Privacy Policy
Privacy Policy was published:
Current edition:
This Privacy Policy has been developed taking into account Our awareness of the importance and significance of Your Personal Data. The main purpose of this Privacy Policy is to help You understand how We Process and protect Your Personal Data when You use the Site.
This Privacy Policy is developed and operates taking into account the Law № 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679), the General Data Protection Regulation (GDPR), as well as other regulations and practices on the protection of Personal Data.
By using this Site, You confirm that:
(I) You have read, understood, and agree to the terms of this Privacy Policy;
(II) You have reached the age from which the legislation of the country of Your stay allows You to give Consent to the Processing of Your Personal Data. In any case, in order to use the Site, You must be at least 16 years old (at least 13 years old in certain regions) or one of Your legal representatives or guardians must have read and agree to the terms of this Privacy Policy on behalf of You. If You do not agree or cannot confirm the above, You must immediately stop using the Site. In this case, You must (a) contact Us and request the deletion of Your Personal Data; (b) leave the Site and not use it.
1. Terms used in this Policy:
1.1.“Privacy Policy” – this document, which is available at the following link: https://belany.ro/privacy/(hereinafter - “Policy”).
1.2.“Company” - BELANY S.R.L., registered office: Bucharest Sector 3, NERVA TRAIAN Street, № 27-33, BUILDING № 6, Staircase B, 1st Floor; unique registration code: 49085336 from 08.11.2023; commercial register number: J40/21124/2023 dated 08.11.2023; unique European identifier (EUID): ROONRC.J40/21124/2023 (hereinafter - “Company”, “We”, “Us”, “Our”).
1.3.“Personal Data” - any information relating to a natural person who is identified or can be identified using this information.
1.4.“Processing of Personal Data” – any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.5.“Subject of Personal Data” – a person who visits and/or uses the Site in order to familiarize himself / herself with the variety of goods offered by the Company, to purchase goods or for other purposes (hereinafter - “User”, “You”, “Your”).
1.6.“Controller” – the Company, which determines the purposes and means of Personal Data Processing, establishes the composition of this Personal Data and the procedures for its Processing.
1.7.“Processor” – the Company or other persons that are authorized by the Controller or by law to Process Personal Data on behalf of the Controller.
1.8. “Site” - the website of the Company, https://belany.ro, all its content and links that lead to this website.
1.9.“Consent” - any freely given, specific, informed, and unambiguous indication of the Subject of Personal Data wishes by which he or she, through clear affirmative actions, signifies agreement to the Processing of his or her Personal Data.
1.10.“General Data Protection Regulation” - European Parliament and Council Regulation No. 2016/679 as of 27.04.2016 On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter - "GDPR").
2. Personal Data We Process when You use the Site
2.1.Personal Data You provide to Us personally:
1)By completing the registration procedure and filling out the registration form on the Site, You may provide the following Personal Data:
-
Full name;
-
Email address;
-
Phone number;
-
City;
-
Password.
If the User decides to log in to the Site using a third-party authentication service, such as Facebook or Google, the Company may receive the User's Personal Data or other information accessed by such third party.
2) In the personal account of the User, after completing the registration procedure, You can additionally provide the following Personal Data:
-
Age;
-
Gender;
-
Additional phone number.
If required, You have the right to change the Personal Data You provided during registration.
3) When placing an order on the Site, You may be required to provide the following Personal Data:
-
Full name;
-
Email address (optional);
-
Phone number;
-
City;
-
Delivery address.
In the event that the Personal Data provided is incomplete, which will result in the inability to deliver the order, We have the right to request additional Personal Data required for this purpose.
4) In order to subscribe to the Company's newsletter to keep up to date with new additions to the Site, You will need to provide Your email address and Consent to receiving the specified newsletter.
5) In case of contacting Us through the means of communication available on the Site, as well as when communicating with Our consultant, You additionally provide Us with Your phone number, as well as other Personal Data that may be necessary to resolve Your request / problem.
2.2. Personal Data We Process automatically
The list of Personal Data that We automatically receive from You when using Our Site includes:
-
Cookies;
-
Information about Your browser type and device type;
-
Time spent on the Website and on its individual pages;
-
Personal Data collected by Google Analytics (number of users, session statistics, approximate geolocation; browser and device information, etc.). Read more about Google Analytics data collection at https://support.google.com/analytics/answer/11593727;
-
Personal Data collected by Meta Pixel, a list of which can be found here: https://developers.facebook.com/docs/meta-pixel/.
3. Whose Personal Data do We not Process?
We knowingly do not Process the Personal Data of children under the age of 13 (applies to Users who are residents of countries with a reduced minimum age for Personal Data Processing) and children under 16, and We also do not offer them to use the Site.
If We become aware that a person who has not reached the age from which it is permitted to Process their Personal Data has provided Us with their Personal Data without the Consent of a legal representative, guardian, or other person authorized to provide such Consent, We will take all necessary measures to delete such Personal Data.
4. Purposes of Personal Data Processing
We Process the Personal Data provided by You only for the specific and limited purposes specified below:
Order Processing. Ensuring seamless processing of orders placed by customers on the Site, including processing payments, managing deliveries, and handling returns or exchanges.
Marketing Communications. Personal Data Processing enables the sending of email notifications to Users about new arrivals, promotions, and other marketing communications based on their preferences. You can find out more about sending such letters in the section “Sending marketing and informational materials to the User”.
Site Optimization. Personal Data Processing is conducted to analyze User behavior on the Site, such as browsing patterns, time spent on pages, and clicks, to optimize the Site's performance, improve User experience, and enhance the effectiveness of marketing strategies.
Customer Support. Personal Data Processing is utilized for providing customer support services, including responding to inquiries, resolving issues, and facilitating communication between Users and the support team.
Compliance and Security. Personal Data Processing is essential for ensuring compliance with legal obligations, such as tax regulations and consumer protection laws, as well as for implementing security measures to protect against unauthorized access, fraud, and other security threats.
Analytics and Reporting. Collecting and analyzing data to generate valuable insights and reports on key metrics related to sales, customer demographics, and Site traffic, which are used for business planning and decision-making purposes.
5. Legal basis for Processing Your Personal Data
To process Your Personal Data, We rely on the following lawful bases:
-
performance of the contract — for the Processing of Personal Data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Public offer) with You;
-
legitimate interest — for the Processing necessary for the development of Our services, taking into consideration Your interests, rights, and expectations;
-
legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body;
-
consent — for additional specific purposes.
6. Storage of Personal Data
6.1. How long do We keep Your Personal Data?
We will store Your Personal Data for the period necessary to fulfill the purposes set forth in the Policy. When determining the duration of such periods, We first decide whether We need to collect Personal Data at all, and, if such a need really exists, We keep it only for the period necessary to realize the purposes of collection, or until the moment You make a corresponding request to delete Your Personal Data.
6.2. Where do We store Your Personal Data?
We adhere to generally accepted industry standards to protect Your Personal Data both during transmission and after receipt. All Personal Data, except for Cookies, is stored in the relevant databases of the Company, which We use to Process Personal Data.
Processing of Personal Data is carried out using computers and/or automated means in accordance with procedures and methods that correspond to the purposes of collecting Personal Data.
Your Personal Data that We Process may be transferred and stored outside the European Economic Area (EEA):
-
If there is no adequate decision by the European Commission regarding the country We transfer data to, We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
-
If there is an adequate decision by the European Commission regarding the country We transfer data to, We can transfer personal data to that third country without any further safeguard being necessary.
We take the protection of Your Personal Data very seriously. We take all commercially reasonable measures to prevent unauthorized access to Your Personal Data and those data obtained in the process of using the Site. Not only that, but We strive to protect Your Personal Data by various means in order to preserve its confidentiality and integrity, prevent unauthorized use or disclosure of Your Personal Data, and protect Your Personal Data from loss, misuse, disclosure, alteration, and/or destruction.
Please note that no method of data transferring over the Internet can provide a 100% guarantee of preventing information leakage.
6.3. Personal Data protection
We apply a variety of security measures appropriate to the possible risks.
7. Do We transfer Your Personal Data to third parties?
In some cases, Personal Data may be available to certain categories of Company’s responsible persons (officials), whose activities are related to ensuring the proper functioning of the Site, processing of orders placed on the Site, or to third-party organizations (such as independent providers of technical services, postal organizations, hosting service providers, companies — providers of information technologies, communication services), contractors and partners of the Company, whom We entrust to perform the functions of the Processor if necessary. You can additionally ask Us for a list of the above-mentioned persons.
IT service providers. We may engage other companies (including foreign ones) that provide administrative and IT services, including hosting services, the use of cloud services, and databases, which will Process the User's Personal Data on Our behalf in order to provide technical support and proper functioning of the Site. Such companies may access the User's Personal Data only if it is necessary to carry out the above purposes and in accordance with the provisions of the agreements with these companies on the non-disclosure of confidential information, and such companies are not entitled to use it for any other purpose.
We use Google Analytics, Meta Pixel, and other tools, to analyze Your Personal Data. Please note that the Personal Data collected by Google and Meta are transferred to the United States of America. Google LLC and Meta Platforms, Inc. are certified under the EU-U.S. Privacy Shield Framework, a network that protects the fundamental rights of everyone in the European Union whose Personal Data is transferred to the United States for commercial purposes. It allows the free transfer of data to companies that are certified in the United States under the Privacy Shield. For more information about the Privacy Shield, please visit the U.S. Department of Commerce's Privacy Shield website: https://www.privacyshield.gov/welcome/. To find out how Google Processes Your Personal Data, visit the link: https://policies.google.com/privacy
To find out how Meta Processes Your Personal Data, visit the link: https://www.facebook.com/privacy/policy/
Financial institutions (banks, payment services / tools). We can involve financial institutions that provide financial, banking services, payment services / tools, for the possibility of payment for orders submitted on the Site. In the event that during the payment You go to the website / form of such a financial institution (bank, payment service / tool), We advise You to familiarize yourself with their privacy policy. Currently, online payments on the Site are carried out using the payment service provider PayU (PayU S.A. with registered office in Poznań, 60-166 Poznań, str. Grunwaldzka 186, registered in the Register of Entrepreneurs kept by the Regional Court of Poznan - Nowe Miasto and Wilda in Poznan, the 8th Economic Section of the National Legal Register, KRS (RNJ) 0000274399, with tax identification number NIP (CIF) 779-23-08-495, national payment institution supervised by the Polish Financial Supervisory Authority, registered in the Register of Payment Services under number IP1/2012).
You can find out more about Privacy policy of PayU S.A. at the link: https://romania.payu.com/declaratie-de-confidentialitate/.
In the event that You provide Your Personal Data directly on the Site (except when You enter Personal Data in third-party widgets), financial institutions (banks, payment services / tools) may access Your Personal Data, only if it is necessary to perform the above-mentioned purposes, and they have no right to use them for any other purpose.
The Company does not have access to Your Personal Data (payment card number, payment cardholder, CVV code, card validity period) that You provide to financial institutions when making payments through the websites of such institutions or with the help of widgets of such institutions placed on the Site.
Authorities (of Romania, the European Union, or other countries). We reserve the right to disclose and/or report any Personal Data of the User, if this is required by any law of Romania or the European Union or another normative legal act, or a confirmed legal requirement of state authority and/or local authorities, for the purpose of compliance with the requirements of the laws of Romania and the legislation of the European Union, protection of the integrity of the Site, to fulfill the requests of Users, state authorities and/or local authorities, or for the purpose of facilitating any investigation by law enforcement agencies or an investigation aimed at guaranteeing public (national) security. In some cases, We may also provide the User's Personal Data to the authorities of the European Union (both national and supranational) and to the authorities of other countries, if such provision of Personal Data is required by law, or in the event of an official request from such an authority as part of a criminal investigation.
8. How can You exercise Your right to privacy?
You, as a data subject, have the right to interact with its data directly or through a request to Us. This section describes these rights and how You can exercise them:
-
Right to access: You can request an explanation of the Processing of Your Personal Data, as well as details regarding the processing activities such as the manner in which the Personal Data are processed, the purpose for which the processing is done, the recipients or the categories of Personal Data recipients, etc.;
-
Right to rectification: You have the right to obtain the correction, without justified delay, by the Company of inaccurate / unjustified Personal Data, as well as the completion of incomplete Personal Data;
-
Right to erasure (“right to be forgotten”): You can send Us a request to delete Your Personal Data from Our systems and/or databases. We will remove them unless otherwise provided by law;
-
Right to restrict the Processing: You may partially or completely prohibit Us from Processing Your Personal Data;
-
Right to data portability: You can request to receive all the Personal Data You provided to Us in a structured way, commonly used and in an easy-to-read format, as well as the right for this data to be transmitted by the Company to another controller, to the extent that the conditions provided for by law are met;
-
Right to object: You may object to the Processing of Your Personal Data;
-
Right not to be subject to an automated individual decision: the right not to be the subject of a decision taken solely on the basis of automated processing activities, including the creation of profiles, which produce legal effects concerning the data subject or similarly affect him in a significant measure;
-
Right to withdraw consent: You can withdraw Your Consent at any time;
-
Right to file a complaint: If Your request was not satisfied, You could file a complaint to the regulatory body of the National Supervisory Authority for the Processing of Personal Data or competent courts, to the extent You deem necessary.
To exercise Your rights, please contact Us using the following e-mail address: romaniabelany@gmail.com. Please note that before providing the information according to Your request, We may ask You to provide additional Data to confirm Your identity.
9. Cookies
We use Cookies that are needed for the Site’s operation. By using Cookies, We receive automatically collected data. You can read more about how Cookies are collected and processed in the Cookie Policy.
10. Sending marketing and informational materials to the User
Periodically, with the prior Consent of the User, We can send information messages about new arrivals to the Site, as well as marketing messages about promotions implemented on the Site.
Consent to receive such messages is given by the User by ticking the appropriate checkbox during registration on the Site or in a separate form in which the User has provided his / her e-mail address for receiving marketing messages, which confirms the User's desire to receive such messages and materials.
If the User has not ticked the appropriate checkbox or provided Us with a separate e-mail address for marketing purposes, We will not send information messages about new arrivals to the Site, as well as marketing messages about promotions, but will communicate with the User only in relation to his/her specific request.
If the User agreed to receive such messages, they will be sent by Us for any reason that We consider to be in the User's interests.
At the same time, the User has the right to withdraw the Consent for the further receipt of the above-mentioned materials by submitting an appropriate objection to their receipt by contacting Us at the e-mail address: romaniabelany@gmail.com.
11. Links to other sites
We may post active links to sites that are not maintained by the Company. If You visit such sites, You should review their privacy policies and operating principles. We are not responsible for the Personal Data Processing policies and practices of other companies, and any information You provide to such companies is subject to their Company policies.
12. Dispute Resolution
Before filing a claim in court in disputes arising from the relationship between the User and Us, it is mandatory to submit a claim (a written proposal for voluntary settlement of the dispute). The recipient of the claim shall, within 30 (thirty) calendar days from the date of receipt of the claim, notify the applicant of the claim in writing about the results of the consideration of the claim.
In case of failure to reach a compromise, the dispute will be referred to the competent court of Romania. The Policy is governed by and construed in accordance with the law of Romania.
13. Changes to the Policy
We have the right to make changes to this Policy at any time and for any reason by posting a new version of the Policy at the above link. We strongly recommend that You check the Policy and the date of the last change from time to time to stay informed of the latest changes.
If You do not agree with any changes made to the Policy, You must stop using the Site, and You can also request the deletion of Your Personal Data.
14. Contact information
If You have any comments, doubts, or questions regarding this Policy, please contact Us at romaniabelany@gmail.com.
We will try to answer You as soon as possible, but no longer than within 30 (thirty) calendar days.