INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA
In accordance with the provisions of Regulation (EU) no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, known as the “General Data Protection Regulation” or in short, “GDPR”, we bring to your attention the following aspects related to the processing of your personal data.
The document you are just going through is one of the ways we want to show you that the trust you place in us is not one-sided. This notice contains important information for you through which we explain how your personal data is processed.
WHO DO YOU GIVE YOUR PERSONAL DATA TO?
Your personal data is processed by S.C. MARTIN CLINIC S.R.L., with headquarters in Bucharest, Vlad Județu street no. 46, ground floor, order number in the Commercial Register J40/3037/07.03.2019, CUI 40748214.
Telephone +40 754 882 288, E-mail: firstname.lastname@example.org, hereinafter “Operator” in accordance with the legislation in force.
WHAT PERSONAL DATA DOES THE OPERATOR PROCESS?
Our company collects your personal data directly from you, so you have control over the type of information you provide to us.
So when you create an account on our site, you give us your email address, first name and last name.
When you place an order, you provide us with information such as: desired product, name and surname, delivery address, billing details, postal code, telephone number.
To the extent that you purchase the “skincare consultation” service, you provide us with your email address to transmit the login data necessary to provide the assistance via the Zoom platform.
We note that S.C. MARTIN CLINIC S.R.L does not keep in its archives records of the online sessions conducted through this platform.
WHAT IS THE LEGAL BASIS ON WHICH WE PROCESS YOUR DATA?
We process personal data based on your consent.
WHAT ARE THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA?
To provide services for your benefit such as:
- a) Account creation and administration;
- b) Receiving, processing, validating, shipping and invoicing orders;
- c) transmission of login data for providing online assistance regarding products from the SkinCare range and their characteristics, through an online conference platform such as Zoom;
- d) Solving cancellations or problems of any nature related to an order, goods or services purchased;
- e) Returning the products according to the legal provisions;
- f) Reimbursement of the counter value of the products according to the legal provisions;
- g) Providing answers to your questions about your orders or our goods and services;
- To comply with applicable legislation, including tax and accounting legislation.
The personal data collected for the aforementioned purpose are strictly and imperatively necessary, the refusal to provide them leading to the impossibility of processing your orders.
WHO DO WE TRANSMIT YOUR DATA TO?
Your data will be used in the relationship with the courier companies that will bring you the ordered goods to the delivery address you indicated to us. The data transmitted to them will be strictly limited to the service provided.
Your data will not be transferred to other companies, organizations in the country or outside the country. If the data will be transferred you will be informed beforehand.
WHAT IS THE TERM FOR WHICH YOUR DATA IS PROCESSED?
Your personal data that you provide to us when placing an order without creating an account on the www.martinclinic.ro platform will be processed for a period of 3 months, after which period, the data will be deleted.
Your personal data that you provide to us by creating an account on the www.martinclinic.ro platform will be stored as long as you have an account on our website. You may request that we delete certain information or close your account at any time, and we will comply with such requests, subject to the retention of certain information including after account closure, where applicable law or our legitimate interests require it.
Personal data related to payments/invoicing will be stored in accordance with applicable law.
HOW DO WE PROTECT YOUR DATA?
We have implemented practices and policies dedicated to the processing of personal data, we have ensured that the data we process is necessary, appropriate and relevant for the purposes of this note and we have taken technical and security measures to protect your data.
IS PERSONAL DATA PART OF AN AUTOMATED DECISION-MAKING PROCESS?
We inform you that your personal data are not the subject of a decision-making process adopted exclusively by automated means (creating profiles) for the purpose of evaluating some personality traits, etc.
WHAT ARE YOUR RIGHTS?
According to the legislation in force you have the following rights:
Right of access. You can make requests to obtain confirmation of data processing, categories of processed data as well as other additional information related to processing;
The right to rectification. You have the right to request the correction, without undue delay, of inaccurate personal data.
The right to data deletion (“the right to be forgotten”). You have the right to request that your personal data be deleted without undue delay if one of the following reasons applies:
- they are no longer necessary to fulfil the purposes for which they were collected or processed;
- withdrawal of consent and there is no other legal basis for processing;
- the exercise of the right of opposition and the absence of legitimate reasons to prevail;
- personal data were processed illegally;
- personal data must be deleted to comply with a legal obligation;
- personal data were collected in connection with the provision of information society services.
The right to restriction of processing. You can request restriction of processing in the following cases:
- To challenge the accuracy of the data, for a period that allows the Operator to verify the correctness of the data;
- the processing is illegal and the person opposes the deletion of personal data, requesting the restriction instead;
- if the Operator no longer needs the personal data for the purpose of processing, but the person requests them for establishing, exercising or defending a right in court;
- if the person has objected to the processing for the period of time in which the Operator checks whether there are other legitimate grounds for the processing of personal data.
The right to data portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format and the right to have this data transmitted directly to another operator if this is technically feasible.
The right to opposition. It involves your right to object to the processing of personal data when the processing is not necessary for the performance of a task that serves a public interest or does not take into account a legitimate interest of the operator. When the processing of personal data is aimed at direct marketing, you have the right to object to the processing at any time.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise your rights by sending a message to the personal data protection officer at the e-mail address: email@example.com or to the operator at the e-mail address firstname.lastname@example.org or by sending a written address with confirmation of receipt at the operator’s headquarters. The deadline for receiving a response is 30 days.
WHICH AUTHORITY IS COMPETENT FOR DATA PROTECTION?
The National Supervisory Authority for the Processing of Personal Data (ANSPDCP) has its headquarters in Bucharest, B-dul G-ral. Gheorghe Magheru, no. 28-30, Sector 1, postal code 010336, e-mail: email@example.com. It is responsible for supervising the processing of personal data.