PRIVACY AND PERSONAL DATA PROCESSING POLICY
Through this Policy, we want to make sure that you, as the User / Customer of our services, have full access to adequate information that allows you to know, understand and have control over how your data is processed, by us, the Operator/Controller of the Lit Appeal Couture Platform.
This Policy is an integral part of the Controller's Terms of Service, published on the Platform in the "Terms and Conditions" section.
Through the Platform, the Controller presents to Customers and potential Customers the company profile, Products for sale, Purchase costs and facilitates the sale of its Products through the Online Store function, while ensuring Users or Customers the opportunity to communicate with the Seller.
The Platform, available at www.litappeal.com, is managed by the Romanian limited liability company "Lit Appeal Couture SRL", headquartered in Romania, registered in accordance with Romanian law at the Trade Register Office under the single European number ROONRC J32 / 298/2018 , unique national tax identification code RO 38948679.
In carrying out its activity, the Seller holds the status of personal data Controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on circulation of this data and the repealing of Directive 95/46 / EC (hereinafter The Regulation).
The Controller respects the privacy and security of the processing of personal data of each person who benefits, in any form, from our services, which is why he uses personal data responsibly and transparently, only for the purpose for which they were collected, strictly in the extent to which they are necessary to achieve the stated purposes and only as long as the processing is based on a valid legal basis.
01. Definitions used.
02. Description of the Seller's activity.
03. Purpose of processing and categories of personal data processed.
04. Source of Data.
05. Legal grounds for processing.
07. Who has access to the data.
08. Storage duration.
09. Security measures adopted by the Controller.
10. Processing Rights.
The definitions used below are in line with those described in the Regulation and are supplemented by those in the Regulation:
Any manifestation of will by the data subject, free, specific, informed and unambiguous by which he / she accepts, by an unequivocal statement or action, that the personal data concerning him / her be processed.
The agreement for the supply of products and / or services concluded between the Seller and the Customer, effect of the Seller's acceptance of the Customer's Order, consisting of all rights and obligations of the Parties as set out in the Terms published by the Seller on the Platform.
The person who establishes the purposes and means of processing personal data; in this case LIT APPEAL COUTURE SRL.
The natural or legal person who purchases products from the Seller, for personal use or for third parties, through the Platform.
Employees authorized to process the personal data of the data subjects, within the own organizational structure of the Controller.
Any information about an identified or identifiable natural person ("data subject");
Any operation performed on personal data, such as the collection, registration, organization, structuring, storage, adaptation, modification, use, disclosure, transmission, deletion, or destruction.
The person who processes personal data on behalf of the Controller.
The natural person whose personal data are processed by the Controller under the conditions of this Policy; in this case they may be Users, Customers and / or persons designated by Users or Customers, as the case may be.
The firm request for the sale of products and / or services communicated by the Customer to the Seller, under the conditions established by the Terms.
Goods in the female undergarment category, offered publicly for sale by the Seller, through the Platform.
Delivery, warranty, and other ancillary services, prior to or subsequent to the sale to the Customer of the Products.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repealing of Directive 95/46 /CE.
LIT APPEAL COUTURE SRL.
The individual who accesses the Platform.
As a current activity, the Controller administers the Platform and publicly offers for sale Products in the category of women's undergarment and the like, providing, where appropriate, Services ancillary or subsequent to the sale.
In support of its activity, the Controller operates mainly through its own employees. In carrying out activities related to the main activity, the Controller uses the services of third parties, such as accountants, lawyers, marketing service providers, IT&C service providers, etc. According to the Regulation, they have the quality of Processors.
In its activity, the Controller may use marketing services to promote its services, through direct marketing tools and / or through the use of personalized advertising services provided by the providers of such services such as Google and Facebook. The latter process personal data in accordance with their own privacy policies, in compliance with applicable law.
The Controller processes the personal data of the data subjects for the presentation of its services, public communication or at the request of Users / Customers, facilitating the conclusion and execution of contracts, effective provision of services, collection of Purchase costs, accounting and customer relations, transmission of promotional offers (with the consent of the data subjects), ensuring and improving the functionality of the Platform and / or for other purposes closely related to our activity and the services we provide.
The Controller may also process personal data for the purpose of fulfilling legal obligations and for the purpose of promoting, defending and pursuing his legitimate interests, resulting from his authorized activity.
The main legitimate interests of the Controller, relevant in the processing of personal data involve, by way of example:
- Data processing in order to carry out the company's activity (concluding and executing contracts with customers, accounting, indirect marketing, management, storage in electronic databases, etc.)
- Collection of statistical data for the improvement of direct services or those provided through the Platform,
- Archiving data for the purpose of management, promotion or to guarantee the execution of contracts,
- Data processing in legal proceedings.
In carrying out its activity, the Controller does not resort to automated decisions in relation to the data subjects nor to the creation of profiles.
The main categories of personal data processed are name and surname, address, telephone number, e-mail address and, if applicable, delivery address, IP.
At the time of making an online payment, the Controller or the specific Processors may request data on the cardholder, number and expiration date and the security code of the card.
The Controller may request Data subjects to communicate or access other personal data only when such need is met for the stated purposes and provided that at the time of collection the Data subject is informed of the purpose and basis of processing such data and, where appropriate he /she has given their prior consent.
In all cases, the Controller will not transfer, share or disclose in any way the personal data collected without the existence of a valid legal basis and the appropriate information of the Data subjects.
The Controller uses marketing and advertising services to promote its services, both through direct marketing tools and through the use of personalized advertising services provided by the providers of such services as Google and Facebook.
In this regard, the Controller processes the e-mail address of the Data subjects and the information regarding the preferences of the Users obtained through the Platform. In all cases, the processing by the Controller of personal data for marketing and advertising purposes will be done only on condition that at the time of collection the data subject is informed about the purpose and basis of the processing of such data and, where appropriate, has given prior consent.
In order to optimize the activity, the Platform benefits from a traffic analysis system that offers monitoring of accesses within the site, based on IP. All data collected is stored and encrypted using advanced security methods, which do not allow the direct identification of data subjects.
D. Source of personal data processed
Mainly, the Controller processes the personal data provided directly by the data subjects. That information is provided when accessing the Platform, when creating an account on the Platform, when making an online or offline communication with the Controller, when concluding a Contract or when making a payment.
The main basis on which the Controller processes personal data is the explicit or implicit consent of the Data subject. Consent exists at the time and to the extent of acceptance of the Cookies within the Platform, at the time of transmission of a communication to the Seller and is required at the time of conclusion of the Contract. Based on the acceptance of the access conditions on the Platform, of the Communication and / or of the Contract, the Controller processes all the categories of data strictly necessary for these operations.
Consent is also required for the use by the Controller of Cookie-type programs within the Platform. At the first access to the Platform, the User is informed of the existence of cookies on the site and is asked for his consent for their use, being informed at the same time that he can withdraw this consent at any time, in which case the use of Cookie will cease for the future.
The Controller requests consent from Data subjects, separately, for the processing of data in order to carry out promotional communications (newsletters) by e-mail. In the absence of consent, the Controller will not make such communications.
After expressing their consent for such communications, the Data subject may withdraw his/her consent at any time by unsubscribing from the newsletter e-mail or by expressly contacting the Controller, the withdrawal of consent will operate for the future.
Technically, an "Internet Cookie" (also known as a "browser cookie" or "HTTP cookie" or simply a "cookie") is a small file, consisting of letters and numbers, that will be stored on the computer, mobile terminal or other equipment of a User from which the Internet is accessed. The cookie is installed at the request of a server (site) to a browser (eg. Internet Explorer, Chrome). This file cannot access information on the User's computer / mobile device.
In general, the main roles of Cookie programs are:
1. Customize certain settings such as: the language in which a site is viewed, keeping options for site features (and storing those options), accessing old preferences by accessing the "forward" and "backward" buttons.
2. Cookies give site owners valuable feedback on how their sites are used by users, so that they can make them more efficient and accessible to them.
3. Allow multimedia or other applications from other sites to be included in a particular site, thereby improving the user experience.
4. Improve the efficiency of online advertising.
Cookies, in themselves, do not require personal information and, in most cases, do not personally identify Internet users. Please note that this technology does not contain software, viruses, or spyware.
The platform uses two main categories of cookies: Functionality cookies (performance, geo-targeting, session cookies) and advertising and management cookies (cookies issued by third parties, site registration cookies, analysis cookies)
2. Users have the general option to set the browser to reject cookies. Most browser programs are initially set to automatically accept cookies. You can change the settings to block cookies or to be notified when cookies are sent to your computer or mobile device (smartphone, tablet). In this case, however, there will be a negative impact on browsing our site. and on some of the features offered by the site.
If you want to know more about cookies and what they are used for, we recommend the following sites
2. http://www.allaboutcookies.org/ (English)
3. http://www.youronlinechoices.com/ro/ (Romanian)
Access to personal data processed by the Controller has primarily Employees, as Persons authorized by the Controller. In addition to employees, Processors have access to personal data, in particular the IT&C service provider and the online marketing service provider.
If we use service providers based in the USA, the transfer of data to them takes place only in the conditions in which they have assumed the contractual obligation to the Controller to ensure the protection of personal data at a level at least similar to the protection assured to data shared between Europe and the USA in the context of the PrivacyShield tool. For more details on PrivacyShield, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en.
In all cases, the Controller has taken measures by which both the Persons Authorized and the Processors have undertaken in their turn the obligation to guarantee the security and confidentiality of the data, as well as to be responsible for any breach of their security.
The Controller also ensured that all Processors have the obligation to comply with the requests received from all Data subjects regarding the rectification, restriction, blocking or deletion of the respective personal data, in accordance with the law.
Data Subjects may request the Controller to indicate in detail all third parties to whom their personal data are disclosed, in accordance with the law, by sending a request to this effect to any of the contact details indicated in this Policy.
The Controller will store the personal data processed, in conditions of safety and security, for the minimum period required by law or the realization of his legitimate interest, depending on the categories of data processed.
Unless otherwise specified, or unless the law requires another time limit, as a matter of principle, the data of the Data subjects shall be stored for a period of 3 years from the moment of termination of the legal relations based on which the Controller performed the processing. In the absence of another legal basis for processing, after the expiry of this period, the data will be deleted.
The Controller guarantees a transparent, secure and confidential processing of personal data through organizational measures applied in its internal organizational framework, in relation to Processors as well as through technical measures applied to the infrastructure underlying the processing.
From an organizational standpoint, the Controller has carried out staff training programs on the rigors of personal data processing, has adopted internal policies and procedures in this area. In relation to Processors, it has concluded mandatory contractual clauses by which the latter guarantee the proper processing of the transmitted data and has verified the existence of at least some minimum data security measures, adopted by them for this purpose.
From a technical point of view, the Controller uses secure databases, uses data encryption and limited access to data, within the limits of the functions and responsibilities of Persons Authorized / Processors, based on user and password and implements up-to-date technologies to secure its physical and IT infrastructure.
The Controller promotes transparency and control in all that means the processing of personal data of the Users / Customers of its services. In this context, it is important to note that all Data subjects enjoy a number of rights in relation to the Controller, as follows:
The Controller will communicate to Data subjects, upon request, and in principle free of charge, information on the categories of personal data processed, the purpose of processing, the recipients to whom they have been disclosed or are to be disclosed, the legitimate basis for processing and disclosure, the expected storage period or the criteria for determining this period, and possibly the existence of an automated decision-making process and / or profiling.
In case there are errors regarding the processed data, the Data Subject has the possibility to request the Controller to rectify and / or complete them. The Controller will communicate the request for rectification to all third parties who process that personal data on his behalf and will verify how the request is handled by third parties, unless this proves impossible or involves disproportionate efforts.
The Controller will restrict the processing of data (except storage) in the following situations:
i. when the inaccuracy of the processed data has been established, for the period necessary to verify the inaccuracies and possibly rectify it.
ii. when the processing is illegal and the Data Subject opposes the deletion of this data, requesting instead the restriction of the processing;
iii. when for the Controller the processing of the data is no longer necessary but the Data subject requests them for the ascertainment, exercise or defense of a right in court, or
iv. during the period in which it is verified whether in a certain case of processing the legitimate interest of the Data Subject prevails over the interest of the Controller.
The Controller will delete the data, upon request, if the data are no longer necessary for the purposes for which they were collected and there is no longer any legal basis for processing, and if personal data has been processed illegally.
At the request of the Data Subject, the Controller will transmit the requested data to a third party indicated by him.
In the absence of the consent of the Data subject, issued in accordance with the law, the Controller will not process its data for marketing purposes.
You can exercise these rights by communicating a request to the Controller at the following contact details:
Postal address: Lit Appeal Couture SRL - Romania, Bucharest, sector 2, str. Dâmbovicioarei, no. 6-8, ap. 155, postal code 023823;
Phone: +40 724 334 732
In addition to exercising the rights indicated above, you can notify any irregularities regarding the processing by the Controller of your personal data at the National Authority for the Supervision of Personal Data Processing in Romania, at the contact address provided at www.dataprotection.ro. Additional information on the rights and procedures enjoyed by any Data subject in the defense and protection of his or her rights is provided at the same internet address.
Depending on the changes in the actual activity of the Controller, with an impact on the personal data processing operations, he will ensure the modification of this Policy accordingly, following to make public these changes.
NEED TO CONTACT US?
Leave your information below and we'll make sure to get back to you!