Privacy Policy

PROCESSING OF PERSONAL DATA (GDPR POLICY) 

In accordance with the requirements of the General Data Protection Regulation – EU Regulation 2016/679, on the protection of individuals with regard to the processing of personal data and on the free movement of such data – SHAPE YOUR DESTINY S.R.L. declares that all personal data are considered strictly confidential and are used only for the specified purposes.

We reserve the right to periodically update and modify the GDPR Policy. In the event of any such changes, we will post on our website the amended version of the GDPR Policy, which is why we ask you to check its content periodically.

What categories of personal data we process?

In general, we collect your personal data directly from you, so you have control over the type of information you provide to us.

For example, we receive information from you:

  • When you place an order, you provide us with information such as: your email address, firstand last name, billing details, payment method, phone number, bank card details, etc.
  • We may also collect and further process certain information about your behavior during your visit to our website, in order to provide you with offers tailored to your profile.
  • On our website we may store and collect information in cookies and similar technologies, in accordance with the Cookie Policy.
  • We do not collect or otherwise process sensitive data, included by the General Data Protection Regulation in special categories of personal data.

 

What are the purposes and grounds for processing? 

We will use your personal data for the following purposes:

1. For the provision of services for your benefit

This general purpose may include, as appropriate, the following: 

  • Order processing, including order taking, validation and invoicing;
  • Resolve cancellations or problems of any nature relating to an order, goods or services purchased;
  • Returning products in accordance with legal provisions;
  • Reimbursement of the value of the products according to legal provisions;

The processing of your data for these purposes is, in most cases, necessary for the conclusion and performance of an agreement between you and us.

2. To improve our services

We always strive to provide you with the best online shopping experience. To do this, we may collect and use certain information about your customer behavior, invite you to complete various questionnaires or conduct market research and surveys directly or with partners. 

3. For marketing

We want to keep you up to date with the best offers for the products you are interested in. To this end, we may send you any type of message containing general information, information on similar or complementary products to those you have purchased, information on offers or promotions, etc.

In most cases, we base our marketing communications on your prior consent.

In any situation where we use information about you for a legitimate interest of ours, we take care and take all necessary steps to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time to stop processing your personal data for marketing purposes and we will comply with your request.

4. To defend our legitimate interests

There may be situations where we use or transmit information to protect our rights and business. These may include:

  • Measures to protect the website and platform users (website name) from cyber-attacks:
  • Measures to prevent and detect fraud attempts, including the transmission of information to the relevant public authorities;
  • Measures to manage various other risks.

We also base our processing in certain cases on legal provisions.

How long we keep your personal data? 

As a general rule, we will store your personal data for as long as the service purchased by you is in progress, for the optimal performance of the service. You may request us to delete certain information at any time and we will comply with such requests, subject to the retention of certain information even after the provision of the purchased service, in situations where applicable law or our legitimate interests so require.

 

To whom we transmit your personal data?

Where appropriate, we may transmit or provide access to certain of your personal data to the following categories of recipients:

  • payment/banking service providers;
  • marketing service providers;
  • market research service providers;
  • IT service providers;


Where we are under a legal obligation or if necessary to protect a legitimate interest, we may also disclose certain personal data to public authorities.

 

To which countries we transfer your personal data?

We currently store and process your personal data in Romania.

You can contact us at any time, using the contact details on the website, to find out more information about the countries to which we transfer your data, as well as the safeguards we have put in place regarding such transfers.

 

How do we protect the security of your personal data?

The transmission of your personal data is done using state-of-the-art encryption algorithms and the servers on which it is stored are secured.

Despite the measures taken to protect your personal data, please note that the transmission of information over the Internet is not completely secure and there is a risk that the data may be seen and used by third parties, in which case we cannot be held liable.

 

What rights do you have?

The General Data Protection Regulation gives you a number of rights in relation to your personal data. You can request access to your data, correct any errors in our files and/or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to go to court. Where applicable, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability. 

To exercise your rights, you can contact us using the contact details on the website. Please note the following if you wish to exercise these rights: 

Identity

We take the confidentiality of all records containing personal data seriously. For this reason, please send us your requests for such records using the e-mail address you used when placing your order. 

Fees

We will not charge you a fee for exercising any right. 

Response time 

We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. 

Third party rights 

We do not have to comply with a request if it would adversely affect the rights and freedoms of other data subjects. 

Rights concerned 

Access to

You can ask us: 

  • to confirm whether we are processing your personal data;
  • to provide you with a copy of such data;
  • to provide you with other information about your personal data, such as what data we hold, what we use it for, who we disclose it to, etc.


Rectification

You can ask us to rectify or complete your inaccurate or incomplete personal data. 

Deletion of data

You can ask us to delete your personal data, but only if: 

  • it is no longer necessary for the purposes for which it was collected; or
  • you have withdrawn your consent; or
  • you exercise a legal right to object; or
  • it has been unlawfully processed; or
  • we have a legal obligation to do so.


We are under no obligation to comply with your request to delete your personal data if the processing of your personal data is necessary:

  • for the compliance of a legal obligation; or
  • for the establishment, exercise or defense of legal claims.


Restriction of data processing

You can ask us to restrict the processing of personal data, but only if: 

  • the processing is unlawful, but you do not want the data to be deleted, or
  • it is no longer necessary for the purposes for which it was collected, but you need it to establish, exercise or defend a legal claim; or
  • you have exercised your right to object, and verification of whether our rights prevail is ongoing.


Data portability 

You can ask us to provide your personal data in a structured, commonly used and machine-readable format or you can request that it be “ported” directly to another data controller, but in each case only if: 

  • the processing is based on your consent or the conclusion or performance of an agreement with you; and
  • the processing is carried out by automatic means.


Opposition

You may object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest. 

Automated decision-making 

You may request not to be subject to a decision based solely on automated processing, but only when that decision: 

  • produces legal effects concerning you; or
  • affects you in a similar way and to a significant extent.


Complaints 

You have the right to lodge a complaint with the Supervisory Authority regarding your personal data processing. 

In Romania, the contact details of the Data Protection Supervisory Authority are as follows: 

National Supervisory Authority for Personal Data Processing 

28-30 G-ral. Gheorghe Magheru Blvd. 1st District, postal code 010336, Bucharest, Romania

Telephone: +40.318.059.211 or +40.318.059.212; 

E-mail: anspdcp@dataprotection.ro

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise to make every effort to resolve any issues amicably.