Data protection policy
We believe it is important to protect your privacy and to be open about how we use your personal data.
This statement is to inform you about the type of information collected from customers and how we use this information.
This applies to the websites owned by Citadella Srl, namely: www.gizicsarda.ro.
Citadella Srl processes and stores personal data in the EU and is able at any time to demonstrate compliance with European Union laws and with the principles set out in this document.
All websites owned by Citadella Srl comply with the General Data Protection Regulation ("GDPR"), (Regulation (EU) 2016/679), which is a mandatory legislative act.
This privacy statement is the responsibility of Citadella Srl, which holds the overall responsibility for ensuring compliance. The Data Protection Officer (DPO) is responsible for the implementation of our privacy policy, which is intrinsically linked to the privacy statement. The DPO ensures daily compliance and is involved in all issues related to the protection of personal data.
Citadella Srl will determine the purposes and methods of processing the data entered and collected online, being considered a data controller.
1. Principles of data protection
· The collection of personal data will be done only for the specified, explicit and legitimate purposes. The data will not be processed to third parties in a manner incompatible with those purposes;
· The personal data will be accurate and, where necessary, updated;
· The processing of personal data will be done in a legal, fair and transparent manner;
· All personal data will be kept confidential and stored in a manner that ensures the necessary security;
· Personal data will not be distributed to third parties unless this is necessary for the purpose of providing services in accordance with the agreements;
· The data subjects have the right to request access to the personal data, their rectification and deletion, the opposition or restriction from the data processing, as well as from the right of data portability.
2. Personal data
· Personal data means any information that may be related to an identified or identifiable natural person (the subject person).
· Personal data includes all types of direct or indirect information (i.e. used in connection with other data) that relate to the subject person, such as name, date of birth, addresses, e-mail addresses, telephone numbers, etc.
3. Collection of personal data
The data we collect may include the following:
· Name and contact details (We collect your first and last name, email address, postal address, telephone number and other similar contact details).
· We collect passwords, password clues and similar security information used for authentication and account access.
· We collect data about your device and how you and your device interact with our products.
· We collect data about the features you use, the items you purchase and the web pages you visit.
· We collect data about the device and network you use to connect to our products. This includes data on the operating systems and software applications installed on your device, including product keys. They also include IP address, locale and language settings.
4. Purpose of personal data collection
· Informing customers/buyers about the status of their Account including validation, dispatch and invoicing of orders, solving cancellations or problems of any kind regarding an order, the goods and/or services purchased;
· Sending newsletters and/or periodic alerts, by using electronic mail (e-mail, SMS), only if the data subject has explicitly expressed his agreement.
· Market research, tracking and monitoring of sales and customer/buyer behavior.
Also, Citadella Srl may provide the personal data of the buyer to other companies with which it is in partnership relations, but only on the basis of a confidentiality commitment from them and only for the purposes foreseen in the GDPR, by which they guarantee that this data is kept safe and that the provision of this personal information is made in accordance with the legislation in force, as follows: courier service providers, marketing service providers, payment/banking service providers, telemarketing or other services, provided by companies with which we can develop common offering programs on the market of our goods and services, insurers.
• In order to profile, monitor and send personalized communications and offers, we use Retargeting.bz (Address: Vasile Lascar Street, No. 178, Sector 2, Bucharest, Registration Code (CUI): RO34270947, Trade Register No.: J40 / 3525 / 23.03.2015, E-mail: info@retargeting.biz, Phone number: + 40-727-383-165), an automated marketing software, dedicated to online stores.
• These activities have no legal or other significant effect on users. The only consequence of using this profiling is for users to receive discounts and personalized marketing offers. The user may choose not to be profiled or receive commercial communications without any effect, other than receiving these discounts or personalized marketing offers.
• For the purpose of processing, monitoring activities (profiling) and interaction with the site, Retargeting.biz must automatically collect and store the following personal data: e-mail, telephone number, first name, first name, sex , date of birth, city, county, IP address (including possible location), browser, order ID, discount code, discount value, shipping cost, total order value, individual price ordered products, product variations, products, device, OS, IP location, timestamps related to page visit, page visit, category visit, brand visit, click on the picture, mouse over cart, mouse over price, scroll up, scroll down, add to cart, remove from cart, select variation, add to wishlist, comment, Like on Facebook, visited Help page.
• The categories of data subjects are visitors, registered users or customers of the site, as the case may be, depending on the service chosen. Visitors' data will be stored for 2 months, and that of registered users or customers for 3 years.
• To provide its services, Retargeting.biz uses third parties (subcontractors) from the EEA and the USA (push notifications only), and the transfer of personal data is made under the EU-US Privacy Shield: data is retained/stored during the contract between the two parties.
• Cookies: this site must use first party cookies and will give Retargeting.biz access to this information. This cookie is placed by this site and therefore can only be used in connection with this site. Consequently, a connection between the internal monitoring of the users of this site and the monitoring on other sites is not technically possible through this cookie.
• To unsubscribe from communications sent by Retargeting.biz send an email to office@noesnersoft.com.
Personal information of the buyer can also be provided to the General Prosecutor's Office, the Police, the courts and other authorized bodies of the state, based on and within the limits of the legal provisions and as a result of expressly formulated requests.
5. Use of personal data
· We will use the personal data only for the purpose for which they were collected and we will only store the data as necessary for the above mentioned purpose.
· We will keep the customer information for the period in which his account is active, for any of the purposes mentioned above (point 4).
· We will keep the recordings of the telephone calls for a period of maximum 6 months.
· Access to personal data is strictly limited to the staff of Citadella Srl, the associates who hold the necessary authorization and the clearly defined need for the use of the data.
If users do not wish to disclose personal data to these companies, they may contact the DPO at the email address dpo@noesnersoft.ro
6. Processing security
We will process your data securely, apply and maintain appropriate technical measures to protect your personal data against accidental or unlawful destruction or loss, alteration, disclosure or unauthorized access, especially when processing involves the transmission of data over a network as well as against any other form of illegal processing.
Questions regarding the security of personal data can be sent to the DPO at the email address dpo@noesnersoft.com.
7. Access and rectification or deletion of personal data
· Customers have the right at any time to request access to: rectification, portability, deletion or processing restriction of the collected data.
· In order to keep personal data updated, we recommend that users inform us of any changes or discrepancies.
To view or modify your personal data or to obtain information about your personal data (if at the request of a third party, we have stored or processed any of your personal data), please contact the DPO at the email address: dpo@noesnersoft.com.
The request must be signed and dated.
8. Marketing emails
Citadella Srl has the right to send clients marketing emails, with their consent. This specific form of consent must be freely given, specifically and accurately informed.
These requests are met when customers have chosen to receive marketing emails (they have actively approved), ticking the section "I want to receive offers, as well as the latest trends via email, mail or text", displayed when registering a new account, subscribing to newsletters and in your personal account.
* Text means those sms communications sent on the mobile phone or push notifications that appear in the Chrome or Firefox browser.
Customers will always have the right to object, at their request and at no cost, to the processing of personal data for direct marketing purposes, without having to provide concrete justifications. Customers can do this by clicking on the "Unsubscribe" link that appears in the email messages they receive, or they can send a message to office@noesnersoft.com. Once the client has expressed his disagreement, that customer 's personal data will no longer be processed for direct marketing.
* Marketing emails contain information that we consider interesting for the customer, promotions and last minute offers related to our products and services.
9. Complaints
· Customers have the right to file a complaint regarding the processing of their personal data. All questions and complaints will be processed by the DPO in a timely manner and in accordance with internal procedures.
Complaints can be sent to the DPO, dpo@noesnersoft.com
· In the unlikely event that the clients have suffered damages due to the violation of the rights according to the personal data protection policy and Citadella Srl has not dealt with the complaint properly, the clients have the possibility to send a complaint to the supervisory authority.
10. Changes to this policy
This policy may be updated from time to time, for example following the modification of the relevant legislation or the change of the corporate structure within Citadella Srl.
If changes are made to this material, customers will be notified by e-mail or through the website before the changes take effect.
We encourage customers to check this page periodically to be informed of the latest news regarding our privacy practices.
BY READING THE DOCUMENT YOU ACKNOWLEDGE THE FACT THAT YOUR RIGHTS, RESPECTING THE RIGHT TO INFORMATION, THE RIGHT OF ACCESS TO DATA, THE RIGHT OF OBJECTION, THE RIGHT OF NOT BEING SUBJECT TO AN INDIVIDUAL DECISION, THE RIGHT TO ADDRESS JUSTICE IN CASE OF INFRINGEMENT OF THE RIGHTS, ARE GUARANTEED BY THE GENERAL DATA PROTECTION REGULATION.