Privacy Policy

Privacy policy and personal data processing policy

General

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter – GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, and its provisions are directly applicable as of May 25, 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law No. 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons within the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, companies with legal personality, including the name and type of legal person and the contact details of the legal person.

Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Identity of the controller

Considering Article 4(7) of the Regulation, which defines the term “controller” as the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, the controller processing personal data through this website is MÎNDRICEL DANIEL AUTHORIZED NATURAL PERSON (hereinafter, LugooLugoo), with ONRC no. F2025039569001 and CUI: 52681894, with contact details:gdpr@lugoolugoo.com and +40.722.787.251.

Collection of personal data

Personal data collected

The operator of this website collects, stores, and processes the following personal data about you:

Within the various types of account registration (User-Host, User-Client):

First name, last name
Contact details: email and/or phone numbers
Home/residence address
Date and place of birth (for security reasons for Host Users – natural persons and for Clients and to establish full legal capacity)
Citizenship of the Host User, natural person (locals)
Bank details (directly and through the payment processor)
Online identifiers (IP, cookies).

For subscribing to the newsletter – sending commercial offers, promotions:

Email address
Online identifiers (IP, cookies)

For the contact form

Email
First and/or last name
Personal information voluntarily provided by the user
Online identifiers (IP, cookies)

Given that the Regulation mainly prohibits “the processing of personal data revealing racial or ethnic origin, political opinions, religious beliefs or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the unique identification of a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation” (according to Article 9(1)), the situations in which the processing of such data is permitted are then established:

the data subject has given explicit consent;
processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection
processing is necessary to protect the vital interests of the data subject or another natural person where the data subject is physically or legally incapable of giving consent;
processing is carried out in the course of their legitimate activities and with appropriate safeguards by a foundation, association, or any other non-profit body with a political, philosophical, religious, or trade union character, provided that the processing relates only to members or former members of the body or to persons with whom it has permanent contacts in connection with its purposes and that the personal data are not disclosed to third parties without the consent of the data subjects;
the processing relates to personal data which are manifestly made public by the data subject;
processing is necessary for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity;
processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, for the diagnosis of disease or injury, for the provision of health or social care or treatment or for the management of health or social care systems and services; on the basis of Union or national law or on the basis of a contract concluded with a healthcare professional and subject to the conditions and safeguards laid down in the Regulation;
processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices; under Union or national law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; or
processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with the purpose pursued, respecting the essence of the right to data protection and providing for appropriate and specific measures to protect the fundamental rights and interests of the data subject.

Obtaining Consent

General

In order for the processing of personal data to be lawful, the GDPR provides that it must be carried out on the basis of a legitimate reason, such as the performance or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the valid consent of the data subject in advance. In the latter case, the controller is required to be able to demonstrate that the data subject has given consent to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions set out in the GDPR.

Consent must be given by means of a statement or by an unequivocal action constituting a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of his or her personal data. Where the data subject’s consent is given in the context of a statement, in electronic or written form, which also refers to other matters, the request for consent must be presented in a form that clearly distinguishes it from the other matters, which may be done by ticking a box.

Cookies

Cookies are used on this website. They do not harm your computer and do not contain viruses, but serve to make the use of the website easier, more efficient, and more secure. They are small text files that are stored on your computer and saved by the browser used to access the website.

Many of the cookies used are called “session cookies,” which are automatically deleted after your visit to this site. Others remain in your computer’s memory until you delete them, making it possible to recognize your browser on a subsequent visit.

You can configure your browser to inform you about the use of cookies, so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you wish to use are stored in accordance with the provisions of Art. 6 para. 1 lit. f) GDPR, according to which processing is lawful only if and to the extent that it is necessary for the purposes of the legitimate interests pursued by the controller or a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies to ensure error-free optimization. Other cookies used on websites are also stored and are described in this policy.

Cookies come in various forms, with different variations, each serving a specific purpose or originating from a specific source. Cookies can be classified into the following categories:

First-Party Cookies: These cookies belong to the website accessed by a visitor. They mainly serve a purely statistical purpose, i.e., these cookies are used to calculate the number of views/visits to the website (or a specific category of the website), the number of active sessions, etc.
Third-Party Cookies: These cookies do not belong to and are not controlled by the website accessed. They are set by web domains that are not necessarily accessed directly by the user. Third-party cookies are inserted by website owners when they want to interconnect several facilities offered in the online environment. A good example of this is the use of a video on YouTube in the interface of another website. By pressing the “play” button on the video, YouTube can also place cookies on the device from which the access takes place, without the user implicitly entering www.youtube.com.
Session cookies: These cookies are stored for as long as the browser remains open and are deleted immediately (or at most a few seconds) after the browser is closed. These cookies have a purely administrative and functional purpose as they allow the user to benefit from the website in a useful way.
Persistent cookies: As the name suggests, these cookies are stored for a longer period of time. They have a specific duration during which they will exist on the user’s terminal (ranging from a few minutes to years or decades) and are not automatically deleted when the web browser is closed. The purpose of these cookies is to track users’ interaction with a particular website. An example of this would be storing login details on a particular website (Remember Username/Password). However, the user still has full control over these persistent cookies and can delete or block them from their device at any time.
Data security cookies: These cookies can only be used by websites that use the HTTPS protocol. These cookies contain encrypted data, which is useful for online payments, online transactions, online/mobile banking services, etc.

The following cookies are used on this website, with the following functions:

Cookie name	Purpose	Cookie Type	Origin	Duration (months)
ACCOUNT_CHOOSER	Google user authentication	Necessary	accounts.google.com	13
APISID	Google identification and security	Necessary	.google.com	13
HSID	Google security and authentication	Necessary	.google.com	13

Cookies are used on the Operator’s website for the following purposes:

To store user preferences;
To make the user’s experience on this website a useful one;
To keep the site operational;
To be able to offer users all the options available on the website;
To collect data for purely analytical purposes.

In general, any application used to access web pages allows cookies to be saved on the device by default. These settings can be changed at any time by the user in the “Settings” menu for each application. Thus, the user can set the web browser to no longer allow the storage of cookies, can allow cookies only from certain sites, can delete cookies already stored, and many other such actions. Detailed information about the possibilities and ways of managing cookies can be found in the settings area of the application (web browser).

Since the protection of personal data is a goal that must be met, it is advisable to be aware of the potential problems that cookies, or more precisely, their use, can create.

Given that cookies constantly transmit data in both directions (from the user to the website and vice versa), if an attacker or unauthorized person intervenes during the data transmission process, the information contained in the cookies can be intercepted, altered, or even blocked. Although very rare, this can happen. For example, if the browser connects to the server using an unencrypted network (an unsecured WiFi network), then an attacker can intercept the data transmission.

We reserve the right to make any additions or changes to the content of this document. Please visit this page regularly to keep yourself informed of these and any new applicable information.

We also inform you that each time we modify this section, we will mention the date of the last update of this Policy in the footer of the page.

Storage period

Your personal data is processed for the period during which the account created is active and for a period of 5 years from the date on which the account was deactivated. We review the data collected each year, analyzing the extent to which its storage is necessary for the purposes mentioned, your legitimate interests, or the fulfillment of legal obligations by the Operator. Data that is no longer necessary will be deleted.

Communication of personal data to other recipients

The Operator communicates personal data (only if necessary) to public entities/authorities (ISU, ANAF, Police, Courts, Prosecutors’ Offices, City Hall, Local Council, County Council, Ministries, etc.) and other institutions that may claim access to such information under the law. We do not transfer data to third countries or international organizations, except in situations where the existing collaboration agreement requires it. Thus, based on existing cooperation relationships and in order to provide the application’s services at the highest standards, we will communicate the data provided to the payment processor, our partners, as well as other online service providers (various tools and plugins), as mentioned in this Policy.

Server log files

The provider of this platform automatically collects and stores the information that your browser automatically transmits to us via log files. These are:

Browser type and version
Operating system used
- The URL of the page that initially generated the request to display the current page or object (Referrer URL)
Host name of the accessing computer
Time data regarding access to the server
IP address

The legal basis for processing such data is Article 6(1)(b) of the GDPR, which allows data processing when it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Contact form

If you contact us via the contact form, we will collect the data entered in the form, including the contact details you provide, in order to respond to your questions and other follow- . We do not pass on this information without your permission. Therefore, we will only process all data you enter in the contact form with your consent [in accordance with the provisions of Art. 6 para. 1 lit. a) GDPR]. You can revoke your consent at any time; an informal email is sufficient. Data processed before we receive your request may be processed lawfully.

We will retain the data you provide on the contact form until:

you request the deletion of the data;
you revoke your consent to its storage, or
the purpose for its storage no longer applies.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contacting us by email or phone

If you contact us by email or telephone, your request, including all personal data you provide, will be stored and processed by us for the purpose of handling your request, based on your consent.

Therefore, we will process all data you provide on the basis of the following legal provisions of the GDPR, namely:

only with your consent – in accordance with the provisions of Article 6(1)(a) of the GDPR
for the performance of a contract or in the pre-contractual stage – in accordance with the provisions of Article 6(1)(b) of the GDPR
to fulfill our legitimate purpose and interest, namely the efficient processing of your requests – in accordance with the provisions of Art. 6(1)(f) GDPR.

We will retain the data you provide in this manner until:

you request the deletion of the data;
you revoke your consent to its storage; or
the purpose for storing it is no longer valid, in all cases except for mandatory data retention periods.

Registration on the website

You can register as a LugooLugoo User to access various features and services, to list your property on the platform, and to receive information about resources and promotional news. In this regard, the data you enter will be used and processed for the aforementioned purpose. The mandatory data requested during registration must be provided by you in full, otherwise the registration process will be rejected.

In order to inform you about important changes, such as those related to the functioning of our platform or technical changes, we will use the email address you provided during registration.

The processing of personal data provided during the registration process is done with your consent and in compliance with the provisions of Article 6(1)(a) of the GDPR, but also on a contractual basis, in accordance with the provisions of Article 6(1)(b) of the GDPR. You may withdraw your consent at any time, where this basis has been considered, by sending an informal email to that effect. We will continue to store the data collected during registration for as long as you remain registered as a user, but the mandatory storage periods remain valid and will be complied with.

Purpose of processing the collected data

Some of the data collected through this website is used for:

Providing the intermediary services we offer for your benefit;
The optimal functioning and optimization of this platform (statistical and analytical) – We always want to offer you the best experience on our platform, which is why we may collect and use certain information regarding your satisfaction while browsing this website, and we may invite you to complete suggestion questionnaires or similar.
Online advertising and promotion activities. You can request us at any time, through the means described in this document, to stop processing your personal data for marketing purposes, and we will comply with your requests as soon as possible.
Periodic user information – We want to keep you informed about our activities by providing free materials or other news. To this end, we may send you any type of message containing general and thematic information, information about offers or promotions, as well as other commercial communications such as market research and opinion polls. For communications of this type, we have the basis of your prior consent. You can change your mind and withdraw your consent at any time.
To defend our legitimate interests. There may be situations in which we use or transmit information to protect our rights and commercial activity. These may include: measures to protect our website and website users from cyber attacks; measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities; measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and reasons for the proper performance of contracts or the pursuit of the legitimate interests of the controller (unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a child).

User rights

Your rights regarding personal data and the means of exercising them are: Right to information, Right of access, Right to rectification, Right to erasure, Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated processing, Right to lodge a complaint and to seek judicial remedy, Right to withdraw consent.

Right to information – you may request information about the processing of your personal data, the identity of the controller and its representative, or the recipients of your data;
Right of access – you may obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the period for which the personal data will be stored or, if this is not possible, the criteria used to determine this period; the right to request the controller to rectify or erase personal data or restrict the processing of personal data or the right to object to the processing, etc.
Right to rectification – you can rectify inaccurate personal data or complete it;
Right to erasure – you can obtain the erasure of data if their processing was not lawful or in other cases provided by law;
Right to restrict processing – you may request the restriction of processing if you contest the accuracy of the data, as well as in other cases provided by law;
Right to data portability – you may, under certain conditions, receive the personal data you have provided to us in a machine-readable format or request that such data be transmitted to another controller
Right to object – you may object, in particular, to data processing based on the legitimate interest of the controller;
Right not to be subject to a decision based solely on automated data processing – you may request and obtain human intervention in relation to such processing or express your own point of view on this type of processing;
The right to lodge a complaint and to go to court – you can lodge a complaint about the way your personal data is processed with the National Supervisory Authority for Personal Data Processing and/or you can go to court to enforce your rights;
Right to withdraw consent – in cases where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will only have effect for the future, and processing carried out prior to withdrawal will remain valid.

Obligations of the data controller

Hosting

The personal data recorded on this website is stored on Hostico servers (Awesome Projects S.R.L.).

The processing of the data provided and stored complies with the following legal provisions:

6(1)(a) GDPR – data processing by Hostico is based on your consent, obtained after you have been provided with accurate and complete information;
6(1)(b) GDPR – data processing by Hostico is carried out for the purpose of fulfilling contractual obligations;
6(1)(f) GDPR – data processing by Hostico is carried out for the purposes of the legitimate interests pursued by the controller.

Regardless of the purpose for which personal data is processed, the principles of lawfulness, fairness, and transparency are respected, as well as the principle that the personal data processed is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

For more information on the processing of personal data by Hostico, please visit https://hostico.ro/politica-confidentialitate/.

We have a contract/agreement/legal act (including the possibility of including and agreeing to the clauses in the Terms and Conditions of the website) concluded with Hostico to ensure the processing of personal data in accordance with the legal regulations in this field. We comply with our obligations under Article 28 of the GDPR by choosing an external service provider that offers sufficient guarantees to implement appropriate technical and organizational measures so that the processing complies with the requirements of the regulation and ensures the protection of your rights.

Data encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential information. You can recognize this encryption by the lock icon that appears in the browser bar and by the change in the browser address from http:// to https://.

Once this type of encryption is activated, the data transmitted or transferred cannot be viewed by third parties.

In accordance with the GDPR, if a breach of personal data security is likely to result in a high risk to your rights and freedoms, the operator of this platform will inform you, without undue delay, of this breach, unless the supplementary provisions of the same Regulation (Art. 34(3)) apply.

Data Protection Officer

The provisions of the GDPR (Art. 37(1) – according to which the controller and the controller’s representative shall designate a data protection officer whenever:

the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
the core activities of the controller or the controller’s representative consist of processing operations which, by virtue of their nature, scope, and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or
the core activities of the controller or the processor consist of processing on a large scale of special categories of data referred to in Article 9 or personal data relating to criminal convictions and offenses referred to in Article 10) on the obligation to appoint a Data Protection Officer, For any information or clarification regarding the operation of this platform, please contact us at the following details:

Name: Daniel Mîndricel
Email gdpr@lugoolugoo.com
Tel: +40.722.787.251.

Records of processing activities

According to the GDPR, the controller or the person authorized by the controller should keep records of the processing activities under their responsibility for a reasonable period of time. These records shall contain the following information:

the name and contact details of the controller;
the purposes of the processing;
a description of the categories of data subjects and categories of personal data;
the categories of recipients to whom the personal data have been or will be disclosed;
where applicable/possible:
transfers of personal data
the envisaged time limits for erasure of the different categories of data
a general description of the technical and organizational security measures

The above obligation does not apply to an enterprise or organisation with fewer than 250 employees, unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.

Appropriate technical and organizational measures

Taking into account the state of the art, the context and the purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing are processed.

Notification of the supervisory authority in the event of a personal data breach

According to Article 33(1) of the GDPR, in the event of a personal data breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, if possible, within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of natural persons.

Informing the data subject about the personal data breach

In accordance with the provisions of Article 34 of the GDPR, if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject without undue delay of this breach, except in situations where:

appropriate technical and organizational protection measures have been implemented and these measures have been applied to the personal data affected by the personal data breach, in particular measures to ensure that the personal data is rendered unintelligible to any person who is not authorized to access it, such as encryption;
further measures have been taken to ensure that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialize;
would require a disproportionate effort. In this case, a public notice or similar measure shall be taken to inform the data subjects in an equally effective manner.

Newsletter

In order to receive a newsletter, you must provide a valid email address, along with specific information that can be used to identify the owner of that address. Your consent is also required for the transmission of the newsletter, and we therefore inform you that any other personal data will be collected and stored only with your consent. The data collected in this way is processed only for the purpose of sending the newsletter and will not be passed on to third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Article 6(1)(a) of the GDPR.

You may exercise your right to withdraw your consent to receive newsletters at any time by clicking on the “unsubscribe” link in the newsletter. We will continue to store the data collected prior to unsubscribing, and the mandatory storage periods will remain valid and will be complied with. Data that we have stored for other purposes (e.g., email addresses for member registration) is not affected.

Social Media – Plug-ins

Facebook Plug-ins

This website uses social plugins (“plugins”) managed by the social network facebook.com. Plugins can be identified by a Facebook logo (a white “f” on a blue plate or a “thumbs up” sign) or are labeled by adding the phrase “Facebook Social Plugin”. The list and appearance of Facebook plugins can be viewed here: https://developers.facebook.com/docs/plugins/. If you use the Like extension, you will like our website’s Facebook page without having to leave it. If you use the Share extension, you will share our website or specific content from it on your personal Facebook page without having to leave the website.

Through the plugin, Facebook receives the information you access on our website. If you are also logged into Facebook at the same time, Facebook can assign the actions you perform on the page to your account and, implicitly, to you personally. When you interact with the plugins, for example by clicking the Like button or sharing certain content on the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, it is still possible for the social network to obtain and store your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Facebook. We have no control over the nature and purpose of this transmitted data or its further processing.

If you do not want Facebook to associate your visit to this website with your Facebook account information, you can choose not to log in.

Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU controllers to processors established outside the EU or the EEA. For more information on these Clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Facebook uses Standard Contractual Clauses as an adequate safeguard for data protection, in line with the level of protection guaranteed by the GDPR.

For more details, visit: https://www.facebook.com/legal/EU_data_transfer_addendum, regarding the purpose and scope of data collection, processing, and subsequent use by Facebook, as well as permissions and settings for protecting privacy.

Instagram

This service uses social plugins (“plugins”) managed by the Instagram social network, features provided by Instagram Inc., located at 1601 Willow Road, Menlo Park, CA 94025, USA. Plugins can be identified by an Instagram logo or are labeled with the phrase “Instagram Social Plugin.”

Through the plugin, Instagram is informed about the actions you take on our page. If you are logged into your personal account on the social network at the same time, it can assign the actions taken on the page to your Instagram account and, implicitly, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not a member of Instagram, it is still possible for it to obtain and store your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and, therefore, to the transfer of personal data to Instagram. We have no control over the nature and purpose of this transmitted data, nor over its further processing. For information on the purpose and scope of data collection, the processing and further use of data by Instagram, as well as permissions and settings for protecting user privacy, please refer to Instagram’s privacy policy at: https://help.instagram.com/519522125107875.

If you are a member of Instagram and do not want it to collect your data via the plugin and link it to data already stored on Instagram, you must log out of the social network before visiting this site.

In view of the judgment of 16 July 2020 (delivered in case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield is not adequate.

Instagram uses Standard Contractual Clauses as an adequate safeguard for data protection, in line with the level of protection guaranteed by the GDPR.

For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

LinkedIn

This service uses social plugins (“plugins”) managed by the LinkedIn social network. The provider is LinkedIn Ireland Unlimited Company, based in Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Through the plugin, LinkedIn is informed about your activity on our website, and if you are also logged into the social network at the same time, LinkedIn can assign the actions performed on the page to your account and, implicitly, to you personally. Even if you are not a LinkedIn member, it is still possible for LinkedIn to obtain and store your IP address via the plugin. Also, when you interact with the plugins, the corresponding information is transferred directly from your browser to LinkedIn and stored there.

If you are a LinkedIn member and do not want LinkedIn to collect your data via the plugin and link it to data already stored on LinkedIn, you must log out of the social network before visiting the website.

By clicking on one of the plugin buttons, you can express your consent to their use and thus to the transfer of personal data to LinkedIn. We have no control over the nature and purpose of the data transmitted, nor over its further processing. For information on the purpose and scope of data collection, the processing and further use of data by LinkedIn, as well as permissions and settings for protecting user privacy, please refer to LinkedIn’s privacy policies at: https://www.linkedin.com/legal/privacy-policy.

In view of the judgment of 16 July 2020 (delivered in case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield is not adequate.

LinkedIn uses Standard Contractual Clauses as an adequate safeguard for data protection, in line with the level of protection guaranteed by the GDPR. For more information, visit https://www.linkedin.com/legal/l/dpa

TikTok

This website uses certain TikTok plugins, which are operated by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland), for residents of Switzerland and the European Economic Area.

When you visit this site using TikTok, your browser establishes a direct connection to TikTok’s servers. We have no influence on the amount of data accessed and transmitted via this plugin.

The data is stored and analyzed on the basis of Art. 6 (1) (f) GDPR. If there is a declaration of consent, the data will be processed exclusively on the basis of Art. 6 (1) (a), which can be revoked at any time.

In view of the judgment of July 16, 2020 (delivered in case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) should be based on the European Commission’s Standard Contractual Clauses (SCC).

TikTok states that, for limited data transfers to entities within the corporate group outside the European area (Canada, the United Kingdom, Israel, Japan, South Korea), it relies on the adequacy decisions of the European Commission. In the absence of such decisions, limited remote access is granted on the basis of SCCs, as is the case for entities located in Brazil, China, Malaysia, the Philippines, Singapore, and the United States.

More information can be found in the privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en).

Plugins and tools

Google Web Fonts

This site uses Web Fonts provided by Google to ensure uniform font usage on this site.

When you access a page on this website, your browser will load the web fonts required for the correct display of text and fonts after establishing a connection to Google’s servers. Thus,

The use of Google Web Fonts is based on Art. 6 para. 1 lit. f) GDPR, as there is a legitimate interest in the uniform presentation of the font on this website. If consent has been given for this purpose (e.g., consent to the storage of cookies), the data will be processed exclusively on the basis of Art. 6 para. 1 lit. a) GDPR.

For more information on how Google Web Fonts handles user data, please refer to the Privacy Policy available at: https://policies.google.com/privacy?hl=en.

Google Maps

This website uses Google Maps, a mapping and location service, via an API. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, United States.

To ensure data protection on our website, you will find that Google Maps has been deactivated when you first visit our website. A direct connection to Google’s servers will not be established before you have activated Google Maps yourself, i.e. with your consent in accordance with Article 6(1)(a) GDPR. This will prevent data from being transferred to Google during your first visit to our website. Once you have activated the service, Google Maps will store your IP address. As a rule, it is then transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.

Google Maps uses Standard Contractual Clauses as an adequate safeguard for data protection, in accordance with the level of protection guaranteed by the GDPR. For more information, please refer to Google’s Data Privacy Statement at the following address: https://policies.google.com/privacy.

Advertising and Analytics

Google Analytics

This website uses the functions of the Google Analytics analysis service. The provider of this service is Google Inc., based in the United States, 1600 Amphitheatre Parkway, Mountain View, CA 94043.

Google Analytics uses so-called cookies. Cookies are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this platform is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool is based on Art. 6 para. 1 lit. f) GDPR. The operator of this platform has a legitimate interest in analyzing user patterns in order to optimize both the online services offered and the operator’s advertising activities.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCC).

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or in other states that have ratified the Convention on the European Economic Area before being transmitted to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and truncated there only in exceptional cases. On behalf of the operator of this platform, Google will use this information to evaluate your use of the platform, to compile reports on website activity, and to provide other services to the platform operator in connection with website usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Demographic parameters provided by Google Analytics

This website uses the “demographic parameters” feature provided by Google Analytics, which generates reports that provide information about the age, gender, and interests of website visitors. The sources of this information are interest-based advertising generated by Google, as well as visitor data obtained from third-party service providers. This data cannot be attributed to a specific individual. You have the option to disable this feature at any time by making the relevant changes to your Google advertising settings in your Google account. Alternatively, you can generally prohibit the collection of your data by Google Analytics.

Archiving period

User or incident level data stored by Google related to cookies, user IDs, or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after a maximum of 14 months. For details, click on the following link:

https://support.google.com/analytics/?hl=en#topic=3544906.

This website has integrated Google Consent Mode v2, which is a technology that allows websites to adjust how cookies and other data storage methods are used based on the consent given by users. The main purpose is to help websites comply with data protection regulations such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) while optimizing website functionality and analytics.

The benefits of integrating Google Consent Mode V2 are:

Regulatory compliance: Helps websites comply with international data privacy regulations.

Performance optimization: Allows useful data to be collected even in the absence of full consent, thereby improving marketing performance and web analytics.

Personalized experience: Helps maintain a personalized user experience by dynamically adjusting website behavior based on user preferences.

Google Consent Mode v2 is an essential tool for websites that want to balance the need for useful data for operations and marketing with respect for users’ privacy rights. More information is available here: https://cookie-compliance.co/documentation/google-consent-mode/.

Google Analytics Remarketing

Our website uses Google Analytics Remarketing features in combination with Google AdWords and Google DoubleClick features, which work on all devices. The provider of these solutions is Google Inc., based in the United States, 1600 Amphitheater Parkway, Mountain View, CA 94043.

This feature allows advertising target groups generated with Google Analytics Remarketing to be connected to Google AdWords and Google DoubleClick features, which work across all devices. This makes it possible to display personalized advertising messages based on interest, depending on previous usage and navigation patterns on a device (e.g., mobile phone) in a manner tailored to both you and any of your devices (e.g., tablet or PC).

If you have given us your consent, Google will connect your web browser and app progress to your Google account for this purpose. Therefore, the same personalized advertising messages may be displayed on each device you log into with your Google account.

To support this feature, Google Analytics temporarily stores the authenticated IDs of users logged into Google Analytics data to define and compile target groups for ads to be displayed across devices.

You have the option to opt out of cross-device remarketing/targeting permanently by disabling personalized advertising in your Google account. To do so, follow this link: https://www.google.com/settings/ads/onweb/.

The consolidation of data recorded in your Google account will take place exclusively on the basis of your consent, which you can give to Google and also revoke (Article 6(1)(a) GDPR). Data recording processes that are not consolidated in your Google account (e.g. because you do not have a Google account or have objected to the consolidation of data) are based on Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the fact that the website operator has a legitimate interest in the anonymous analysis of website visitors for advertising purposes.

In view of the judgment of July 16, 2020 (delivered in case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU controllers to processors established outside the EU or the EEA. For more information on these Clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs).

For more information and relevant data protection regulations, please refer to Google’s Data Privacy Policy at: https://policies.google.com/technologies/ads?hl=en.

Google Ads and Google Conversion Tracking

This site uses Google Ads. Ads is an online advertising program from Google Inc. – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

In connection with Google Ads, we use a tool called Conversion Tracking. If you click on an ad published by Google, a cookie will be placed for conversion tracking purposes. Cookies are small text files that your web browser places on your computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this site and the cookie has not yet expired, Google will be able to recognize that the user clicked on an ad and was redirected to this page.

Another cookie is assigned to each Google Ads customer. These cookies cannot be tracked through Ads customers’ websites. The information obtained using conversion cookies is used to generate conversion statistics for Ads customers who have opted to use conversion tracking. Users receive the total number of users who clicked on their ads and were connected to a page equipped with a conversion tracking tag. However, they do not receive any information that allows them to personally identify these users. If you do not wish to be involved, you have the option to object to this use by easily deactivating the Google conversion tracking cookie via your web browser in accordance with your user settings. If you do so, you will not be included in the conversion tracking statistics.

The storage of “Conversion” cookies and the use of this tracking tool is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in analyzing user patterns in order to optimize the operator’s web offerings and advertising.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs).

For more detailed information about Google Ads and Google Conversion Tracking, please refer to Google’s data privacy policies at: https://policies.google.com/privacy?hl=en.

You can configure your browser so that you are notified whenever cookies are placed and you can allow cookies only in certain cases or exclude the acceptance of cookies in certain cases or for all cases, and you can also activate the automatic deletion of cookies after closing the browser. If you disable cookies, the functions of this website may be limited.

Facebook Pixel

To measure conversion rates, our website uses the Facebook visitor activity pixel, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This tool allows visitors to be tracked after they have been connected to the provider’s website after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.

For the operators of this site, the data collected is anonymous. We are not in a position to draw any conclusions about the identity of users. However, Facebook stores the information and processes it so that it can be linked to the respective profile, and Facebook is able to use the data for its own promotional purposes in accordance with Facebook’s Data Use Policy. This allows Facebook to display ads both on Facebook pages and outside of Facebook. The operators of this website have no control over the use of this data.

The use of Facebook Pixel is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in effective advertising campaigns, which also include social media.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs). You can find additional information about data privacy in Facebook’s privacy policies at: https://www.facebook.com/about/privacy/.

You also have the option to disable the “Custom Audiences” remarketing feature in the Ads Settings section under

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

To do this, you must first log in to Facebook.

If you do not have a Facebook account, you can disable user-based advertising through Facebook on the Interactive Digital Advertising Alliance website:

Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/ro/optiunile-mele.

Services and Payment Methods

We process personal data to the extent necessary to conclude or modify a contractual relationship with our company, in accordance with the provisions of Article 6(1)(b) of the GDPR. Thus, we process (collect, record, structure, store, modify, extract, etc.) personal data from the moment you access this website solely for the purpose of facilitating access to our services and/or collecting payment for them.

Online payments

According to the Regulation, “in order to maintain security and prevent processing that violates this Regulation, the controller or the person authorized by the controller should assess the risks inherent in the processing and implement measures to mitigate those risks, such as encryption” – recital 83. Therefore, the availability of strong and effective encryption is a necessity to guarantee the protection, confidentiality, and integrity of personal data.

During the purchase process for products sold through this website, your bank details are safe!

We use secure encryption methods, with data being transmitted via highly secure connections to financial institutions. Therefore, the data you provide for making payments is not transmitted to third parties and is not stored in databases (unless you choose to save your card in your user account).

Stripe

According to the information available at https://stripe.com/en-ro/privacy, the computer system of Stripe, Inc. provides adequate methods for the protection of users’ personal data, as well as the operations and transactions they perform through Stripe.

The purposes of processing, the data processed, the conditions for their transfer and distribution, ensuring the security of operations and processed and stored data, as well as all other information provided by Stripe, Inc. are based on several mechanisms for ensuring the legality of processing, in accordance with the GDPR, namely: the consent of the data subject (Art. 6(1)(a)), the performance of a contract (Art. 6(1)(b), and the pursuit of the legitimate interests of the controller (Art. 6(1)(f).

OBLIO

This website uses certain features and services provided by the OBLIO platform (operated by Oblio Software S.R.L., based in Romania, Str. Splaiul Unirii nr. 16, Bucharest, Romania), for the purpose of issuing and managing electronic invoices, as well as administering accounting and tax operations.
By accessing these features, your browser may establish a direct connection with OBLIO servers. The operator of this website has no control over the volume of data that may be collected by OBLIO during these processes.

The data may include user identification information (name, email address, billing information, IP, device information, etc.) and is processed by OBLIO as an authorized person, based on a data processing agreement in accordance with Art. 28 of Regulation (EU) 2016/679 (GDPR).
Data processing is carried out pursuant to Art. 6(1)(b) of the GDPR – for the performance of a contract or for the implementation of pre-contractual measures, and Art. 6(1)(f) – the legitimate interest of the controller in properly managing commercial relations and tax obligations. For more information on how OBLIO handles personal data, please refer to its privacy policy available at:
For more information on how OBLIO manages personal data, please refer to its privacy policy available at: https://www.oblio.eu/politica-de-confidentialitate.

Conclusion

This policy on the processing of personal data is drafted in accordance with the provisions of Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as with other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend that you consult the Policy regularly for accurate and up-to-date information regarding the processing of personal data.

Login Here