Personal data processing
PRIVACY POLICY
of BARHAT LASH SRL
INTRODUCTION
Thank you for your interest in our company and the products we sell. The protection of personal data is a very important subject for us. When you enter into a relationship of any kind with us, you are entrusting us with your information, some of which is personal data protected by European and national legislation.
This document (hereinafter referred to as the "Privacy Policy", "Information Notice" or the "Document") contains the necessary information on the use of personal data. Please read this document carefully. We recommend reading this document together with the Terms and Conditions of Use. In the event of any conflict between the terms of this Document and any other contractual terms between us and you, the terms of this Document shall prevail. For more information about the use of cookies or other similar technologies, please see our Cookie Policy.
The purpose of this Privacy Policy is to explain to you, among other things, the categories of personal data we process(e.g. collection, storage, use, transmission), the reasons for processing, the manner of processing, your rights under the General Data Protection Regulation (hereinafter "GDPR" or "GDPR") and how you can exercise those rights. When processing personal data, we act as a controller and are legally obliged to provide you with this information.
BARHAT LASH SRL is a personal data controller in accordance with the GDPR. This Privacy Policy only covers data processing for which BARHAT LASH SRL is a controller.
DEFINITIONS
1. "GDPR", "GDPR" , "GDPR GDPR" or "Regulation " means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
(2) "Operator" or "We " or "Us " means BARHAT LASH SRL, a company of Romanian nationality with registered office in SG. Constantin DELIU nr. 11, biroul nr. 2, etaj 2, ap. 11, Sector 5, Bucharest, registered in the Bucharest Trade Register under no. J40/12921/2020, with fiscal code 43144352.
3. "Data subject" means any identified or identifiable natural person whose personal data are processed by us as controller, such as customers, potential customers, visitors of the website.
4. 'Processing ' means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
5. "Consent " shall mean any freely given specific, informed and unambiguous indication of the data subject's free will by which he or she signifies his or her agreement, by an unambiguous statement or action, to personal data relating to him or her being processed.
6. "Personal data " means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Other terms used in this document have the meaning given to them by the GDPR and other applicable legal provisions.
OTHER SERVICES
This Privacy Policy does not cover other third party applications and websites that you may reach by accessing links on our website. This is beyond our control. We encourage you to review the Privacy Policy of any site and/or application before providing personal data.
WHO ARE WE?
BARHAT LASH SRL, a Romanian company with registered office in SG. Constantin DELIU nr. 11, bureau nr. 2, etaj 2, ap. 11, Sector 5, Bucharest, registered in the Bucharest Trade Register under no. J40/12921/2020, with fiscal code 43144352, e-mail office@barhat.ro, is responsible for the processing of your personal data that we collect directly from you or from other sources.
WHO ARE YOU?
According to the law, you, the natural person who is the beneficiary of our products, the representative or contact person of a company that is our customer or potential customer, a visitor to our website and/or a person in any relationship of any kind with us, are a "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about our processing of personal data and to enable you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights. For more information on exercising your rights, please visit the "Your Rights" section of this document.
OUR COMMITMENT
The protection of your personal information is very important to us. That is why we are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) No 679/2016, also known as GDPR and the following principles:
✓Lawfulness, fairness andtransparency
We process your data lawfully and fairly. We are always transparent about the information we use, and you are properly informed.
✓Controlis yours
Within the limits of the law, we give you the ability to review, amend, delete the personal data you have shared with us and exercise your other rights. For more information on exercising your rights, please see the "Your Rights" section of this document.
✓Data integrity and purpose limitation
We use data only for the purposes described at the time of collection or for new purposes compatible with the original purposes. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.
✓ Security
We have implemented reasonable personal data processing security measures to protect your personal information to the best of our ability. However, please note that no website, no application and no internet connection is completely secure.
CHANGES
We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately upon notice, which we will provide by posting on the Website and/or notifying you by e-mail.
YOUR INFORMATION. PURPOSES. LEGAL GROUNDS
When you browse our website, send us a request by e-mail or contact us for any other purpose and through any other communication channel, you may provide us with the following personal data, which we collect directly from you or from other sources, as explained in the table below.
|
Personal data processed*
|
Purpose* |
Legal Grounds |
Data provision is mandatory/ optional |
|
Name
|
for billing to comply with legislation to prevent fraud and other crimes to create a website account for direct marketing |
conclusion or performance of a contract - Art. 6 (1) lit. b GDPR legal obligation - Art. 6 (1) lit. c) GDPR consent - Art. 6 (1) lit. a) GDPR - (only for direct marketing) legitimate interest - Art. 6 (1) lit. f) GDPR and Art. 12 (2) of Law no. 506/2004 - (only for direct marketing) |
The provision of this data is mandatory for issuing the tax invoice. Failure to provide this data leads to the impossibility to conclude a sales contract with you |
|
Billing address
|
for invoicing to comply with legislation to prevent fraud and other crime |
conclusion or performance of a contract - Art. 6 (1) lit. b GDPR legal obligation - Art. 6 (1) lit. c) GDPR |
The provision of this data is mandatory for issuing the tax invoice. Failure to provide this data leads to the impossibility to conclude a sales contract with you |
|
Delivery address |
For the delivery of goods |
Conclusion or performance of a contract - Art. 6 (1) lit. b GDPR |
Providing this data is mandatory for the execution of the sales contract. Failure to provide this data leads to the impossibility to deliver your goods. |
|
|
For electronic invoicing For order processing To prevent fraud and other crimes to create an account on the website for direct marketing |
conclusion or performance of a contract - Art. 6 (1) lit. b) GDPR consent - Art. 6 (1) lit. a) GDPR - (only for direct marketing) legitimate interest - Art. 6 (1) lit. f) GDPR |
The provision of this data is mandatory for the conclusion of the distance selling contract and order processing. Failure to provide this data leads to the impossibility to conclude a distance selling contract with you. You can object to direct marketing by e-mail at any time. |
|
Telephone number
|
For delivery of goods To communicate with you For direct marketing |
To conclude or perform a contract - Art. 6 (1) lit. b) GDPR Consent - Art. 6 (1) lit. a) GDPR - (for direct marketing only) legitimate interest - Art. 6 (1) lit. f) GDPR |
The provision of this data is mandatory for the execution of the sales contract and to be contacted by courier companies. Failure to provide this data leads to the impossibility to deliver your goods. You can object to direct marketing by telephone at any time. |
|
IP address
|
to defend against cyber attacks to prevent fraud |
legitimate interest - Art. 6 (1) lit. f) GDPR |
This information is collected directly from the user |
|
Date of birth |
For promotional campaigns |
Consent - Art. 6 (1) lit. a) GDPR - (for direct marketing only) legitimate interest - Art. 6 (1) lit. f) GDPR |
Providing this data is optional. |
*Although we have made every effort to identify all personal data processed and the purposes, please note that the information in the table above is not exhaustive.
Most personal data we collect directly from you (e.g. by filling in a form on the website). The majority of personal data is as described above, but there may be situations where we collect data from third parties(e.g. partners, platforms).
In addition to the information indicated above, we may also collect the following information, depending on the circumstances:
- How you interact with our site (e.g., information about how and when you access our site or what device you use to access our site). For more information on this, please also read our Cookies Policy.
- Information provided when filling in forms or questionnaires.
- The content of messages sent via messaging systems and email.
If you make purchases by bank card, certain payment information (card details) will be collected, but will be stored by our payment processing partners in a way that we cannot read and cannot access.
We may also process personal data for the following purposes:
- To respond to your questions and requests and to provide you with customer service;
- For marketing purposes, but only where we have your prior consent or where there is a legal exception to obtaining consent;
- To provide and improve the services we offer;
- To diagnose or fix technical problems;
- To defend against cyber-attacks;
- To create and/or maintain accounts;
- To comply with legislation, such as complying with tax laws that require us to keep accounting records for a certain period of time;
- In the unlikely event of a dispute, to establish or assert a right in court.
STORAGE PERIOD
We store your personal data only for as long as necessary to fulfill the purposes, but not more than 5 years after the end of the contract or last interaction with us. After the end of the period, personal data will be destroyed or erased from computer systems or anonymized for scientific, historical or statistical research purposes. Please note that in certain expressly regulated situations, we store data for the period required by law.
TRANSFERS OF PERSONAL DATA
We may disclose your data, subject to applicable law, to business partners or other third parties. We make reasonable efforts at all times to ensure that these third parties have adequate personal data protection and security measures in place. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is lawful under the law. For example, we may provide your data to other companies, such as IT(e.g. cloud, hosting) or telecommunications, accounting, legal services providers and other third parties with whom we have a contractual relationship.
We may also pass your data to other recipients with your consent or in accordance with your instructions, such as where you exercise a portability request.
We may also provide your personal information to prosecutors, police, courts of law and other authorized state bodies, on the basis and within the limits of the law and in response to specific requests.
INTERNATIONAL TRANSFERS
The transfer of personal data to a third State may take place only if the State to which the transfer is intended ensures an adequate level of protection. The transfer of data to a State whose legislation does not provide for a level of protection at least equal to that afforded by the GDPR is possible only if there are sufficient safeguards with regard to the protection of the fundamental rights of the data subjects. These safeguards will be established by us through contracts with the providers/service providers to whom your personal data will be transferred. Whenever we transfer your personal data outside the European Economic Area (EEA), we will ensure that a similar level of protection is in place through one of the following data protection mechanisms offered by the GDPR. At present, we may transfer your personal data to countries where it has been demonstrated by the European Commission to provide an adequate level of security for personal data, but also to other countries using transfer mechanisms provided by law.
SECURITY OF PERSONAL DATA
We understand how important the security of personal data is and we take the necessary steps to protect our customers and others whose data we process from unauthorized access to personal data, as well as from unauthorized alteration, disclosure or destruction of the data we process in the course of our business.
We have implemented the following technical and organizational personal data security measures:
(a) Dedicated policies.We adopt and constantly review internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from unauthorized access or other possible security threats. These policies are under constant review to ensure that we comply with legal requirements and that our systems are functioning properly.
b) Data minimization. We ensure that your personal data we process is limited to only that which is necessary, appropriate and relevant for the purposes stated in this Policy.
c) Restricting access to data.We try to restrict access to the personal data we process as much as possible to the minimum necessary: employees, collaborators and others who need to access this data in order to process it and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (either by contract or by law).
d) Specific technical measures. We use technologies to ensure the security of personal data, always striving to implement the most optimal data protection solutions. We also back-up data periodically in order to be able to recover them in the event of a possible incident and we have regular audit procedures in place regarding the security of the equipment used. However, no website, no application and no internet connection is completely secure and untouchable.
e) Ensuring the accuracy of personal data. Sometimes we may ask you to confirm the accuracy of your personal data to make sure that it reflects reality.
f) Staff training. We constantly train and test our employees and collaborators on legislation and best practices in the field of personal data processing.
g) Data anonymization. Where we can, we try as far as possible to anonymize/pseudonymize the personal data we process so that we can no longer identify the individuals to whom it relates.
However, while we are constantly striving to ensure the security of the data you entrust to us, we may also experience less fortunate events and security incidents/breaches. In these cases, we will strictly follow the procedure for reporting and notifying security incidents and will take all necessary measures to restore the situation to normal as soon as possible.
DIRECT MARKETING
To the extent that we have obtained your prior consent or you are already a customer of ours, we may use direct marketing technologies using information collected about you. We currently conduct marketing through the following methods: e-mail marketing and sms marketing.
You may opt-out of direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email and SMS ("unsubscribe") or by sending a request to office@barhat.ro.
PROFILING AND AUTOMATED DECISIONS
We do not make automated decisions with legal effect or significant impact on you
YOUR RIGHTS
Your rights under the GDPR are as follows:
(a) The right to be informed about the processing of your data.
(b) The right to access your data. You have the right to obtain from us a confirmation as to whether or not we are processing personal data concerning you and, if so, access to that data and to the information referred to in Article 15(b) of the GDPR. (1) of the GDPR.
(c) Right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, rectification of inaccurate personal data concerning you.
(d) The right to erasure ("right to be forgotten"). In the situations set out in Article 17 of the GDPR, you have the right to request and obtain erasure of your personal data.
e) Right to restriction of processing. In the cases set out in Art. 18 of the GDPR, you have the right to request and obtain restriction of processing.
f) Right to portability. The right to transfer the data we hold about you to another controller.
g) The right to object to data processing. In the cases set out in Article 21 of the GDPR, you have the right to object to data processing.
h) The right not to be subject to a decision based solely on automated processing, including profiling with legal or similarly significant effects on you.
i) Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal data at any time
j) The right to take legal action to defend your rights and interests.
k) The right to lodge a complaint before a Supervisory Authority.
|
Name |
National Data Protection Supervisory Authority |
|
Address |
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania |
|
Phone: |
+40.318.059.211 or +40.318.059.212 |
|
|
anspdcp@dataprotection.ro |
Please note that:
(1) You may withdraw your consent to direct marketing at any time by following the unsubscribe instructions in each email or by sending a request to office@barhat.ro.
(2) If you wish to exercise your rights, you may do so by sending a written, signed and dated request to office@barhat.ro.
(3) The rights listed above are not absolute. There are exceptions, therefore each request we receive will be analyzed in order to decide whether or not it is well-founded. If your request is justified, we will facilitate the exercise of your rights. If the application is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to lodge a complaint with the Supervisory Authority and to go to court.
(4) We will endeavor to respond to your request within one month. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the inability to identify you within a reasonable time.
(5) If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with your request.
For any further information, please contact us at office@barhat.ro.
You have reached the end. Congratulations! Thank you for taking the time to find out how we protect your personal data!
