Privacy & Cookie Policy

The Platform, available at www.litappeal.com, is managed by the Romanian limited liability company "Lit Appeal Couture SRL", headquartered in Romania, registered in accordance with Romanian law at the Trade Register Office under the single European number ROONRC J32 / 298/2018 , unique national tax identification code RO 38948679.

In carrying out its activity, the Seller holds the status of personal data Controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on circulation of this data and the repealing of Directive 95/46 / EC (hereinafter The Regulation).

The Controller respects the privacy and security of the processing of personal data of each person who benefits, in any form, from our services, which is why he uses personal data responsibly and transparently, only for the purpose for which they were collected, strictly in the extent to which they are necessary to achieve the stated purposes and only as long as the processing is based on a valid legal basis.

In order to ensure a climate of transparency that favors a good understanding of the Controler's activity, through this Privacy Policy we will address the following aspects related to the confidentiality of personal data:

01. Definitions used.

02. Description of the Seller's activity.

03. Purpose of processing and categories of personal data processed.

04. Source of Data.

05. Legal grounds for processing.

06. Cookie Policy.

07. Who has access to the data.

08. Storage duration.

09. Security measures adopted by the Controller.

10. Processing Rights.

11. Changes to the privacy policy.

Any manifestation of will by the data subject, free, specific, informed and unambiguous by which he / she accepts, by an unequivocal statement or action, that the personal data concerning him / her be processed.

The agreement for the supply of products and / or services concluded between the Seller and the Customer, effect of the Seller's acceptance of the Customer's Order, consisting of all rights and obligations of the Parties as set out in the Terms published by the Seller on the Platform.

The person who establishes the purposes and means of processing personal data; in this case LIT APPEAL COUTURE SRL.

The natural or legal person who purchases products from the Seller, for personal use or for third parties, through the Platform.

Employees authorized to process the personal data of the data subjects, within the own organizational structure of the Controller.

Any information about an identified or identifiable natural person ("data subject");

www.litappeal.com, website, owned and operated by Seller.

Processing

Any operation performed on personal data, such as the collection, registration, organization, structuring, storage, adaptation, modification, use, disclosure, transmission, deletion, or destruction.

Processor

The person who processes personal data on behalf of the Controller.

The natural person whose personal data are processed by the Controller under the conditions of this Policy; in this case they may be Users, Customers and / or persons designated by Users or Customers, as the case may be.

The firm request for the sale of products and / or services communicated by the Customer to the Seller, under the conditions established by the Terms.

Products

Goods in the female undergarment category, offered publicly for sale by the Seller, through the Platform.

Services

Delivery, warranty, and other ancillary services, prior to or subsequent to the sale to the Customer of the Products.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repealing of Directive 95/46 /CE.

LIT APPEAL COUTURE SRL.

All written legal and contractual rules to which the Seller, Customer and / or User are subject according to the documents "Terms and Conditions", "Privacy Policy and processing of personal data" and "Commercial Guarantee" of the Seller, as published on the Platform at a certain reference time.

The individual who accesses the Platform.

As a current activity, the Controller administers the Platform and publicly offers for sale Products in the category of women's undergarment and the like, providing, where appropriate, Services ancillary or subsequent to the sale.

In support of its activity, the Controller operates mainly through its own employees. In carrying out activities related to the main activity, the Controller uses the services of third parties, such as accountants, lawyers, marketing service providers, IT&C service providers, etc. According to the Regulation, they have the quality of Processors.

In its activity, the Controller may use marketing services to promote its services, through direct marketing tools and / or through the use of personalized advertising services provided by the providers of such services such as Google and Facebook. The latter process personal data in accordance with their own privacy policies, in compliance with applicable law.

The Controller processes the personal data of the data subjects for the presentation of its services, public communication or at the request of Users / Customers, facilitating the conclusion and execution of contracts, effective provision of services, collection of Purchase costs, accounting and customer relations, transmission of promotional offers (with the consent of the data subjects), ensuring and improving the functionality of the Platform and / or for other purposes closely related to our activity and the services we provide.

The Controller may also process personal data for the purpose of fulfilling legal obligations and for the purpose of promoting, defending and pursuing his legitimate interests, resulting from his authorized activity.

The main legitimate interests of the Controller, relevant in the processing of personal data involve, by way of example:

- Data processing in order to carry out the company's activity (concluding and executing contracts with customers, accounting, indirect marketing, management, storage in electronic databases, etc.)

- Collection of statistical data for the improvement of direct services or those provided through the Platform,

- Archiving data for the purpose of management, promotion or to guarantee the execution of contracts,

- Data processing in legal proceedings.

In carrying out its activity, the Controller does not resort to automated decisions in relation to the data subjects nor to the creation of profiles.

The main categories of personal data processed are name and surname, address, telephone number, e-mail address and, if applicable, delivery address, IP.

At the time of making an online payment, the Controller or the specific Processors may request data on the cardholder, number and expiration date and the security code of the card.

The Controller may request Data subjects to communicate or access other personal data only when such need is met for the stated purposes and provided that at the time of collection the Data subject is informed of the purpose and basis of processing such data and, where appropriate he /she has given their prior consent.

In all cases, the Controller will not transfer, share or disclose in any way the personal data collected without the existence of a valid legal basis and the appropriate information of the Data subjects.

The Controller uses marketing and advertising services to promote its services, both through direct marketing tools and through the use of personalized advertising services provided by the providers of such services as Google and Facebook.

In this regard, the Controller processes the e-mail address of the Data subjects and the information regarding the preferences of the Users obtained through the Platform. In all cases, the processing by the Controller of personal data for marketing and advertising purposes will be done only on condition that at the time of collection the data subject is informed about the purpose and basis of the processing of such data and, where appropriate, has given prior consent.

In order to optimize the activity, the Platform benefits from a traffic analysis system that offers monitoring of accesses within the site, based on IP. All data collected is stored and encrypted using advanced security methods, which do not allow the direct identification of data subjects.

D. Source of personal data processed

Mainly, the Controller processes the personal data provided directly by the data subjects. That information is provided when accessing the Platform, when creating an account on the Platform, when making an online or offline communication with the Controller, when concluding a Contract or when making a payment.

The main basis on which the Controller processes personal data is the explicit or implicit consent of the Data subject. Consent exists at the time and to the extent of acceptance of the Cookies within the Platform, at the time of transmission of a communication to the Seller and is required at the time of conclusion of the Contract. Based on the acceptance of the access conditions on the Platform, of the Communication and / or of the Contract, the Controller processes all the categories of data strictly necessary for these operations.

Consent is also required for the use by the Controller of Cookie-type programs within the Platform. At the first access to the Platform, the User is informed of the existence of cookies on the site and is asked for his consent for their use, being informed at the same time that he can withdraw this consent at any time, in which case the use of Cookie will cease for the future.

The Controller requests consent from Data subjects, separately, for the processing of data in order to carry out promotional communications (newsletters) by e-mail. In the absence of consent, the Controller will not make such communications.

After expressing their consent for such communications, the Data subject may withdraw his/her consent at any time by unsubscribing from the newsletter e-mail or by expressly contacting the Controller, the withdrawal of consent will operate for the future.

Cookies are an essential element in the operation of modern sites, helping to generate a friendly browsing experience and adapted to the preferences and interests of each user. Refusing to use cookies or disabling them may affect some of the site's functionality and may lead to its failure.

Technically, an "Internet Cookie" (also known as a "browser cookie" or "HTTP cookie" or simply a "cookie") is a small file, consisting of letters and numbers, that will be stored on the computer, mobile terminal or other equipment of a User from which the Internet is accessed. The cookie is installed at the request of a server (site) to a browser (eg. Internet Explorer, Chrome). This file cannot access information on the User's computer / mobile device.

In general, the main roles of Cookie programs are:

1. Customize certain settings such as: the language in which a site is viewed, keeping options for site features (and storing those options), accessing old preferences by accessing the "forward" and "backward" buttons.

2. Cookies give site owners valuable feedback on how their sites are used by users, so that they can make them more efficient and accessible to them.

3. Allow multimedia or other applications from other sites to be included in a particular site, thereby improving the user experience.

4. Improve the efficiency of online advertising.

Cookies, in themselves, do not require personal information and, in most cases, do not personally identify Internet users. Please note that this technology does not contain software, viruses, or spyware.

The Platform managed by the Controller may use cookies, both its own and those from third parties, to provide Users with a better browsing experience and services tailored to the needs and interests of each.

The platform uses two main categories of cookies: Functionality cookies (performance, geo-targeting, session cookies) and advertising and management cookies (cookies issued by third parties, site registration cookies, analysis cookies)

Users may determine the extent to which the Platform uses cookies in two ways:

1. By expressing Consent to the use of Cookies. Consent to use cookies is required of the User when first accessing the site. If consent is not given, the Platform will not implement the Advertising and Management Cookie and there is a risk that some of its functions will not be available. Functionality cookies will remain active to ensure the proper conduct of the Platform but will not allow the collection of personally identifiable data. If the consent has been given, it can be withdrawn at any time by the user either through the Controller or through the functions available through the site for this purpose.

2. Users have the general option to set the browser to reject cookies. Most browser programs are initially set to automatically accept cookies. You can change the settings to block cookies or to be notified when cookies are sent to your computer or mobile device (smartphone, tablet). In this case, however, there will be a negative impact on browsing our site. and on some of the features offered by the site.

If you want to know more about cookies and what they are used for, we recommend the following sites

1. https://support.microsoft.com/en-us/help/260971/description-of-cookies (English)

2. http://www.allaboutcookies.org/ (English)

3. http://www.youronlinechoices.com/ro/ (Romanian)

4. https://www.digitalcitizen.ro/intrebari-simple-sunt-cookie-urile-si-care-este-scopul-lor (Romanian).

Access to personal data processed by the Controller has primarily Employees, as Persons authorized by the Controller. In addition to employees, Processors have access to personal data, in particular the IT&C service provider and the online marketing service provider.

If we use service providers based in the USA, the transfer of data to them takes place only in the conditions in which they have assumed the contractual obligation to the Controller to ensure the protection of personal data at a level at least similar to the protection assured to data shared between Europe and the USA in the context of the PrivacyShield tool. For more details on PrivacyShield, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en. 

In all cases, the Controller has taken measures by which both the Persons Authorized and the Processors have undertaken in their turn the obligation to guarantee the security and confidentiality of the data, as well as to be responsible for any breach of their security.

The Controller also ensured that all Processors have the obligation to comply with the requests received from all Data subjects regarding the rectification, restriction, blocking or deletion of the respective personal data, in accordance with the law.

Data Subjects may request the Controller to indicate in detail all third parties to whom their personal data are disclosed, in accordance with the law, by sending a request to this effect to any of the contact details indicated in this Policy.

The Controller will communicate to Data subjects, upon request, and in principle free of charge, information on the categories of personal data processed, the purpose of processing, the recipients to whom they have been disclosed or are to be disclosed, the legitimate basis for processing and disclosure, the expected storage period or the criteria for determining this period, and possibly the existence of an automated decision-making process and / or profiling.

In case there are errors regarding the processed data, the Data Subject has the possibility to request the Controller to rectify and / or complete them. The Controller will communicate the request for rectification to all third parties who process that personal data on his behalf and will verify how the request is handled by third parties, unless this proves impossible or involves disproportionate efforts.

The Controller will restrict the processing of data (except storage) in the following situations:

i. when the inaccuracy of the processed data has been established, for the period necessary to verify the inaccuracies and possibly rectify it.

ii. when the processing is illegal and the Data Subject opposes the deletion of this data, requesting instead the restriction of the processing;

iii. when for the Controller the processing of the data is no longer necessary but the Data subject requests them for the ascertainment, exercise or defense of a right in court, or

iv. during the period in which it is verified whether in a certain case of processing the legitimate interest of the Data Subject prevails over the interest of the Controller.

The Controller will delete the data, upon request, if the data are no longer necessary for the purposes for which they were collected and there is no longer any legal basis for processing, and if personal data has been processed illegally.

At the request of the Data Subject, the Controller will transmit the requested data to a third party indicated by him.

In the absence of the consent of the Data subject, issued in accordance with the law, the Controller will not process its data for marketing purposes.