In this information note, you will find concrete answers about how your personal data is collected, stored and processed. If you have a question or concern, related to the aspects presented, you can send us your questions to the address [email protected] or at the contact details provided below.

The objectives of our approach, in order of importance, regarding this information are the following:

respecting your privacy and protecting personal data

compliance with the Legal provisions regarding the protection of personal data

your understanding of how your data is collected, stored and processed in order to protect your data, to comply with legal provisions and to serve our legitimate interest (marketing communications, customer information, legal obligations)

This is the current version (version 1.0) and valid at the moment, created on March 17, 2021.

1. How to contact us

The data is collected and processed by LivingDeco.eu (to be completed with identification and contact data).

2. What does our information note cover?

This is our information: it takes effect from the date of the update.

Our note is published on: 17.03.2021

Our information note applies to the LivingDeco.eu website

3. What data, why and how do we process your personal data?

We collect your email for communications for communication and information purposes through the newsletter.

We collect your name and surname for invoicing, communications for communication purposes and newsletter information.

We collect your address for billing.

We collect your phone number for invoicing, communications for communication purposes and newsletter information.

When you place an order, we collect invoicing data only for the purpose of complying with the legal provisions regarding the issuance of proforma and fiscal invoices.

4. For what purpose and how do we process the data?

The data will be processed only if there is a legitimate interest, an explicit consent or we have a legal obligation.

We process the data received from you for invoicing using the Woocomerce and SmartBill platforms.

We process the data received from you for administrative information.

Depending on the opening of the emails, the courses you have accessed, the events you have registered for, or the explicitly stated intentions, we can carry out email marketing campaigns on interest profiles, called Personalized Audiences.

Custom Audiences are used for email marketing purposes to present you with marketing materials.

Personalized Audiences can be used to create Personalized Audiences on the Facebook platform so that you receive relevant advertisements from us, only if you have given your explicit consent on the Facebook platform.

Personalized audiences can be used to create similar audiences (potential customer profile), internally, with the help of the Facebook ADS or Google Adwords platform.

When you post comments, the wordpress platform retains your email address for the purpose of email notification when you receive a reply or for the purpose of answering you by email if you ask us a question.

The collected data can be processed for purposes of legitimate interest to create statistics that allow us to develop new products, to make certain adjustments, to make better business decisions or to meet the expectations of customers or potential customers at the highest possible standards.

5. Who is responsible for the collection and processing of your personal data

We are responsible for the collection and processing of personal data

We decide how data is processed and why this data is processed

The person responsible for the protection of personal data is LivingDeco.eu, [email protected].

6. From whom and how do we collect your personal data?

The data is collected directly from you by phone.

The data is collected directly from you through the emails you send us.

Data is collected from you through web forms (registration or newsletter subscription forms).

The provision of data by you is allowed and voluntary, except for the situation in which the provision of data is a mandatory requirement from a legal point of view: conclusion of a contract, billing data, data for enrollment in courses or accounting.

If you fail to provide us with your personal data and this provision is voluntary, then this cannot affect you.

If you fail to provide us with your personal data and this provision is mandatory, then it may affect you: You will not be able to benefit from the products we sell, because their sale is linked to the registration and declaration of tax details according to the law (these data are required at the time of purchase).

7. What are our legal grounds for processing your personal data?

We only process non-sensitive personal data.

The legal basis for the processing of your "non-sensitive" personal data is: your consent, a contract to which you are a party, a request from you before entering into a contract, the request justifies the processing of your personal data, the need to comply with a legal obligation to to which we are subject, our legitimate interest or the legitimate interest of a third party.

We process your personal data based on interests that are: legitimate, legal, real, transparent and present.

Our legitimate interests can be overridden by: your interests and your fundamental rights.

We adequately protect your interests and rights and freedoms.

We offer you detailed explanations (this document) that explain the fact that our legal and legitimate interest has priority over your interests or fundamental rights and freedoms, without violating them.

The legal basis for the processing of your "sensitive" personal data is that the processing refers only to the personal data that you make public in an obvious way (example: you post certain comments on the website)

We do not collect, store or process sensitive personal data in any way.

8. In what situations do we collect and process your data?

When you make a purchase through the web interface, electronically, by phone or by email.

When you communicate with us through the online chat application.

When you participate in online or offline events, with or without a fee.

When you ask us to subscribe to the newsletter.

When we send marketing communications (by email, electronic or telephone).

9. How do we use automated profiling processes and automated decisions?

We use your personal data to automatically evaluate aspects of your interests.

We make automatic evaluations that include: an analysis of your characteristics, may include predictions about your behavior, is carried out exclusively with IT means, is carried out without human involvement.

It will be mentioned further by reference to the term "fully automated profile".

We use your personal data to make automated decisions about you.

Automatic decisions are made on the basis of the fully automated profile and are made only by a computer, they are made without human intervention, they are further referred to as "fully automated decision-making processes".

We base our "fully automatic decision" process about you on the following processing logic: THE LOGIC WILL BE DETAILED (Example If a reader accesses articles from a certain category, we will consider that his area of ​​interest is related to that category of articles and we will try to personalize, in the future, the content based on that analysis; if a newsletter subscriber does/or does not take certain actions that fall into a fully automated pattern, we can personalize the marketing actions to increase the relevance for the subscriber and serve legitimate interest; if a person is already a customer, we automatically grant him certain discounts.

Our "fully automatic" decisions do not have an impact on your rights and do not have a real significant impact on the circumstances of your situation, your behavior or your choices.

The legal basis for our processing of "fully automated" decisions about you is processing for our legitimate interests, or the legitimate interests of a third party, or your legitimate interests.

Your personal data that our system relies on when making "fully automated decisions" is "non-sensitive" personal data.

Our "fully automatic" decisions cannot affect you.

10. About the purposes for which we process personal data

We process your personal data for the purposes described in point 3.

Our purposes, for which we process personal data, are real, present, and legitimate.

We do not process your personal data for secondary purposes that are incompatible with the main purposes for which your personal data is initially collected; without your prior consent, without a legitimate interest in this regard, and without a legal basis.

We inform you that we do not collect and process data that is incompatible with the stated purpose.

11. How long do we keep your personal data?

We limit the storage duration of your personal data to what is necessary for our stated processing purposes.

We review the need to keep your personal data: Every year we analyze the collected and processed data, in order to filter, sort and maintain the processing only for the data in which the purpose of the processing is current.

We delete your personal data within a specified time interval: We delete your data one year from the date on which your relationship with us ends (clause applicable in the case of unopened newsletters, from the moment the reader no longer accesses the content our newsletters).

We delete your data at the time when you request this, with the exception of data whose provision and processing is required by a legal provision, which we delete within the term provided by law for this (invoicing data in 5 years).

If keeping your personal data is necessary for the purposes specified by law, we can still keep your personal data.

12. Do we disclose your personal data?

Your sensitive data will not be disclosed by third parties.

We do not collect or process or provide sensitive data to third parties.

Your non-sensitive personal data may be processed by third parties with whom we have a contractual relationship for purposes that serve our legitimate or legal interest: Google Analytics - statistics application, SmartBill - billing application, Facebook - social media and advertising application

We mention that we work with internal or external suppliers that offer sufficient guarantees of credibility and legality to be able to process this data.

Part of your personal data can be processed, transmitted and can be processed by internal suppliers or internal suppliers with whom we have a contractual relationship in order to be able to offer you LivingDeco.eu products (free or for a fee) as follows, only for the purposes mentioned above down the following categories:

Accounting and legal services (surname, first name, address, postal code)

Billing services: (surname, surname, e-mail address, telephone number, address;)

Courier/mail services: surname, first name, e-mail address, telephone number, address;

SMS sending services: phone number;

Newsletter services: email address,

Email services (SMT): email address, name and surname;

Online payment processing services - name, surname, e-mail address, telephone number, address;

Online statistics services (Google Analytics and Facebook Pixel Code: actions on the website, duration of a visit, pages visited, purchases, ip). In these services, personal data such as name and surname are not collected, but the applications only store and process actions.

Comment services: name and email address;

13. Are your personal data safe?

We keep your personal data safe, with appropriate technical measures, with appropriate organizational measures, with an adequate level of security, against unauthorized processing, against illegal processing, against accidental or illegal loss, against accidental or illegal destruction; against accidental or illegal damages.

We have implemented measures to discover security breaches: document the causes of the security incident, document which personal data are affected by the security incident, document the actions (and the reasons for the actions) to remedy the security breach, limit the consequences of the security incident. recover personal data, return to a normal state of personal data processing.

If we have a reasonable degree of certainty that there has been a security breach in the processing of your personal data, then we report the security incident to the management of our company and designate a person responsible for: analyzing whether the security breach may have adverse effects on you, inform the relevant personnel in our organization, determine to what extent it is necessary to notify the Supervisory Authority about the security incident, and determine if it is necessary to communicate information about the security incident.

We investigate the security incident if applicable and try to prevent the security incident from leading to, accidental or illegal destruction of personal data, accidental or illegal loss of control of personal data, accidental or illegal loss of access to personal data, accidental or illegal alteration of personal data, unauthorized disclosure of personal data, or unauthorized access to personal data.

We make every effort to mitigate the immediate risk of harm.

We notify the Supervisory Authority about the security incident, if the breach is likely to lead to a high risk for your rights and freedoms.

We inform you about the security breach if the breach is likely to lead to a high risk for your rights and freedoms, as soon as possible, through appropriate contact channels, e.g. by e-mail, SMS, prominent banners on our website, postal communications, prominent advertisements in the mass media, etc.

We are not obliged to inform you directly if: we have taken measures to make your personal data incomprehensible to any person who is not authorized to access them, immediately after the security incident, we have taken measures to ensure that the high risk for your rights and freedoms are no longer possible or would involve disproportionate efforts. In such a case, we will inform you via public networks.

14. Are we certified and have we adhered to a code of conduct?

We do not use an authorized certification body to certify that we comply with the law, for the simple reason that in Romania, at this time, there is still no such certified body. However, we are working on developing the market's capabilities to create such a mechanism.

We have not adhered to an approved code of conduct, which demonstrates that we respect the law when processing your personal data, for the simple reason that there is no such code approved by the Romanian Supervisory Authority yet. However, we are working on the development of a code in the area of ​​online advertising and the media market, which we are trying to build well enough to cover these markets. As soon as this code is in force, we will adhere to its principles.

15. What are your rights?

We respect your rights regarding the protection of your personal data.

You have the right to request subscription or unsubscription to the newsletter (content marketing materials, marketing information, etc.).

You have the right to access your personal data.

If you request us to confirm whether or not we are processing your personal data, then you have a right that obliges us to confirm that we are processing your personal data or not processing your personal data.

Your right to obtain confirmation from us that we are processing (or not processing) your personal data

does not include anonymous data.

it only includes personal data that concern you.

includes pseudonymous data that can clearly be linked to you.

We need to give you access to your personal data if

ask us to confirm whether or not we are processing your personal data and

we process your personal data and

request access to your personal data.

We must provide you with a copy of your personal data if

ask us to confirm whether or not we are processing your personal data and

we process your personal data and

request a copy of your personal data.

You have the right to information on the safeguards we have implemented for the transfer of your personal data to a country that is outside the EU and EEA if

ask us to confirm whether or not we are processing your personal data and

we transfer your personal data to a country that is outside the EU and EEA.

You have the right to rectify your personal data.

the right to obtain the rectification of your personal data that is inaccurate

does not include anonymous data.

it only includes personal data that concern you.

includes pseudonymous data that can clearly be linked to you.

We need to rectify your personal data if

we process your personal data, and

your personal data is inaccurate, and

request to obtain the rectification of your personal data.

We need to complete your personal data if

we process your personal data, and

your personal data is incomplete, and

request to complete your personal data.

you have the right to provide us with an additional statement.

we must communicate the rectification of your personal data to the recipients of your personal data (if any).

We do not communicate the rectification of your personal data to the recipients of your personal data if the communication to the recipient

is impossible, or

involves a disproportionate effort.

You have the right to delete your personal data.

we must delete your personal data without undue delay, if: you request the deletion of your personal data, we process your personal data, your personal data is not necessary for our purposes of processing your personal data.

we must delete your personal data without undue delay if you request the deletion of your personal data, and we are processing your personal data, you withdraw the consent on which the processing of your personal data is based, and there is no other legal basis for the processing of your personal data .

We must delete your personal data without undue delay if: you request to have your personal data deleted, and we process your personal data, the processing of your personal data is necessary for the performance of a task that we perform in the public interest, the processing of your data . personal data is necessary in the exercise of an official authority with which it is invested, the processing is necessary for the purpose of the legitimate interests that we pursue, or the processing is necessary for the purpose of the legitimate interests that a third party pursues, you object to the processing by us of your personal data, the processing of your personal data has a legitimate reason that does not prevail over your objection.

we must delete your personal data without undue delay if: you request the deletion of your personal data and we process your personal data, and you object to our processing of your personal data for direct marketing purposes, and the processing of your personal data has a legitimate reason that does not override your objection.

we must delete your personal data without undue delay if you request the deletion of your personal data, or the processing of your personal data is illegal.

we must delete your personal data without undue delay if you request the deletion of your personal data and the personal data must be deleted to comply with a legal obligation owed to us under Union law or the internal law of a member state.

we must delete your personal data without undue delay if you request the deletion of your personal data, and your personal data was collected in connection with the provision of information society services.

we must communicate the deletion of your personal data to the recipients to whom we disclose them (if any).

we do not communicate the deletion of your personal data to the recipients to whom we disclose them, if communication to the recipient is impossible or involves a disproportionate effort.

you have the right to obtain from us the restriction of the processing of your personal data. Your right to obtain restrictions on the processing of your personal data: does not include anonymous data, includes personal data concerning you. includes pseudonymous data that can be clearly linked to you, We must restrict the processing of your personal data for a period in order to verify the accuracy of your personal data if you request to obtain the restriction of the processing of your personal data and contest the accuracy of your data personal.

we must restrict the processing of your personal data if: you request to obtain the restriction of the processing of your personal data and the processing of your personal data is illegal and you oppose the deletion of your personal data.

we need to restrict the processing of your personal data if you request to obtain the restriction of the processing of your personal data we do not need your personal data for the purpose of our processing, request your personal data to establish a legal complaint or request your personal data to exercise a legal complaint or, you need your personal data to defend against a legal complaint.

we must restrict the processing of your personal data if you request to obtain the restriction of the processing of your personal data and you object to the processing of your personal data that are necessary for the performance of a task that we perform in the public interest or you oppose the processing of your personal data that are necessary in the exercise of an official authority entrusted to us and you object to the processing of your personal data that is necessary for the purposes of the legitimate interests that we pursue and wait to verify if the processing of your personal data has a legitimate reason that does not exceed your objection.

we must communicate the restriction of the processing of your personal data to the recipients of your personal data (if any). We do not communicate the restriction of the processing of your personal data to the recipients of your personal data if communication to the recipient is impossible or involves a disproportionate effort.

if we restrict the processing of your personal data, then we may store your personal data, process your personal data based on your consent process your personal data to establish a legal complaint, process your personal data to exercise a legal complaint, process your personal data to defend us against a legal complaint, process your personal data to protect the rights of a person, process your personal data for reasons of public interest of the Union or a member state.

if you obtain a restriction regarding the processing of your personal data, we must inform you before the restriction is lifted.

if we process your personal data for direct marketing purposes, including the fully automated profile (to the extent it is related to such direct marketing), you have the right to object to the processing of your personal data for this purpose.

your right to object to the processing of your personal data for direct marketing purposes is a right you have at any time, does not include anonymous data, includes personal data that concerns you, does not include personal data that does not concern you, includes pseudonymous data that can clearly be linked to you.

if you object to the processing of your personal data for direct marketing purposes, then we must omit the processing of your personal data for this purpose.

if we process your personal data for direct marketing purposes, including profiling (to the extent that it is related to such direct marketing), then we must explicitly inform you of this right at the latest at the time of the first communication with you and we must present this right to you clearly and separately from any other information.

16. How can you exercise your rights?

We invite you to communicate with us about exercising your rights regarding the protection of your personal data.

We only accept written requests, because we cannot deal with verbal requests immediately, without first analyzing the content of the request and without first identifying you.

Your request must contain a detailed and precise description of the right you wish to exercise.

You must provide us with a copy of an identification document to confirm your identity, such as an identity card or passport.

Any other data contained in the copy of the identification document, such as a photograph or any other personal characteristics, can be masked.

We will not accept other means to ensure your identity, especially in the situation where you want us to provide you with the data we hold, because we would risk transmitting your data to unidentified persons

If you want to propose alternatives, we will evaluate them on a case-by-case basis.

The use of information from your identification document is limited to the activity of confirming your identity and will not generate a storage of your personal data longer than is necessary for this purpose.

You can send your request regarding the protection of your personal data to [email protected]

You will receive our response to your requests regarding the protection of your personal data at the email address from which you sent us the request.

We have designated a person responsible for handling your requests regarding the protection of your personal data.

We have implemented policies that ensure that a request regarding the protection of your personal data is recognized, resolved within the terms provided by law.

We inform you about how we deal with your request (through which you exercise your rights) regarding the protection of your personal data: within one month from the date of receipt of the request.

You have the right to file complaints by sending them to [email protected]

You can submit a complaint to a supervisory authority: at your habitual residence in the EU and EEA, at your workplace in the EU and EEA, at the place of the alleged infringement in the EU and EEA.

The supervisory authority must inform you within a reasonable period of time regarding the progress of the complaint and the outcome of the complaint.

You can mandate an organization to file a complaint on your behalf with a supervisory authority.

The supervisory authority must inform you within a reasonable time regarding the progress of the complaint and the outcome of the complaint.

You have the right to exercise a judicial remedy in the EU and in the EEA against: an operator, an authorized person and a Supervisory Authority.

You can mandate an organization to exercise, on your behalf, the right to a judicial appeal, to a compensation for a damage resulting from a violation of the law on the protection of personal data.

17. Can you choose your privacy settings?

At this moment we only collect the data that serve legitimate or legal interests.

Currently, you cannot opt ​​for your data to be processed in a different way than we do at the moment, but we accept your suggestions.

18. Will you be informed about changes to the privacy policy?

If we change our privacy policy, we will publish a new version of it on the website.

upon request, we can provide you with previous versions of our privacy policy.

19. Explanations regarding the terms and expressions used in this information note

All the terms and expressions used in this Information Note will have the meaning given below, unless otherwise provided in this note with personal data means any information regarding an identified or identifiable natural person ("data subject") .

An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as:

a name

an identification number

location data

an online identifier

the physical identity of a natural person

the physiological identity of a natural person

the genetic identity of a natural person

the mental identity of a natural person

the economic identity of a natural person

the cultural identity of a natural person

the social identity of a natural person

Sensitive personal data are – according to the GDPR – called special categories of personal data.

We do not collect, disclose or process sensitive personal data.

Personal data are sensitive if the processing of this personal data reveals:

racial origin,

ethical origin,

political opinions,

religious beliefs,

philosophical beliefs,

union membership.

genetic data

biometric data

Data relating to the state of health,

Data concerning the sexual life of a natural person,

Data concerning the sexual orientation of a natural person.

The usual personal data are - in the GDPR: There is no exhaustive list of these personal data.

Pseudonymization of Personal Data means the processing of personal data in such a way that they can no longer be attributed to a specific person concerned without using additional information, provided that this additional information is stored separately and is subject to security measures the technical and organizational nature that ensures the non-attribution of the respective personal data to an identified or identifiable natural person.

Processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as

collect,

Register,

organization,

structuring,

storage,

the adaptation,

alteration,

extraction,

consultation,

the use,

deletion or destruction

Restriction of processing means marking stored personal data in order to limit their processing in the future.

The purpose of the processing means the reason for which the processing of personal data is carried out.

Profiling (Automatic Profile) must be an automatic form of processing, which includes

Exclusively automatic processing (to which Art. 22 of the GDPR refers) and

Partially automatic processing (if a natural person is involved in the processing of personal data does not necessarily mean that the processing does not constitute profiling) must be carried out with regard to personal data and the objective of profiling must be to evaluate the personal aspects related to a person physics, especially to analyze or make predictions about people.

Keep in mind that simply evaluating or classifying people automatically based on characteristics such as their age, gender and height could be considered automatic profiling, regardless of the predictive purpose.

Decisions based exclusively on automatic processing:

it means making decisions by technological means without human involvement;

automatic processing is based on personal data provided directly by the persons concerned (such as answers to a questionnaire); or observed about people (such as location data, collected through an application) or derived or inferred, such as the profile of the person who made certain purchases, can be made with or without profiling; profiling can take place without making automatic decisions.

Operator means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of processing personal data; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law.

Authorized person means the natural or legal person, public authority, agency or other body that processes personal data on behalf and on behalf of the operator.

Recipient means the natural or legal person, public authority, agency or other body to whom (to whom) the personal data is disclosed, regardless of whether it is a third party or not. However, public authorities to whom personal data may be communicated within a certain investigation in accordance with Union law or internal law are not considered recipients; the processing of these data by the respective public authorities complies with the applicable data protection rules, in accordance with the purposes of the processing.

Third Party means a natural or legal person, public authority, agency or body other than the data subject, the operator, the person authorized by the operator and the persons who, under the direct authority of the operator or the person authorized by the operator, are authorized to process personal data .

Representative means a natural or legal person established in the Union, designated in writing by the operator or the person authorized by the operator pursuant to Article 27, who represents the operator or the authorized person with regard to their respective obligations under this regulation.

Supervisory Authority means an independent public authority established by a Member State pursuant to Article 51 GDPR.

mandatory corporate rules mean the personal data protection policies that must be followed by an operator or a person authorized by the operator established in the territory of a member state, with regard to transfers or sets of transfers of personal data to a operator or a person authorized by the operator in one or more third countries within a group of companies or a group of companies involved in a common economic activity.

EU-US Privacy Shield: The EU-US Privacy Shield framework was put in place by the US Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with privacy requirements. data protection when transferring personal data from the European Union to the United States in support of transatlantic trade. On July 12, 2016, the European Commission approved the EU-US Privacy Shield framework as adequate to allow the transfer of data in accordance with EU law.

The Commission's Adequacy Decisions: The European Commission has the competence to determine, based on Article 45 of the GDPR, whether a country outside the EU offers an adequate level of data protection, either through domestic legislation or through the international commitments it has concluded . The effect of such a decision is that personal data can originate from the EEA (EU and Norway, Liechtenstein and Iceland) in that third country, without the need for any other protection measure.

The European Commission has recognized, until now, an adequate level of protection for Andorra, Argentina, Canada (commercial organizations - PIPEDA), the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the USA (limited under Privacy Shield).

Personal data security breach means a security breach that leads, accidentally or illegally, to the destruction, loss, modification, or unauthorized disclosure of personal data transmitted, stored or otherwise processed, or to unauthorized access to these.

Enterprise means a natural or legal person that carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly carry out an economic activity.

Group of enterprises means an enterprise that exercises control and the enterprises controlled by it;

International organization means an organization and its subordinate bodies regulated by public international law or any other body that is established by an agreement concluded between two or more countries or on the basis of such an agreement.

What are you looking for?


Popular searches:  Dresses  Tops  Sweaters  

Coșul dumneavoastră