Privacy policy

Identity of the data controller

The data entered in this form is processed by Webnet Solutions SRL, with its registered office at Aleea Trandafirilor 3 Bl. E3 Sc. A Ap. 1, Eforie Nord, Constanta, registered in the Trade Register under number J2006000259132, CUI 18342634, hereinafter referred to as the Controller or Webnet Solutions.

Purpose of processing

The data collected by this website is processed for the following purposes:

Creating and managing an account within the online store — We process your data in order to create your user account.

Managing orders placed through the online store — We process your data in order to receive the order, record the payment, validate the order, invoice the order, ship the order, cancel the order or return the ordered product.

Payment for purchases / refund in case of product return / order cancellation — We process your data in order to manage payments made and to successfully complete the orders you have placed.

Providing customer support and assistance services, as well as account management, product details, and your order status — We use your data to provide you with full support regarding your customer account, the orders you have placed in the online store, or to provide you with additional details about products.

For marketing purposes — To keep you informed of our offers, we wish to provide you with information relevant to your interests regarding the Controller's products and services. For this reason we send via electronic communication channels (e-mail, SMS, telephone, browser notifications, etc.) information about products and services similar to or complementary to those purchased or for which you have shown an interest in purchasing.

For the purpose of improving services — After order completion we may invite you to complete a satisfaction questionnaire regarding the products or services purchased.

Maintenance and security of the Online Store website — We process your data to ensure the proper functioning of the Online Store, correct display of content, website improvement, website security, and to protect you against any fraud or security breach, and to identify and remedy malfunctions that lead to cumbersome use of the website or the impossibility of using it.

Audit and reporting — We process your data for the annual financial audit, as well as for the submission of tax and accounting declarations to the tax authorities, and to fulfil our legal obligations imposed by the applicable legal provisions in tax and accounting matters.

Defence of rights in court — We process your data necessary for formulating objections, written conclusions, requests, petitions, etc., only when we are required to defend our rights in court for the recovery of damages caused or when we defend our rights against unjustified complaints.

Procedures and investigations by authorities and/or judicial bodies — Only in specific situations, when there are specific requests from the competent authorities and institutions, we will provide your data to them in accordance with the law.

Legal basis

• The processing of data necessary for creating and managing a user account is based on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(a) — consent of the data subject.
• Data collected for managing orders placed through the online store is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(b) — performance of a contract or steps prior to entering into a contract.
• Data collected for Payment for purchases / refund in case of product return / order cancellation is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(b) — performance of a contract or steps prior to entering into a contract.
• Data collected for Support and Assistance is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(a) — consent of the data subject.
• Data collected for Marketing purposes is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(a) — consent of the data subject.
• Data collected for the purpose of improving services is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(a) — consent of the data subject.
• Data collected to ensure Maintenance and security of the Online Store website is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(f) — processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
• Data collected for the purpose of Audit and reporting is processed on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(c) — processing is necessary for compliance with a legal obligation to which the controller is subject.
• The use of data for Defence of rights in court is based on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(f) — processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
• The use of data necessary for Procedures and investigations by authorities and/or judicial bodies is based on the legal basis regulated by the General Data Protection Regulation (GDPR) in Art. 6(1)(c) — processing is necessary for compliance with a legal obligation to which the controller is subject.

Processed data

For Creating and managing an account within the online store we process the following personal data: Email, First name, Last name, Billing address, Delivery address.

For Managing orders placed through the online store we process the following personal data: First name, Last name, Phone number, Email address, Company name, Country/Region, Delivery address and Billing address, Bank account details (IBAN, Payer name, BIC/SWIFT bank) in the case of refunds from returns or from warranty execution. If no account has been created on the online store website, the same data will be processed.

For Payment for purchases / refund in case of product return / order cancellation we process the following data: Bank account (IBAN, Payer name, BIC/SWIFT bank) in the case of payments made by bank transfer. In the case of electronic payments made by debit or credit card, card data will not be collected and stored by Webnet Solutions (the controller) but only by the transaction authorisation entity; in these transactions Webnet Solutions will only process First name, Last name, order id and payment status (completed/pending).

For Providing customer support and assistance services, as well as account management, product details, and your order status we process the following personal data: First name, Last name, Email address, Phone number and Order ID.

For fulfilling Marketing purposes we process the following personal data: First name, Last name, Email address, Phone number.

For fulfilling the purpose of improving services we process the following personal data: First name, Last name, Email address, Phone number.

For the purpose of Maintenance and security of the Online Store website we process the following personal data: IP address, Internet browser used, HTTP/HTTPS Protocol data, device location (only if you have authorised the device to provide geolocation).

For fulfilling the purpose of Audit and reporting we process your data to comply with the legal norms applicable in tax and accounting matters.

For the purpose of Defence of rights in court we process only the data necessary for the investigation and resolution of the case.

In the event of Procedures and investigations by authorities and/or judicial bodies we will make available the data requested by them.

Storage periods

• Data collected for the purpose of creating and managing the account will be stored for as long as you have an active account. You may request at any time the deletion of certain information or the closure of the account and we will comply with these requests, subject to the retention of certain information even after account closure, in situations where applicable legislation or our legitimate interests so require.
• Data collected for the purpose of processing orders, product returns and refund of value will be stored for a period of 10 years in accordance with the tax regulations in force.
• Data collected for marketing purposes will be stored for a period of 3 years from the date of consent.
• Data collected for the purpose of improving the services offered by the controller will be stored for a period of 1 year.

Method of processing

For processing or managing orders, data is extracted and used for preparing billing and delivery documents, delivery details are uploaded to the courier application for labelling and delivery, billing data is entered into our management system for issuing the invoice and sending it to the buyer by email.

For the purpose of subsequent communication, data is extracted periodically and used for sending messages by email, SMS or telephone regarding news or relevant offers of the controller for the data subject.

Your data will not be used for any other purpose. Your data is not subject to any decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

Confidentiality

Your data is processed and stored under secure conditions on secured servers, in accordance with the legal norms in force. Sub-processors or persons who may be authorised to process your personal data undertake to comply with all legal provisions in force on data protection and may be from the following categories: courier companies, companies providing IT services, web hosting, mobile telephony services, audit companies, without limitation to these.

Your rights

Under the law, data subjects enjoy a number of rights, as data subjects, namely:

Right of access: you have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and information on the specifics of the processing such as: the purposes, the categories of personal data processed, the recipients of the data, the period for which the data are stored, the existence of the right to rectification, erasure or restriction of processing. This right will allow you to obtain free of charge one copy of the personal data being processed, as well as any additional copies at a cost.

Right to rectification: data subjects have the right to request the modification of their incorrect personal data or, where applicable, the completion of data which is incomplete.

Right to erasure: you may request the erasure of your personal data when: they are no longer necessary for the purposes for which they were collected and processed; you have withdrawn your consent for the processing of personal data and the Controller can no longer process them on other legal grounds; the personal data have been unlawfully processed; the personal data have to be erased for compliance with relevant legislation.

Withdrawal of consent and right to object: you have the right to withdraw your consent at any time regarding the processing of personal data processed on the basis of your consent. You may also object at any time to processing for marketing purposes, including profiling carried out for that purpose, as well as to processing based on the legitimate interest of the Controller, for reasons relating to your particular situation.

Restriction: you have the right to request the restriction of processing of data in the following situations: where the accuracy of the personal data is contested, for a period enabling the Controller to verify the accuracy of the data in question; where the processing is unlawful and the data subjects oppose the erasure of the personal data and request instead the restriction of their use; where the Controller no longer needs the personal data for the purposes of the processing, but the data subjects require them for the establishment, exercise or defence of legal claims; where the data subjects have objected to processing, for the period of time during which it is verified whether the legitimate grounds of the Controller override those of the data subjects.

Right to data portability: in so far as the Controller processes personal data by automated means, data subjects have the right to request the Controller to provide their personal data in a structured, commonly used and machine-readable format (for example in CSV format). If the data subjects request this, the Controller may transmit their personal data to another entity, if technically feasible.

Right to lodge a complaint with a supervisory authority: data subjects have the right to lodge a complaint with the data processing supervisory authority if they consider that their rights have been violated: National Supervisory Authority for Personal Data Processing, 28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania, [email protected].

Ways to exercise your rights

For any request related to personal data, in the process of exercising the rights mentioned in the previous section, the data subject may contact the Controller by any of the following means:

Email: [email protected]

Right to update and modify the privacy policy

We reserve the right to periodically update and modify this Privacy Policy, to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of any such change, we will display on our website the modified version of the Privacy Policy, which is why we ask you to periodically check the content of this Privacy Policy.