privacy policy

Introduction

www.carlaboutique.ro is the property of CARLA BOUTIQUE.

CARLA BOUTIQUE as the author, owner and administrator of the website www.carlaboutique.ro, respects the privacy and security of the processing of personal data of each person who accesses the website in in order to make online orders.

In this Privacy Policy we explain how your personal data is processed by CARLA BOUTIQUE and how we ensure that your personal data is processed responsibly and in accordance with the law on the protection of personal data that is applicable.

Context of the General Data Protection Regulation ("GDPR")

The General Data Protection Regulation, 679/2016, replaces the 1995 EU Data Protection Directive and supersedes the legislation of each member state that was developed in accordance with the Data Protection Directive 95/46 / EC. Its purpose is to protect the "rights and freedoms" of natural persons (ie living persons) and to ensure that personal data is not processed without their knowledge and, whenever possible, that it is processed with their consent.

Definitions used by the organization (extracted from GDPR)

Material domain (article 2) - GDPR applies to the processing of personal data, carried out in whole or in part by automated means, as well as to the processing by means other than automated data of a personal nature that are part of a data record system or that are intended to be part of a data record system.

Territorial scope (Article 3) - The GDPR applies to the processing of personal data within the activities of an operator's premises or a person authorized by the operator on the territory of the Union , regardless of whether or not the processing takes place on the territory of the Union. This regulation applies to the processing of personal data of data subjects who are in the Union by an operator or a person authorized by the operator who is not established in the Union, when the processing activities are related to:

  1. a) offering goods or services to such data subjects in the Union, regardless of whether or not a payment is requested by the data subject; or
  2. b) monitoring their behavior if it manifests itself within the Union. This regulation applies to the processing of personal data by an operator that is not established in the Union, but in a place where domestic law applies under public international law.

Definitions

“Principal Establishment” - the principal establishment of the controller in the EU will be the place where the controller takes the main decisions regarding the purpose and means of its data processing activities. An authorized person's principal place of business in the EU will be its administrative centre.

"Personal Data" means any information relating to an identified or identifiable natural person ("data subject") ; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;

“Special categories of personal data” - personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and processing of genetic data , biometric data for the purpose of unique identification of a natural person, health data or data regarding the sex life or sexual orientation of a natural person

"Ooperator" means the natural or legal person, public authority, agency or other body which, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law;

“Data subject” - any living person who is the subject of personal data held by an organization.

"Preprocessing" means any operation or set of operations performed on personal data or data sets with personal, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying;

"Cprofiling" means any form of automatic processing of personal data which consists in the use of data with personal character to assess certain personal aspects relating to a natural person, in particular to analyze or predict aspects of the natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location respective or its displacements.

"Îpersonal data security breach" means a security breach that accidentally or unlawfully results in to the destruction, loss, modification, or unauthorized disclosure of personal data transmitted, stored or processed in another way, or to unauthorized access to them.

"Cconsent" of the data subject means any manifestation of free, specific, informed and unambiguous will of the data subject concerned by which it accepts, through a statement or an unequivocal action, that the personal data concerning it be processed;.

“Child” - The GDPR defines a child as any person under the age of 16.

The processing of a child's personal data is only lawful if the consent of the parents or guardians has been obtained. The operator will make reasonable efforts to verify, in such cases, whether the holder of parental responsibility for the child gives or authorizes the consent.

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, the operator, the person authorized by the operator and persons who, under the direct authority of the operator or the person authorized by the operator, are authorized to process personal data

"Sdata record system" means any structured set of personal data accessible according to specific criteria, be they centralized, decentralized or distributed according to functional or geographical criteria;

Privacy Statement

The management of CARLA BOUTIQUE, based in Strada Izvoarelor No. 2, BL. B, ET. 1, AP. 5, 710271 Botoşani, Romania undertakes to comply with all relevant EU and member state laws regarding personal data and the protection of the "rights and freedoms" of the persons whose information it collects and processes CARLA BOUTIQUE, in accordance with the General Data Protection Regulation (GDPR).

This will be applied by all persons within CARLA BOUTIQUE who process personal data, including all persons within CARLA BOUTIQUE who process personal data of customers, employees, suppliers and partners, as well as any other personal data that the organization processes from any source.

This policy applies to all employees/staff and external parties within CARLA BOUTIQUE such as outsourced suppliers. Any breach of the GDPR will be dealt with in accordance with CARLA BOUTIQUE's disciplinary policy and may also be a misdemeanor, in which case the matter will be reported to the appropriate authorities as soon as possible.

Partners and any third parties who work with or for CARLA BOUTIQUE and who have or may have access to personal data are expected to have read, understood and abide by this policy. No third party may access the personal data held by CARLA BOUTIQUE without having previously concluded a data confidentiality agreement, which imposes obligations on the third party no less onerous than those that CARLA BOUTIQUE and which gives CARLA BOUTIQUE the right to verify compliance with the agreement.

WHAT HAPPENS TO YOUR PERSONAL DATA?

The personal data we collect from you will be used for the following purposes:

  • Name and surname, Email address for the purpose of creating and managing an account;
  • First and last name, order ID, dimensions, phone number and address for order pickup and delivery purposes;
  • First and last name, order ID, email address, no. by phone for order status information;
  • Name and surname, Address for billing purposes and reporting to the control authorities in the field;
  • First and last name, order ID, email address, no. by phone for the purpose of receiving the return request, contacting regarding the return request and making the return;
  • Name and surname, Email address for the purpose of providing a response to the request included in the contact form;
  • Name and surname, E-mail address for direct marketing purposes (delivery of newsletter and promotions/news);
  • E-mail address for the purpose of creating a customer account on the site by pressing the "Login with Facebook" or "Login with Google" button using the e-mail address associated with the Facebook or Google account.

This site uses cookies.Some of them are essential, while others help us improve the experience. For more details, please seeCookie Policy.

Read more about how and why we use your personal data at www.carlaboutique.ro or by contacting us on the Contact page, and our colleagues will always detail the services for you provided that require data collection and storage.

You can withdraw your consent at any time, either in writing by requesting the consent withdrawal form, or online by making a request to this effect at protectiadatelor@carlaboutique.ro .

WHAT ARE PERSONAL DATA?

In the sense of the General Data Processing Regulation (EU GDPR), Personal Data is defined as "any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity."

WHY CARLA BOUTIQUE NEEDS TO COLLECT AND STORE THE INFORMATION YOU PROVIDE AND HOW LONG DO WE KEEP IT?

CARLA BOUTIQUE is obliged to process and store personal data in order to provide you with our legal and high quality services. We transfer the personal data provided only if we have a legal basis, applicable legislation, commercial contract or your consent. During the provision of services, with your consent we will transfer to the following third-party collaborators:

  • Carla Boutique, in order to make customized products according to your dimensions;
  • C. FAN Courier Express SRL, if you opted for courier delivery.

Your data will be kept as long as required by the legislation in force. If no express mention is made to this effect, they will be stored securely in accordance with the organization's policies and procedures, but not for a storage period exceeding 10 years.

WHO HAS ACCESS TO THE DATA PROVIDED?

The employees of CARLA BOUTIQUE and third parties have access to the data. We do not give anyone access to your personal data without your consent.

WHERE IS YOUR PROVIDED DATA STORED?

The personal data provided are stored on the territory of the EEA, according to the requirements of the General Data Processing Regulation (EU GDPR).

SECURITY OF YOUR DATA

All employees are responsible for ensuring that all personal data that CARLA BOUTIQUE holds is kept secure and is not disclosed in any way to a third party unless that third party has been authorized in specifically by CARLA BOUTIQUE to receive this information and has entered into a confidentiality agreement.

All personal data is accessible only to those who need to use it.All personal data is securely processed and stored:

  • in a locked room with controlled access; and/or
  • in a locked drawer or in a locked cupboard; and/or
  • if kept on computers, password protected in accordance with the organization's requirements in the Access Control Policy and/or
  • stored on (removable) media which is encrypted

All employees have signed a user agreement before being allowed access to organizational information of any kind As soon as physical records are no longer needed, they must be securely destroyed.

Personal data may be deleted or disposed of in accordance with the organization's internal policies and applicable law. Expired physical records are shredded and disposed of as "confidential waste".

PERSONAL RIGHTS

The data subjects have the following rights regarding the processing of data and the registration of these data which they can exercise at protectiadatelor@carlaboutique.ro.

  • Request access to information held and about those to whom it has been disclosed.
  • To oppose the processing that could cause damage or prejudice.
  • To oppose processing for the purpose of direct marketing.
  • To be informed about automated individual decision-making, including profiling.
  • The data subject has the right not to be subject to a decision based solely on automatic processing, including profiling, which produces legal effects concerning the data subject or similarly affects him to a significant extent.
  • To claim damages if they suffer damages through any breach of the GDPR.
  • Take steps to rectify, block, delete, including the right to be forgotten or destroy inaccurate data.
  • To ask the supervisory authority to assess whether a provision of the GDPR has been breached.
  • The data subject has the right to receive the personal data concerning him/her that he/she has provided to the operator in a structured, commonly used and machine-readable format and has the right to transmit this data to another operator, without obstacles from the operator to whom the personal data was provided.
  • The data subject has the right to oppose the creation of profiles without consent

CARLA BOUTIQUE assures the data subjects that they can exercise these rights:

  • The data subjects can make data access requests, according to the Data Subject Access Request Procedure; this procedure also describes how CARLA BOUTIQUE will ensure that its response to the data access request complies with the requirements of the law. The exercise of these rights can be done at https://www.carlaboutique.ro/pages/protectia-datelor.
  • Data subjects have the right to submit a complaint to the National Authority for the Supervision of the Processing of Personal Data in relation to the processing of their personal data, requests from data subjects and how the complaints were resolved will be made in accordance with the procedure organization regarding complaints.
.