The policy of personal data processing
As of 13.03.2019
The present document describes the policy of BOBYCLOCK SRL [Romanian company established and functioning according to Law 31/1990, headquartered in Bucharest, District 6, 94-100 Ghencea Avenue, 12 floor, ap. A1129, registered at the Trade Register under no. J40/8774/2012, having the Sole Registration Code 22544500, hereinafter called “The Company”] to use and protect personal data (as defined by the applicable legislation).
The exercise of personal rights, according to Chap. IV, can be made by sending a message to the attention of the person in charge with protection of personal data (Data protection officer) at the email address mentioned in Contact Page or by sending a written address with acknowledgement of receipt at the head office of the Company. All requests are solved in the applicable legal term.
The data subject have the possibility to instantly unsubscribe from the service of transmitting news by email (newsletter), by using the link “unsubscribe” from the received email.
Chap. I- Collected data
Art.1.1.- The site and services provided by the Company through the on-line platform are destined exclusively to juridical persons.
Considering the above, in view of accomplishing the trade activity, the Company collects personal data by the following means:
-Information received from users:
- In view of registering an on-line account (necessary for accessing the services), the Company collects information concerning: the email address. The data is kept an unlimited period until the account is deleted.
-For operating payments and issuing invoices, the Company collects information concerning: the denomination of the juridical person, full address, tax identification data.
- Making on-line payments
-For operating on-line payments, the Company collaborates with Digital River. This is a separate company, and their privacy policy can be found on website https://www.mycommerce.com/privacy-policy/.
- Running marketing campaigns
- In order to run marketing campaigns, the Company can send emails to the registered Users (juridical persons);
- The Company can send emails to the public email addresses of the juridical entities which are interested in the economic activity of the company;
- Moreover, promotional offers can be sent to natural persons who give their express agreement thereof by document under private signature, online transmitted request or other such documentation.
Chap. II- How do we process this information? (the purpose of processing)
Art. 2- The Company stores and processes personal data in the following purposes:
- Registration of users in view of creating the account, offering limited access to the platform and the possibility of paying the monthly subscription.
- Providing services according to the Terms and Conditions and in view of accomplishing certain legal obligations (ex. issuance of bills).
- Organizing and studying statistic data (ex. Analyzing and studying the geographic distribution of Clients).
- Sending personalized offers and organizing marketing campaigns.
Art.3 The company processes personal data based on the agreement for contractual obligations legal obligations.
Chap. III- Duration of processing
Art. 4- The Company stores personal data in order to comply with certain legal obligations or until the user is removed, consent is withdrawn or the right of forgiveness is exercised.
Chap. IV- Rights of the Concerned Persons
Art. 5- According to the European Regulation concerning personal data protection, the Company recognizes and guarantees the following rights of the concerned persons:
- The right of access- the right of a concerned person to obtain a confirmation from the Company regarding the processing of personal data, and an affirmative case, access to the respective data and information concerning the way the data is processed.
- The right to rectify- the right of the concerned person to request the correction, without unjustified delays, of the inexact personal data. The rectification will be communicated to each beneficiary, to which the data has been transmitted, excepting the case in which this is proved to be impossible or involves disproportioned efforts.
- The right to data portability- the right to receive personal data in a structured format, used currently, which can be automatically read and the right for this data to be directly transmitted to another data operator, if technically feasible.
- The right of opposition – the right of the concerned person to oppose to the processing of personal data when the processing is not necessary for accomplishing a task which serves to a public interest or does not concern a legitimate interest of the operator. When the processing of personal data has direct marketing as purpose, you have the right to oppose the processing at any time.
- The right of deleting the data (“the right to be forgotten”) – the right of the concerned person to request that his personal data should be deleted, without unjustified delays, in case of one of the following:
- It is not necessary for accomplishing the purposes for which they were collected or processed;
- Withdrawal of consent is applicable and there is no other legal ground for processing;
- Exertion of the right to opposition and lack of legitimate founds for processing;
- The personal data has been illegally processed;
- The personal data must be deleted in order to comply with a legal obligation;
- The personal data has been collected relating to offering service of the informational company.
- The right to restriction the processing - the concerned person can require the restriction of processing in the following cases:
- The data subject challenges the exactness of the data, on a period which allows the Company to check the correctness of data;
- The processing is illegal, and the person opposes to deleting the personal data, requiring restriction in exchange;
- If the Company does not require personal data in the purpose of processing, but the person solicits them for admitting, exerting or defending a right in court;
- If the person who opposed the processing for the time period in which the Company verifies if there are other lawful grounds for processing the personal data.
Chap. V- The transfer of data to third parties
Art. 6- The Company does not transfer personal data to other data persons without the prior notice or request of the data subject.
Art. 7 - The Company transfers information to other affiliated companies, service providers and other partners which process them on behalf of the Company, based on the Company’s directions and ensuring the level of security according to the applicable legislation. These companies can offer global services, including assistance for clients, IT, payments, sales, marketing, data analysis, research and surveys.
Art.8 - All the collaborators of the Company have implemented and comply with the standards of data protection imposed by the Regulation (UE) 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data.
Art. 9 - The Company can keep or disclose information transmitted in order to comply with legal previsions, of legal procedures or to respond to a request coming from the local authorities. Also, it can use the data in order to exercise its legal rights, to defend itself in court or to prevent, detect or report illegal activities, such as fraud, abuse, breaching of terms and conditions or threats to the Company’s security or another person’s safety.
Chap. VI-Security of information
Art. 10 - The Company is working towards keeping the data safe. In this regard, it uses a combination of technical, administrative and physical controls to maintain the security of the processed data. However, there is no manner of transmitting or storage of data is completely safe. Any additional clarification regarding security, please contact us according to Contact Page.
Art. 11- According to the European Regulations, the Company tracks, identifies, registers, archives and reports, where the case may be, all security incidents.
Chap. VII- Competent authorities
Art. 12 -Notification concerning the processing of personal data can be sent to the Company by a message to the email address according to Contact Page or by sending a written message with acknowledgement of receipt at the headquarters or office of the Company, to the attention of the person in charge with protection of personal data (Data protection officer).
Art. 13 - Also, the data subject have the right to address the National Authority of Surveillance of Personal Data concerning the illegal processing of data by sending a notification at the head office of the authority: Bucharest, 28-30 G-ral. Gheorghe Magheru Avenue, District 1, postal code 010336, e-mail: anspdep@dataprotection.ro