PERSONAL DATA PROTECTION POLICY - PPD

The protection of your personal data is important to us, therefore we pay particular attention to protecting the privacy of individuals who have provided us with their personal data, of visitors to this website, and of those whose personal data has been provided to us by a third party, or to which we have had access from another source, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

Please pay particular attention to reading the following Policy ("PPD") to understand how your information ("personal data") will be handled.

PPD explains IRIDEX GROUP's (hereinafter referred to as "IRIDEX" or "OUR ORGANIZATION") practices regarding the application of the GDPR provisions and your rights regarding how your information is processed by OUR ORGANIZATION.

The processing of personal data by IRIDEX will always be carried out in accordance with the provisions of the GDPR, as well as with the personal data protection regulations specific to each country in which IRIDEX operates.

Through the DPP, OUR ORGANIZATION wishes to inform data subjects about the nature of the personal data we collect and process and the purposes of the processing. In addition, data subjects are also informed through the PPD about the rights they enjoy.

DATA OPERATOR

The website, iridex.ro belongs to Iridex Group, a legal entity based in Bucharest.

 DEFINITIONS

PERSONAL DATA

"Personal data" or "personal data" means any information or information that can identify you directly (e.g. your name) or indirectly (e.g. through pseudonymous data such as a unique identification number). This means that personal data includes things such as email address, home address, mobile phone, username, profile photos, personal preferences and shopping habits, user-generated content, financial information, and financial status information. It may also include unique numeric identifiers such as the IP address of your computer or the MAC address of your mobile device, as well as cookies.

PROCESSING OF PERSONAL DATA?

"Processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

WHICH ARE YOUR DATA. PERSONAL DATA WE PROCESS?

Your personal data that may be processed are the following: name, surname, physical address, e-mail address, city, county, chassis series of the car for which you want the car part offer, CNP (in case of order as a natural person).

PERSONAL DATA CONTROLLER

The personal data controller (hereinafter referred to as "controller") is IRIDEX.

DATA PROCESSING PRINCIPLES

OUR ORGANIZATION is committed to complying with the personal data protection principles (hereinafter referred to as the "Principles") set out in the GDPR to ensure that all data are:

  1. Processed fairly, legally and transparently;
  2. Collected for specified, explicit and legitimate purposes;
  3. Adequate, relevant and limited in relation to the purposes for which they are processed;
  4. Correct and up-to-date;
  5. Kept in a form which does not allow identification of data subjects for longer than is necessary for the purposes of processing;
  6. Processed in accordance with the rights of the data subject, in a way that ensures adequate security of processing, so that the data are whole, confidential and available.

THE BASIS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA

  1. For the purpose of concluding and performing contracts - According to Art. 6 para. 1 lit. b) of the GDPR, specific personal data may be processed. In order to be able to offer you our products and services, we need to process personal data belonging to you.
  2. For the purpose of fulfilling legal obligations - According to Art. 6 para. 1 lit. c) of the GDPR, personal data may be processed for the purpose of fulfilling legal obligations. We request a range of personal data, including, in certain circumstances, your personal number, in order to fulfil our obligations imposed by the tax authorities in relation to invoicing and reporting to the tax authorities.
  3. For the purpose of fulfilling the tasks established by Law 335/2007 with subsequent additions - According to Art. 6 para. 1 lit. a) of the GDPR, personal data may be processed if the data subject has consented to the processing of his/her personal data for one or more specific purposes. Thus, in certain situations, your personal data will be used for purposes such as: the performance of the duties laid down by the law of chambers of commerce and industry, the organization of courses, seminars, conferences, fairs, exhibitions, shows and other specialized events/events resulting from the current activity of OUR ORGANIZATION, including the performance of commercial/contractual activity and, to the extent you have consented, for marketing, promotion, advertising, publicity, etc., to keep you informed about OUR ORGANIZATION's products, services and initiatives.

CONTACT FORM PROCESSING

OUR ORGANIZATION will use the information you provide in the appropriate contact section on the website solely for the purpose of processing your request.

By providing any personal data through the iridex.ro website, you understand and agree that your data will be processed in accordance with the provisions of the IRIDEX PPD.

Please note that in order to process your requests submitted in the contact section of the website, we may, under certain circumstances, be required to disclose your data to partners with whom IRIDEX collaborates and/or other third party service providers of OUR ORGANISATION.

However, IRIDEX has taken appropriate technical and organisational measures to ensure the security of data transfer as well as the GDPR-compliant processing of your data by the aforementioned entities.

IRIDEX undertakes not to process the personal data provided for any purpose other than that for which it was submitted, except where you expressly consent to its use for other purposes.

IRIDEX may also have access to other personal data through your establishment of a link with IRIDEX, processing of data communicated as a result of telephone conversations, e-mail conversations, coming to our premises to obtain information, etc.

By contacting IRIDEX in any of the ways stipulated above or any other method involving mediated or unmediated communication between you and OUR ORGANIZATION, you understand and agree that your data will be processed in accordance with the provisions of IRIDEX's PPD.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

Personal data processed by OUR ORGANIZATION may be disclosed and/or transferred to third parties only if you expressly consent to do so, unless there is a legal/contractual obligation for OUR ORGANIZATION to do so.

Please be aware that we may in certain circumstances be required to disclose your personal data to partners with whom IRIDEX collaborates and/or other third party service providers of IRIDEX.

DATA PROCESSING BY THIRD PARTIES, OTHER SITES AND SPONSORS

The iridex.ro website may at some point contain links to other websites whose data processing policies may differ from those of IRIDEX.

Please be aware of and refer to the privacy policies of other sites, IRIDEX assumes no responsibility for information submitted or collected by these third parties.

AUTOMATED DATA PROCESSING. COOKIE

The iridex.ro website uses cookie identifiers. In this regard you can consult our Cookie Policy, available on the site, and exercise your right to disable Cookies as specified below.

DATA STORAGE PERIOD

IRIDEX may retain the processed data for various periods of time, deemed reasonable, in accordance with the purposes indicated above. We keep your data only for the period necessary to achieve the purpose for which we hold the data, to meet your needs or to fulfil our obligations imposed by law.

To know how long your data can be kept, we use the following criteria:

  1. When you use our services we keep your personal data for the duration of our contractual relationship;
  2. If you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;
  3. If you contact us with a question, we keep your personal data for as long as it takes to process your question, but no longer than 5 years from the last correspondence sent;
  4. If you create an account, we keep your personal data until you ask us to delete it or after a period of inactivity (no active interaction with us). In this regard, we note that the data processed for this purpose will be deleted 5 years after the last interaction with the account user (such as logging into your account);
  5. If you have given your consent for marketing, we retain your personal data until you unsubscribe or request deletion or after a period of inactivity (no active interaction with our brands) defined in accordance with local regulations and guidelines. In this regard, we note that data stored in our databases for the purpose of direct marketing communications is deleted from the records of these databases 5 years after the last interaction with you;
  6. Where cookies are stored on your computer, we retain them for as long as necessary for them to achieve their purposes (for example, for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidelines. In this regard, we note that the data processed through cookies used to deliver online behavioural advertising, to personalise our services to you and to enable the distribution of our content on social media sites (distribution buttons intended for the display of the site), will be kept for a maximum period of 1 year from their collection, based on your consent.

RIGHTS OF DATA SUBJECTS

Under the GDPR, you have a number of rights with regard to the personal data that IRIDEX processes:

  1. Right of access to processing data - You have the right to access the personal data we hold. The first provision of information will be done without any charge. If you require further copies of the information already provided, we may charge a reasonable fee taking into account the administrative costs of providing the information. Obvious unreasonable, excessive or repeated requests may not be answered.
  2. Right to rectification of data - You have the right to ask for your Data to be corrected if they are inaccurate or out of date and/or to complete them if they are incomplete. If you have an account, it may be easier to correct your own data via the "My Account" function.
  3. Right to erasure of data ("right to be forgotten") - In some cases, you have the right to have your Data deleted or destroyed. This is not an absolute right, as sometimes we may be forced to retain your Data for legal or judicial reasons.
  4. Right to restrict processing - You have the right to request restriction of the processing of your Data. This means that the processing of your Data is restricted so that we can keep the Data but not use or process it. This right applies in specific circumstances set out in the General Data Protection Regulation, namely:
  5. - the accuracy of the Data is contested by the Data Subject (i.e. you), for a period allowing the controller (i.e. IRIDEX) to verify the accuracy of the Data;

- the processing is unlawful and the data subject (i.e. you) objects to the erasure of the Data and requests the restriction of its use;

- the controller (e.g. OUR ORGANISATION) no longer needs the Data for processing, but they are required by the data subject (i.e. you) for the establishment, exercise or defence of legal claims;

- the data subject (i.e. you) has objected to the processing based on legitimate grounds on the part of the controller (in this case IRIDEX) on the basis of the check whether the legitimate grounds of the controller (IRIDEX) outweigh those of the data subject (i.e. you).

  1. Right to data portability - You have the right to move, copy or transfer the data you are interested in from our database to another. This only applies to data you have provided, where the processing is based on your consent or on the basis of a contract and is implemented by automated means.
  2. Right to object - You may object at any time to the processing of your data when such processing is based on a legitimate interest.
  3. The right to withdraw consent at any time - You may withdraw your consent to the processing of your data where such processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal of consent.
  4. Right to lodge a complaint with the competent supervisory authority - You have the right to lodge a complaint with the data protection authority in your country of residence or domicile to challenge the data protection practices offered by OUR ORGANISATION.
  5. The right to object to the processing of your data for direct marketing purposes - You can unsubscribe or opt out of our direct marketing communication at any time. It is easiest to do so by clicking on the "unsubscribe" link in any email or communication we send you.
  6. The right to object to the processing of your data by us when we are acting in the public interest or in our own or a third party's legitimate interests - You may object at any time to the processing of your data when such processing is based on a legitimate interest.
  7. Right to disable Cookies - you have the right to disable cookies. Internet browser settings are usually programmed by default to accept cookies, but you can easily adjust them by changing your browser settings. Many cookies are used to enhance the usability or functionality of websites/applications; therefore, disabling cookies may prevent you from using certain parts of our websites or applications, as detailed in the relevant Cookie table. If you wish to restrict or block all cookies set by our websites/apps (which may prevent you from using certain parts of the site) or any other websites/apps, you can do so through your browser settings. The Help function in your browser will tell you how. For more information, see the following links: http://www.aboutcookies.org/;

You can exercise any of these rights in relation to the personal data IRIDEX processes by making a simple request to the IRIDEX DPO. In such a situation we may well require proof of your identity.

LEGAL REQUESTS

We access, retain and provide your information to regulators, law enforcement or other entities:

  1. In response to a legal request, when we believe in good faith that the law requires us to do so. We may also respond to legal requests when we believe in good faith that the response required by the laws of that jurisdiction affects users in that jurisdiction and is consistent with internationally recognised standards.
  2. When we believe in good faith that it is necessary to: detect, prevent and respond to acts of fraud, unauthorized use of any material belonging to us, violations of our terms or policies, or other harmful or illegal activity; protect us (including our rights, property or materials), you and others, including in the course of regulatory investigations or inquiries; or prevent imminent death or injury. For example, where relevant, we provide information to and receive information from third party partners about the reliability of your account to prevent fraud, abuse and other harmful activities within and outside of our materials.

Information we receive about you may be accessed and stored for a longer period of time when it is subject to a legal request or legal obligation, a government investigation, or investigations of possible violations of our terms or policies, or in other cases to prevent harm.

RELATIONS WITH OTHER OPERATORS

Depending on the context, we may find that we absolutely need to provide information at a higher level, both globally and internally or externally, to our partners and those with whom we transfer data in compliance with GDPR, by virtue of ensuring that we provide the most professional service possible. Information controlled by IRIDEX may be transferred, transmitted or stored and processed in the EU or in countries other than the country in which you reside for the purposes described in this policy. These data transfers are necessary in order to provide the highest level of service and to continue to provide you with our materials at the highest professional level. We use standard contractual clauses approved by the European Commission and rely on the adequacy decisions issued by the European Commission with respect to specific countries, as appropriate, for data transfers from the EEA to the United States and other countries.

PROCESSING SECURITY

IRIDEX has adopted technical and organisational data processing measures, updated in accordance with GDPR requirements, in order to protect your personal data against any unauthorised access, misuse or disclosure, unauthorised modification, destruction or accidental loss. All IRIDEX employees and collaborators, as well as any third parties acting on behalf of and for IRIDEX are obliged to respect the confidentiality of your information and the requirements of the GDPR, in accordance with the provisions of the PPD.

DISCLAIMER

The iridex.ro website may contain links to other websites and/or webpages that are not owned by IRIDEX. OUR ORGANIZATION assumes no responsibility for the content of these sites and therefore shall not be held liable for the content, advertising, goods, services, software, information or other materials available on or through these sites. IRIDEX shall not be liable for any loss of personal data, any adverse effects on visitors' personal data or any other moral and/or pecuniary damage caused by access to such sites.

UPDATING THE PERSONAL DATA PROTECTION AND PROCESSING POLICY

Please note that this Policy may be subject to periodic content changes by updating the iridex.ro website.

How will we notify you about changes to this Policy?

We will send you notice prior to making any changes to this Policy and provide you with an opportunity to review the revised PPD before you choose to continue using our materials.

Please do not continue to use the iridex.ro website if you do not agree to such changes. We also recommend that you check this page for any updates.

PPD terms shall be interpreted in accordance with applicable law.

CONTACT

If you have any questions or concerns about how we handle and use your personal data or wish to exercise any of your rights, please contact us at contact@iridex.ro.

keyboard_arrow_up