The purpose of this Policy is to explain the type of personal data collected, the way they are processed, the rights of the data subjects, their retention time and other information related to the processing of personal data. Data protection is a priority for SamdamGifts management. If the processing of personal data is necessary and there is no statutory basis for this processing, we are obliged to obtain the consent of the data subject. The processing of personal data - such as name, first name, address, e-mail address, telephone number of a data subject - will be performed each time by the provisions of Regulation no. 363 of 28.12.2018 regarding the protection of natural persons concerning the processing of personal data and on the free movement of these data and repealing Directive 95/46 / EC (the "Regulation") and following the regulations for the protection of specific data The countries in which SamdamGift operates. Through this policy, our company would like to inform the general public about the nature, extent, and purpose for which we collect and process personal data. Also, the data subjects are informed about the rights they benefit from, rights regulated by the Regulation. As an operator, SamdamGift has implemented numerous technical and organizational measures to ensure the complete protection of personal data
The present Policy is based on the Regulation as well as any applicable laws regarding the protection of personal data. The policy must be comprehensible both to the general public and to our clients and business partners. To ensure this, we will explain the terminology used. In this Policy we will use the following terms:
a) Personal Data or Personal data refers to any information that makes it possible to identify a natural person (the data subject).
b) Data subject - represents an identified or identifiable natural person. An "identifiable" natural person is a person who can be identified, directly or indirectly, including by reference to an identification number or one or more factors characteristic of his physical, physiological, mental, economic, cultural or social identity.
c) Processing - represents to perform any operation or set of operations on Personal Data, with or without automatic means, such as collecting, recording, organizing, storing, adapting or modifying, recovering, consulting, using, disclosing (by transmission, dissemination) or otherwise available), alignment or combination, blocking, deletion or destruction.
d) Restriction of processing - refers to the marking of personal data processed to limit their processing in the future.
e) Creation of profiles - refers to any authorized form of processing of personal data consisting of the use of personal data to evaluate certain personal aspects characteristic for a natural person, in particular, to analyze or predict aspects related to work performance, situation economic, health, personal preferences, interests, reliability, location or travel of a natural person.
f) Pseudonymization - is the processing of personal data in such a way that personal data can no longer be attributed to a data subject without the use of additional information, provided that this additional information are stored separately and are subject to technical and organizational measures that to ensure that personal data is not assigned to an identified or identifiable natural person.
g) Operator or operator responsible for processing - is the natural or legal person, public authority, agency or other bodies which, alone or with the help of third parties, determines the purposes or means of processing personal data; where the purposes and means of processing are determined by the law of the Union or of the Member States, the operator or the specific criteria for its nomination may be provided by the law of the Union or of the Member States.
h) The recipient - is a natural or legal person, public authority, agency or other bodies, to whom the personal data are disclosed, whether he is a third party or not. However, public authorities that could receive personal data in a particular investigation in accordance with Union or Member State legislation will not be seen as recipients; the processing of those data by public authorities will be in accordance with the rules applicable to data protection in accordance with the purposes of the processing.
i) Third-party - is a natural or legal person, public authority, agency or another body other than the data subject, operator, processor and persons who, under the direct authority of the operator or processor, are authorized to process personal data.
j) Consent - the consent of the data subject is any freely given, specific, informed and clear indication that the data subject offers by a clear statement or affirmative action, signifying the agreement for the processing of his personal data.
2. The name and address of the SamdamGifts operator
SamdamGifts SRL, Romanian, with registered office at Brinduselor street, no. 75, Baia Mare, registered with the Trade Register Office under no. J22 / 11/2008, fiscal code RO230134683. Name and address of the data protection officer
Any data subject can at any time contact us directly with any questions or suggestions regarding the protection of personal data at the following e-mail address firstname.lastname@example.org. Cookies
On the SamdamGifts websites, users are offered the opportunity to sign up for the company newsletter. SamdamGifts informs its customers and business partners regularly through a newsletter about the company's offers. The company newsletter can be received by the data subject only if (1) the data subject has a valid email address and (2) if the data subject registers to receive the newsletter. A confirmation email will be sent to the email address registered by the data subject for the first time to send the newsletter, for legal reasons, through the double-opt-in procedure. This confirmation email is used to prove whether the owner of the email address is authorized to receive the newsletter. During the registration to the newsletter, we store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand the possible misuse of the email address of a data subject at a later date, and therefore serves the purpose of legal protection. Personal data collected as part of the registration for a newsletter will only be used to send the newsletter. Also, those who sign up for the newsletter will be informed by email, as long as this is necessary for the newsletter service or a registration in question, as this could be the case in the event of some changes to the newsletter offer, or the eventuality of a change of the technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The registrations to our newsletter can be terminated by the data subject at any time. The consent to store personal data, given by the data subject for receiving the newsletter, can be revoked at any time. There is a link in each newsletter to unsubscribe.6. Possibility of contact through the website
SamdamGifts websites contain information that allows a brief electronic contact with our company, as well as direct communication with us, by including a general email address. If a data subject contacts us by email or through the contact form, the personal data transmitted by him voluntarily are stored automatically. Such personal data, transmitted voluntarily by a data subject to the operator, are stored for processing and contacting the data subject.7. Routine deletion and blocking of personal data
SamdamGifts will process and store the personal data of the data subject only for the period necessary to fulfill its purpose of storage, or for the period provided by the European legislator or other applicable laws. If the purpose of the storage is not applicable, or if the storage period provided for by the applicable legislation in force expires, the personal data are deleted, by the legal requirements8. Rights of the data subject
a) The right of access to the data subject. To exercise the right of access, the data subject may at any time contact SamdamGifts with a request in this regard to obtain a report of personal data;
b) The right of rectification. Each data subject has the right to obtain the rectification of personal data when they are incorrect or have undergone certain changes or need to be completed.
c) The right to delete. Each data subject has the right to request the deletion of personal data as follows: i) when the data are no longer necessary for the purpose for which they were collected or processed, ii) the data subject withdraws his consent based on which the processing takes place, iii) personal data have been processed illegally or a legal provision in force requires their deletion.
d) The right to restrict processing. Each data subject has the right to obtain the restriction of the processing, where one of the following cases applies: i) the accuracy of the personal data is challenged by the data subject, ii) the processing is illegal and the data subject opposes the deletion of the personal data but requires the restriction instead their use, iii) SamdamGift no longer needs the personal data to process it, but they are requested by the data subject for the unit, to exercise some rights, iv) the data subject has opposed the processing according to article 21 (1) ) from the Regulations until the verification of the legitimate grounds of SamdamGift prevails over those of the data subject.
e) The right to data portability. Each data subject has the right to request the transfer of personal data to a third person or the data subject himself.
f) The right to opposition. Each data subject has the right to object at any time, for reasons related to his situation, to the processing of the personal data that he/she is targeting. This also applies to profile creation. SamdamGift will no longer process personal data in the event of opposition unless we can demonstrate compelling and legitimate grounds for the processing, which override the interests, rights, and freedoms of the data subject, or for establishing, exercising or defending legal rights. If SamdamGift processes personal data for direct marketing purposes, where there is prior consent, the data subject shall have the right at any time to oppose the processing of his personal data for such marketing. This applies to profile creation to the point where it is in relation to such direct marketing. If the data subject objects to the processing made by SamdamGift for direct marketing purposes, then SamdamGift will no longer process his personal data for these purposes. In addition, the data subject has the right, on grounds related to his particular situation, to object to the processing of his personal data by SamdamGift for scientific or historical research purposes, or for statistical purposes, in accordance with Article 89 (1) of Regulation, unless the processing is necessary to perform a task performed in the public interest.
g) Making individual decisions, including the creation of profiles. Each data subject has the right not to be the subject of a decision based solely on the automatic processing, including the creation of profiles, which produces legal effects on it or in a similar way significantly affects it, as long as the decision is not based on the explicit agreement of the data subject. SamdamGift will implement appropriate support measures to protect the rights and freedoms of the data subject and the legitimate interests, at least the right to obtain human intervention from SamdamGift, to express his point of view and to challenge the decision.
h) The right to withdraw the consent. Each data subject has the right to withdraw his / her consent regarding the processing of personal data at any time.
i) The right to make a complaint to the supervisory authority - if the data subject considers that his legitimate rights regarding the operations of processing of personal data have been violated, this can be addressed with a complaint to this effect to the National Supervisory Authority of the Processing of Personal Data, with its headquarters in G-ral Boulevard. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucuresti, Romania.
If you wish to exercise your rights or send us a notification/request please contact us at the contact details indicated in this Policy. SamdamGift will respond as soon as possible but no later than 30 days. For any delays, we will notify you and offer you the justified reasons for the delay.9. The legal basis for processing
Art. 6 (1) lit. of the Regulation serves as the legal basis for processing the operations for which we obtain the consent for a certain processing purpose. If the processing of personal data is necessary for the execution of a contract to which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or for the provision of any other service, the processing is based on Article 6 paragraph 1 letter b of the Regulation. The same is true for the processing operations that are necessary to perform the pre-contractual measures, for example in the case of inquiries regarding our products or services. Our company is subject to a legal obligation by which it is necessary to process personal data, such as the fulfillment of fiscal obligations, the processing is done based on art. 6 (1) lit. c Regulations. In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor was injured in our company and their name, age, health insurance data or other vital information should be forwarded to a doctor, hospital or other third parties. Then, the processing will be based on Art. 6 (1) letter. d of the Regulation. Finally, processing operations could be based on Article 6 (1) (f) of the Regulation. This legal basis is used for processing operations that are not covered by any of the legal reasons mentioned above if processing is necessary for the legitimate interests pursued by our company or by a third party unless these interests are removed by the interests or fundamental rights and freedoms of the data subject who need the protection of personal data. Such processing operations are specially permitted because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is the client of the operator (recital 47 of sentence 2 of the Regulation).10. Legitimate interests pursued by the operator or a third party
If the processing of personal data is based on Article 6 (1) (f) of the Regulation, our legitimate interest is to conduct our business in favor of the welfare of all our employees and shareholders.11. The period for which the personal data will be stored
Personal data will only be stored for the period necessary for the purpose for which they were collected. After the expiry of the respective period, the corresponding data are deleted. Only those personal data that are part of documents/documents for which the law provides for an archiving term will be kept and at the expiration of the legal archiving term, they will be destroyed.12. The provision of personal data as a legal or contractual requirement
The requisite to conclude a contract; Obligation of the data subject to provide personal data; the possible consequences of non-compliance with these data
We clarify that the provision of personal data is partly required by law (eg tax regulations) or may also result from contractual provisions (for example, information on the contractual partner). Sometimes it may be necessary to conclude a contract according to which the data subject provides us with personal data, which must be further processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her.13. Protection of personal data
SamdamGifts applies an internal framework of minimum policies and standards regarding the protection of personal data. These policies and standards are periodically updated to comply with market regulations and developments. Following the legal provisions in force, we take appropriate technical and organizational measures (policies, procedures, security, etc.) precisely to ensure the confidentiality and integrity of personal data as well as to ensure the necessary framework for their processing.