Data Retention (Storage) Policy nuntalamare.ro
1. The joint data controllers:
Company NUNTA LA MARE SRL
Registered office address: Maior Gheorghe Șonțu Street, no. 4 B, Mangalia, Postal Code 905500, Constanța, Romania.
Company DRAGOSTE DE MARE SRL
Registered office address: Maior Gheorghe Șonțu Street, no. 4 B, Mangalia, Postal Code 905500, Constanța, Romania.
Hereinafter referred together to as “Nuntă la Mare”, “we.”
You can contact us at:
Email: nuntalamareromania@gmail.com
By post: the address mentioned above.
2. General
The need to retain personal data varies depending on the type of data processed. Some data can be deleted immediately, while others must be stored until their future utility is no longer a possibility. There are cases where personal data is stored for a limited period of time, and these storage periods are imposed by the applicable legal regulations at the national or European Union level.
In other cases, the retention periods need to be determined by each organization individually, based on its activities, taking into account the data processing principles outlined in the EU Regulation 679/2016 regarding the protection of natural persons concerning the processing of personal data and on the free movement of such data (“GDPR”). Since the determination of data processing and retention periods can be somewhat subjective, implementing a Data Retention Policy is essential to ensure that the rules implemented regarding data storage are consistently applied throughout the organization.
As a general rule, we will store your personal data for as long as you have an account on the website or have purchased a product from us. You can request the deletion of certain information at any time, and we will comply with these requests, subject to the retention of certain data in situations where applicable law or our legitimate interests require it.
3. Data Retention Policy
The scope of this Policy covers all our data, including data stored in its information systems, data provided by us in mass media, data rented or obtained from contractual collaborations and partnerships, regardless of the location where this data is processed.
The Data Retention Policy within Nuntă la Mare is a tool that provides the guarantee that the requirements of the GDPR, and the relevant laws and regulations in the field of personal data protection, are respected.
4. Requests Regarding the Personal Data Retention Policy
We do not aim to adopt a “save everything” approach. However, certain data must be kept for the long term to protect our interests, to preserve evidence of processing or deletion in accordance with the law and this Policy of processed personal data if Nuntă la Mare deems it necessary, and, in general, to comply with good business practices.
Some of the most important reasons for long-term data storage are as follows:
- Complaints about the quality of the our services;
- Disputes;
- Investigation of workplace accidents;
- Investigation of a security incident;
- Legal regulations;
- Intellectual property safety.
5. Requests Regarding the Personal Data Retention Policy
The data retention periods are specified in the table below and apply to all recording formats, paper, and/or electronic, unless otherwise specified in this Policy.
DEPARTMENT: CUSTOMER RELATIONS
PROCESSING ACTIVITY:
Database where we store information about you:
- By creating user accounts; or
- By transmitting information through other means, such as contacting us through the communication means provided, completing a contact form, or subscribing to our newsletter;
- by leaving a product review; by purchasing and receiving a product;
through the use of the website.
RETENTION PERIOD:
For the duration of the contract, plus 5 (five) years from the termination of legal relationships.
If the data was provided based on consent, we store the data until the date of the data deletion request or until we become aware that the data has become inactive.
In particular, we update this database whenever we have or are notified of changes to this data. In any case, we update the database annually and delete outdated information.
DEPARTMENT: CUSTOMER RELATIONS
PROCESSING ACTIVITY:
Email received from you for filing a complaint.
RETENTION PERIOD:
3 (three) years from the date of receipt in physical and/or electronic format.
DEPARTMENT: CUSTOMER RELATIONS
PROCESSING ACTIVITY:
Email received from you for requesting information about our business activity.
RETENTION PERIOD:
3 (three) years from the date of receipt in physical and/or electronic format. If these emails do not have a significant legal or economic impact on our activity, they may be deleted at shorter intervals based on specific decisions made within the organization’s internal hierarchy.
DEPARTMENT: CUSTOMER RELATIONS
PROCESSING ACTIVITY:
Email received from you for requests related to personal data processing activities.
RETENTION PERIOD:
3 (three) years from the date of receipt, in physical and/or electronic format.
DEPARTMENT: MARKETING
PROCESSING ACTIVITY:
Information about participation in campaigns organized on our social media pages (such as Facebook, Instagram).
RETENTION PERIOD:
3 (three) years from the date of campaign completion.
DEPARTMENT: LOGISTICS
PROCESSING ACTIVITY:
Invoices, accounting records, and supporting documents that form the basis of financial accounting entries.
RETENTION PERIOD:
Between 5 (five) and 10 (ten) years from the issuance/entries, as provided by law.
DEPARTMENT: BUSINESS RELATIONS
PROCESSING ACTIVITY:
Contracts concluded by us with suppliers.
RETENTION PERIOD:
10 (ten) years from the contract termination date.
DEPARTMENT: BUSINESS RELATIONS
PROCESSING ACTIVITY:
Partnership contracts concluded by us for promotional business events.
RETENTION PERIOD:
10 (ten) years from the contract termination date.
DEPARTMENT: BUSINESS RELATIONS
PROCESSING ACTIVITY:
Business cards collected at business meetings.
RETENTION PERIOD:
1 (one) year from the date of the last contact.
DEPARTMENT: BUSINESS RELATIONS
PROCESSING ACTIVITY:
Personal data such as the name, position, and contact details of representatives of the companies we collaborate with.
RETENTION PERIOD:
10 (ten) years from the contract termination date (if included in the contracts concluded); Until the data deletion request (if obtained based on consent) or until we become aware that the data has become inactive.
DEPARTMENT: IT SYSTEMS
PROCESSING ACTIVITY:
Traffic data obtained from “cookie” files and traffic analysis on the website, mobile application, and social networks.
RETENTION PERIOD:
5 (five) years from the end of the contractual relationship.
For information regarding the retention periods of certain data processing activities that are not specified in this Policy, please send your requests through the communication channels provided at the beginning of this Policy.
7. Retention Plan
The list containing the recommended retention periods in the our records (systems or physical archives) for the personal data of customers is provided for each relevant field of activity. The storage period applies by default to all records in that category and will be adhered to whenever possible. However, we acknowledge that exceptional circumstances may require the retention of documents for shorter or longer periods. In cases where individual records or documents require a different retention period than the one recommended, Nunta la Mare should be contacted to discuss specific storage requirements.
8. Data Destruction
Data destruction is an essential component within the rules for storing personal data that is no longer used in our future activities. Data destruction ensures the efficient use of data collected during operations, making data management and recovery possible and cost-effective.
When the retention period expires, Nunta la Mare must actively destroy data covered by this Policy. If an employee (or collaborator) who has access to the processed personal data believes that certain data should not be destroyed, they should contact their direct supervisor, the Data Protection Officer, the external consultant for the our personal data processing activities, or in their absence, the management directly, so that an exception to the rules established in this Policy can be considered. Since this decision has long-term legal implications, exceptions will only be made by a member or members of the management team.
We specifically advises employees (or collaborators) not to destroy data that violates this Policy. The destruction of data that an employee (or collaborator) may consider harmful to us or the destruction of data in an attempt to conceal a violation of the law or the provisions of this Policy is explicitly prohibited.
9. Data Deletion Requests
You can request the deletion of personal data by sending an email to nuntalamareromania@gmail.com, specifying the following:
- Your contact information for response/point of view transmission;
- Your name;
- The processing activities through which the data was collected or processed (marketing campaigns, promotions, etc.);
- The type of data collected or processed that you want to delete;
- The total number of records to be deleted, if applicable.
The response time for the request is 20 working days from the date of transmission. If the complexity of your request requires an extension of the response time, this period will not exceed 35 working days from the date of transmission. In this regard, a representative will inform you of the status of your request.
If the request is resolved after an evaluation with the deletion of your data, we will send you a document representing the our point of view on your request and the actions taken through the agreed means of communication. The document will include at least the following information:
- The purpose(s) on which the data was processed;
- Data that has been deleted/eliminated/destroyed and the processing activity within Nuntă la Mare to which they belonged;
- The number of records deleted.
If the document is sent physically, it will be signed by a representative of Nuntă la Mare and stored and scanned in physical format for a period of 3 years from the date of transmission of the notification, after which the original document will be destroyed and recycled. If the point of view is sent by email, it will be stored on our servers for a period of 3 years from the date of its transmission to you at the provided email address, and then it will be deleted.
If you submit a request to Nuntă la Mare for access to the processing activities of your personal data, please note that due to the ongoing processing of your personal data and considering the routine established in our systems for the deletion of processed information under this Policy, we try to keep your data updated and accurate at all times. Thus, this routine processing may involve modifying or deleting personal information we process after you have sent a request to us. In this case, Nuntă la Mare will provide the information held at the time we send the response, even if it differs from the information we had stored at the time of the request. Please note that the deletion of your personal data is a procedure that Nuntă la Mare would have carried out even if you had not submitted the request.
10. Continuous Development
The retention periods will be maintained by Nuntă la Mare, which will make changes, additions, and updates whenever the legislation, the guidelines of the National Supervisory Authority for Personal Data Processing, or organizational or structural changes at Nuntă la Mare necessitate these changes.
11. Updates
Our personal data retention policy may be amended from time to time (generally to comply with data protection legislation and practices). The updated versions will be published on the website.