Starting with May 25th, 2018, Regulation no. 679/2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, repealing the Directive 95/46/EC (hereinafter referred to as “GDPR”) has become applicable in all Member States of the European Union.
Scope of application
This Policy regarding the processing of personal data applies to www.cio.ro web site for the purpose of informing its users about the processing of personal data by COMPANIA INDIILOR ORIENTALE PROD SRL, acting in capacity of operator, headquartered in Pantelimon City, Cernica Street, no 81, Ilfov County, registered with the Trade Register Office under no. J23/2139/2014, and having Tax Identification Number: 7226464.
If you have any questions or requests regarding the processing of personal data, you can contact us by sending an e-mail to email@example.com or you can send us any written notice to the address from Oraş Pantelimon, Strada Cernica, nr. 81, Ilfov County.
How we collect personal data
Directly: Usually, we obtain personal data directly from you:
- when you contact us by e-mail or when you send a contact form by filling the “Contact” section;
- when you write to us by using the chat on social networks (Facebook and Instagram);
Indirectly: We can obtain personal data also from the following sources:
- Professional and/or Social Sites: In case you visit our official Facebook page (called “CIO Kitchen” and/or Instagram (“bucatariacio”), we may collect information about your account.
Which categories of personal data we process
- Identification data: first and last name;
- Contact details: email address;
- Other data you choose to provide us voluntarily by the contact form or social network chat (Facebook and Instagram);
What are the legitimate grounds for data processing
We can base our processing activities on the following legitimate grounds:
- Contract: We may process personal data to fulfill our contractual obligations and honor orders as well as to provide our products in the framework of pre-contractual arrangements, for example when you request us the sending of an offer by using the email address available on the site www.cio.ro;
- Consent: We may process personal data on the basis of your consent free of any undue influence or error when you provide us with the data in question, for example, when you agree with the placement of the marketing cookie modules.
Note: Currently, www.cio.ro does not use marketing cookies.
- Legitimate interest: We may process personal data on a legitimate interest basis when, according to our assessment, we consider that the processing is fair, reasonable and proportionate to the purpose of the processing.
Why we need personal data
We process personal data collected by www.cio.ro site in a transparent way for the following purposes:
- Processing any requests received by contact forms, including the response sent to you;
- Post-sales activities, including customer service, informing users/customers about the evaluation of the services offered, improving the quality of services by the activity carried out within the company;
We transmit personal data to third parties
We may disclose personal data to third parties in order to improve the quality of our services and products, or to benefit from the assistance of specialists in fulfilling our obligations under specific laws in a particular field, such as hosting services providers or other services similar/additional links needed for the proper use of the site.
These third parties also have obligations similar to ours in relation to the protection of personal data, either because they are in their turn personal data operators or because they are empowered persons who process the data on our behalf.
We constantly ensure that our partners provide sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing your personal data meets all legal requirements.
The above-mentioned personal data may be made available or transmitted to third parties in the following situations: (i) to public authorities, auditors or institutions competent to carry out inspections and controls on our business, which request us to provide information, by virtue of legal obligations; (ii) to comply with a legal requirement or to protect our rights and assets; (iii) to third party acquirers, to the extent that our activity would be transferred (in whole or in part), and the data of the concerned persons would be part of the assets that are the subject of such a transaction.
Do we transfer personal data outside of the European Economic Area?
We may transfer your personal data outside the European Union. Every time we transfer your personal data outside the EEA, we ensure that a similar degree of protection is provided by ensuring that at least one of the following protection measures is implemented:
- We will transfer personal data only to countries that were considered to provide an adequate level of protection of personal data by the European Commission. For further details, please see European Commission: Adequacy of the protection of personal data in non-EU countries.
- In case the transfer is made to affiliated companies or service providers, we may use specific contracts approved by the European Commission to ensure the degree of protection required by GDPR. For more details, please see European Commission: Model contracts for the transfer of personal data to third countries.
- In case we use US-based service providers, we can transfer data if they have joined the Privacy Shield, which requires them to provide similar protection to personal data transferred between Europe and the US. For more details, please see European Commission : EU-US Privacy Shield.
Note: At this time, the data collected by www.cio.ro is not transferred outside of the European Economic Area.
Refuse of processing and its consequences
The provision of personal data is necessary for the operator to perform the activities listed above. A refusal from your part may make impossible to provide you with the services/products, information, to respond to your requests or to perform any of the other activities listed above.
What rights you have in connection to your personal data
As a concerned person, we respect the following rights:
- the right to request a copy of the personal data we hold;
- the right to ask us to rectify any inaccurate or out-of-date personal data;
- the right to require that personal data be deleted when we no longer need it;
- in case the processing is based on your consent, a contract or automatic means of decision, the right to require us to provide the personal data obtained directly from you and, if possible, to transmit those data directly to another operator (the right to data portability);
- withdrawal of consent for processing, when processing is based on consent but without affecting the legality of the processing activities carried out so far;
- in the case of a dispute in relation to the correctness of the processing of personal data, the right to restrict the processing;
- if processing is based on legitimate interests, the right to object to the processing of personal data (where applicable);
- the right to file a complaint with the supervisory authority: the National Supervisory Authority for Personal Data Processing, at G-ral. Gheorghe Magheru, no 28-30, district 1, postal code 010336, Bucharest, Romania or by e-mail at firstname.lastname@example.org.
The above rights may be exercised at any time. In order to exercise these rights, we encourage you to make a written request, dated and signed to the above-mentioned contact details or electronically at the following address: email@example.com.
Security of personal data
We have adopted technical security policies and procedures in order to protect personal data from loss, unauthorized use, destruction or alteration. We ensure that access to personal data is limited and authorized only to persons who have the right to use them. These persons have the obligation to ensure the confidentiality of the data.
For what period we keep personal data
We will store your personal data only for the amount of time needed to reach the above-mentioned processing goals, while respecting the legal requirements in force.
We estimate that the above-described processing activities will require the storage of personal data over the following periods:
Data sent by the contact form or via email or Facebook and Instagram social networks
Once the processing period indicated above has expired, and we no longer have legal or legitimate reasons to process your personal data, these will be deleted in accordance with the operator’s procedures, which may involve archiving, anonymization, and finally their destruction.
At the same time, storing personal data for a longer period of time can be performed for the achieving of statistics, service improvement, market research/studies or any other situation that justifies a legitimate interest of the operator.
We will review this Policy periodically, in accordance with the changes occurred in personal data processing activity, and will publish the revised version of the document.
Updated Version: 14.05.2019