PERSONAL DATA PROTECTION POLICY
The new European Union law on the protection of personal data entered into force on May 25, 2016 and takes effect as of May 25, 2018. This law is the biggest change in personal data protection over the last 20 years and has objectives that go far beyond the mere protection of the private space.
The protection of your personal data is important to us, therefore we pay special attention to protecting the privacy of the of visitors (,,data subjects’’) to our website “www.serve.ro” (hereinafter referred to as SITE), as well as those whose personal data has been provided to us by third parties, or to which we had access from another source in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council from April 27, 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter referred to as GDPR).
Please pay special attention to reading the following Policy to understand how your information will be treated.
The Policy explains the practices of S.E.R.V.E. (hereinafter referred to as “S.E.R.V.E.) regarding the application of GDPR provisions, as well as the rights you receive in relation to how your information is processed by S.E.R.V.E.
The processing of personal data by S.E.R.V.E. will always be done in accordance with the GDPR provisions as well as with the personal data protection regulations specific to each country in which S.E.R.V.E. operates.
By this Policy, S.E.R.V.E. wishes to inform the data subjects about the nature of the personal data we collect and process, as well as about the purposes of the processing. In addition, the data subjects are informed via the Policy about their rights.
WHO ARE WE?
We are S.E.R.V.E. S.A.., a company with its registered office in 48-50 Pastorului Street, 020349 Bucarest. Trade Register number J40/5734/1994 and unique registration code RO5511839. Our main field of activity, “wholesale of beverages”, according to NACE code 4634, and our legal representatives are the administrators: Mihaela Tyrel de Poix
WHAT ARE PERSONAL DATA?
“Personal data” means any piece of information or information that can identify you directly (for example, your name) or indirectly (for example, by pseudonymous data such as a unique identifier). This means that personal information includes things such as the email address, home adress, mobile phone, username, profile photos, personal preferences and shopping habits, user-generated content, financial information and financial status information. This could include unique numeric identifiers, such as your computer’s IP address or MAC address of your mobile device, as well as cookies.
WHAT DOES PERSONAL DATA PROCESSING MEAN?
“Processing” means any operation or set of operations performed on personal data or on sets of personal data with or without the use of automated means such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
WHICH OF YOUR PERSONAL DATA DO WE PROCESS?
Your personal data to be processed is as follows: surname, name, e-mail address, phone number, employer, position, department, delivery address, billing address, date of birth.
PERSONAL DATA OPERATOR
The personal data operator (hereinafter referred to as the “operator”) is S.E.R.V.E.
OFFICER IN CHARGE OF PERSONAL DATA PROTECTION (DPO)
S.E.R.V.E., as operator, appointed Mrs. Oprea Mădălina, as officer in charge of personal data protection (hereinafter referred to as “DPO”), having the obligation to verify the compliance with GDPR provisions in the data processing operations performed by the operator and to represent the operator in relation to the data subjects and the Supervisory Authority.
The Persons concerned have the opportunity to address the DPO directly at any time on any matter related to this PPD using the contact details below:
DPO name: Oprea Mădălina
DPO e-mail: email@example.com
DPO mailing address: Bucharest, district 1, 9 Transilvaniei street.
PRINCIPLES ON DATA PROCESSING
S.E.R.V.E. undertakes to comply with the principles of personal data protection (hereinafter referred to as the “Principles”) set out in the GDPR to ensure that all data are:
- Processed in a fair, legal and transparent manner;
- Collected for specified, explicit and legitimate purposes;
- Adequate, relevant and limited in relation to the purposes for which they are processed;
- Correct and updated;
- Kept in a form which makes it impossible to identify the data subjects longer than is necessary in relation to the purpose of the processing;
- Processed in accordance with the rights of the data subject in a manner that ensures adequate processing security so that the data are complete, confidential and available.
GROUNDS AND PURPOSES OF PERSONAL DATA PROCESSING
- For the purpose of concluding and executing contracts – According to art. 6 par. 1 lit. b) from GDPR, personal data may be processed for the purpose of concluding or executing the contract. In order to be able to offer you our products and services, we need to process the personal data that you hold.
- For the purpose of fulfilling legal obligations – According to art. 6 par. 1 lit. c) GDPR, personal data for the purpose of fulfilling legal obligations may be processed. We request a series of personal data, including, in some cases, the Personal Code, in order to fulfill our obligations imposed by tax authorities on invoicing and reporting to tax authorities.
- For marketing purposes – According to art. 6 par. 1 lit. a) GDPR, personal data may be processed if the data subject has given his/her consent to the processing of his or her personal data for one or more specific purposes. Thus, in some situations, your personal data will be used to send you marketing messages, offers, news, future campaigns, invitations to various events.
- Thus, in certain situations, your personal data will be used for the purpose of: i) sending you marketing, information or commercial messages (offers, promotions, advertising and marketing messages regarding the activity of S.E.R.V.E. and third parties with which S.E.R.V.E. has relationships of any kind); ii) participation in contests, promotions; iii) transmission of non-commercial or administrative messages (regarding changes in SITE, administration, etc.); iv) internal statistics necessary for the improvement of the quality of the services offered and the image of the SITE and for the creation of new characteristic elements, promotions, functionalities and new services; v) ensuring access to sections with limited access to the SITE; vi) market research.
PROCESSING OF OTHER DATA YOU PROVIDE TO US
By providing any personal data through the S.E.R.V.E. SITE, you understand and agree that your data will be processed in accordance with the provisions of the Policy of S.E.R.V.E.
S.E.R.V.E. undertakes not to process personal data provided for any purpose other than that for which they were transmitted, unless there is your express consent to use them for other purposes.
It is also possible that S.E.R.V.E. has access to other personal data by establishing a link with S.E.R.V.E., by processing the data communicated following telephone conversations, e-mail conversations, presentation at our headquarters in order to obtain information, etc.
By contacting S.E.R.V.E. in any way stipulated above or any other method that involves a mediated or direct communication between you and S.E.R.V.E., you understand and agree that your data will be processed in accordance with the provisions of the Policy of S.E.R.V.E.
If you have subscribed to the S.E.R.V.E. Newsletter section, your personal data will be used exclusively for the purpose of sending you marketing, information or commercial messages (offers, promotions, advertising messages regarding the activity of S.E.R.V.E. and the partners with whom S.E.R.V.E. has relationships of any kind) but also news, campaigns, invitations to various events.
Your personal data will be deleted immediately when you unsubscribe from the S.E.R.V.E. Newsletter section.
You can unsubscribe at any time via the link attached to the Newsletter received or by a written request addressed to the Data Protection Officer of S.E.R.V.E.
S.E.R.V.E. reserves the right to select the persons to whom it will send newsletters and / or alerts as well as the right to remove from its database any Member or Client who has previously expressed consent to receive newsletters and / or alerts, without any a subsequent commitment from S.E.R.V.E., or any prior notification thereof.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
Personal Data processed by S.E.R.V.E. may be disclosed and/or transferred to third parties only in the case of your express consent to do so, unless there is a legal/contractual obligation for S.E.R.V.E. to proceed in this manner.
Please be advised that it is possible under certain circumstances to disclose your personal data to partners with whom S.E.R.V.E. collaborates and/or to other third-party service providers of S.E.R.V.E.: companies within the same group of companies as S.E.R.V.E., courier service providers, payment / banking service providers, IT service providers, marketing service providers.
DATA PROCESSING BY THIRD PARTIES, OTHER SITES AND SPONSORS
The S.E.R.V.E. SITE may at any time contain access links to other sites whose data processing policies may differ from those of S.E.R.V.E.
Please consider and consult the personal data protection policies of the other sites, S.E.R.V.E. not assuming responsibility for the information sent or collected by these third parties.
AUTOMATIC DATA PROCESSING. COOKIE
ONLINE BEHAVIOR ADVERTISING.
DATA STORAGE PERIOD
S.E.R.V.E. may keep the processed data for different periods of time deemed reasonable for the purposes indicated above. We only retain your data for the period necessary to achieve the purpose for which we hold the data, to meet your needs or to fulfill our obligations under the law.
In order to know how long your data can be stored, we use the following criteria:
- If you create an account, we keep your personal data until you request that we delete it or after a period of inactivity (without an active interaction with us). In this regard, we note that the data processed for this purpose will be deleted 5 years after the last interaction with the user of the account (such as login to your account);
- If you have given your consent for marketing, we will keep your personal data until you unsubscribe or request to delete it or after a period of inactivity. In this regard, we mention that the data stored in our databases for the purpose of direct marketing communications are deleted from the records of these databases 5 years after the last interaction with you;
- If you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;
- If you contact us for a question, we keep your personal data for the time necessary to process your questions, but not more than 5 years from the last correspondence sent;
If cookies are stored on your computer, we keep them for as long as necessary to achieve their purposes (for example, during a session for shopping cart cookies or cookies for shopping cart IDs). session) and for a period defined in accordance with local regulations and guidelines.
THE RIGHTS OF THE DATA SUBJECTS
Under the GDPR, you have a series of rights with respect to the personal data that S.E.R.V.E. processes:
- The right of access to processed data – You have the right to access the personal data we hold. The first information will be provided without any charge. If you will need copies of the information already provided, we may charge a reasonable fee, taking into account the administrative costs of providing the information. The manifestly unreasonable, excessive or repeated requests may not be answered.
- The right to modify data – You may request that your data be modified if inaccurate or obsolete and/or filled in if incomplete. If you have an account, it can be easier to correct your own data using the “My Account” feature.
- The right to delete data (“the right to be forgotten”) – In some cases, you have the right to obtain the deletion or destruction of your data. This is not an absolute right, because sometimes we may be forced to keep your data for legal reasons.
- The right to restrict the processing – You may request that you limit the processing of your data. This means that your data processing is limited so we can keep the data, but not use or process it. This right applies in the specific circumstances provided for in the General Data Protection Regulation, ie:
– the accuracy of the data is contested by the data subject (ie you) for a period that allows the Operator (ie S.E.R.V.E.) to verify the accuracy of the data;
– the processing is illegal and the data subject (ie you) opposes the deletion of the data and requests the restriction of their use;
– the operator (ie, S.E.R.V.E) no longer needs data for processing, but they are required by the data subject (ie you) for the establishment, exercise or defense of legal claims;
– the data subject (ie you) raised objections against the processing based on legitimate reasons on the part of the Operator (in this case S.E.R.V.E.) in order to verify that the Operator’s legitimate reasons (S.E.R.V.E) exceed those of the data subject (ie you).
- The right to data portability – You may move, copy or transfer the data you are interested in from our database to another. This applies only to the data you have provided when the processing is based on your consent or contract and is implemented by automated means.
- The right of opposition – You may oppose at any time the processing of your data when such processing is based on a legitimate interest.
- The right to withdraw consent at any time – You may withdraw your consent to the processing of your data when such processing is based on consent. The withdrawal of the consent does not affect the lawfulness of processing on the basis of consent prior to its withdrawal.
- The right to file a complaint with the competent supervisory authority – You have the right to complain to the data protection authority of your country of residence or domicile to challenge the data protection practices offered by S.E.R.V.E..
- The right to oppose the processing of your data for direct marketing purposes – You may unsubscribe from or opt out of our direct marketing communication at any time. It’s easier to do so by clicking the “unsubscribe” link in any email or communication we send you.
- The right to oppose the processing of your data by us when conducting actions in the public interest or in our legitimate interests or that of a third party – You may at any time oppose the processing of your data when such processing is based on a legitimate interest.
- Right to disable cookies – You have the right to disable cookies. Settings in internet browsers are usually programmed by default to accept cookies, but you can easily adjust them by changing your browser settings. Many cookies are used to increase the usability or functionality of web sites / applications; therefore, disabling cookies may prevent you from using certain parts of our sites or applications, as detailed in the relevant Cookie table. If you want to restrict or block all cookies set up by our websites / applications (which may prevent you from using certain parts of the site) or any other sites / applications, you can do so through your browser settings. The Help feature in your browser will tell you how. For more information, see the following links: http://www.aboutcookies.org/.
You may exercise any of these rights with respect to the personal data that S.E.R.V.E. processes by submitting a simple request to the S.E.R.V.E. DPO. In such a situation, it is very possible to request proof of your identity.
We access, keep and provide your information to regulatory authorities, law enforcement or other entities:
- In response to a legal request, when we believe in good faith that the law requires us to do so. We may also respond to legal claims when we consider in good faith that the response required by the laws of that jurisdiction affects users in that jurisdiction and complies with internationally recognized standards.
- When we believe in good faith that it is necessary to: detect, prevent and respond to acts of fraud, unauthorized use of any material belonging to us, violations of our terms or policies or other harmful or unlawful activities, to protect us (including our rights, property or materials), yourself and others, including within investigations or inquiries by regulatory authorities, or to prevent imminent death or injury. For example, if relevant, we provide information to and receive information for third partners about the reliability of your account to prevent fraud, abuse and other harmful activities inside and outside of our materials.
The information we receive about you may be accessed and stored for a longer period of time when you are subject to a legal, justice matter, governmental inquiry or investigation into possible violations of our terms or policies, or in other cases to prevent damage.
RELATIONS WITH OTHER OPERATORS
Depending on the context, we may find ourselves in the situation of the absolute need to provide information at a higher level, both globally and internally or externally, to our partners and to those with whom we transfer GDPR data in the virtue of providing the most professional services possible. Information controlled by S.E.R.V.E. may be transferred, transmitted or stored and processed in the EU or in countries other than the country where you live for the purposes described in this policy. These data transfers are necessary to deliver the highest level of service and to continue to provide you with our best professional content. We use standard contractual clauses approved by the European Commission, and we rely on the appropriateness of the European Commission’s decisions concerning certain countries, as the case may be, for the transfers of EEA data to the United States and other countries.
S.E.R.V.E. has adopted technical and organizational data processing measures, updated in accordance with GDPR requirements, to protect your personal data against any unauthorized access, misuse or disclosure, unauthorized modification, accidental destruction or loss. All S.E.R.V.E. employees and collaborators, as well as any third parties acting in the name and on behalf of S.E.R.V.E., are required to respect the confidentiality of your information and the GDPR requirements, in accordance with the Policy provisions.
THE SITE may link to other sites and / or other webpages that are not owned by S.E.R.V.E. S.E.R.V.E assumes no responsibility for the content of these sites and therefore can not be held responsible for the content, advertising, goods, services, software, information or other materials available on or through these sites. S.E.R.V.E E will not be held responsible for the loss of personal data, of any adverse effects on visitors’ personal data, or other moral and / or patrimonial damages caused by the access to those sites.
UPDATING THE PERSONAL DATA PROTECTION AND PROCESSING POLICY
Please note that this Policy may be subject to periodic content changes by updating the S.E.R.V.E SITE.
Please do not continue to use the S.E.R.V.E. site if you do not agree to such changes. We also recommend that you check this page for any updates.
The Policy terms are interpreted according to the applicable legislation.
If you have any questions or concerns about how we treat and use your personal data or wish to exercise any of your rights, please contact us by accessing our DPO’s contact details.