed?
Considering the necessity of compliance with GDPR provisions and the fact that we are dedicated to taking care of your personal data (which may include name, surname, email address, etc., depending on the processing purpose) found in our database, we inform you that they are used solely for the purpose of successfully fulfilling the processes carried out in relation to you (we mention some processes without limiting to them: RESERVATION/SALE/ORDER PROCESSING, TRANSPORT and DELIVERIES, maintaining customer relationships).
What options do I have?
To exercise your rights regarding the processing of personal data, please consult the Rights of the data subject section.
How can I further inform myself about the new regulations?
We are dedicated to protecting and securing your data and we want you to be informed and decide knowingly about how the information you provide to us is used.
In this regard, please consult the following pages to find out more information about the implementation of "GDPR" starting from May 25, 2018, and how this is reflected in our relationship.
How can I contact you?
If you have any further questions or need more information regarding data protection, please send us an email at isim@isim.ro and we will respond as soon as possible.
INFORMATION REGARDING THE APPLICATION OF "GDPR" AT ISIM TIMIȘOARA
Starting from May 25, 2018, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR Regulation," is applied.
Within ISIM TIMIȘOARA, we process personal data exclusively within the legal provisions regarding the protection of personal data.
DEFINITIONS:
· Data Controller = The operator responsible for processing the data within the meaning of the GDPR Regulation is the National Institute of Research and Development for Welding and Material Testing - ISIM Timișoara, a Romanian legal entity headquartered in Timișoara, Mihai Viteazu Boulevard, no. 30, Timiș County, registered with the Trade Registry of Bucharest under no. J35/1895/2009, having fiscal code RO 3041226, email: isim@isim.ro, hereinafter referred to as the "Controller" or "ISIM."
· Data Protection Officer (DPO) contact details = The address to which requests for information regarding the processing of personal data can be sent: Timișoara, Mihai Viteazu Boulevard, no. 30, Timiș County, ISIM Headquarters - attention to the DATA PROTECTION OFFICER or at the email address: isim@isim.ro
· Cookies = A "cookie" is a small file, usually consisting of letters and numbers. It is downloaded to the memory of a computer or other device used for browsing the internet (smartphone, tablet, etc.) when the user accesses a certain website.
· Data Subject under the GDPR Regulation = An identified or identifiable natural person (who can be identified, directly or indirectly, in particular by reference to an identifier: name, identification number, location data, an online identifier, or one or more specific elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity). The data subject may be the applicant of a service offered by the Controller, as well as any other natural person whose personal data are transmitted to the Controller (for example, a customer or potential customer, a candidate for a certain available position, a user of the Controller's website, etc.).
· Categories of processed data = Personal data (first name, last name, date of birth, address, phone number, and email address, etc.) are processed by us only if you enter this data in a form on the website or send it to us by email.
· Processing of personal data means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
1. PURPOSES AND LEGAL BASIS OF PROCESSING YOUR DATA:
In accordance with Regulation (EU) 2016/679 and related legislation, the purposes for which we process your personal data concern strictly the relationship between ISIM and the data subject. The information you provide to us is treated with the utmost confidentiality and exclusively for the purposes for which it was collected.
Please see below for detailed descriptions of the purposes for which we process data and the legal basis:
1.1. Contracting and managing customer relationships:
a. Website access: Each time a user accesses a page from our offer and each time a file is opened, access data is saved by us and partially by third parties in the form of protocol files. Each data set includes: the internet page from which you access our page, IP address, date and time of access, client request, HTTP response code, amount of data transferred, information about the browsing program and operating system used by you.
b. Customer account data: When creating a customer account using the "new customer" option, your data will be saved in the ISIM database. You have the option to request the deletion of your data and your customer account at any time. If you place an order on our website, the data will be processed for the successful execution of the sales process.
c. Data for placing an order: Personal data stored will be used for contract execution and processing your requests. After completing the contract execution or your request, your data will be saved considering the retention periods according to tax and commercial legislation and where appropriate, for a period necessary to protect the rights of the Controller.
Through direct marketing actions, we can keep you informed about our products, services, and campaigns, respecting the legal provisions in force. The use of data ceases as soon as you unsubscribe from the newsletter service. You have the possibility to unsubscribe from the newsletter service at any time and free of charge by: accessing the "Subscriptions" section, checking the "Unsubscribe" option in the newsletter, or sending an email to isim@isim.ro expressly requesting unsubscription.
➢ LEGAL BASIS: the legitimate interest of the Controller to prevent online fraud and ensure the general functionality of the website, contract execution, and consent of the data subject, as appropriate.
1.2. Business administration: COOKIE POLICY
· To improve your online browsing experience, we use cookies that facilitate the use of the innoCENTA platform by visitors.
· Generally, the role of cookies is to ensure quick and easy interaction between users and websites. Also, cookies are used for users to easily resume their activities on subsequent visits to a previously visited website. Essentially, cookies inform the server which pages need to be displayed to the user, without the user having to remember the pages they have browsed or navigate the entire website from the beginning. Please consult the Cookie Policy for detailed information. ➢ LEGAL BASIS: the legitimate interest in continuously providing improved services to users of the innoCENTA website. Note: In the event that we intend to process your personal data for a purpose other than those mentioned above, we will provide you, before such further processing, with information regarding the respective secondary purpose and any relevant information.
2. YOUR RIGHTS AS A DATA SUBJECT REGARDING THE PROCESSING OF PERSONAL DATA PROVIDED:
2.1. Data subject rights and how they can be exercised
According to the GDPR Regulation, as a data subject, you benefit from a set of rights, namely:
a. Right to information and access to personal data: the right to obtain confirmation of whether or not personal data concerning you are being processed and, if so, access to that data.
b. Right to rectification: the right to request from the Controller and obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data, noting that in the case of an online account, these changes can be made personally from the account data editing section.
c. Right to erasure of data ("right to be forgotten"): the right to obtain the erasure of personal data concerning you, without undue delay, in certain circumstances specified in the GDPR Regulation.
d. Right to restriction of processing: the right to obtain restriction of processing in certain cases.
e. Right to data portability: the right to receive the personal data concerning you and to transmit it to another controller.
f. Right to object: the right to object at any time to the processing of personal data concerning you, in accordance with the GDPR Regulation.
g. Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
h. Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you consider that your data has not been processed in accordance with the legal provisions.
➢ How can you exercise these rights?
To exercise the rights mentioned above, please address a written, dated, and signed request to the email address: isim@isim.ro, or to the postal address: Timișoara, Mihai Viteazu Boulevard, no. 30, attention to the data protection officer.
➢ How long do we respond to your requests?
Within a maximum of one month from receiving your request, we will provide you with information about the actions taken or, where applicable, the reasons why the requested measures cannot be taken.
Note: Please note that to comply with a request for access to personal data, we will take all reasonable measures to verify the identity of the data subject.
Also, according to the GDPR Regulation, the response period mentioned above may be extended by up to two months if necessary, taking into account the complexity and number of requests, and we will inform you about this if necessary.
3. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA:
Recipients processing personal data within the European Union have the obligation to comply with the same legal provisions, providing the same level of protection as the Controller.
3.1. Data Transmission for Order Processing
The personal data stored by ISIM is processed for the completion/delivery of orders. For example, your data will be transmitted to other Users under the contract related to an order (sale or purchase).
3.3. Transmission to Public Institutions, Courts, and Authorities Competent to Investigate Criminal Offenses
In special cases, when required by law, ISIM may provide competent institutions with information regarding personal data.
3.4. Transmission to Other Third Parties
To provide you with the best possible experience in the online environment, we constantly strive to improve/perform maintenance on the software programs used. In this regard, we have contracts for development with companies specialized in programming and software maintenance.
3.5. Social Media Plugins
All social media plugins on our website are clearly and distinctly marked:
➢ Facebook share -> Script for sharing Favorite product list/Favorite product on Facebook.
➢ Whatsapp share -> Script for sharing Favorite product list/Favorite product on Whatsapp.
None of these plugins collect personal data of customers. The process involves a transfer of data (images, links, text) between the innoCENTA website and the aforementioned platforms.
3.6. Google Adwords/Analytics Web Analysis Service
Our website uses the "Google Adwords/Analytics" web analysis service provided by Google Inc. for statistical purposes.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"), which uses cookies. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
If IP anonymization is activated, your IP address will be shortened within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is enabled for this site. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage.
Your browser's IP address transmitted for Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this, you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics in the future by downloading and installing Google Analytics Opt-out Browser Addon for your browser: https://tools.google.com/dlpage/gaoptout?hl=en .
Note: Additional information is available on the pages: Google Analytics terms of service and Google Analytics.
4. LEGAL BASIS
For further details, you can consult the legal basis:
· Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (accessible at Regulation_nr_679_2016).
· Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.
· Standard Contractual Clauses (SCCs) at the link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
The management at the highest level undertakes that this privacy policy will be respected by all employees, through the implementation of specific internal procedures regarding the rules for the protection of personal data, in accordance with the legal basis for their processing.