DECLARATION REGARDING THE PROCESSING OF PERSONAL DATA
The company MOLINARO GROUP GLOBAL SRL, legal entity with registered office in Brazilor str., no. 22, Brasov county, with Trade Registry registration number J08/1898/2007 and CUI RO 22100914 as operator, wishes to inform you about the processing of your personal data in the context of operations related to the provision of MOLINARO GROUP GLOBAL services/products to customers, for the purposes specified below.
By the nature and procedures of the services/products provided by MOLINARO GROUP GLOBAL (“products” or “MOLINARO GROUP GLOBAL services”), their users (“Clients” or “Users”) transmit certain personal data used to ensure the supply and development according to legal provisions and own procedures, in optimal conditions and in the safety of the services.
Protecting the personal data of MOLINARO GROUP GLOBAL clients and keeping them safe is one of the important concerns of MOLINARO GROUP GLOBAL and its agents, partners, subcontractors involved in the provision of services.
This Privacy Policy Statement reflects the privacy policy applied to all users of MOLINARO GROUP GLOBAL services/products so that they are informed and can decide in good faith on how their personal data that is collected through the use of the service is or will be used as well as the rights they have.
PERSONAL DATA
Personal data means both non-personal data and personal data – information relating to an identified or identifiable natural person. An identifiable person is that person who can be identified, directly or indirectly, in particular by reference to an identification element, including, but not limited to: (i) name, surname, address, e-mail, telephone ( e.g. landline, mobile, fax); (ii) financial information (eg income, etc.); (iii) various information required or requested by authorities specific to the provision of services/products; (iv) information resulting from video/audio monitoring if the Client visits one of the locations where MOLINARO GROUP GLOBAL services/products are provided or contacts the support services; (v) signature; (vi) any other information that derives from them following the processing carried out by MOLINARO GROUP GLOBAL (e.g., customer segmentation according to different criteria, the unique identifier generated at MOLINARO GROUP GLOBAL level for each individual customer, information specific to the services/products offered by MOLINARO GROUP GLOBAL etc.) and any other information that is necessary for the development of MOLINARO GROUP GLOBAL activities; (vii) IP or the activities performed when you browse our website or use MOLINARO GROUP GLOBAL applications/services).
The processing of personal data means any operation or set of operations performed on personal data, by automatic or non-automatic means, such as collection, registration, organization, storage, adaptation or modification, extraction, consultation, use, disclosure to third parties by transmitting, disseminating or in any other way, joining or combining, blocking, archiving, deleting, destroying, etc.
COLLECTION OF INFORMATION
The information is collected in the process of offering services/products to users or potential users. The main sources of information are:
1. the forms used for the provision of services, data provided when using MOLINARO GROUP GLOBAL websites or applications, other means of communication, questionnaires that users or potential users of the services accept (without being obliged to accept) to complete upon request us, other documents that users or potential users make available to us at our request;
2. the transactions that take place between MOLINARO GROUP GLOBAL and its agents/partners and between them and the users of the service;
3. external sources – for the fulfillment of specific obligations (competent institutions, public registers, electronic databases, information available in social media as well as on the Internet, or qualified third parties, holders of such information, such as, but not limited to to the following: the National Office of the Trade Registry, the portal of Romanian courts administered by the Ministry of Justice, other personal data providers, etc.).
We collect the following data:
madeinasia.ro collects personal data from its users in three ways:
– directly from the user;
– traffic data, from the user’s browser;
– through cookies.
1. Personal data collected directly.
A1. When you access madeinasia.ro or when you create an account or place an order, we may ask for your name, surname and/or email address, as well as other data necessary for contracting, delivery or invoicing.
These data are kept for a period of 3 years from the end of the contract (this
being the general prescription period). Data from invoices are kept for 10 years (where there is a
legal fiscal obligation).
If you do not give us these data, we will be unable to honor your order.
A2. When you access the assistance services, we may ask you for an email address or phone number. We reserve the right to record any communication made for the assistance services of the madeinasia.ro services in order to improve our services. We will inform you before starting the communication that it could be recorded.
These data are used, for example, for the purpose of contacting you to resolve a complaint/request of yours.
We may also request other data that may constitute personal data only to the extent that they are necessary for these purposes.
A3. Also, when you subscribe to our newsletter, please give us an email address to personalize the communication to you.
These data are kept until the consent is revoked or until your activity shows us that you are no longer interested in our communication.
A4. When you make a payment. all payments are processed by our partners, such banking information is transmitted to them. Their personal data processing policies are available on these partners’ own websites.
B. Traffic Data
When you visit a website, regardless of the device used, you reveal certain information about you, such as your IP address, the time of your visit, the place from where you entered our sites, the pages visited. madeinasia.ro, like other operators, records this information for a specific period of time. madeinasia.ro uses external traffic analysis services, such as Google Analytics.
These data are used exclusively by madeinasia.ro to improve our website and services, but also to ensure the security of our website:
– data voluntarily provided by customers when placing the order (name, surname, delivery address, phone number) which we use to process the order and deliver the product to the customer by courier. In the case of the return, we also use the IBAN code (return form);
– navigation data (IPs), which are automatically recorded when a user visits the site and are used with the purpose of collecting anonymous statistical information regarding the use of the site, in order to be able to observe its correct operation in full security;
– cookies – per session and fixed
The purpose of collecting your data is exclusively to respond efficiently and promptly to your request, in all stages of the purchase procedure: verifying the correctness of the data entered by you in the order form, verifying your order, issuing the invoice for the products ordered by you. As well as to be able to contact you in the situation in which there are unclear issues regarding the completion of your order.
If you want to receive information about the products and services offered by MOLINARO GROUP GLOBAL through the online site www.madeinasia.ro, please sign up for our newsletter, specifying your email address. If you want to purchase a product or service from the online store www.madeinasia.ro, please fill in the required data in the order form (name, surname, address, town, phone number).
PURPOSES OF PERSONAL DATA PROCESSING
The purposes for which MOLINARO GROUP GLOBAL processes personal data are:
1. identification of users / potential users through means of communication (e.g. telephone, e-mail, post, internet, fixed or mobile applications that the Client accesses in order to use the services provided),
2. identification of users/potential users in order to fulfill the legal obligations incumbent upon MOLINARO GROUP GLOBAL to provide services;
3. monitoring operations and running services and providing support services for users / potential users;
4. creating or analyzing profiles to improve services and carry out surveys as well as to carry out any other types of service promotion and/or general marketing or advertising activities;
5. analyzing the behavior of any person who accesses the MOLINARO GROUP GLOBAL websites, through the use of cookies, in order to provide content (general and commercial) adapted to the user’s preferences, remember passwords, language preferences, child protection filters, frequency limitation broadcasting of advertisements, etc.;
6. performing internal analyzes (including statistical analyses) both regarding the services and regarding the portfolio of users/potential users, for the provision, improvement and development of the services, as well as conducting studies and market analyzes regarding;
7. solving any procedural and/or legal situations related to the provision of services or the interest of the company
8. archiving in both physical and electronic format of documents related to the provision of services and/or correspondence with users/potential users;
9. reporting to the state institutions according to the legal regulations applicable to MOLINARO GROUP GLOBAL (eg: regulatory authorities and legal authorities).
BASIS OF PERSONAL DATA PROCESSING
MOLINARO GROUP GLOBAL processes personal data for the purposes mentioned above, based on the following grounds:
1. Execution of the contract and preliminary steps for this contract (art. 6(1) b GDPR) – for data collected through the order form or data received as a result of customer relations services;
2. Legal obligations (art. 6 (1) c GDPR) for the data required for invoicing;
3. Consent (art. 6 (1) of the GDPR) for data used for marketing for website visitors (e.g. newsletter subscription, marketing cookies, etc.);
4. The legitimate interest (art. 6 (1) f GDPR for data used for marketing for current customers (according to art. law 506/2004 art. 12 (2)) of madeinasia.ro, the security of the own madeinasia.ro website (consideration 49 GDPR) and the data used internally to optimize the madeinasia.ro website (also anonymized or pseudonymized, as the case may be).
IS THE USER OBLIGATORY TO COMMUNICATE THE DATA? WHAT ARE THE CONSEQUENCES IN CASE OF REFUSAL?
The processing of personal data requested from users/potential users by MOLINARO GROUP GLOBAL in order to provide services is considered strictly necessary for the provision of services according to the legal provisions and procedures of MOLINARO GROUP GLOBAL. The refusal to provide such data makes it impossible for us to provide the services. The user can choose not to process his data for direct marketing purposes.
RECIPIENTS OF PERSONAL DATA
In order to fulfill the purposes mentioned above, the company can disclose the Clients’ data, where it is strictly necessary, based on the need to know, to the following categories of third parties:
• regulatory authorities and legal authorities
• contractual partners (e.g. company agents, auditors, consultants, etc.), some also having the capacity of persons authorized by the operator with the processing of personal data.
These contractual partners also carry out their commercial activity in Romania, and your personal data can be provided to them to be used within the limits of the obligations they have assumed towards the company. The personal data that we divulge to the persons empowered by us with their processing are limited to the minimum amount of personal data necessary to perform the respective services and, at the same time, we ask them not to use the personal data for any other purpose.
We make every effort to ensure that all the entities we work with store your personal data in safe and secure conditions. Also, some of them are also operators who carry out their commercial activity in Romania as well, such as providers of payment services as agents.
Some of them are third parties that do not have the role of processing personal data, but may have access to them in order to fulfill their obligations or in their interaction with the company, such as technical maintenance companies, financial auditors or service providers legal services.
The personal data mentioned above may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions with competence in control activities regarding the company’s services, activities or assets, which request the company to provide information, based on the company’s legal obligations; (ii) to fulfill a legal requirement, including those related to the provision of services, or to protect the rights and assets of our company or other entities or persons, such as courts of law; (iii) acquiring third parties, to the extent that the company’s activity would be (totally or partially) transferred, and the personal data of the persons concerned would be part of the assets representing the object of the transaction. Also, for the processing purpose regulated above, we can provide your personal data to the companies that are part of the MOLINARO GROUP GLOBAL group, companies that will be subject to the company’s instructions regarding the processing of your personal data. For more information visit: https://www.madeinasia.ro.
TRANSFER OF PERSONAL DATA OUTSIDE THE COUNTRY
In the context of the operations described above, the personal data of the Customers may be transferred outside the country to countries in the European Union (“EU”) or the European Economic Area (“EEA”). Thus, we hereby inform the Clients that any transfer made by the company to an EU or EEA member state will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (“GDPR”).
DURATION OF PROCESSING
We will store the personal data of the Clients only for the period of time necessary to achieve the purposes of the processing, as mentioned above, and in compliance with the legal regulations in force, including, but not limited to, the provisions on archiving.
WHAT HAPPENS TO PERSONAL USER DATA AFTER PROCESSING STOPS
After the time when the processing period mentioned above expires and the company no longer has legal reasons or a legitimate interest regarding the processing of your personal data, the personal data will be deleted in accordance with the company’s procedures, which may involve archiving, anonymization , the destruction.
AUTOMATED DECISION-MAKING PROCESS AND CREATION OF PROFILES
The personal data mentioned herein may be subject to automated decision-making processes, including the creation of profiles.
SECURITY OF PERSONAL DATA PROCESSING
The company constantly evaluates and improves the security measures implemented in order to ensure the processing of personal data in safe and secure conditions.
Measures taken to ensure the security of personal data
1. Users who have access to the database of personal information can access the database only with their own account name and password (after 3 wrong password entries, the account is blocked). All users are obliged to maintain the confidentiality of the data to which they have access, and at the end of each session in the database they will close the session.
2. Users access personal data only to fulfill their job duties;
3. Any collection and/or modification of personal data by users are permanently recorded (user, date, time and type of modification are recorded); all logins and logouts of all users to the database are also recorded;
4. The printing of personal data is carried out only by authorized users for this operation and only for purposes required by the laws in force (invoices, notices accompanying the goods, commercial contracts).
The company headquarters is equipped with an alarm system, and personal data are stored electronically in secure, password-protected files. Information on paper is kept in special files, to which only company employees have access, who are bound by the obligation of confidentiality.
THE RIGHTS OF THE PERSON CONCERNED WITH REGARDS TO THE PROCESSING OF PERSONAL DATA
In the context of the processing of personal data of users / potential users, the data subject has the following rights:
1. The right to information – art. 13 and 14 GDPR. It allows the concerned persons to know, right from the moment when the collection is made, how those data will be used, to whom they will be disclosed or transferred, what rights the concerned persons have regarding the processed data, etc.;
2. The right of access to processed personal data – art. 15 GDPR. It allows the person to obtain, from MOLINARO GROUP GLOBAL, a confirmation that personal data concerning him or her is being processed or not and, if so, access to the respective data and other useful information;
3. The right to rectify or delete data – art. 17 GDPR. It allows the person to obtain from MOLINARO GROUP GLOBAL the deletion/rectification of personal data concerning him, without undue delay. There are, however, exceptions to this rule, such as: some data are processed to give the public the right to information; the data are processed for statistical or archiving purposes; the data are processed to fulfill a legal obligation or are processed to establish or defend a right in court;
4. The right to request the restriction of processing – 18 GDPR: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period that allows the operator to verify the accuracy of the personal data personal; (ii) the processing is illegal, but you do not want us to delete your personal data, but to restrict the use of this data; (iii) if the data operator no longer needs your personal data for the purposes mentioned above, but you need the data to ascertain, exercise or defend a right in court; or (iv) you objected to the processing, for the period of time in which we can verify whether the legitimate grounds of the data operator prevail over the rights of the data subject;
5. The right to data portability – 20 GDPR. It represents the right to receive the personal data that you have provided to MOLINARO GROUP GLOBAL in a structured, currently used and automatically readable form, as well as the right to transfer said data to another operator, in if the processing is based on your consent or the execution of a contract and is carried out by automatic means;
6. The right to withdraw your consent for processing, when the processing is based on consent, without affecting the legality of the processing carried out until that moment;
7. The right to object to the processing of personal data – art 21 GDPR – for reasons related to your particular situation, when the processing is based on legitimate interest, as well as to object at any time , data processing for direct marketing purposes, including the creation of profiles;
8. The right not to be the subject of a decision based exclusively on automated processing, including the creation of profiles, which produces legal effects that concern the data subject or similarly affect him to a significant extent;
9. The right to file a complaint with the National Supervisory Authority for the Processing of Personal Data (ANSPDCP) and the right to appeal to the competent courts.
The data protection policy is based on the following data protection principles:
• The processing of personal data will be done in a legal, correct and transparent manner;
• The collection of personal data will be done only for specified, explicit and legitimate purposes and the data will not be further processed in a manner incompatible with those purposes;
• The collection of personal data will be adequate, relevant and limited to the information necessary for the purpose of processing;
• Personal data will be correct, and where necessary, updated;
• All necessary measures will be taken to ensure that incorrect data is deleted or corrected without delay;
• Personal data will be kept in a form that allows the identification of the person concerned and for a period no longer than that in which the personal data is processed;
• all personal data will be kept confidential and stored in a manner that ensures the necessary security;
• Personal data will not be distributed to third parties unless it is necessary for the purpose of providing services according to the agreements;
• The persons concerned have the right to request access to personal data, their rectification and deletion, objection or restriction from data processing as well as from the right of data portability.
CHANGES TO THIS STATEMENT REGARDING THE PROCESSING OF PERSONAL DATA
MOLINARO GROUP GLOBAL reserves the right to modify this Declaration – Privacy Policy without prior notice, in accordance with the legislation in force. To the extent that this Declaration undergoes changes, MOLINARO GROUP GLOBAL will publish an updated version on the website. Please review the Declaration – Privacy Policy from time to time, either on the website office@madeinasia.ro or in the locations where the services are available, in order to be aware of its latest version.
The exercise of the rights mentioned above can be done at any time. In order to exercise these rights, we recommend that you use the forms that can be found on the website www.madeinasia.ro or by sending a notification in electronic format to the following address: office@madeinasia.ro or a written, dated and signed notification , at the address: Brazilor str., no. 22, Brasov, Brasov county