Data Confidentiality

STATEMENT ABOUT PROCESSING PERSONAL DATA

ARPI PSYCHE SRL, a legal entity with its registered address in County DOLJ, CRAIOVA City, STR. TRAIAN DEMETRESCU no. 19, registered at the Trade Register under nos. J16/933/2014 and 33233541, as operator, wishes to inform you about the processing of your personal data in the context of the provisioning of services/products by ARPI PSYCHE SRL to its clients, for the purposes stated below.

The contact information of the entity responsible for data protection is: ARPI PSYCHE SRL, a legal entity with its registered address in County DOLJ, CRAIOVA City, STR. TRAIAN DEMETRESCU No. 19, registered at the Trade Register under nos. J16/933/2014 and 33233541.

Due to the nature and procedures of the services/products provided by ARPI PSYCHE SRL (ARPI PSYCHE SRL “products” or “services”), their users (“Clients” or “Users”) provide certain personal data used to ensure that the services are provided and performed according to the legal provisions and to its own procedures, optimally and securely.

Protection of ARPI PSYCHE SRL clients’ personal data and its secure storage is one of the main concerns of ARPI PSYCHE SRL and its agents, partners, and subcontractors involved in providing its services.

Personal data is processed in compliance with the provisions of European Regulation no. 679/2016 of the European Parliament and of the Council of the European Union on the protection of private individuals with regard to personal data processing and on the free circulation of such data (“Regulation”).

Please read our Confidentiality Policy in full before entering any data on this site, so that you understand our policies and practices about personal information and how we treat it. If you do not agree with this Confidentiality Policy, it must be said that you might not be able to use some of the functionalities of this site.

By providing us with your personal data, you agree with the terms and conditions of this Confidentiality Policy.

This Confidentiality Policy Statement reflects the confidentiality policy applicable for all users of ARPI PSYCHE SRL services/products, so that they are informed and can make an informed decision about how their personal data collected through the use of its service will be used, as well as about their rights.

 

PERSONAL DATA

Personal data means both non-personal and personal data – information regarding an identified or identifiable private individual. An identifiable individual is an individual who can be identified, directly or indirectly, particularly through reference to an identifier, including, but not limited to:

(i) last name, first name, address, e-mail, phone (e.g. land line, cell phone, fax), billing address

(ii) financial information (e.g. income etc.)

(iii) various information necessary or requested by authorities and specific to the services/products provided

(iv) information resulting from video/audio monitoring if the Client visits one of the locations where ARPI PSYCHE SRL services/products are being provided or contacts its support services

(v) signature

(vi) any other information deriving from these as a result of processing done by ARPI PSYCHE SRL (e.g. segmentation of the client pool by different criteria; the unique identifier generated by ARPI PSYCHE SRL for each client; information that is specific for the services/products offered by ARPI PSYCHE SRL, etc.) and any other information needed by ARPI PSYCHE SRL for its activity

(vii) IP address or activities while navigating on our website or using apps/services provided by ARPI PSYCHE SRL

(viii) In the case of logging in with Facebook, public data as entered by the user (on a case by case basis: last name, first name, date of birth, email address, phone number) from the Facebook account.

Minor persons

This site is not meant for minor persons under the age of 18. As such, we do not knowingly process Personal Data of minor persons under the age of 18. If you are under 18 and have accessed this page, please do not register on the Site, do not send us any information about yourself, and contact your parents/guardians. If we become aware that we have collected, without the approval of a legal representative as required by law, Personal Data belonging to a minor person under the age of 18, we will delete that information, except if we are under a legal obligation to not delete that data, in which case we will act according to our legal obligation. If you think that we might have information from or about a minor person under the age of 18, please contact us using the information provided above.

Processing personal data means any operation or set of operations done on personal data, through automated or non-automated means, such as collecting, registering, organizing, storing, adjusting or changing, extracting, consulting, using, disclosing to third parties through transmission, dissemination or in any other way, collating or combining, blocking, archiving, deleting, destroying, etc.

COLLECTING INFORMATION

Information is collected in the process of providing services/products to users or potential users. The main sources of information are:

  1. Forms used for provision of services; data provided when using ARPI PSYCHE SRL websites or applications; other means of communication; questionnaires that the users or potential users of services agree (without being obligated) to fill out at our request; other documents that users or potential users provide to us at our request.
  2. Transactions that take place between ARPI PSYCHE SRL and its agents/partners and between these and the users of the service.
  3. External sources – for the purpose of fulfilling specific obligations (competent institutions, public records, electronic databases, information available on social media and internet, or empowered third parties that own such information, such as, but without being limited to: The National Office of the Registry of Commerce; the portal for Romanian courts of law administered by the Ministry of Justice; other providers of personal data, etc.).

 

We collect the following data:

Coralinachiriac.com collects personal data from its users in three ways:

  • Directly from the user
  • Traffic data from the user’s browser
  • Through cookies.
  1. Personal data collected directly

A1. When you access Coralinachiriac.com or when you create an account or place an order for a product/service, we may ask for your first and last names and/or email address, as well as for other data needed for contracting, delivery, or billing.

This data is stored for 3 years from the date of termination of the contract (this being the generally prescribed period). Data from bills is stored for 10 years (where this is a legal fiscal obligation). If you do not provide this data, we will be unable to fulfil your order.

A2. When you access support services, we may ask for an email address or phone number. We reserve the right to record any communication undertaken for the support services of Coralinachiriac.com for the purpose of improving our services. We will inform you that the communication may be recorded before it begins.

This data is used, for instance, for contacting you in order to solve a complaint/request that you made. We may request other data that constitutes personal data only when it is necessary for these purposes.

A3. Also, when you subscribe to our newsletter, we ask you to provide an email address for the purpose of personalizing our communications to you. For this service we use the specialized app for this type of service.

This data is stored until withdrawal of consent or until your activity shows us that you are no longer interested in our communications.

A4. When you make a payment, all payments are processed by our partners, MobilPay NETOPIA SRL. Such banking information is sent to them. These partners’ policies for processing personal data are available on their own websites.

  1. Traffic data
    When you visit a website, regardless of the device you use, you disclose certain information about you, such as your IP address, the time of your visit, where you entered our websites from, the pages you visited. Like other operators, Coralinachiriac.com records this information for a certain amount of time. Coralinachiriac.com uses external services for traffic analysis, such as Google Analytics.

This data is used exclusively by Coralinachiriac.com for the purpose of improving our website and services, and also to ensure the security of our website:

– Data provided voluntarily by clients when placing an order (first and last names, phone number), which we use to process the order. In case of an order being returned, we also use the IBAN (return form).

–Navigation data (IPs) that is recorded automatically when a user visits the site and is used for the purpose of collecting anonymous statistic information about the use of the site, in order to monitor its correct functioning in complete safety.

– Cookies – per session and fixed.

The purpose of collecting your data is solely that of responding effectively and promptly to your request in every stage of the buying procedure: checking that the data you entered in the ordering form is correct; checking the status of your order; issuing the bill for the products you order, as well as contacting you if there is anything unclear about finalizing your order.

If you wish to receive information about the products and services provided by ARPI PSYCHE SRL, please subscribe to our newsletter, providing your email address. If you wish to buy a product or service from the online store Coralinachiriac.com, please fill out the data requested in the ordering form (first and last names, address, city/town, phone number).

PURPOSES OF PROCESSING PERSONAL DATA

The purposes for which ARPI PSYCHE SRL processes personal data are:

 

  1. The purpose for collecting personal data is selling the products and services on Coralinachiriac.com (with all associated activities such as processing the order, delivery, payment, billing, etc.), customer support services, and marketing activities for the needs of Coralinachiriac.com.
  • Identifying users/potential users through means of communication (e.g. phone, email, mail, internet, fixed or mobile apps that the Client accesses in order to use the services provided).
  • Identifying users/potential users with the purpose of fulfilling legal obligations attached to ARPI PSYCHE SRL when providing services.
  • Monitoring operations and the provisioning of services and providing support services for users/potential users.
  • Creating or analyzing profiles in order to improve services and perform polls, as well as for any other ways of promoting the services and/or performing marketing activities or general advertisement.
  • Analysis of the behavior of anyone who accesses the websites of ARPI PSYCHE SRL, through the use of cookies, for the purpose of providing content (general and commercial) adjusted to the user’s preferences.
  • Performing internal analyses (including statistical analyses) regarding the services as well as the user/potential user portfolio, in order to provide, improve and develop services, and performing market studies and analyses regarding the specific domain.
  • Solving any procedural and/or legal issues related to providing the services or to the company’s interest.
  • Archiving, both as hard copy and electronically, the documents pertaining to the provisioning of services and/or the correspondence with users/potential users.
  • Reporting to state institutions as per legal regulations applicable to ARPI PSYCHE SRL (e.g. regulating authorities and legal authorities).

 

GROUNDS FOR PROCESSING PERSONAL DATA

ARPI PSYCHE SRL processes personal data for the purposes described above, on the following grounds:

  1. Executing the contract and the preliminary steps for the contract (art. 6(1) b GDPR) – for data collected through the ordering form or data received from customer support services.
  2. Legal obligations (art. 6 (1) c GDPR) regarding the data needed for billing.
  3. Consent (art 6 (1) a GDPR) for data used for marketing for the website’s visitors (e.g. subscription to newsletter, marketing cookies, etc.).
  4. Legitimate interest (art 6 (1) f GDPR) for data used for marketing for current clients (as per law 506/2004 art. 12 (2)) of Coralinachiriac.com, security of the own website coralinachiriac.com (reason 49 GDPR), and data used internally for optimizing the own website coralinachiriac.com (and anonymized or masked by pseudonym, as applicable).

IS IT MANDATORY FOR THE USER TO PROVIDE THE DATA? WHAT ARE THE CONSEQUENCES OF REFUSAL?

Processing personal data requested from users/potential users by ARPI PSYCHE SRL for the purpose of providing the services is considered absolutely necessary for providing the services under the provisions of the law and the procedures of ARPI PSYCHE SRL. Refusing to provide such data makes it impossible for us to provide the services. The user may choose that their data is not processed for direct marketing purposes.

 

RECIPIENTS OF PERSONAL DATA

In order to achieve the purposes described above, the company may send Clients’ data, when absolutely necessary, to the following categories of third parties:

  • Regulating authorities and legal authorities
  • Contractual partners (e.g. agents of the company, auditors, consultants, etc.), some of them also having the capacity of persons authorized by the operator to process personal data.

These contractual partners perform their commercial activity in Romania as well, and they may be provided with your personal data to be used within the scope of their obligations toward the company. The personal data we disclose to persons authorized by us to process it is limited to the minimal amount of personal data necessary for performing the services; also, they are required by us to not use the personal data for any other purpose.

We make all the efforts to ensure that all the entities we work with store your personal data safely and securely. Also, some of them are in their turn operators who perform their commercial activity in Romania as well, such as providers of payment services as agents.

Some of them are third parties that do not have the role of processing personal data, but may have access to it for the purpose of fulfilling their own obligations or in their interactions with the company, such as technical maintenance companies, financial auditors, or providers of legal services.

The personal data listed above may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors, or institutions involved in control activities regarding the company’s services, activities, or assets, that require the company to provide information based on the company’s legal obligations; (ii) for fulfilling certain legal requirements, including those related to providing services, or for protecting the rights and assets of the company or of other entities or persons, such as courts of law; (iii) acquiring third parties, to the extent that the company’s activity would be transferred (in full or in part), and the personal data of concerned persons would be part of the assets that constitute the object of the transaction. Also, for the purpose of processing that is regulated above, we may provide your personal data to companies that are a part of the ARPI PSYCHE SRL group, which will be subjected to the company’s instructions about processing your personal data. For more information, visit: https://coralinachiriac.com/

TRANSFER OF PERSONAL DATA ABROAD

In the context of the operations described above, Clients’ personal data may be transferred abroad to countries in the European Union (“EU”) or the European Economic Community (“EEC”). As such, we hereby inform Clients that any transfer by the company to a country that is an EU or EEC member will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 of the European Parliament (“GDPR”).

DURATION OF PROCESSING

We will store Clients’ personal data only for the amount of time needed to achieve the goals of processing as described above and in compliance with the legal provisions in effect, including, but without being limited to provisions on archiving.

WHAT HAPPENS WITH THE USERS’ PERSONAL DATA ONCE PROCESSING ENDS

After the duration of processing described above expires and the company no longer has legal reasons for or a legitimate interest in processing your personal data, the personal data will be deleted according to the company’s procedures, which may involve archiving, anonymizing, or destroying them.

AUTOMATIZED DECISION MAKING PROCESSES AND PROFILE CREATION

Personal data described here may be subjected to certain automatized decision making processes, including the creation/deletion of profiles.

SECURITY OF PERSONAL DATA PROCESSING

The company constantly assesses and improves the security measures implemented in order to ensure the safe and secure processing of personal data.

Steps taken to ensure that the personal data is secure:

  1. Users who have access to the database containing personal information may only access the database with their own account name and password. All users are obligated to maintain the confidentiality of the data they have access to, and at the end of each session in the database they will close the session.
  2. Users access personal data only in order to fulfil work tasks.
  3. Any collection and/or change of personal data by users is permanently recorded (the user, date, time, and type of change are recorded); all logging in and out of the database of all users are also recorded.
  4. Printing of personal data is done only by users who are authorized for this operation and only for the purposes required by active laws (bills, invoices of goods, commercial contracts).

The company’s offices are equipped with an alarm system, and personal data is stored electronically in secure, password-protected files. Hard copies of information are stored in special files accessible only for the company’s employees, who are obligated to keep them confidential.

RIGHTS OF THE CONCERNED PERSON REGARDING THE PROCESSING OF PERSONAL DATA

In case of processing personal data of users/potential users, the concerned person has the following rights:

  1. The right to be informed – arts. 13 and 14 GDPR. This allows concerned persons to know, at the exact moment of data collection, how the data will be used, to whom it will be disclosed or transferred, what are the rights of concerned persons regarding the processed data, etc.
  2. The right to have access to the processed personal data – art. 15 GDPR. This allows the concerned person to obtain from ARPI PSYCHE SRL a confirmation on whether his/her personal data is being processed and, if it is, to access the data and other useful information.
  3. The right to have data corrected or deleted – art. 17 GDPR. This allows the person to obtain from ARPI PSYCHE SRL the deletion/correction of his/her personal data, without unjustified delays. There are however exceptions to this rule, such as: certain data is processed in order to give the public a right to be informed; data is processed for statistic or archiving purposes; data is processed in order to fulfil a legal obligation or is processed for the acknowledgement or defense of a right in a court of law.
  4. The right to request a restriction on processing – art. 18 GDPR. You have the right to have the processing restricted if: (i) you believe that the personal data being processed is inaccurate, for an amount of time that allows the operator to check the accuracy of the personal data; (ii) the processing is illegal, but you do not wish that we delete your personal data, but that we restrict the use of such data; (iii) if the data operator no longer needs your personal data for the purposes described above, but you need the data in order to have a right acknowledged, exercised, or defended in a court of law; or (iv) you opposed the processing, for the amount of time needed for us to check if the legitimate grounds of the data operator outweigh the rights of the concerned person.
  5. The right to data portability – art. 20 GDPR. This is your right to receive the personal data that you provided to ARPI PSYCHE SRL in a form that is structured, currently used, and readable automatically, and the right to transfer such data to another operator if the processing is based on your consent or on the execution of a contract and is done through automated means.
  6. The right to withdraw your consent for processing, when processing is consent-based, without the legality of the processing done up to that point being affected.
  7. The right to refuse the processing of personal data – art. 21 GDPR – on reasons pertaining to your particular situation, when processing is grounded on legitimate interest, and the right to refuse at any time the processing of data for purposes of direct marketing, including the creation of profiles.
  8. The right to not be the object of a decision based exclusively on automatized processing, including the creation of profiles, that produces legal effects for the concerned person or similarly affects the concerned person to a significant extent.
  9. The right to make a complaint to the National Authority for the Monitoring of the Processing of Personal Data (ANSPDCP, Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal), and the right to go to a competent court of law.

The policy for data processing is based on the following data protection principles:

  • Processing of personal data will be done in a way that is legal, just, and transparent.
  • Collection of personal data will be done only for specified, explicit, and legitimate purposes and data will not be further processed in a way that is incompatible with those purposes.
  • Collection of personal data will be appropriate, relevant, and limited to the information needed for the purpose of processing.
  • Personal data will be accurate and, where necessary, updated.
  • All steps will be taken to ensure that inaccurate data is deleted or corrected without delay.
  • Personal data will be stored in a form that allows the concerned person to be identified and for an amount of time that doesn’t exceed that of the processing of personal data.
  • All personal data will be kept confidential and stored in a way that ensures the necessary security.
  • Personal data will not be distributed to third parties unless it is necessary for the purpose of providing services as per agreements.
  • The concerned persons have the right to request access to, correction or deletion of personal data, to refuse or restrict data processing, and the right to data portability.

CHANGES TO THIS STATEMENT ON PERSONAL DATA PROCESSING

ARPI PSYCHE SRL reserves the right to change this Statement – Confidentiality Policy without prior notice, according to the legislation in effect. Should this Statement be changed, ARPI PSYCHE SRL will publish an updated version on its website. Please review the Statement – Confidentiality Policy periodically, either on the ARPI PSYCHE SRL website, or in the locations where its services are made available, in order to be up to date with its most recent version.

You can exercise the rights described above at any time. For the purpose of exercising these rights, we recommend that you send us a notification in electronic format, at the address contact@coralinachiriac.com.

This site is registered on wpml.org as a development site.