Privacy Policy - Viviana Nitu Art

General Information Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, and its provisions became directly applicable from May 25, 2018. This Regulation expressly repeals Directive 95/46/EC, thereby replacing the provisions of Law No. 677/2001 (currently repealed).

The Regulation is directly applicable in all member states, protecting the rights of all individuals located within the European Union. Materially, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data concerning legal persons, especially legal entities, including the name and type of legal entity and the contact details of the legal person.

Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing of personal data includes any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Identity of the Controller With the clarification that the Regulation does not apply to the processing of personal data carried out by an individual in the course of an exclusively personal or domestic activity, the controller processing personal data through this website is Viviana Nitu, residing in the Municipality of Constanta, Tomis Boulevard, No. 289, Block T13, Staircase A, Floor 3, Apartment 10, Constanta County, identified by KZ 711872, with contact details viviananituart@gmail.com, 0769946415.

Consideration 18 of the GDPR specifies that personal or domestic activities should not be linked to professional or commercial activities. Personal or domestic activities may include correspondence and address books or activities within social networks and online activities carried out in the context of those activities.

Obtaining Consent Overview Image not found or type unknown www Legal Online – v1.01 1 / 16 In order for the processing of personal data to be lawful, the GDPR stipulates that it should be based on a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or based on the valid consent previously expressed by the data subject. In the latter case, the controller is obliged to be able to demonstrate that the individual in question has given consent for the specific processing. Consent expressed under the Directive 95/46/EC remains valid if it meets the conditions specified by the GDPR. The granting of consent must be made through a statement or an unequivocal action constituting a freely given, specific, informed, and clear expression of the data subject’s agreement to the processing of their personal data. In the case where the consent of the data subject is given in the context of a statement, either electronically or in writing, that also refers to other matters, the consent request must be presented in a form that clearly distinguishes it from other matters, and it can be achieved even by checking a checkbox. For the processing of personal data to be lawful, the GDPR stipulates that it should be based on a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or based on the valid consent previously expressed by the data subject. In the latter case, the controller is obliged to be able to demonstrate that the individual in question has given consent for the specific processing. Consent expressed under the Directive 95/46/EC remains valid if it meets the conditions specified by the GDPR.

Cookies This website uses cookies. They do not harm your computer and do not contain viruses; instead, they contribute to a more user-friendly, efficient, and secure use of the site. Cookies are small text files that are saved on your computer and stored by the browser you use.

Many of the cookies used are called “session cookies,” which are automatically deleted after visiting this site. Others remain in your computer’s memory until you delete them, enabling the recognition of your browser during a subsequent visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be set to automatically accept cookies under certain conditions or always reject them, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you want to use (such as the shopping cart) are stored in accordance with Article 6(1)(f) of the GDPR. According to this article, processing is lawful only if and to the extent necessary for the legitimate interests pursued by the controller or by a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies to ensure error-free technical optimization. Other cookies (such as those used to analyze your browsing behavior) are also stored and will be treated separately in this document.

Consent Management Platform This website uses a consent management platform – www.viviananitu-art.com – through which we are Image not found or type unknown www Legal Online – v1.01 2 / 16 empowered to obtain, manage, and document your consent as a user. The collection of your consent is done legally, by adhering to all legal requirements (as outlined by the GDPR, the guidelines of the jurisprudence of the European Court of Justice, the IAB Europe Transparency and Consent Framework), and the platform optimizes the consent given while navigating this website. The consent management platform – www.viviananitu-art.com – complies with European regulations, processing the personal data of visitors and users only to the extent necessary for the functionality and optimization of the site’s content. The processing of user’s personal data is based on the specific, informed, and freely given consent of users, obtained in accordance with Article 6(1)(a) of the Regulation. Server Log Files The provider of this site automatically collects and stores information that your browser automatically transmits to us through server log files. These include:

Browser type and version
Operating system used
URL of the page that originally requested the display of the page or the current object (Referrer URL)
Hostname of the accessing computer
Time-related data regarding server access
IP address The legal basis for processing such data is provided by Article 6(1)(b) of the GDPR, which allows the processing of data when it is necessary for the performance of a contract to which the data subject is a party or to take steps, at the request of the data subject, prior to entering into a contract.

Contact Form If you send us inquiries through the contact form, we will collect the data entered into the form, including the contact details you provide, to respond to your inquiries and any subsequent ones. We do not transmit this information without your permission. Therefore, we will process all data you enter into the contact form only with your consent [in accordance with Article 6(1)(a) GDPR]. You can revoke your consent at any time, and an informal email in this regard is sufficient. Data processed before we receive your request may be processed legally. We will retain the data you provide on the contact form until:

You request the deletion of the data;
You revoke your consent for storage, or if
The purpose for storage is no longer valid.

Any mandatory legal provisions, especially those regarding mandatory data retention periods, Image not found or type unknown www Legal Online – v1.01 3 / 16 are not affected by the above.

Contact via Email, Phone, or Fax If you contact us via email, phone, or fax, your request, including all personal data you provide, will be stored and processed by us for the purpose of handling your request, based on your expressed consent. Therefore, we will process all data you provide under the following legal provisions of the GDPR:

Only with your consent – in accordance with Article 6(1)(a) GDPR.
For the performance of a contract or in the pre-contractual stage – in accordance with Article 6(1)(b) GDPR.
For the fulfillment of the purpose and legitimate interest pursued by us, namely the efficient processing of requests submitted by you – in accordance with Article 6(1)(f) GDPR.

We will retain the data you provide in this manner until:

You request the deletion of the data;
You revoke your consent for storage, or if
The purpose for storage is no longer valid, in all cases except for mandatory data retention periods.

Registration on the Website You can register on this website to access additional functions and services offered by our company. In this case, the data entered by you will be used and processed for the use of the respective service or functions for which you have registered. The mandatory data requested at registration must be provided by you in full, otherwise, the registration process will be rejected.

To inform you about important changes, such as those in the scope of our site or technical changes, we will use the email address you provided at the time of registration.

The processing of personal data provided in the registration procedure is only done with your consent and in compliance with the provisions of Article 6(1)(a) GDPR. You can revoke your consent at any time, and an informal email in this regard is sufficient. We will continue to store the data collected during registration for as long as you remain registered on this website, but mandatory storage periods remain valid and will be observed.

Authentication via Facebook If you do not wish to register directly on this site, you can log in through Facebook (Connect). This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Image not found or type unknown www Legal Online – v1.01 4 / 16 To log in using Facebook, click on “Login with Facebook” or “Connect with Facebook,” and you will be automatically redirected to this platform, where you will be prompted for your username and password, thus connecting to this website with your Facebook profile. In this way, we will have access to all the data stored on Facebook, such as (and not limited to):

Name
Profile picture
Email address
Facebook ID
Friends’ network
Likes (Facebook likes)
Birthday
Gender/Sex
Country
Language This data will be used to create and personalize your account on this website. For more information, you can access Facebook’s Terms and Conditions, as well as the Privacy Policy, available at https://www.facebook.com/privacy and https://www.facebook.com/legal/terms. Considering the decision of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU – US Privacy Shield is not adequate. Therefore, the transfer of personal data to the United States and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of standard contractual clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of standard contractual clauses for data transfers from data controllers in the EU to processors established outside the EU or EEA. For more information on these clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. Facebook uses Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by the GDPR. For more details, visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

Comment Section By accessing the Comments section, certain personal data (such as, but not limited to, email address, username, IP address) will be processed and stored, some of which are necessary for preventing illegal actions or defamatory content.

There is also the option to subscribe to this site to receive comments via the provided email. In this case:

The email address may be verified through a confirmation email.
You can unsubscribe at any time by accessing the link in the email content, and the data provided by you will be immediately deleted, except for data provided as a result of accessing other sections (for example, signing up for a newsletter), which will remain stored.

Purpose of Processing Collected Data Some of the data collected on this site is used for:

Optimal functioning and optimization of this site (statistical and analytical) – We aim to constantly provide you with the best experience on our site. Therefore, we may collect and use certain information regarding your satisfaction level during your site navigation. We may invite you to complete suggestion questionnaires or similar activities.
Periodic user information – We want to keep you informed about our offers. In this regard, we may send any type of message containing general and thematic information, information about offers or promotions, as well as other commercial communications such as market research and opinion polls. For communications of this type, we have obtained your prior consent. You can change your mind and withdraw your consent at any time.
Defense of our legitimate interests – There may be situations where we use or transmit information to protect our rights and business activity. These may include: measures to protect the website and the user of our site from cyberattacks; measures to prevent and detect fraud attempts, including transmitting information to competent public authorities; measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and the reasons for the compliant execution of contracts or the realization of the legitimate interests of the data controller (unless the fundamental interests or rights and freedoms of the data subject prevail, requiring the protection of personal data, especially when the data subject is a child).

Users’ Rights

Your rights regarding personal data and the means to exercise them are:

Right to Information, Right of Access, Right to Rectification, Right to Erasure, Right to Restriction of Processing, Right to Data Portability, Right to Object, Right not to be subject to a decision based solely on automated processing, Right to Lodge a Complaint and to Appeal to the Courts, Right to Withdraw Consent.
Right to Information – You can request information about the processing activities of your personal data, the identity of the data controller and its representative, or about the recipients of your data.
Right of Access – You can obtain confirmation from the data controller whether personal data concerning you is being processed, and if so, access to that data and information such as the purposes of processing, the categories of personal data involved, recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; the right to request rectification or erasure of personal data or restriction of processing or to object to processing, and more.
Right to Rectification – You can rectify inaccurate personal data or complete it.
Right to Erasure – You can obtain the erasure of data if the processing was not legal or in other cases provided by law.
Right to Restriction of Processing – You can request the restriction of processing in case you contest the accuracy of the data or in other cases provided by law.
Right to Data Portability – You can, in certain conditions, receive the personal data you provided in a format that can be automatically read or request that such data be transmitted to another data controller.
Right to Object – You can object, in particular, to processing based on the legitimate interest of the data controller.
Right not to be subject to a decision based solely on automated processing – You can request and obtain human intervention in the processing or express your own point of view on such processing.
Right to Lodge a Complaint and to Appeal to the Courts – You can file a complaint regarding the processing of personal data with the National Supervisory Authority for Personal Data Processing and/or address the courts to enforce your rights.
Right to Withdraw Consent – In cases where processing is based on your consent, you can withdraw it at any time. The withdrawal of consent will only affect future processing; processing carried out before the withdrawal remains valid.

Hosting Personal data recorded on this website is stored on the servers of MXHOST.RO. The processing of the provided and stored data complies with the following legal provisions:

Article 6, paragraph 1, letter a) GDPR – The processing of data by MXHOST.RO is based on your consent, obtained after correct and complete information.
Article 6, paragraph 1, letter b) GDPR – The processing of data by MXHOST.RO takes place for the purpose of fulfilling contractual obligations.
Article 6, paragraph 1, letter f) GDPR – The processing of data by MXHOST.RO is carried out for the purpose of legitimate interests pursued by the operator.

Regardless of the purpose for which the processing of personal data takes place, the principles of legality, fairness, and transparency are respected, as well as the principle that processed personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

For more information regarding the processing of personal data by MXHOST.RO, please visit MXHOST Terms and Conditions, MXHOST Cookie Policy, ANPC (National Consumer Protection Agency).

We have a contract/agreement/legal act (including the possibility of incorporating and agreeing on clauses from the Terms and Conditions of the website) concluded with MXHOST.RO to ensure the processing of personal data in accordance with legal regulations. We comply with our obligations under Article 28 of the GDPR by choosing an external service provider that provides sufficient guarantees for the implementation of adequate technical and organizational measures, ensuring that the processing complies with the requirements of the regulation and protects your rights.

Data Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. You can recognize this encryption by the lock icon that appears in the browser’s address bar and the change from “http://” to “https://” in the browser address. Once this type of encryption is activated, the transmitted or transferred data cannot be viewed by third parties.

According to the GDPR, in the event that a breach of the security of personal data is likely to result in a high risk to your rights and freedoms, the operator of this website will inform you promptly about this breach, unless additional provisions of the same Regulation apply (Article 34, paragraph 3).

Data Protection Officer

As the provisions of the GDPR regarding the obligation to appoint a Data Protection Officer do not apply (Article 37, paragraph 1 – according to which the Controller and the processor shall designate a data protection officer where:

a. the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; b. the core activities of the controller or the processor consist of processing operations that, by their nature, scope, and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or c. the core activities of the controller or the processor consist of large-scale processing of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offenses referred to in Article 10),

Records of Processing Activities

According to the GDPR, the data controller or the person authorized by the data controller should keep records of processing activities under its responsibility for a reasonable period. These records will include the following information:

Name and contact details of the data controller
Purposes of the processing
Description of categories of data subjects and categories of personal data
Categories of recipients to whom the personal data have been or will be disclosed
If applicable:
- Transfers of personal data
- Estimated time limits for the erasure of different categories of data
- A general description of technical and organizational security measures

The detailed obligation mentioned above does not apply to an enterprise or organization with fewer than 250 employees unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.

Appropriate Technical and Organizational Measures

Considering the current state of technology, the context, and the purposes of the processing, as well as the risks to the rights and freedoms of individuals, the data controller implements appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of processing are processed.

Notification to the Supervisory Authority in Case of Personal Data Security Breach

According to Article 33(1) of the GDPR, in the event of a personal data security breach, if it is likely to result in a risk to the rights and freedoms of individuals, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where feasible, within 72 hours from the time we became aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

Information to the Data Subject Regarding Personal Data Security Breach

In accordance with the provisions of Article 34 of the GDPR, if the personal data security breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay unless:

Adequate technical and organizational protective measures have been implemented, and these measures have been applied to the personal data affected by the personal data security breach, especially measures ensuring that personal data become unintelligible to anyone not authorized to access them, such as encryption.
Subsequent measures have been taken to ensure that the high risk to the rights and freedoms of the data subjects mentioned above is no longer likely to materialize.
It would require a disproportionate effort. In this situation, public information is provided or a similar measure is taken to inform data subjects in an equally effective manner.

Social Media

Facebook Plugins (Like & Share Button)

This service uses social plugins (“plugins”) managed by the social network facebook.com. The plugins can be identified by a Facebook logo (a white “f” on a blue background or a “thumbs up” sign) or are labeled by adding the phrase “Facebook Social Plugin.” The list and appearance of Facebook plugins can be seen here: https://developers.facebook.com/docs/plugins/. To the extent you use the Like extension, you can appreciate our website’s Facebook page without leaving it. To the extent you use the Share extension, you will share our website or specific content within it on your personal Facebook page without leaving the site.

Through the plugin, Facebook receives information that you access on our site. If you are logged in to Facebook at the same time, Facebook can attribute the actions taken on the page to your account and, consequently, to you personally. When you interact with the plugins, such as clicking the Like button or sharing specific content from the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, there is still a possibility that the social network obtains and stores your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and, consequently, to the transfer of personal data to Facebook. We do not control the nature and purpose of the data transmitted, as well as their subsequent processing. Regarding the purpose and scope of data collection, processing, and subsequent use by Facebook, as well as permissions and privacy settings, we have no control.

If you do not want Facebook to associate your visit to this site with your Facebook account information, you have the option to log out.

Instagram Plugin

This service uses social plugins (“plugins”) managed by the Instagram social network, functions provided by Instagram Inc., headquartered at 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins can be identified by an Instagram logo or are labeled by adding the phrase “Instagram Social Plugin.”

Through the plugin, Instagram is informed about your actions on our page. If you are simultaneously logged into your personal account on the social network, it can attribute the actions taken on the page to your Instagram account and, consequently, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not an Instagram member, there is still a possibility that it obtains and stores your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and, consequently, to the transfer of personal data to Instagram. We do not control the nature and purpose of the data transmitted, as well as their subsequent processing. Regarding the purpose and scope of data collection, processing, and subsequent use by Instagram, as well as permissions and privacy settings, you can consult Instagram’s privacy policies at: https://help.instagram.com/155833707900388.

If you are an Instagram member and do not want Instagram to collect your data through the plugin and link it to the data already stored on Instagram, you must log out of the social network before visiting this site.

Tumblr Plugin

This site uses certain Tumblr plugins, operated by Tumblr Inc., headquartered at 35 East, 21st. Street, 10th Floor, New York, NY 10010, USA. These plugins allow you to publish a post or page on Tumblr. When you visit this site using Tumblr, the browser establishes a direct connection to Tumblr’s servers. We have no influence over the volume of data accessed by Tumblr and transmitted through this plugin. From our experience, it is possible that the IP address and URL of the respective site are transmitted.

More information can be found in Tumblr’s privacy policy: https://www.tumblr.com/privacy.

Twitter Plugin

This service uses social plugins (“plugins”) managed by the Twitter social network. The plugins can be identified by a Twitter logo.

Through the plugin, Twitter receives information that you access on our page. If you are logged into the social network at the same time, Twitter can attribute the actions taken on the page to your Twitter account and, consequently, to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Twitter and stored. Even if you are not a Twitter member, there is still a possibility that it obtains and stores your IP address.

By clicking on one of the plugin buttons, you can express your agreement to their use and, consequently, to the transfer of personal data to Twitter. We do not control the nature and purpose of the data transmitted, as well as their subsequent processing. Regarding the purpose and scope of data collection, processing, and subsequent use by Twitter, as well as permissions and privacy settings, you can consult Twitter’s privacy policies at: https://twitter.com/en/privacy.

If you are a Twitter member and do not want Twitter to collect your data through the plugin and link it to the data already stored on Twitter, you must log out of the social network before visiting the site.

Google+ Plugin

This service uses social plugins (“plugins”) managed by the Google+ social network. The plugins can be identified by a Google+ logo.

Through the plugin, Google receives information that you access on our page. If you are simultaneously connected to the social network, Google can attribute the actions taken on the page to your Google+ account and, consequently, to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Google+ and stored there. Even if you are not a Google+ member, there is still a possibility that it obtains and stores your IP address.

By clicking on one of the plugin buttons, you can express your agreement to their use and, consequently, to the transfer of personal data to Google+. We do not control the nature and purpose of the data transmitted, as well as their subsequent processing. Regarding the purpose and scope of data collection, processing, and subsequent use by Google+, as well as permissions and privacy settings, you can consult Google+’s privacy policies at: https://policies.google.com/privacy?hl=en.

If you are a Google+ member and do not want Google+ to collect your data through the plugin and link it to the data already stored on Google+, you must log out of the social network before visiting the site.

Pinterest Plugin

This service uses social plugins (“plugins”) managed by the Pinterest social network.

Through the plugin, Pinterest receives information about your activity on our website. If you are simultaneously connected to the social network, Pinterest can attribute the actions taken on the page to your Pinterest account and, consequently, to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Pinterest and stored there. Even if you are not a Pinterest member, there is still a possibility that it obtains and stores your IP address.

By clicking on one of the plugin buttons, you can express your agreement to their use and, consequently, to the transfer of personal data to Pinterest. We do not control the nature and purpose of the data transmitted, as well as their subsequent processing. Regarding the purpose and scope of data collection, processing, and subsequent use by Pinterest, as well as permissions and privacy settings, you can consult Pinterest’s privacy policies at: https://policy.pinterest.com/en/privacy-policy.

If you are a Pinterest member and do not want Pinterest to collect your data through the plugin and link it to the data already stored on Pinterest, you must log out of the social network before visiting the site.

Newsletter

To receive a newsletter, it is necessary to provide a valid email address, along with specific information that can identify the owner of this address. Additionally, your consent is required for the transmission of the newsletter, and therefore, we inform you that any other personal data will be collected and stored only based on your agreement. The data collected in this way is processed only for the purpose of transmitting the newsletter and will not be transmitted to third parties. Therefore, we will process any data you enter into the contact form only with your consent, in accordance with the provisions of Article 6(1)(a) of the GDPR.

Plugins and Tools

Google Web Fonts

This site uses Google Web Fonts to ensure the consistent use of fonts on this site.

When you access a page on this website, your browser will load the necessary web fonts for the correct display of text and fonts, as a result of establishing a connection to Google’s servers. Thus, the use of Google Web Fonts is based on Article 6(1)(f) of the GDPR, with a legitimate interest in presenting a consistent font on this website. If there is consent expressed in this regard (for example, consent to cookie storage), the data will be processed exclusively based on Article 6(1)(a) of the GDPR.

For more information on how Google Web Fonts handles user data, please refer to the Privacy Policy available at: https://policies.google.com/privacy?hl=en.

Google Maps

This website uses Google Maps, a mapping and location service, through an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America.

To ensure data protection on our site, you will find that Google Maps is disabled when you visit our site for the first time. A direct connection to Google’s servers will not be established until Google Maps is autonomously activated, i.e., with your consent in accordance with Article 6(1)(a) of the GDPR. This prevents the transfer of data to Google during your first visit to our site. After activating the service, Google Maps will store the IP address. It is usually subsequently transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.

In light of the decision of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the EEA. It has also issued a set of contractual clauses for data transfers from data controllers in the EU to processors established outside the EU or EEA. For more information on these clauses, we recommend visiting this link.

Google Maps uses Standard Contractual Clauses as an adequate guarantee for data protection, in line with the level of protection guaranteed by the GDPR. For more information, please refer to Google’s Data Privacy Statement at the following address: https://policies.google.com/privacy.

Google reCaptcha

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google Inc., headquartered at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether the data entered on our website (e.g., information entered in a contact form) is provided by a human user or by an automated program.

To determine this, reCAPTCHA analyzes the behavior of visitors to the website based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates various data (e.g., IP address, time spent by the website visitor on the site, or user-initiated cursor movements). The data collected during these analyses is sent to Google. reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The data is processed on the basis of Article 6(1)(f) of the GDPR. The website operators have a legitimate interest in protecting the web content of the operator against misuse by automated industrial espionage systems and against SPAM.

Google reCaptcha uses Standard Contractual Clauses as an adequate guarantee for data protection, in line with the level of protection guaranteed by the GDPR. For more information, please refer to Google’s Data Privacy Statement available at https://policies.google.com/privacy and https://policies.google.com/terms?hl=en.

Chat Online

Online chat platforms

Facebook Messenger

On this website, we use Facebook Messenger, a free instant messaging application, ensuring the instant exchange of text messages with one or more individuals or computers simultaneously. It is an American messaging application and platform developed by Facebook, Inc. Initially developed as Facebook Chat in 2008, the company renewed its messaging service in 2010.

Through Facebook Messenger, we can provide you with quick assistance, allowing interaction with us, including tracking purchases, receiving notifications, and initiating personal conversations with the customer service representatives.

The legal basis for processing personal data through Facebook Messenger is represented by Article 6(1)(f) of the Regulation, relying on our legitimate interest in the legality of processing. Regarding the processing of personal data, Facebook Ireland can be contacted online or by mail at the following address: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The data collected through Facebook Messenger is used, among other things, for providing, customizing, and improving the chat, enabling the provision of analytics services, and communicating with you.

Facebook Messenger complies with the GDPR provisions and the Standard Contractual Clauses (SSC – Standard Contractual Clauses) approved by the European Commission, taking into account its decisions regarding data transfers to the United States and other countries. The European Commission has recognized countries such as Andorra, Argentina, Canada (commercial organizations), the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay as providing adequate protection. More information is available here and here.

E-Commerce and Payment Methods

E-commerce

We process personal data as necessary to conclude or modify a contractual relationship with our company/the company that manages this site, respecting the provisions of Article 6(1)(b) of the GDPR. Thus, we process (collect, record, structure, store, modify, extract, etc.) personal data from the moment this website is accessed only for the purpose of facilitating access to our products or services and/or collecting their payment. Customer data will be deleted after a period of months after a period of years.

Conclusion

This policy on the processing of personal data is generated in accordance with the provisions of Regulation No. 679/2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data, as well as with other applicable national legal provisions.

We reserve the right to make any additions or modifications to this policy. We recommend regularly consulting the Policy for accurate and updated information regarding the processing of personal data.

For more details regarding this GDPR Policy, as well as to exercise any of the rights mentioned above, a written notification can be sent to the contact details indicated above.