1

GDPR

GDPR Regulation


The General Data Protection Regulation (GDPR) is a new legal framework for data protection legislation in the EU and comes into force on 25 May 2018. Unlike EC Directive 95/46, which governs this processing before this point, the GDPR has a direct effect within the European Union and does not need to be transposed at national level.

This will aim to harmonize the laws governing the processing of personal data in Europe and, under certain circumstances, its scope can be extended beyond the borders of Europe.

If you are an organization that processes personal data, it is very likely be subject to the GDPR provisions. In doing so, you are subject to obligations and you must respect them.

The same applies to IV CLOTHING SRL / www.irinavoinea.com , which, given its situation, is related to different obligations as a processor and data controller.

Definitions:

Understanding the specific realities of European regulations is not an easy task when the GDRP regulation contains 99 articles and numerous guidelines on how it will apply. Understanding these issues is, however, essential to avoid any risk that might arise from an imprecise interpretation of your organization’s regulatory obligations. It is therefore essential to understand correctly the terms defined below:

Personal Information: Any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be identified directly or indirectly.

Processing: any operation or set of operations that is performed on personal data or on personal data sets, whether automated or not, such as collecting, recording, transmitting, storing, preserving, retrieving, consulting, using or other operations.

Operator: a natural or legal person, public authority or other body that alone or with others determines the purposes and means of processing personal data.

Processor: a natural or legal person, public authority or other body processing personal data on behalf of the operator.

Data protection ensures that people’s data is kept secure and used for clear purposes that the individual has accepted.

Data privacy refers to IT security and to measures taken to keep data safe while in an organization or while it is transferred to a third party.

In accordance with GDPR, you are required to make sure that the records are accurate and up to date, and the information is kept only as long as the organization needs it or kept under the law.

Data clearing seems the most sensible first step, this should determine how long certain types of information should be kept before they are safely removed. A person designated in the company should be appointed as responsible to ensure that this is monitored on a regular basis; so the organization respects the deletion of data it no longer needs.

If you have not set the data you want to process, the processing time, or the purpose, please let us know in order to comply with the Rules.

IV CLOTHING SRL as a processor

The processing of personal data only for the purpose of performing the correct services: IV CLOTHING SRL through
www.irinavoinea.com will never process your information for purposes other than for the provision of services (marketing, etc.).

As a person authorized (Online Shop), from the perspective of the Regulation, we process only the personal data you have set up for the indicated time and for your purposes as an operator. We assure you that your data is safe, remain your property and are stored only on servers in Romania. The back-up system is well-implemented and secured in the European space, and no one outside our technical department staff has access to these systems.

Apply strict security standards on servers and infrastructure to ensure a high level of security for our customers.

Reporting any violations of data without “undue delay”.

IV CLOTHING SRL as an operator Your personal data may be processed by other entities designated by IV CLOTHING SRL to process the data on its behalf and on its behalf. However, IV CLOTHING SRL remains your data carrier. It is possible to send data to public authorities, external consultants authorized by the outsourced provision of certain services in Romania or outside or EU / EEA, ensuring But Always establish appropriate safeguards for data protection ( for example, contractual terms of confidentiality and data protection). The purpose of processing personal data is to perform customer-supplied products.

We will process personal data in a manner consistent with EU Regulation 2016/679; the legal basis being the conclusion and performance of the contract in the case of order processing (according to Article 6 (1) (b) of the GDPR).

The processed personal data includes the name, surname, address, telephone number, e-mail address, CNP, date of birth of the client and details of the orders sent to the subscriber.

Your personal data will be retained and processed for a period of time to achieve the purpose of the processing. You have the right to require the operator to access your personal data, rectify, delete or restrict the processing, as well as the right not to process or transfer it. You also have the right to data portability under certain conditions.

Starting May 25, 2018, you can contact your personal data protection officer at the following e-mail address: contact@irinavoinea.com .

As IV CLOTHING SRL, what rights do I have?

Right to information – You can request information about the processing of your personal data;

Right to rectification – You can correct inaccurate personal information or fill it in;

• The right to delete the data (“the right to be forgotten”) – you can obtain the deletion of the data, if the processing was not legal or in other cases provided by the law;

• Right to Restrict Processing – You may request restriction of processing if you dispute the accuracy of the data, as well as in other cases prescribed by law;

• Right of opposition – you can oppose in particular data processing that is based on our legitimate interest;

• The right to data portability – you may receive, under certain conditions, the personal data you have provided to us in a format that can be read automatically or you may require that the data be passed to another operator

• The right to lodge a complaint – you can complain about how to process your personal data with the National Supervisory Authority for Personal Data Processing

• Right of withdrawal of consent – in cases where processing is based on your consent, it may be withdrawn at any time. Withdrawal of consent will only have effect for the future, processing prior to the withdrawal remaining valid;

• The right not to be subjected to additional profiling automated decisions or decisions relating to automatic: You can request and obtain human intervention concerning such processing and you can express your own view on this type of processing.

You can exercise these rights, either individually or in aggregate, very easily, simply by sending a request to contact@irinavoinea.com.

Who owns the personal data used and stored by the client as part of the services?

Data stored by the client on IV CLOTHING SRL servers within the purchased products remain the property of the customer. IV CLOTHING SRL will not access or use such data unless it is necessary to ensure the functionality of the services (database repair, restore files from backup, debugging site errors)

Are customer data transferred outside the European Union?

Your personal data may be processed by other entities designated by IV CLOTHING SRL to process the data on its behalf and on its behalf. However, IV CLOTHING SRL remains your data carrier. It is possible to send data to public authorities, external consultants authorized by the outsourced provision of certain services in Romania or outside or EU / EEA, ensuring But Always establish appropriate safeguards for data protection ( for example, contractual terms of confidentiality and data protection).

How long are the personal data of customers stored and processed?

For order processing, the length of the processing will vary according to the contractual period agreed by the parties. In order to meet certain legal obligations (such as bookkeeping and tax reporting, archiving, etc.), the length of the processing also varies according to the incidental legal obligation.