Content:
1. General provisions
2. Details about our company
3. Processed data. Purpose, duration and legal basis of processing
4. Processed sensitive data. Purpose, duration and legal basis of processing
5. Mechanisms and use of automated decision-making systems
6. Additional disclosure and use of your data
7. How we collect the personal data
8. Security of information
9. Transfer of your data outside the European Economic Area
10. Your rights upon yourpersonal data
11. Principles of policy
12. Changes of the Policy
1. General provisions
1.1 The confidentiality of personal data is one of the main concerns within the KIRIZZA DESIGN SRL company (hereinafter “the Company”). As such, we want to ensure the highest standards of confidentiality, integrity and transparency regarding the personal data we process in our business.
1.2 As in carrying out the activity it is necessary to process a series of personal data with predilection in relation to the specifics of our object of activity we want to provide assurances that the processing will take place in compliance with the principles of transparency and security of personal data. This privacy policy is intended to help you understand what data we collect, why we collect it, and what we do with it.
1.3 Our data protection policy and practices focus on the proper and lawful processing, exchange and storage of personal information and on ensuring confidentiality, integrity and availability.
1.4 All users have free access to the website www.kirizza.com provided they comply with this privacy policy. Our website complies with the General Data Protection Regulation – GDPR (Regulation (EU) 2016/679.
2. Details about our company
2.1 KIRIZZA DESIGN SRL, headquartered in Timișoara, Bld. G-ral Ion Dragalina, Nr. 7, Et. 2, Ap. 15, Timiș County, Nr. Ord. Reg.Com: J35 / 679/2022, Fiscal code: 45661126, having the following contact data e-mail contact@kirizza.com and phone number (+40) 748 096 029 , (hereinafter referred to as “KIRIZZA” or “Company”).
2.2 The company acts as the controller of the personal data collected through the website www.kirizza.com (the “Site”).
2.3 The operator has the obligation to manage in safe conditions and only for the specified purposes, the personal data that the users of the www.kirizza.com website provide.
3. Processed data. Purpose, duration and basis of processing
|
Time of processing |
Processed data |
Purpose of processing |
Retention period |
Basis of processing |
Where is it stored |
|
3.1 Accessing the website |
3.1.1 Web server log |
Ensuring IT network secutiry |
6 months |
Compliance with legal obligations – art. 6 (1) c) of GDPR |
Hosting site server |
|
3.1.2 cookies* |
|
|
|
|
|
|
3.2 Contact by e-mail |
3.2.1 E-mail and any other identification data presented in it |
In order to answer the questions and messages we receive and to keep records of correspondence. |
Only as long as it will be necessary but no longer than a year, as long as there is no litigation involved. |
Is required to perform a contract or to start the process of engaging in a contract at your request Article 6 (1) b) |
Electronic format, on the server |
|
3.3 Contact by telephone |
3.3.1 Phone number, name, surname + data provided in the conversation |
In order to answer the questions and messages we receive and to keep records of correspondence. Calls are not recorded. |
Only as long as it will be necessary but no longer than one year, as long as there is no litigation involved. |
is required to perform a contract or to start the process of contracting at your request (Article 6 (1) (b) |
In the telephone operators system |
|
3.4 Contact through social networks |
3.4.1 Profile page ID |
To answer the questions and messages we receive and to keep track of correspondence. |
Facebook / Instagram provide detailed information about the scope, nature, purpose and further processing of your data on its Internet pages. Here you will also find additional information about your rights and settings to protect your privacy. Information on data protection from Facebook: www.facebook.com/about/privacy, and on Instagram: https://help.instagram.com/519522125107875 |
Art. 6 (1) (a) the data subject has given his consent for the processing of his personal data for one or more specific purposes |
Server of the hosting website |
|
3.5 Creating an account |
3.5.1 Name, surname, e-mail, telephone number |
The general purpose is to create and manage the account within the KIRIZZA platform. This information is processed so that the User has easy and fast access to the order process and so that the Company can contact the customer. In the process of creating the account is required to enter a password to access the account. However, placing an order is not conditional on creating an account. |
We will store this data as long as you have an account on www.kirizza.com. You may ask us to delete certain information or close your account at any time, and we will comply with such requests, subject to the retention of certain information, including subsequent closure of your account, where applicable law or our legitimate interests require so. Please note that if there is no request to delete this data, it will be deleted within 2 years of the last use of the account. |
a) your consent (Article 6 (1) (a) of the General Data Protection Regulation). The provision of personal data for the creation of the Profile is interpreted as an unequivocal action / manifestation of free will, informed and unambiguous by which you accept that your personal data will be processed under the conditions of this Policy. b) the processing is necessary for the purpose of the legitimate interests pursued by the operator or a third party (Art. 6 (a) letter f) |
In electronic format, on the server |
|
3.6. Completion of an order, invoice and delivery |
3.6.1 Name, surname, telephone, e-mail, address: locality (city, village, commune), street number, block, apartment, county. |
This information is required to deliver the ordered products to the Customer. Also, this information will be written on the tax invoice issued by the Company. |
The data will be processed to fulfill the intended purpose. You may request the deletion of certain information at any time, and we will comply with such requests, subject to the retention of certain information, including subsequent closure of the account, where applicable law or our legitimate interests so require. Please note that if there is no request to delete this data, it will be deleted within 2 years of the last order or the last login in the account. |
is required to perform a contract or to start the process of contracting at your request (Article 6 (1) (b) |
In electronic format, on the server |
|
3.7. Returning a product |
3.7.1. The following form is required in the return form: Name, surname, e-mail, order ID. 3.7.2. The following data is requested by the return confirmation e-mail: address for receiving the package, IBAN code, bank name, name and surname of the Beneficiary |
This information is collected in order to ensure the Customer’s right to withdraw from a contract and respect consumer rights. The company collects this data to make returns / cancellations of orders, to refund the amounts paid for the returned products and are sent to the partner for authorization of online payments. The card details are not accessible and are not stored by the Company, but only by the entity authorizing the transaction. |
The data will be processed to fulfill the intended purpose. You may request the deletion of certain information at any time, and we will comply with such requests, subject to the retention of certain information, including subsequent closure of the account, where applicable law or our legitimate interests so require. Please note that if there is no request to delete this data, it will be deleted within 2 years of the last order or the last login in the account. |
is required to perform a contract or to start the process of contracting at your request (Article 6 (1) (b) |
In electronic format, on the server |
* 3.1.2 for more information about cookies please see our cookies policy.
3.9 Criteria for establishing retention periods
The data will be stored for the minimum period necessary to achieve the purpose, taking into account the following:
• the purpose and use of your information both now and in the future (for example, if we need to continue to store that information in order to continue to fulfill our obligations under a contract with you or to contact you in the future);
• if we have a legal obligation to continue processing your information (such as any obligations to keep records required by law or relevant regulations);
• if we have any reason to continue processing the information (such as your consent);
• the levels of risk, cost and responsibility involved in continuing to hold the information.
3.10 If we receive information about you by mistake
If we mistakenly receive information about you from a third party and / or do not have a legal basis for the processing of this information, we will delete your information.
3.11 Information received about you for the purpose of reporting abuse
We may monitor any disputes between Users, in the event that there is an obligation provided by law in this regard or if a User reports an abuse. If the abuse is reported, the User assumes and understands that part of the reported conversation and implicitly of the information and data communicated will be verified by the Company.
3.12 Sending messages for marketing purposes
We want to keep you informed about the best offers for the products / services that interest you. In this sense, we can send you any type of message (such as: e-mail / SMS / telephone / webpush / etc.) Containing general and thematic information, information on products similar or complementary to those you have. purchased, information about offers or promotions, information about products added in the “My Cart” section or the “Wish List” section or you have shown interest in purchasing them, as well as other commercial communications such as market research and surveys opinion, and we can display customized recommendations on the website.
In order to provide you with information of interest, we may use certain data about your behavior as a buyer (eg products viewed / added to your wishlist / purchased) to create a profile for you. We always make sure that these processing is carried out in compliance with your rights and freedoms and that the decisions taken on the basis of them have no legal effect on you and do not affect you.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:
a. Changing the settings in the client account;
b. Accessing the unsubscribe link displayed in the messages you receive from us;
c. Contacting the Company using contact details.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will process your request.
4. Processed sensitive data. Purpose, duration and basis of processing
The website www.kirizza.com does not collect sensitive data.
5. Mechanisms and use of automated decision-making systems
5.1 We use automated decision-making mechanisms on our website. We do not believe that this has a legal effect on you or affects you in a similar way.
We always want to offer you the best online shopping experience. To do this, we may collect and use certain information in connection with your Buyer behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order or we may conduct, directly or with the help of partners, market research and research.
We base these activities on our legitimate interest in doing business, always making sure that your fundamental rights and freedoms are not affected.
5.2 You have the right to object to our use of automatic decision-making and profiling mechanisms described in this section. You can do this by waiving cookies and similar technologies, in accordance with the method described in the relevant section of this privacy policy. If you do not want us to process your real IP address (usually the IP address assigned by your Internet Service Provider) when you visit our site, you can use a virtual private network (VPN) or a free service.
5.3 You can learn more about the use of cookies and similar technologies (including the legal basis for their use) and how to opt out of them in the cookie policy available on the Site.
6. Disclosure and additional use of your data
This section sets out the circumstances in which we will disclose your data to third parties and any other additional purposes for which we use your data.
6.1 Disclosure of your data to service providers
6.1.1 Disclosure and use of your information for legal reasons
I. Indication of possible criminal acts or threats to public safety to a competent authority.
If we suspect that criminal or potential conduct has taken place, we will need, in certain circumstances, to contact a competent authority, such as the police. This could be the case, for example, if we suspect that we have committed a fraud or cybercrime or if we receive malicious threats or communications from us or from third parties.
Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation), respectively for the prevention of crime or suspected criminal activity (such as fraud).
II. In connection with a legal or potential legal dispute or procedure
We may need to use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court decision or a similar process.
Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest: the settlement of disputes or possible disputes.
III. For continuous compliance with laws, regulations and other legal requirements
We will use and process your information to comply with our legal obligations. For example, we may need to disclose your information based on a court order or subpoena if we receive one.
Legal basis for processing: compliance with a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation).
Legal obligation: the legal obligations to disclose information, established in our task by internal or international normative acts (for example in the form of an international agreement that Romania has signed).
Legal basis for processing: legitimate interest (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest: if the legal obligations are part of the laws of another country and have not been integrated into the legal framework of Romania, we have a legitimate interest to comply with these obligations.
IV. Disclosure of data to our service providers and partners to operate and improve our services
We use third parties to help us operate and improve our services. These third parties are either companies within the same group of companies as KIRIZZA, or help us with various tasks, including hosting and data maintenance (Woocommerce, Woofunnels, Aerocheckout), audience analysis (Google Analytics), marketing and advertising services (Google AdWords and Facebook Ads), payment processing (Netopia) – to be completed / modified in accordance with those applicable to the site, courier service providers, banking / payment service providers and security operations.
We follow a strict verification process before hiring any service provider or collaborating with any partner. All our service providers and partners must accept strict confidentiality obligations. They will have access to your data only to the extent that it is reasonably necessary to perform certain tasks on our behalf.
7. How we collect data
7.1 We collect your personal data, directly from you, for example, when you send us an email or subscribe to the newsletter, by expressly agreeing. Unsubscribing from the newsletter is done by pressing the e-mail button.
7.2 We collect your personal data automatically. When you use our services on the Company’s website, we collect information through cookies and by logging in to your business. For more information on the use of cookies, please see the cookies policy.
8. Information security
8.1 We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or illegal use and accidental loss or destruction, including:
• sharing and providing access to your data to the minimum necessary, subject to confidentiality restrictions, where appropriate and anonymously, whenever possible;
• use of secure servers for information storage;
• verifying the identity of any person requesting access to information before granting them access to information;
• use the Secure Sockets Layer (SSL) standard to encrypt any information you send us through any forms on our website;
• we transfer your data only through a closed system or through encrypted data transfers.
8.2 Sending information to us by e-mail
The transmission of information on the Internet is not entirely secure and if you send us information via the Internet (by e-mail or in any other way), you do so entirely at your own risk.
We cannot be liable for any expenses, loss of profits, damage to reputation, damages, debts or any other form of loss or damage suffered by you as a result of your decision to provide us with information by such means.
9. Transfer of your data outside the European Economic Area (hereinafter “EEA”)
9.1 Your data will not be transferred to non-EEA countries.
10. Your rights over personal data
10.1 Responsible for the protection of personal data
We have appointed a personal data protection officer whom you may contact in connection with any matter relating to the processing of your data, as well as for the exercise of your rights under the applicable legal provisions, in particular if you have questions or concerns about how in which we process your personal data. The e-mail address where you can contact the data protection officer is: _______
10.2 Subject to certain restrictions, you have the following rights in relation to your data which you may exercise by sending a written request or e-mail to contact@kirizza.com
a) The right of access – the right to obtain from us, upon request and free of charge, confirmation that the data concerning you are or are not processed by the company and the right of access to such data, unless such requests are repetitive or done in bad faith;
b) The right to information – the right to be informed about the identity of the controller, the purpose for which the data are processed, the recipients or categories of recipients of the data, the existence of the rights provided by GDPR and the conditions under which they may be exercised
c) The right to rectification – you can request the rectification of inaccurate personal data.
d) The right to delete data (“the right to be forgotten”) – you can obtain the deletion of data, if their processing was not legal or in other cases provided by law;
e) The right to restrict the processing – you can request the restriction of the processing in case you dispute the accuracy of the data, as well as in other cases provided by law;
f) The right to object – the right to oppose, at any time, for well-founded and legitimate reasons related to the data being processed, except where there are contrary legal provisions;
g) The right to data portability – you can receive, under certain conditions, the personal data you have provided to us, in a format that can be read automatically or you can request that the data be transmitted to another operator
h) The right to file a complaint – you can file a complaint regarding the way personal data is processed at the National Authority for the Supervision of Personal Data Processing or you can address the courts.
i) The right not to be subject to additional automatic or profiling decisions related to automatic decisions: the right to request and obtain the withdrawal, annulment or re-evaluation of any decision which produces legal effects, adopted exclusively on the basis of the processing of personal data, performed by automatic means, intended to assess some aspects of his personality, such as professional competence, credibility, behavior or other such aspects;
10.3 You can also file a complaint regarding the processing of your data with the National Authority for the Processing and Supervision of Personal Data (B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, www.dataprotection.ro, anspdcp@dataprotection.ro).
10.4 If you wish to exercise the rights mentioned above, please contact the person responsible for the protection of personal data using the following contact details:
● E-mail: contact@kirizza.com
● Address: Mun. Timișoara, Bld. G-ral Ion Dragalina, Nr. 7, Et. 2, Ap. 15, Timiș County
10.4 Verification of your identity if you request access to your information
If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or unauthorized general access to your information.
10.5 How do we verify your identity?
10.5.1 If we have adequate information about you in the database, we will try to verify your identity using this information.
10.5.2 If we are unable to identify you on the basis of this information or if we do not have sufficient information about you, we may request copies or certificates of certain documents so that we can verify your identity before we can give you access to your data. .
10.5.3 We will be able to confirm the exact information we need to verify your identity in the specific circumstances given, if and when you make such a request.
10.6 Your right to object to the processing of data for certain purposes
You have the following rights regarding your data which you can exercise by sending an e-mail to contact@kirizza.com.
• object to our use or processing of information to perform a task in the public interest or in our legitimate interest, including the analysis or prediction of your conduct based on your information.
• object to the use or processing of your data for direct marketing purposes (including any profile we involve in connection with this direct marketing) by clicking the unsubscribe button.
10.7 For more information on how you can object to the use of data collected through cookies and similar technologies, please see our cookie policy.
11. The principles on which our data protection policy is based:
a) The processing of personal data will be done in a legal, fair and transparent manner;
b) The collection of personal data will be done only for specified, explicit and legitimate purposes and the data will not be further processed in a manner incompatible with those purposes;
c) The collection of personal data will be adequate, relevant and limited to the information necessary for the purpose of processing;
d) Personal data will be accurate and, where necessary, updated;
e) All necessary measures shall be taken to ensure that incorrect data are deleted or corrected without delay;
f) The personal data will be kept in a form that allows the identification of the data subject and for a period not longer than the one in which the personal data are processed;
g) All personal data will be kept confidential and stored in a manner that ensures the necessary security;
h) Personal data will not be distributed to third parties unless necessary for the purpose of providing services under the agreements;
i) The data subjects have the right to request access to personal data, their rectification and deletion, to resist or restrict the processing of data as well as the right to data portability.
12. Changes to our privacy policy
12.1 We regularly update and change our privacy policy.
12.2 Minor changes to our privacy policy
If we make minor changes to our privacy policy, we will update the Privacy Policy with a new effective date mentioned at the beginning. The processing of your information will be governed by the practices set out in the new version of the Privacy Policy from its effective date.
12.3 Major changes to our privacy policy or the purposes for which we process your information.
If we make major changes to our privacy policy or intend to use your data for a new or different purpose from the purposes for which we originally collected it, we will notify you by email (if possible) or by posting an ad on our website.
We will provide you with information about the change in question and the purpose and any other relevant information before using your information for the new purpose.
Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.
This policy was last updated on 22.06.2022