We consider ensuring the right to personal data protection as a fundamental commitment of Simplisio Digital, therefore we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR“), as well as any other applicable legislation in Romania. As one of the key principles of this legal framework is transparency, we have prepared this document informing you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services, including through our website or mobile apps.
Who we are and how to contact us
Simplisio Digital is the trade name of SIMPLISIO INNOVATION SRL, a Romanian legal entity, with a registered office in Bucharest, sector 1, 164 Stirbei Voda Street, bl. 21A, sc. A, et.1, ap.15 with the number in the Trade Register J40/14613/2021, unique tax registration code 44791098 (hereinafter “Simplisio Digital” or “we”). For the purposes of data protection legislation, we are an operator when we process your personal data.
As we are always open to hearing your views, as well as providing you with any additional information you may need regarding the processing of your data, we encourage you to contact the Simplisio Digital Data Protection Officer at email@example.com.
What categories of personal data do we process
In general, we collect your personal data directly from you, so you have control over the type of information you give us. For example, we receive information from you as follows:
When you create a Simplisio Digital account, you provide us with: your email address, first and last name;
On your personal page (My Account) on the Simplisio Digital platform you can add additional information such as name, nickname, mobile phone number, landline number, date of birth, delivery address, alternative e-mail address, bank card details, etc.;
When you submit a contact form, you can provide us with information such as first and last name, phone number, e-mail address, your website, etc.
We may also collect and further process certain information about your behavior while visiting our website or using our smartphone app. We invite you to learn more about this by consulting the section on processing purposes below.
We do not collect or otherwise process sensitive data, including by the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data from minors who have not reached the age of 16.
What are the purposes and grounds for the processing
We will use your personal data for the following purposes:
- To provide services for your benefit.
This general-purpose may include, as appropriate, the following:
(a) The creation and administration of your account within the Simplisio Digital platform;
b) Order processing, including order picking, validation, shipping, and billing;
c) Solving cancellations or problems of any kind relating to an order, goods, or services purchased;
d) Returning services in accordance with legal provisions;
e) Reimbursement of the value of the services in accordance with legal provisions;
f) Providing support services, including providing answers to your questions regarding your orders or Simplisio Digital goods and services.
The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between Simplisio Digital and you. Also, certain processing subsumed by these purposes is required by applicable law, including tax and accounting law.
2. To improve our services
We always strive to provide you with the best online shopping experience. To do this, we may collect and use certain information about your shopping behavior, we may invite you to complete satisfaction questionnaires following the completion of an order, or we may conduct, directly or with partners, market research and surveys.
We base these activities on our legitimate interest in conducting business, always taking care that your fundamental rights and freedoms are not affected.
3. For marketing
We want to keep you up to date with the best offers for the products/services you are interested in. To this end, we may send you any type of message (such as email/SMS/phone/mobile push/web push/etc.) containing general and thematic information, information on similar or complementary products to those you have purchased, information on offers or promotions, as well as other marketing communications such as market research and surveys, and we may display personalized recommendations on the website and in the smartphone app. In order to provide you with information of interest to you, we may use certain data about your shopping behavior to create a profile for you. We always ensure that these processing operations are carried out with respect for your rights and freedoms and that decisions made on the basis of these processing operations do not legally affect you and do not similarly affect you to a significant extent.
In most cases, we base our marketing communications on your prior consent. You may change your mind and withdraw your consent at any time by:
- Accessing the unsubscribe link displayed within messages you receive from us; or by
- Contacting Simplisio Digital using the contact details described above.
In certain circumstances, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you for a legitimate interest of ours, we take care and take all necessary steps to ensure that your fundamental rights and freedoms are not affected. However, you can always ask us, by the means described above, to stop processing your personal data for marketing purposes and we will comply with your request.
4. In defense of our legitimate interests
There may be situations where we use or transmit information to protect our rights and business. These may include:
- Measures to protect the Simplisio Digital website and platform users from cyber attacks:
- Measures to prevent and detect fraud attempts, including the transmission of information to the relevant public authorities;
- Measures to manage various other risks.
The general basis for these types of processing is our legitimate interest in protecting our business, it is understood that we ensure that any measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
We also base our processing in certain cases on legal provisions such as the obligation to ensure the security of goods and values provided for by the applicable legislation in this matter.
How long do we keep your personal data
As a general rule, we will store your personal data as long as you have an account on the Simplisio Digital platform. You may at any time request that we delete certain information or close your account and we will comply with such requests, subject to the retention of certain information even after account closure, where required by applicable law or our legitimate interests.
To whom we transmit your personal data
Where appropriate, we may transmit or provide access to certain of your personal data to the following categories of recipients:
- companies within the same group of companies as Simplisio Digital;
- marketing/telemarketing service providers;
- market research service providers;
- IT service providers;
- other companies with whom we may develop joint programs to market our goods and services.
Where we are under a legal obligation or if necessary to protect a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your data by third parties who are private legal entities is carried out in accordance with the legal provisions on data protection and confidentiality of information, on the basis of contracts concluded with them.
To which countries do we transfer your personal data
We currently store and process your personal data in Romania.
However, we may transfer some of your personal data to entities located in the European Union or outside the European Union, including to countries that are not recognized by the European Commission as having an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as the Privacy Shield for the protection of personal data transferred from within the EU to the United States of America.
You can contact us at any time, using the contact details set out above, to find out more information about the countries to which we transfer your data, and the safeguards we have put in place in relation to these transfers.
How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.
We transmit your personal data using state-of-the-art encryption algorithms and store it on secure servers while ensuring data redundancy.
Despite the measures taken to protect your personal data, please be aware that transmission of information over the Internet in general, or via other public networks, is not completely secure and there is a risk that data may be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems not under our control.
What rights do you have
The General Data Protection Regulation gives you a number of rights in relation to your personal data. You can request access to your data, correct any mistakes in our files, and/or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to take legal action. Where applicable, you may also benefit from the right to request the erasure of your personal data, the right to restrict the processing of your data, and the right to data portability.
More information on each of these rights can be obtained by consulting the table below.
To exercise your rights, you can contact us using the contact details set out above. Please note the following if you wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data seriously. For this reason, please send us your requests for such records using the e-mail address associated with your Simplisio Digital account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees. We will not charge you a fee to exercise any right in relation to your personal data unless your request for access to information is unfounded, i.e. repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees charged before we process your request.
Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than one month. We may ask you if you can tell us exactly what you would like to receive or what you are concerned about. This will help us to act more quickly and shorten the response time to your request.
Third-party rights. We do not have to comply with a request if it would adversely affect the rights and freedoms of other data subjects.
|Access||You can ask us:|
– to confirm whether we process your personal data;
– to provide you with a copy of this data;
– to provide you with other information about your personal data, such as what data we hold, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you through this notice.
|Correction||You can ask us to rectify or complete your inaccurate or incomplete personal data.We may attempt to verify the accuracy of the data before rectifying it.|
|Data erasure||You can ask us to delete your personal data, but only if:|
– it is no longer necessary for the purposes for which it was collected;
– you have withdrawn your consent (if the processing is based on consent);
– you exercise a legal right to object;
– it has been unlawfully processed;
– we have a legal obligation to do so.
We are not obliged to comply with your request to delete your personal data if the processing of your personal data is not necessary for the purposes for which it was collected. There are certain other circumstances in which we are not obliged to comply with your request to delete your personal data, although these are the two most likely circumstances in which we would refuse your request. Please note that, before exercising this right, you should download from your Simplisio Digital account and save all documents related to orders placed from Simplisio Digital, whether the invoicing was made to you or to another natural or legal person (such as invoices, warranty certificates). If you do not take this step before exercising your right of deletion, you will lose all these documents and Simplisio Digital will be unable to make them available to you, if necessary, because the process of deleting data, i.e. the Simplisio Digital account, with all the data and documents related to it, is an irreversible process.
|Restriction of data processing||You can ask us to restrict the processing of personal data, but only if:|
– their accuracy is contested (see rectification section), to allow us to verify their accuracy;
– the processing is unlawful, but you do not want the data to be erased;
– they are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise, or defend a right in court;
– you have exercised your right to object, and verification of whether our rights prevail is ongoing.
We may continue to use your personal data following a restriction request if:
– we have your consent;
– to establish, exercise, or defend a right in court;
– to protect the rights of Simplisio Digital or another natural or legal person.
|Data portability||You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can ask for it to be “ported” directly to another data controller, but in each case only if:- the processing is based on your consent or the conclusion or performance of a contract with you; and- the processing is carried out by automated means.|
|Opposition||You may object at any time, for reasons relating to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest. You may also object at any time to the processing of your data for direct marketing purposes (including profiling) without giving any reason, in which case we will cease such processing as soon as possible.|
|Making automatic decisions||You may request not to be subject to a decision based solely on automated processing, but only where that decision:- produces legal effects concerning you; or- otherwise affects you in a similar way and to a significant extent. This right does not apply where the decision reached as a result of automated decision-making:- is necessary for us to conclude or perform a contract with you;- is authorized by law and there are adequate safeguards for your rights and freedoms; or- is based on your explicit consent.|
|Complaints||You have the right to lodge a complaint with the supervisory authority about the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:Autoritatea Națională de Supraveghere a la Prelucçªo Datilor cu Caracter Personal B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania, Phone: +40.318.059.211 or +40.318.059.212; E-mail:firstname.lastname@example.org. Without affecting your right to contact the supervisory authority at any time, please contact us in advance, and we promise to make every effort to resolve any issues amicably. We remind you that you can contact us at any time regarding data protection by sending your request to the following e-mail address: email@example.com|