PERSONAL DATA PROCESSING POLICY FOR www.ubena-spices.com
1. DATA CONTROLLER
The data controller in the sense of Article 24 of EU Regulation 679/2016 (GDPR) to whom this Policy pertains is S.C. Fuchs Condimente RO S.R.L., established in Romania, 115300 Curtea de Argeș, str. Nordului, no. 41-43, subject to the management and coordination of the company DF World of Spices GMBH, represented by its current legal representative (hereinafter: Fuchs Condimente RO or Data Controller).
The Data Controller, in accordance with its organisational structure, declares that it has appointed a data processor and persons in charge of personal data processing in different management boards, company departments and divisions, as well as that the other companies that are part of the Group have likewise fulfilled the same legal obligations, each in accordance with its own organisational structure.
In view of the above, the Data Controller informs you that, pursuant to the General Data Protection Regulation (GDPR) and the applicable national legislation governing the protection of personal data, your data will be processed in the following way and for the following purposes.
2.DATA SUBJECT TO PROCESSING
Fuchs Condimente RO will process the personal data (hereinafter: Data or Personal Data) that you have provided when browsing the Data Controller’s website www.ubena-spices.com (hereinafter: Website), and/or if you sent a contact request to the Data Controller; specifically, this includes:
- first name, surname, e-mail address, telephone number
- the IP address of the computer making the request
- the date and time of the request
- the page being accessed, the name of the downloaded file
- the amount of data downloaded
- information on the outcome of the process (positive or negative)
- the URL used to access the website or activate a function
- the browser used.
The information listed above, including the IP address, is stored during the process in order to make it possible for you to use our Website. The IP address is also briefly stored in order to ensure that the IT environment is safe, and especially to protect computer systems from misuse and to deflect attacks.
In any case, it will be understood that processing will not include Personal Data considered “sensitive”, i.e. Data that could be used to reveal a person’s racial or ethnic background, religious, philosophical or other beliefs, political opinions, membership in political parties, trade unions, associations or organisations of a religious, philosophical, political or trade union nature, as well as Personal Data that could be used to reveal a person’s health or sex life.
3.PURPOSES OF DATA PROCESSING
The Data provided by the User will be used for the following purposes:
A. Without your prior consent, for contractual purposes:
- for handling purchases and distribution
- for managing the computer systems used by the Company, i.e. exclusively for the purposes of collecting anonymous information regarding the use of the Website and verifying that the Website will work properly when browsed by the User
- for performing maintenance and providing technical support in order to ensure that the Website and the associated services work properly (especially the services and special features mentioned in previous articles)
- for improving the quality and structure of the Website, as well as for the creation of new services, functions and/or features
- for preventing and identifying fraudulent activities and instances of harmful misuse of the Website
- for contacting the User, either by post or e-mail, solely for the purpose of confirming and/or amending the information in possession of the Company.
We would also like to inform you that, if you already happen to be our client, you may be contacted by us at the e-mail address you provided and receive commercial content, even without your prior consent, pertaining to the Data Controller’s services and products similar to the services and products you have previously used (so-called “soft spam”).
B. Only with your prior consent, for non-contractual purposes:
- for sending commercial or promotional content pertaining to products, initiatives and/or services offered or undertaken by the Company, either by post, telephone, e-mail, SMS, MMS, notification or newsletter.
4.PROCESSING METHODS, SECURITY MEASURES AND DATA PRIVACY
The following procedures are used to electronically process your Data: collection, registration, updating, organisation, storage, consulting, processing, alteration, selection, location, harmonisation, use, combining, blocking, deletion and destruction.
In accordance with the applicable legislation and the approved standards for the protection of such Data, the Company has adopted special security measures to prevent data loss, illicit or improper usage, and unauthorised access.
Specifically, in order to ensure the security and privacy of your Data, the Data Controller has implemented and is using, among other things, data networks secured with standard firewalls, password protection, and all security measures for the protection of personal data pursuant to Article 32 of the General Data Protection Regulation (GDPR) and applicable romanian legislation.
5. DATA STORAGE
The Data Controller will process the Data in the time required to fulfil the above purposes, and in any case in no more than two years from the moment of collection.
6. NATURE OF DATA PROVISION
You are required to provide your Data for contractual purposes. This is necessary for using the services of the Data Controller; refusing to provide your Data means that you will not be able to use the said services.
Providing Data for additional, non-contractual purposes is not required, and refusing to provide your Data will not prevent you from using the Data Controller’s services. However, if you decide to withhold your Data, you will not able to access restricted areas or certain services (including, for example, the newsletter).
7. DATA ACCESS
Your Data can be accessed by the following persons for the purposes listed above:
- employees and/or associates of the Data Controller and/or of the companies belonging to the Group, in their capacity as persons in charge of processing and/or internal data processors and/or system administrators
- third-party companies or other persons (for example, companies from the Fuchs group, customer support agents, IT service providers, persons managing the IT system used by Fuchs Condimente RO, telecommunication networks, suppliers, credit institutions, professional companies, etc.) conducting external activities on the Data Controller’s behalf, in their capacity as external data processors.
8. DATA COMMUNICATION AND DISSEMINATION
In meeting the above-mentioned objectives and for the proper provision of the Website and its associated services, your Data may be disclosed, even without your prior consent, to third parties acting as independent data controllers in relation to the Company, such as:
- the police or judicial authorities who will be processing the Data, upon their explicit request and for institutional purposes and/or by the operation of law when conducting investigations and inspections
- public authorities and/or public administration, for the purposes of auditing and inspections regarding tax and civil obligations
- authorities overseeing the fulfilment of legal obligations and/or enforcing regulations introduced by public authorities, upon the request of the said subjects.
Your Data may also be disclosed to third parties (e.g. partners, persons in liberal professions, agents, etc.) acting in the capacity of independent data controllers performing the activities required to fulfil the above-mentioned purposes.
Your Data will not be disseminated or transferred to countries that are not members of the EU.
9. DATA SUBJECT RIGHTS
We inform you that, in your capacity as the data subject, you have the right to:
- obtain a certificate confirming the existence or non-existence of your Data, even if it has not yet been registered, and to have the Data made accessible to you in an intelligible form;
- obtain a certificate and, if required, a copy: (a) confirming the origin and stating the category of Personal Data; (b) stating the logic applied to processing if electronic devices are used to process the Data; (c) stating the purpose and modality of processing; (d) identifying the data controller and data processor; (e) identifying the data subject, or categories of data subjects to whom the Personal Data can be disclosed or who can use it to acquire more information, especially if recipients from third countries or international organisations are involved; (f) stating, whenever possible, the period for which the Data is retained and the criteria used to determine the length of such a period; (g) confirming the existence of an automatised decision-making process, including profile creation and, in this case, the logic applied, its importance and expected outcomes for the data subject; (h) confirming the existence of sufficient guarantees in case of a transfer to non-EU countries or international organisations;
- ensure, without undue delay, that incorrect Data is updated or corrected or, if the data subject so requires, that incomplete Data is amended;
- arrange the deletion, anonymisation or withholding of Data: (a) which has been unlawfully processed; (b) which is no longer required for the purpose for which it was collected or subsequently processed; (c) if the consent on which the processing is based is withdrawn and if there are no other legal grounds for processing; (d) if you have objected to the processing and there is no legitimate reason to continue; (e) if a legal obligation has been fulfilled; (f) if the Data pertains to minors. The Data Controller may only refuse to delete the Data: (a) if it pertains to the exercise of rights to free expression and the freedom of information; (b) if it is required to fulfil a legal obligation, carry out a task in the public interest, or to exercise public authority; (c) in case of reasons pertaining to public health; (d) if it is being archived for reasons pertaining to public interest, scientific or historical research, or for statistical purposes; (e) if it is being used to enforce a right in court;
- may arrange that processing is restricted: (a) if the accuracy of Personal Data is disputed; (b) if the Data is being unlawfully processed by the Data Controller in order to prevent its deletion; (c) if the Data is being used to enforce a right in court; (d) if it is being determined whether the legitimate reasons of the Data Controller should take precedence over the reasons of the data subject;
- obtain – if the processing is being performed automatically – without obstruction and in a structured, commonly used, machine-readable and interoperable format, the Data pertaining to you, for the purpose of transferring the said Data to a different data controller or arranging a direct transfer from one controller to the other, if this is technically possible;
- partially or fully oppose: (a) for legitimate reasons, the processing of Personal Data which pertains to you, even if said Data is vital for the purpose of processing; (b) the processing of Personal Data that pertains to you, if it is being done in order to distribute promotional content, conduct direct sales, carry out market research or for commercial communication purposes, either automatically through e-mail and without the need for an operator, and/or using traditional telemarketing methods, and/or by post;
- lodge a complaint with the responsible supervisory authority for personal data protection.
In the above-mentioned cases, where required, the Data Controller will inform the third parties to whom your Personal Data might have been disclosed about the possible exercise of your rights, except in specific cases (e.g. if this proves impossible or if it requires the use of methods that are obviously disproportionate to the right being protected).
10. METHOD OF EXERCISING RIGHTS
You can exercise the aforementioned rights at any moment by:
- by registered mail with recorded delivery to the address of the Data Controller at S.C. Fuchs Condimente RO S.R.L., 115300 Curtea de Argeș, Str. Nordului 41-43, Romania
- by sending an e-mail to email@example.com.
11. DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is:
- S.C. Fuchs Condimente RO S.R.L
The names of the data processor and the persons responsible for processing will be disclosed upon your explicit request, which can be made by sending an e-mail to firstname.lastname@example.org.
An up-to-date list of data processors is being kept at the Data Controller’s headquarters at S.C. Fuchs Condimente RO S.R.L., 115300 Curtea de Argeș, Str. Nordului 41-43, Romania.
Last update: [June 2019]