Privacy Policy
Privacy Policy
1. Introduction
We thank you for your interest shown in our company and / or our services.
The protection and privacy of personal data is a very important issue for us. When you engage in any relationship with us, you share your information with us. This information, as presented in this document (hereinafter referred to as “Privacy policy” or “Document”)is important.
We recommend that you read them carefully. The purpose of this Privacy Policy is to explain to you what data we process (collect, use, share), why we process it, how we process it, as well as your rights under the GDPR and how you can exercise those rights. In collecting this information, we act as Operator and, under law, we are obliged to provide you with this information.
Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not provide information to third parties without informing you in accordance with legal provisions. We do not make exclusively automatic decisions that have a significant impact on you.
By visiting this website, purchasing our products or interacting with us by any means and / or through any communication media (email, phone, social networks, etc.), you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the services of Company NUCA ORGANIC S.R.L., acting as a data controller within the meaning of the General Regulation on the Protection of Personal Data (GDPR).
2. DEFINITIONS
1.1. GDPR, “RGPD” or “Regulation”means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL as of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
1.2. “The operator” or “We” means The company NUCA ORGANIC S.R.L., with its registered office located in Serghei Vasilievici Rahmaninov street no. 76-80, Bucharest Sector 2, registered with the Trade Register Office under no. J40/8383/2017, with Unique Identification Code – 37692776.
1.3. “Data subject” means any identified or identifiable natural person whose data are processed by us as an operator, such as customers, potential customers or visitors on the website.
1.4. “Processing”means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, limiting, removing or destroying;
1.5. “Consent”means any manifestation of the free, specific, informed and unambiguous will of the data subject by which they consent, by an unequivocal statement or action, that their personal data be processed by the Operator;
1.6.“Personal data”means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The other terms used in this document have the meaning provided by the GDPR and other applicable legal provisions.
3. OTHER FACILITIES
This Privacy Policy does not cover other third-party applications and websites that you may access by accessing the links on our website. This is beyond our control. We encourage you to review the Privacy Policy on any website and / or application before providing personal data.
4. WHO ARE WE?
The company NUCA ORGANIC S.R.L., headquartered in Serghei Vasilievici Rahmaninov street no. 76-80, Bucharest Sector 2, registered with the Trade Register Office under no. J408383/2017 with Unique Identification Code – 37692776, is responsible for the processing of your personal data that we collect directly from you or from other sources.
According to the law, our company is a personal data controller. In order for your data to be processed securely, we have made every effort to implement reasonable and appropriate, technical and organizational measures to protect your personal data.
5. Who are you?
According to the law, you, the natural person benefiting of our services / products, the representative or contact person of a company that is our customer or potential customer, our website visitor or the person engaged in a relationship of any kind with us, are a “data subject” meaning an identified or identifiable natural person. In order to be completely transparent about the processing of data and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights.
6. OUR COMMITMENT
The protection of your personal information is very important to us. Therefore, we are committed to complying with the European and national legislation on personal data protection, in particular with the Regulation (EU) 679/2016, also known as the GDPR and the following principles:
✓ Lawfulness, fairness and transparency
We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed.
✓ Control is yours
Within the limits of the law, we offer you the opportunity to review, modify, delete personal data that you have shared with us and to exercise your other rights.
✓ Data integrity and purpose limitation
We use the data only for the purposes described upon collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that the personal data is accurate, complete and up to date.
✓ Security
We have implemented reasonable security measures for the processing of personal data so that we can protect your personal information as best we can. However, please be aware that no website, no application, and no internet connection is completely secure.
7. CHANGES
We may alter this Privacy Policy at any time. All updates and changes to this Policy are effective immediately, so please read this Privacy Policy at all times.
8. YOUR INFORMATION PURPOSES. LEGAL GROUNDS.
When you browse our website, send us a request by e-mail, or contact us for any other purpose and through any other communication media, you may provide us with the following personal information, which we collect directly from you, or from other sources, as explained in the table below.
Personal data processed * | Purpose / Purposes * | Legal Ground / Grounds |
Name Address | · For creating an account on the website. · For invoicing. · For complying with the law. · For preventing fraud and other crimes. · For direct marketing (only with your prior consent). | · Concluding or executing a contract – Art. 6 (1) b GDPR. · legal obligation – Art. 6 (1) c GDPR. · consent – Art. 6 (1) a) – (direct marketing only). |
· For creating an account on the website. · For invoicing · For complying with the law. · For preventing fraud and other crimes. · For direct marketing (only with your prior consent). | · Concluding or executing a contract – Art. 6 (1) b GDPR. · consent – Art. 6 (1) a) – (direct marketing only). · legitimate interest – Art. 6 (1) f) GDPR. | |
IP address
| · for protecting against cyber attacks. · for fraud prevention. · for network operation. | · legitimate interest – Art. 6 (1) f) GDPR |
We collect most of the information directly from you (for example, by filling out a form on the website). Most of the information is as described above, but there may be situations where we collect data from third parties (i.e. partners, platforms).
In addition to the information listed above, we may also collect the following information, as necessary:
- How you interact with our website (s) (e.g., information about how and when you visit our website or what device you use to visit our website). For more information, please read our Cookie Policy.
- The content of messages sent through messaging and email systems.
In addition to the purposes listed in the table above, we also process personal data for the following purposes:
- To answer your questions and requests and provide you with customer support;
- For marketing purposes, but only if we have your prior consent or when there is a legal exception from obtaining consent;
- To provide and improve the services we provide;
- To diagnose or remedy technical problems;
- To protect us from cyber attacks;
- To comply with the law, such as compliance with tax law which obliges us to keep the accounting documents for a period of 10 years;
- In the unlikely event of a dispute, for objecting against or claiming a right in the court.
8.1 OTHER INFORMATION ON LEGAL GROUNDS
(a) Legitimate interest.Should we make use of the legitimate interest, we perform a legitimate interest analysis (balancing test) through which we can balance our interest and your interests. If our interests prevail, we will use the legitimate interest. In the event that your interests prevail, we will not use the legitimate interest, and we will not perform that processing activity unless we are able to identify another proper legal basis.
(b) Consent. Please note that consent is not required, and we will only proceed to obtaining your consent if we are unable to use another legal basis. We currently only use consent for email marketing.
(c) Vital interest. In the unlikely event of a medical emergency or other exceptional event, processing may be necessary to protect your or another individual’s vital interests.
9. STORAGE PERIOD
We only store your personal data for the period necessary for the fulfillment of the purposes, but not more than 5 years upon the termination of the contract or the last interaction with us.
At the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data to be used in scientific, historical or statistical research.
Please note that in certain expressly regulated situations, we store data for the period required by law.
10. DATA TRANSFERS
We may disclose your data in compliance with applicable law to business partners or other third parties. We make constant efforts to ensure that these third parties have implemented appropriate protection and security measures. We have contractual terms concluded with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate under the law.
We may also transfer the data to other parties with your consent or in accordance with your instructions, such as when you request portability.
We may also provide your personal information to the public prosecutor’s office, the police, the courts and other competent state bodies, on the basis and within the limits of legal provisions and as a result of express requests.
The transfer of personal data to a third country may take place only if the state to which the transfer is intended provides an adequate level of protection.
The transfer of data to a state whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the data subject’s fundamental rights. These guarantees will be established by us through contracts concluded with the service suppliers/providers to whom the transfer of your personal data will be made.
Each time we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguard mechanisms:
- we will transfer your personal data to countries where the European Commission has shown to provide an adequate level of security for your personal data.
- when we call on certain service providers, we will be able to use certain model contracts provided and approved by the European Commission that give personal data the same protection that they have in Europe.
11. DATA SECURITY
We understand the importance of the security of personal data and take the necessary measures to protect our customers and other individuals whose data we process against unauthorized access to personal data, as well as against unauthorized modification, disclosure or destruction of data we process in the course of our business.
We have implemented the following technical and organizational measures for the security of personal data:
a) Dedicated policies. We constantly adopt and review internal practices and policies for the processing of personal data (including physical and electronic security measures) in order to protect our systems against unauthorized access or other possible threats to their security. These policies are subject to constant scrutiny to ensure that we comply with legal requirements and that the systems operate properly.
b) Data minimization.We ensure that your personal data that we process is limited only to what is necessary, appropriate and relevant for the purposes stated in this Policy.
c) Restricting access to data. We try to restrict as much as possible access to the personal data that we process to the minimum necessary: employees, collaborators and other people who need to access these data in order to process them and perform a service. Our partners and collaborators are subject to strict privacy duties (either contractual or legal).
d) Specific technical measures.We use technologies to ensure the security of our customers, always trying to implement the best solutions for data protection. We also back up data regularly so that we can recover it in the event of an incident, and we have regular audit procedures to ensure the safety of the equipment used. However, no website, no application, no internet connection is completely secure and untouchable.
e) Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or timeliness of your data to make sure they depict reality.
f) Personnel training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.
g) Anonymization of data. Where we can, we try as much as possible to anonymize / pseudo-anonymize the personal data that we process, so that we can no longer identify the persons to whom they refer.
However, although we make every effort to ensure the security of the data you provide to us, we may also experience less fortunate events and security incidents / breaches. In such cases, we will strictly follow the security incident reporting and notifying procedure and take all necessary steps to restore the situation to normal as soon as possible.
12. DIRECT MARKETING
Provided that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies based on the information we collect about you. We currently send commercial e-mail messages to people who have previously given their consent.
13. YOUR RIGHTS
Your rights under the GDPR are as follows:
(a) The right to be informed about the processing of your data
(b) Right of access to data. You have the right to obtain from us a confirmation that we process or not personal data concerning you and, if so, you have access to those data and to the information provided by art. 15 para. (1) of the GDPR;
(c) The right to modify inaccurate or incomplete data. You have the right to obtain, from us, without undue delay, the adjustment of inaccurate personal data concerning you;
(d) The right to removal (“the right to be forgotten”). In the situations provided under art. 17 of the GDPR, you have the right to request and obtain the removal of personal data;
e) The right to restrict processing In the cases provided by Article 18 of the GDPR, you have the right to request and obtain the restriction of processing;
f) The right to transmit the data we hold about you to another data controller (“right to portability”). The right to transfer the available data about you to another data controller (“right to portability”);
g) The right to object to the processing of data. In the cases provided by Article 21 of the GDPR, you have the right to object to the processing of data;
h) The right not to be subject to a decision based solely on automatic processing, including the creation of profiles with legal or similar significant effects on you.;
i) The right to approach the court for the protection of your rights and interests;
j) The right to lodge a complaint with a Supervisory Authority.
Name | National Authority for the Supervision of Personal Data Processing |
Address | G-ral. Gheorghe Magheru Blvd. no. 28-30, Sector 1, postal code 010336, Bucharest, Romania |
Telephone: | +40.318.059.211 or +40.318.059.212 |
Please note:
(1) You may withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each email.
(2) The rights listed above are not absolute. There are exceptions, so each request received will be analyzed so that we can decide whether it is well-founded or not. To the extent that the application is well-founded, we will make it easier for you to exercise your rights. If the request is unfounded, we will reject it, but we will inform you about the reasons for refusal and about the rights to lodge a complaint with the Supervisory Authority and to go to court.
(3) We will try to respond to the request within one month. However, the deadline may be extended depending on various issues, such as the complexity of the request, the large number of requests received, or the inability to identify you in a timely manner.
(4) If, despite our best efforts, we are unable to identify you and you do not provide us with additional information in order to identify you, we are not required to comply with the request.
14. Questions, requests and exercise of rights
If you have any questions or concerns regarding the processing of your information or you wish to exercise your legal rights or have any other concerns regarding the confidentiality of the information you provide to us, you may contact us at the company address or e-mail:
contact@nucaorganic.ro
Last updated on: 25.02.2022