PERSONAL DATA PROTECTION POLICY

1. Who we are

This policy is applicable to the limited liability company SANDRA FERRETTI S.R.L., based in Romania, Str. Mihai Viteazu no.1, Busteni, Prahova County, having the serial number in the Prahova Trade Register: J29 / 1232/2022, Unique Identifier at European Level (EUID): ROONRC.J29 / 1232/2022 and Unique Registration Code 46099388. For the purposes of data protection law, we are the operator when we process your personal data.

We consider ensuring the right to the protection of personal data as a fundamental commitment of SANDRA FERRETTI, therefore we will dedicate all the necessary resources and efforts to process your data. The GDPR policy is based on the provisions of Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR"), which in force since 25 May 2018, as well as on the applicable national legislation. As one of the key principles of this legal framework is transparency, we have prepared this document to inform you of how we collect, use, transfer and protect your personal data when you interact with us in connection with your products and services, including through our website www.sandraferretti.com, or through mobile applications.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements.

Any information regarding the processing of your personal data can be requested in writing to the address of the above-mentioned registered office or to the e-mail address: office@sandraferretti.com.

2. Agreement

Your use of our services is subject to this GDPR Policy. By using our services, you agree to the terms of this GDPR Policy. The purpose of the GDPR Policy is to inform our customers about the collection, storage and use of personal data.

3. What categories of personal data we process

We generally collect your personal data directly from you, such as:

When you create an account on the website www.sandraferretti.com, send us: e-mail address, name and surname;
On your personal page (My Account) in the SANDRA FERRETTI platform you can add additional information such as: photo, gender, nickname, mobile phone number, landline number, date of birth, level of education, delivery addresses, alternative address e-mail, bank card details etc;
When you place an order, you provide us with information such as: desired product, first and last name, delivery address, billing details, payment method, phone number, bank card details etc;
Details of your visits to our website (in this sense we recommend that you read the Cookies Policy);
Other information that you send to us, when making a request on the site or as a result of sending it by email or phone;
The data necessary for the issuance of tax invoices, as well as any other relevant data;
We collect and process personal data relating to your last name, first name, email address, telephone number in order to maintain correspondence or communication with you. Thus, if you make a request by email or phone, we will process your data in order to resolve it;
We collect your data that comes as a result of a request to be contacted and our consultants will contact you to provide you with more information;
We collect personal data relating to name, surname, email address, telephone, interest in contracting and which come as a result of the fact that you requested to be contacted, filling in the fields on the site;
We collect your data primarily by visiting the www.sandraferretti.com website, placing an online order, placing an order in physical stores, using SANDRA FERRETTI applications, or visiting our physical stores. In this context, if required by your request, we may send your contact details to financial and governmental institutions, transport companies or the post office;
If you have expressly consented to your personal data being processed for marketing purposes by SANDRA FERRETTI, respectively for sending newsletters, information about our products and services, or events, contests organized by us, SANDRA FERRETTI or its representatives will process your data for this purpose.

We do not collect or otherwise process sensitive data included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data from minors under the age of 16.

4. How long we keep your personal data

Ensuring the confidentiality of the personal data you transmit to us is an important concern for us

In general, we will store your personal data while you have an account on the website www.sandraferretti.com. You may ask us to delete certain information or close your account at any time, and we will respond to such requests, subject to the retention of certain information, including after closing your account, where applicable law or our legitimate interests so require. Personal data may be stored on our personal data technology systems, those of our contractors or in print, for a period of 5 years or any other period in accordance with applicable legal regulations.

The website www.sandraferretti.com is protected by the standard SSL (Secured Socket Layer) encryption system. This technology encrypts all your personal data that you transfer to SANDRA FERRETTI.

5. The purposes for which we process your personal data

We may collect and process personal data for the following purposes:

Order processing, including taking over, validating, shipping and invoicing;
Offering our products and services;
Resolving cancellations or problems of any kind related to an order, goods or services purchased;
Sending invitations for organized events;
Compliance with our legal obligations (such as obligations to keep records and supporting documents);
Returning the products according to the legal provisions;
Reimbursement of the value of the products according to the legal provisions;
Analyzing, improving our services and communications to you;
Protecting the security and management of websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
Transferring them to third parties, if you have expressly consented;
Marketing campaigns, customer surveys, market reviews, raffles, contests or other promotional activities or events, if you have expressly consented;
Ensuring the physical security of the spaces, according to the special legislation applicable in the field;
Providing support services, including providing answers to your questions about your orders or SANDRA FERRETTI goods and services;
Relationship with public authorities, according to the applicable legal norms in civil and criminal matters;
For a better online shopping experience, we may collect and use certain information about your Buyer behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order, or we may conduct, directly or through partners, studies and market research;
Any purpose related to and / or ancillary to any of the above or any other purpose for which your personal data has been provided to us.
For marketing, to keep you up to date on the best deals for the products / services you are interested in. In this sense, we can send you any type of message (such as: e-mail / SMS / telephone / mobile push / webpush / etc.) Containing general and thematic information, information on products similar or complementary to those that You have purchased them, information about offers or promotions, information about products added to the "My Account / Cart" section or the "Account / Favorites" section, or you have shown interest in purchasing them, as well as other commercial communications such as research market and opinion polls, and we can post personalized recommendations on the website and in the smartphone app. To provide you with information of interest to you, we may use certain data about your buyer behavior (e.g. products viewed / added to your wishlist / purchased) to create a profile for you. We always make sure that such processing is carried out in compliance with your rights and freedoms and that the decisions made thereunder have no legal effect on you and do not affect you in a significant way. In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by: changing your client account settings in the "My Subscriptions" section; accessing the unsubscribe link displayed in the messages you receive from us; or by contacting SANDRA FERRETTI at office@sandraferretti.com. Please note that in the event of a unsubscribe request, there may be a time limit of up to 48/72 hours in which you may receive further information or marketing communications for reasons related to the operation of system changes. Unsubscribing from marketing emails does not preclude further transmission of transactional emails through which we can inform you of the status of the transaction that we may conclude;
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can request us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will process your request;
To defend our legitimate interests; There may be situations in which we use or transmit information to protect our rights and business. These may include: measures to protect the website and users of the www.sandraferretti.com site from cyber attacks, measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities; measures to manage various other risks. The general basis for such processing is our legitimate interest in defending our business, and we understand that we make sure that all the measures we take ensure a balance between our interests and your fundamental rights and freedoms. Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the protection of goods and values provided by the applicable legislation in this matter.

6. Sharing and transferring your personal data

We may provide access to the personal data you provide to our authorized persons on the basis of contracts entered into for this purpose, but we will retain control of your personal data and use appropriate safeguards in accordance with applicable law to ensure the integrity and security of your personal data.

Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients:

companies within the same group of companies as SANDRA FERRETTI;
courier service providers;
payment / banking service providers;
marketing / telemarketing service providers;
market research service providers;
insurance companies;
IT service providers;
other companies with which we can develop joint programs to offer our goods and services on the market.

We may also disclose personal data to you when instructing or giving us permission to do so or when required to do so by applicable law, requests from judicial or official bodies to do so, or for the purpose of investigating fraudulent activities or criminal, actual or suspected.

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We will not transfer personal data outside the EEA, unless one or more of the specified safeguards or exceptions apply to the transfer, or an adequacy decision, Privacy Shield, mandatory corporate rules.

In the absence of an adequacy decision, membership of the Privacy Shield, mandatory corporate rules, the transfer of personal data to a third country or to an international organization shall take place only under the following conditions:

The data subject has explicitly agreed to the proposed transfer, after being informed of the possible risks of such transfers for the data subject, due to the lack of an appropriate decision and appropriate security measures;

We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

7. Your rights

We would like to inform you that in the new personal data protection regulations provided for in the EU General Data Protection Regulation 679/2016, if we process your personal data, you have the following rights listed below, as well as of any other applicable legal rights:

the right of access, provided by art. 15 of the GDPR, based on which you can ask us, free of charge, to confirm whether or not we process personal data concerning you. You may also request a copy of the data we process about you. Requests must include relevant information in order to identify you in our database. We will resolve your request within the legal deadline;
the right to information - implies the information in a concise, transparent and easily accessible manner of the data subjects regarding the processed data;
the right to rectification, provided by art. 16 of the GDPR, which you can exercise, by formulating a request by which you can ask us to modify the information we already have about you. You can make such a request when you notice that your data is incomplete or inaccurate;
the right to restrict the processing, provided by art. 18 of the GDPR, which you can exercise when you challenge the accuracy of the data, consider that the processing is illegal or oppose the deletion of the data. Following the exercise of this right, we will still be able to store your data, other processing operations being possible only with your consent, except as expressly provided by law;
the right to portability, provided by art. 20 of the GDPR, which you can only exercise in cases where the processing is based on your consent or contract and only if your data is processed by automated means. If you meet the conditions, you can send us a data porting request to the operator you want;
the right to oppose the processing of data for marketing purposes, provided by art. 21 of the GDPR. You can exercise this right at any time, and we guarantee that your data will no longer be processed for this purpose. However, it may take a reasonable amount of time (up to 72 hours) to register and resolve your request, and you may still receive marketing information from us;
the right to cancellation, provided by art. 17 of the GDPR, based on which we have the obligation to delete the personal data we process about you. This right is not an absolute one, having applicability only in certain situations expressly provided by law. When requesting a deletion, please note that deleting them can be a complex process.
the right to address the National Authority for the Supervision of Personal Data, the Romanian public authority, based in G-ral Blvd. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, web page http://www.dataprotection.ro, which aims to protect the fundamental rights and freedoms of individuals, especially the right to privacy , family and private, in connection with the processing of personal data and the free movement of such data („ANSPDCP”), in case you report a breach of the GDPR.

In order to exercise these rights, please send us a written request to the above-mentioned registered office or to the e-mail address: office@sandraferretti.com, with the subject „Request for personal information”.

Also, if you wish to withdraw your consent to direct marketing purposes, you may use the „unsubscribe” option which is included in each marketing communication.

8. In which countries do we transfer your personal data?

We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests.

Transfers to service providers and other third parties will always be protected by contractual commitments and, where applicable, by other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data, transferred from within the EU to the United States.

9. How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.

The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while ensuring data redundancy.

Despite the measures taken to protect your personal data, we warn you that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, and there is a risk that the data may be viewed and used by third parties. unauthorized parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.

10. GDPR Policy Update

We reserve the right to periodically update and modify this GDPR Policy to reflect any changes to the way we process your personal data or any changes to legal requirements.

In the event of any such changes, we will display the modified version of the GDPR Policy on our website www.sandraferretti.com and / or make it available in another way.

11. Contact

For further information on the content of the GDPR Policy, please contact us in writing at the above-mentioned registered office or by e-mail: office@sandraferretti.com.