Personal data protection policy

Personal data protection policy

1. According to the legislative provisions imposed by the EU General Data Protection Regulation no 679/2016, complemented by the Romanian legislation already in force,SC TODO SOFWARE CONCEPT SRLis bound by the legislative provisions to manage safely and only for the bellow mentioned purposes the personal data provided through our forms, e-mails and web applications.

   We have fully committed to comply with the regulation in force regarding personal data processing, especially regarding the following principles:

   • The principle lawfulness, fairness and transparency in data processing
   • The principle of collecting and processing data with a limited purpose
   • The principle of collecting necessary, accurate and limited data
   • The principle of informing the person in question about data processing;
   • The principle of data storage limitation
   • The principle of protecting and keeping personal data confidential

   PURPOSE

   The purposes of the data processing are detailed bellow:

   • Processing and confirming the orders you book, as well as informing you regarding the stage and delivery;
   • Transmission of offers, promotions or marketing messages;
   • Transmission of notifications and newsletters with your consent;
   • Receiving and processing payments;
   • Offering support services in case of website usage problems occur;
   • Making statistics/analysis;
   • Processing cancellations or complaints regarding booked orders, provided services or acquired products;
   • Ensuring the access to different sections of the website that are otherwise restricted.

   TYPES OF MANUALLY PROCESSED DATA

   The data we collect and process directly from you, after filling in a form requesting a website account creation or placing an order on the website:

   • First and Last Name
   • E-mail address
   • Telephone number
   • Delivery address
   • Billing address
   • Social media profiles
   • Banking details
   • Interests and preferences

   TYPES OF AUTOMATICALLY PROCESSED DATA

   • IP
   • Cookies (LINK TOWARDS THE COOKIES POLICY)
   • Browser
   • Location
   • Advertisements you clicked on
   • Web pages you visited

   LEGAL GROUNDS LEGAL

   Personal data are processed in accordance with Article 6 of the GDPR if:

   • The data subject / user has given his / her consent for the processing of his / her personal data for one or more specific purposes;
   • The processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the person to conclude a contract;
   • Fulfillment of a legal obligation of the data controller (eg issuing an invoice).

   STORAGE PERIOD DE STOCARE

   The storage period of personal data is 10 years since the last interaction with us. After this period, the data will be anonymized.

   DATA DESTINATION DATELOR

   The recorded information is intended to be used by the operator and is disclosed only to the following recipients:

   • Hosting or Programmers
   • Delivery personnel
   • Payment processors
   • Marketing providers (Newsletter, Retargeting, Adwords, Facebook, Instagram, Analytics, WEB Agency, Hotjar)
   • Billing system
   • Accounting company
   • State authorities (in case of control)

   SECURITY OF PERSONAL DATA

   Personal data security measures:

   • The Site uses appropriate security measures (SSL Software) to protect personal data against accidental destruction, loss, alteration, disclosure, unauthorized access or misuse of the information contained in our database.
   • Implementation of antivirus protection
   • Taking the necessary legal, organizational and technical measures to protect personal data against unauthorized access
   • Keeping processing security by employees (contractual clauses)
   • Back-up
   • Pseudonymization and encryption of personal data (users are recommended when creating the account, a password consisting of several characters, numbers and letters)

   The administration of the site has the right to make changes and additions to this Privacy Policy without the consent of the user.

    

   THE RIGHTS OF THE PERSON CONCERNED

   According to the legislation in force, you are entitled to the following rights:

   • The right to information– you can request information regarding the activities that involve processing your personal data;
   • The right to withdrawal your consent- in cases where consent is required for data processing, you can withdraw it at any time. Withdrawal of consent will have effects only for the future, the processing performed prior to the withdrawal remaining valid;
   • The right of access – you have the right to request a confirmation of the fact that your personal data are processed or not by SC TODO SOFWARE CONCEPT SRLand in affirmative case, he can request the access to these, as well as other type of data that is being processed;
   • The right to intervene / rectify the data- you can rectify inaccurate personal data, or you can add new data;
   • The right to object to data processing- you may object to data processing which our legitimate interest is based on. You can exercise this right online, by phone or at the e-mail address https://www.todo-soft.com/  . We will also take your objection into consideration and verify if the processing of your information has any unjustified impact on you which requires the cessation of the processing of that data. You may also object to receiving personalized commercial messages from us. When you become a customer, you will be asked whether you want to receive personalized offers. If you change your mind later, you can choose not to receive any more messages, using "unsubscribe" linkin the footer of each commercial e-mail.
   • The right to go to court- you can file a complaint about the way of processing personal data to the National Authority for Supervision of Personal Data Processing;
   • The right to delete data("the right to be forgotten") - you can obtain the deletion of data if the processing was not done according to the law or in other cases enforced by the law;
   • The right to restrict the processing- you can request the restriction of the processing in case you dispute the accuracy of the data, as well as in other cases enforced by the law;
   • The right to data portability- you may receive, under certain conditions, the personal data you have provided to us, in a format that can be read automatically or you can request that the data be transmitted to another operator;

   To exercise these rights, you can address a written request, dated and signed at the following e-mail address: https://www.todo-soft.com/ .

   If you find that some of the data you provide is incorrect, please let us know as soon as possible so that we can honor your orders and send you any announcements or information about those orders.

    

   Thank you for choosing us!