Privacy Policy nuntalamare.ro
NUNTA LA MARE SRL, registered at the Trade Register under no. J13/3213/2017, CUI RO38248187, with headquarters in Mangalia, Maior Gh. Șonțu Street, no. 4 B, Constanța, and DRAGOSTE DE MARE SRL, registered at the Trade Register under no. J13/536/2023, CUI 47636862, with headquarters in Mangalia, street Maior Gh. Șonțu no. 4 B, Constanța, email: nuntalamareromania@gmail.com, hereinafter referred together to as “Nuntă la Mare” or “we”, as a joint controllers,
we inform you through the following regarding how we process your personal data in the context of the operation of the website nuntalamare.ro (hereinafter referred to as the “site”), owned and managed by us, as well as your rights as a data subject.
Ensuring the right to personal data protection is an important and fundamental commitment for us; therefore, the processing of your data is carried out in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation in Romania.
1. THE ROLE OF THIS PRIVACY POLICY
Therefore, this document serves the purpose of informing you about the collection of personal data through the website, how we use, transfer, and protect this data, your rights as data subjects, and how you can exercise these rights.
At the same time, we inform you that for any complaint or notification of yours regarding the protection of personal data, you can contact us at nuntalamareromania@gmail.com, whose response will be the responsibility of the operator NUNTA LA MARE SRL.
In any case, according to the GDPR Regulation, you can exercise your rights under the legislation on the protection of personal data with respect of or against each of the controllers. Moreover, we are bound as joint controllers, together or separately, by the same obligations and terms set forth in our Policies.
It is important for you to understand that by navigating the website and interacting with the products offered by Nuntă la Mare, including but not limited to, filling out forms on the website, sending email communications, adding items to your cart, making purchases, making payments through the website, receiving product deliveries, and subscribing to our newsletter, you are providing certain personal data. Refusing to provide us with this data may result in our inability to deliver these products to you.
We reserve the right to update, review, and periodically modify this Privacy Policy. In the event of any changes, we will publish the updated and revised version of the Privacy Policy on the website. We kindly ask you to periodically check the content of this document in order to stay well-informed.
Therefore:
2. TO WHOM DOES THIS PRIVACY POLICY APPLY?
The website is intended for individuals (“users”) who wish to organize their wedding on the Romanian coastline, either independently or through the products we offer (online catalogs, personalized online consulting services, floral and event design, event planning, organization and coordination of events by the sea).
Users have the option to place orders for products directly on the website or by contacting us via email, phone, through the contact form, or on social media. They may also sign contracts with us, for which they are required to provide various personal data, including full name, complete address (county, locality, street, number, staircase, building, floor, apartment, intercom if applicable), email, phone number, event date and location.
Users have the option to create an account on the website, which involves providing an email address and setting a password. Within their account, they will be required to fill in fields for their full name, mailing address, phone number, but it is also possible to provide other personal data through the e-mail address, directly to us.
Hence, this Policy is directed towards individuals for whom personal data is processed in the capacities mentioned above.
3. THE CONTACT DETAILS OF THE ENTITY RESPONSIBLE FOR THE PROCESSING ACTIVITIES
If you have any requests or questions regarding the processing of your personal data within Nuntă la Mare, please do not hesitate to reach out to us using the contact information provided below.
If you submit a request for access to the processing of your personal data to our attention, please be aware that due to the ongoing processing of your personal data and considering the established routines in our systems for the deletion of processed information in accordance with our Data Retention Policy, we commit to keeping your data up-to-date and accurate at all times.
This routine processing may involve modifying or deleting personal information we process, even after you’ve submitted a request to us. In such a situation, Nuntă la Mare will provide the information as it was held at the time we send our response, even if it differs from the information that was stored at the time of the request submission. Please note that the deletion of your personal data is a procedure that Nuntă la Mare would have carried out even if you had not submitted the request.
E-mail: nuntalamareromania@gmail.com
4. THE COLLECTION, STORAGE AND PROCESSING OF PERSONAL DATA
We store and process the personal data you provide to us in the execution of the contract you signed with us to facilitate our commercial relationship following your purchase of products, whether online or by signing contracts, scheduling consultations, creating and using an account, placing an order, and processing online payments for orders placed. Additionally, we may process data for personalizing and enhancing your experience on our website, communicating with you about our services, special offers or website updates, posting a product review following data collection through the website, email and phone, such as through the completion of the contact form or creating an account directly on the website, contacting us through available communication means and any other personal data you voluntarily provide to us during our interaction or subscribing to our newsletter, based on our legitimate interest or the consent you provide.
If we collect any other personal data through other means such as the use of cookies, you will be informed in this Policy or on the website at the time of accessing them about the intended purpose of using these data, and if necessary, we will request your consent for the storage and processing of personal data.
Your data will only be disclosed or transferred to other providers if it is legally required, for the execution of the contract concluded with you, for the provision of our services, and/or with your prior consent. In the section ”To whom we transmit your personal data and the results of our processing activities”, you can read more about the providers to whom we transmit your data.
5. WHAT CATEGORIES OF DATA WE PROCESS AND FOR WHAT PURPOSE
Depending on your role when interacting with us or the website, we may process the following data:
A. As a buyer, for the purpose of purchasing products, you need to complete an online contact form and/or create an account on the website. These data will be saved and may be used during transactions conducted through the site:
a. Full name
b. Phone number
c. Email address
d. Billing address
e. Data resulting from the questionnaire completed before scheduling a consultation meeting
f. Event date and location, if applicable
g. Date and time of the consultation meeting appointment
h. Any other information voluntarily provided by you when filling out online forms or through other means (e.g., during a phone conversation)
LEGAL BASIS:
execution of the contract concluded with Nuntă la Mare to facilitate online purchase of digital products through the website (Art. 6 (1) b GDPR), including order acceptance, validation, delivery and invoicing, informing you about the order status, and similar activities.
i. Date of birth
j. Your social media profile and link
LEGAL BASIS:
your consent (art. 6 (1) of the GDPR) which you can withdraw at any time by contacting us through the contact details described on the website. This data will be processed for: i – sending congratulatory messages and/or promotions on your birthday; j – to tag you on social media when we post about your event, both in the lead-up to and after the event.
B. As a user, for creating an account on the website, you will provide the following data:
a. Email address
b. Password, only when you request a manual password reset.
If you choose to create a user account only before completing the order for a product available on the website, the above data will be used and an account will be automatically created. If you do not complete the order, the email address and other provided data will not be processed and the automatically created account will be deleted.
LEGAL BASIS:
execution of the contract concluded with Nuntă la Mare to facilitate online purchase of products through the website (Art. 6 (1) b GDPR), including order acceptance, validation, product delivery, and invoicing, and similar activities;
Nuntă la Mare’s legitimate interest in providing you with an easy, secure, and enjoyable experience in purchasing products on the site, which contributes to increasing users’ trust in the quality of the products purchased and, consequently, to increasing the number of concluded transactions (Art. 6 (1) f GDPR).
C. As a buyer, by using the user account, we will process the following data:
a. Full name
b. Phone number
c. Email
d. History of previously purchased products
e. Description of purchased products, if available
f. Billing address
LEGAL BASIS:
execution of the contract concluded with Nuntă la Mare to facilitate online purchase of products through the website (Art. 6 (1) b GDPR), including order acceptance, validation, product delivery, and invoicing, refund of the price paid and similar activities;
Nuntă la Mare’s legitimate interest in providing you with an easy, secure, and enjoyable experience in purchasing products on the site, which contributes to increasing users’ trust in the quality of the products purchased and, consequently, to increasing the number of concluded transactions (Art. 6 (1) f GDPR).
D. As a buyer, by concluding the online service contract electronically (through the Dubsado software) we will process the following categories of data:
a. Full name
b. Phone number
c. Email
d. Personal identification number (CNP) or its equivalent
e. Document identification number and series
f. Date of issue of the identification document and the issuing authority
g. Home/residence address
h. Description of the purchased product
i. IP address
j. Signature
LEGAL BASIS:
execution of the contract concluded with Nuntă la Mare for the purpose of delivering the products to your benefit (Art. 6 (1) b GDPR);
legitimate interest in verifying your identity in the context of entering into a distance contract (Art. 6 (1) f GDPR);
certain data, such as personal identification number, are processed on the basis of your consent (art. 6 (1) of the GDPR) which you can withdraw at any time by terminating the service contract.
E. For the purpose of delivering digital products to you, we will process the following data:
a. Full name
b. Email address
LEGAL BASIS:
execution of the contract concluded with Nuntă la Mare to facilitate the purchase of digital products (Art. 6 (1) b GDPR), including the provision of products and/or the technical means by which to access and/or download them.
F. If you wish to contact us or be contacted by one of our representatives, we will ask you to provide:
a. Full name
b. Email address
c. Phone number, only to the extent necessary for this purpose (e.g., if you prefer to be contacted by phone and not by email)
d. Additionally, following conversations with the Nuntă la Mare team, regardless of the communication method, we may need further information depending on the nature of your request. The content of these messages may be collected and stored.
Moreover, these messages may be forwarded to the department responsible for resolving requests submitted to Nuntă la Mare or to an external consultant. If we use this information in relation to other partners, we will not transmit the restricted information to our partner, or we will do so without disclosing your personal data.
LEGAL BASIS:
execution of the contract concluded with Nuntă la Mare for facilitating the online sale and/or purchase of products by you through the website (Art. 6 (1) b GDPR);
legitimate interest of Nuntă la Mare in responding to and resolving complaints and/or inquiries submitted by you in the fastest and most efficient manner, in order to provide you with a pleasant experience, resolve issues arising from the website, and maintain you as a customer on our website (Art. 6 (1) f GDPR).
G. Subscribing to our newsletter can be done at the time of creating your user account, after creating the account, in the ‘My Account Information’ section or a similar one, or by visiting the website through the designated field. Additionally, we may conduct marketing activities through SMS messages. For these activities, we will use:
a. Full name
b. Email address and/or phone number
You can subscribe to the newsletter to receive information about new products published on the website, promotions, written/audio/video content from the blog on various topics, and any other details and updates to keep you informed about the website and our news. At the same time, we may use this data to keep you informed about other offers and send you marketing information.
LEGAL BASIS:
your consent (Art. 6 (1) a GDPR), which you can withdraw at any time by accessing the unsubscribe link displayed in the messages you receive from us via email or SMS, or by contacting us through the contact details provided on the website
H. Data obtained automatically through server traffic reports, such as IP addresses, data from online activity, the time and location of site access, pages visited, the geographical location of the computer or device, browsing duration, browser type, operating system, language, viewed pages, complete URLs, click sequences to, through, and from our site, information or products viewed, visit duration on specific pages, information regarding page interaction (e.g., scrolling, clicks, mouse movements), user behavior data, and other information about website visits.
We use this data exclusively to improve the website and our services, as well as to ensure its security. Under no circumstances will we use this data to identify individuals behind IP addresses.
LEGAL BASIS:
Nuntă la Mare’s legitimate interest in ensuring the security of the Nuntă la Mare website, your use of the site at a high level of security, as well as to personalize and/or improve the products offered and the online experience (Art. 6 (1) f GDPR).
I. Information obtained through the use of cookies and other similar technologies. While these do not provide personal data, they may use unique identifiers in certain cases to track a user from one website to another.
LEGAL BASIS:
Nuntă la Mare’s legitimate interest in personalizing, promoting, and/or improving the services offered and the online experience (Art. 6 (1) f GDPR) and your consent (Art. 6 (1) a GDPR), which you can withdraw at any time.
J. For the purpose of fraud detection and limiting access to certain sections of the website due to recorded behavior on the site, we process all the data indicated and obtained through the methods mentioned above.
LEGAL BASIS:
Nuntă la Mare’s legitimate interest in securing the website, providing a safe experience, and detecting various irregularities that could lead to the fraudulent use of the site (Art. 6 (1) f GDPR).
K. For the purpose of billing and/or refunding the amount you paid, or for archiving fiscal/commercial documents, we may process the following data:
a. Full name
b. Billing address
c. Your bank’s IBAN
d. Issuing bank of the account
e. Type of credit card
f. Payment reference
LEGAL BASIS:
compliance with a legal obligation, specifically the obligation to invoice and use the information that the invoice must contain, as well as communication with tax authorities (Art. 6 (1) (c) GDPR);
execution of the contract concluded with Nuntă la Mare for facilitating the online sale and/or purchase of products by you through the website, such as payment by you, payment identification and other similar activities (Art. 6 (1) b GDPR).
L. Regarding the online payment process, we do not process any banking information. The payment processor is the entity that manages the entire online payment process on the Nuntă la Mare website. For more information, please check their Privacy Policy here: Privacy Policy | Stripe.com (https://stripe.com/en-gb-ro/privacy)
M. For marketing and advertising purposes, including reviews, we may process the following data:
a. Full name
b. Event date
c. Event location
d. Image of a person
LEGAL BASIS:
Nuntă la Mare’s legitimate interest in providing you with an easy, safe, and enjoyable experience in purchasing our products, which leads to increased user trust in the quality of the products and/or services purchased, and thus increases completed transactions (Art. 6 (1) f GDPR);
Your consent (Art. 6 (1) a GDPR), which you can withdraw at any time by contacting us through the contact details provided on the website.
At times, in our processes, we use automated individual decisions, including the creation of profiles, which in certain circumstances may have legal effects. In this case, automated decisions will always be based on one of the legal bases: compliance with a legal obligation, necessity for the conclusion and performance of a contract, or the explicit consent of the data subject (Art. 22 GDPR).
6. FOR HOW LONG WE RETAIN YOUR DATA
The data collected will only be retained for a specific period of time, depending on the processing needs and purposes.
As a general rule, we will store your personal data for the duration of your contractual relationship with us and for a limited period thereafter, based on legal provisions or our legitimate interests, without infringing on your rights to personal life. You can request the deletion of certain information at any time, and we will comply with these requests, as long as it is possible (for example, if you provided the data with consent). Upon request, you can obtain additional information regarding the retention periods applicable to your personal data.
For more details on data storage methods and requests for modification or deletion, please check the Data Retention Policy.
7. WHERE DO WE OBTAIN YOUR PERSONAL DATA FROM
DIRECTLY FROM YOU:
We process personal data that you provide directly to us when placing an order or that we generate or deduce as a result of communication with you. These are situations in which you order products on the website, via email or through the Dubsado software; fill out the online contact/appointment form, create and complete your user account on the website; provide us with various data through contacting us or using the customer service; by visiting and/or using the website; or when you subscribe to our newsletter.
THROUGH VARIOUS TECHNOLOGIES TO IMPROVE THE WEBSITE AND USER EXPERIENCE
To collaborate with clients, we use Google Drive software for sharing various documents or information. When you upload a document to your file, we will have access to the data contained in that document, as well as data about that specific document. Read more about Google’s privacy policy here:https://policies.google.com/privacy?hl=ro
Additionally, for the proper functioning of the website, to facilitate the storage and tracking of user preferences, including website optimization, personalization, and marketing purposes, we use our own cookies or similar technologies, such as libraries, which collect the identified data mentioned above. Furthermore, for website operations, improving user experience, and marketing purposes, we use various third-party services that place third-party cookies or similar technologies when a user is on these platforms.
You can modify your cookie preferences in the cookie management system.
For more details, please refer to our Cookie Policy.
8. TO WHOM WE TRANSMIT YOUR PERSONAL DATA AND THE RESULTS OF OUR PROCESSING ACTIVITY
The data obtained is used exclusively by Nuntă la Mare for the purposes indicated above and will not be sold or rented to third parties.
However, in some cases, we may provide personal data to:
1. Primary service providers, such as:
a. Online payment services – payment processor;
b. Banking services;
c. Customer relationship management services (e.g., online contact forms and communication, Dubsado, Google Drive, etc.);
d. Event-related services (e.g., photographers, florists, musicians, etc.);
e. Website creation services (e.g., Elementor).
2. Support and auxiliary service providers, such as:
a. Electronic communication services (emailing, SMS, etc.);
b. IT services (e.g., maintenance, support, development);
c. Archiving services in physical and/or electronic format (e.g., Google Drive);
d. Legal, notarial, accounting, or other consultancy services.
3. Marketing service providers strictly for the purposes of Nuntă la Mare’s operations, such as:
a. Marketing agencies;
b. Communication agencies;
c. Research and market study agencies;
d. Marketing communication transmission agencies (e.g., emailing, newsletters).
4. Public institutions and authorities in Romania, such as the National Agency for Fiscal Administration (ANAF).
5. Other companies or providers with whom we may develop joint programs for marketing our services in the market.
An updated list of contractual partners/service providers with whom Nuntă la Mare processes your personal data can be transmitted upon request via email.
Contractual partners and/or providers of various services are contractually obligated to maintain the confidentiality of data and use it exclusively for the purposes for which it was provided.
Below are some illustrative scenarios in which we might transmit your personal data to the entities listed in this article:
- For website administration;
- For importing the customer into management systems or services and creating forms, such as name, first name, address, phone number, email address;
- In situations where this communication is necessary for awarding prizes or other benefits to the individuals obtained as a result of their participation in various promotional campaigns organized by us;
- For the maintenance, personalization and improvement of the website and the services carried out through it;
- For data analysis, testing, research, monitoring usage trends and activity, developing security features, and user authentication;
- For transmitting commercial marketing communications, within the limits and conditions set by law;
- When the disclosure of personal data is required by law.
Please read carefully the privacy policies of the applications used by us in conducting our business and managing our relationship with the website’s users and/or our clients. Below is an illustrative list:
Dubsado: https://www.dubsado.com/legal/privacy-policy
Google: https://policies.google.com/privacy?hl=ro
Elementor: https://elementor.com/about/privacy
Facebook: https://ro-ro.facebook.com/privacy/policy/
Instagram:https://help.instagram.com/155833707900388?locale=ro_RO&cms_id=155833707900388&force_new_ighc=false
Pinterest: https://policy.pinterest.com/ro
Twitter: https://twitter.com/ro/privacy
Canva: https://www.canva.com/policies/privacy-policy/
Typeform:https://www.typeform.com/help/a/security-privacy-standards-at-typeform-9350912237844/
We make every professional effort to provide you with the privacy policy in the Romanian language for the applications used by us. However, some of them may not have the appropriate translation.
Please use the browser’s translation feature in such situations or contact us for guidance.
9. HOW WE PROTECT YOUR DATA
We implement appropriate technical and organizational measures to ensure the security, confidentiality, integrity, availability, and resilience of our information processing systems and your data. These measures are put in place to protect data against destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data that is transmitted, stored, or otherwise processed in any way.
Furthermore, these measures include training and regular testing of our employees and partners, the establishment of relevant policies and processes that are regularly reviewed and updated under the supervision of our consultant in relation to data processing activities.
We also ensure that we carefully evaluate our suppliers to provide an appropriate level of protection for your personal data. We enter into data processing agreements or appropriate contractual clauses with them to ensure that each contractual partner who comes into contact with your personal data carries out the contracted processing activities in full safety and complies with the relevant data protection legislation.
To ensure the security and confidentiality of this data, we ensure that we take all available protection measures, such as:
data encryption using SSL technology;
the activation of your account directly by you through the activation email sent to the email address you used to create the account on the website.
Access to personal data is strictly reserved for employees and service providers who need access to process them on our behalf, from the categories mentioned above, only when necessary. These individuals are also subject to strict confidentiality obligations.
Please note that guaranteeing the security of transmitted information cannot be ensured at 100%, given the insecurity of data transmissions conducted over the internet due to external causes, such as various viruses or malware programs, the loss of electronic devices from which you use/access the website, unauthorized access to your electronic devices, the instability and insecurity of Wi-Fi networks, especially those unprotected by passwords.
Therefore, we want to provide the following instructions for better protection of your personal data:
- do not disclose your account password to anyone;
- use specialized software to generate long and unrelated passwords, and store them securely;
- set a password or lock mode for any electronic devices;
- do not leave your electronic devices unattended and only allow people you trust completely to access them, and only in your presence;
- always log out of your account and do not leave programs or software open once you have finished your work session.
We will make every effort to ensure the security of the personal data we receive from you by implementing measures to prevent unauthorized access, improper use, alteration, illegal or accidental destruction and accidental loss.
Therefore, the principles by which we process personal data are as follows:
1. processing data legally, fairly, and transparently;
2. processing data only for a valid purpose, which we have clearly explained, and ensuring they are not used in a way incompatible with this purpose;
3. collecting data that is relevant to the purpose we have communicated and limited to those purposes only;
4. accurate and up-to-date data;
5. not retaining data for longer than necessary in relation to the described purposes;
6. storing data securely.
10. DATA TRANSFER TO THIRD COUNTRIES
As a rule, we transfer personal data only to countries within the European Economic Area (EEA) or to countries recognized as having an adequate level of protection by a decision of the European Commission. Currently, we store and process your personal data within Romania and the European Union for the stated purposes. Our servers are located in the Netherlands, and some software we work with has servers located in the United States of America.
The transfer of certain personal data to entities located outside the Union, including in countries for which the European Commission has not recognized an adequate level of personal data protection, will only be possible if:
1. The transfer is carried out on the basis of appropriate guarantees, such as by using Standard Contractual Clauses issued by the European Commission or adopted by the competent authority, by using other clauses – subject to their approval by the competent authority, or by adoption by the European Commission of Decisions regarding the adequacy of the level of data protection (for example, the EU-U.S. Data Privacy Framework);
2. The transfer is based on international treaties between the European Union and the third country;
3. The transfer is necessary for the performance of a contract with you;
4. Other cases permitted by law.
We assure you that we will always take measures to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Transfers to service providers and other third parties will always be protected in the manner described above.
11. WHAT ARE YOUR RIGHTS
According to the law, you have the following rights, which you can exercise under the following conditions, and we will fully respect them:
1. Right of Access
Upon a request to our email address, you have the right to receive information at any time. You can obtain confirmation that we are processing your personal data, as well as information regarding the specifics of the processing, such as the purpose, categories of personal data processed, recipients of the data, the period for which the data is stored, and the existence of the right to rectify, erase, or restrict the processing. Upon request, we can provide you with a free copy of the processed personal data and, for a fee, any additional copies.
2. Right to Rectify Data
We will update your personal data by requesting you to review them from time to time and whenever the need for an update is mandated by law. However, you have the right to request the modification of your incorrect personal data or, where appropriate, the completion of incomplete data by contacting us and providing correct or supplementary data. You can request the restriction of the processing of your data if the accuracy of the data is contested for a period that allows us to verify that accuracy.
3. Right to Erasure of Data (“Right to be Forgotten”)
You can request the erasure of your personal data when: (a) they are no longer necessary for the purposes for which we collected and processed them; (b) you have withdrawn your consent for the processing of personal data, and we cannot process them on other legal grounds; (c) personal data is processed unlawfully; (d) personal data must be erased in accordance with the relevant legislation.
For the data deletion procedure, please consult the Data Retention Policy.
Withdrawal of Consent
You can withdraw your consent at any time regarding the processing of personal data processed based on consent, without affecting the processing carried out prior to the withdrawal in any way.
5. Right to Object
You can object at any time to processing for marketing purposes, including profiling conducted for this purpose, as well as processing based on legitimate interests identified in this policy, for reasons that are specific to you.
6. Restriction
You can request the restriction of the processing of your personal data if: (a) you contest the accuracy of the personal data for a period that allows us to verify the accuracy of the data in question; (b) the processing is unlawful, and you oppose the deletion of personal data, requesting instead the restriction of their use; (c) the data is no longer necessary for processing, but you request it for legal action; (d) in case you have objected to the processing, for the time during which it is verified whether our legitimate rights as the data controller prevail over your rights as the data subject.
7. Right to Data Portability
Upon request, under the conditions of the law, you have the right to data portability (transfer) of your personal data for the data we obtain directly from you and that are processed by automated means.
The right to data portability can be exercised only if: (a) the processing is carried out by automated means, and (b) the processing is based on your consent or to perform a contract with you. If applicable, we will provide you with this data in a secure format that is electronically processable so that you can store or disclose them to other service providers. You can also provide us with your data obtained from other companies. Additionally, you can request us to provide your personal data to another data controller; however, this can be done when data transmission is technically possible and if the conditions provided by the GDPR Regulation are met.
As the file contains your personal data, please store this data securely on your device. Data portability (transfer) will be carried out to the extent that the conditions mentioned above are met, and the data portability process from us to the indicated new operator is technically feasible, or if the operator indicated to receive the data does not refuse portability. In any case, data portability pertains to the data we currently hold, excluding the results of processing performed through our means and company systems prior to receiving the portability request.
8. Rights related to automated decisions we make in the course of our activity
In our activity, we may use automated decisions to ensure the security of your data and online sales/purchase services of products through our website, thereby ensuring the proper execution of the contract between us and you. Additionally, if we have obtained your explicit consent for this purpose, we may use automated individual decisions to send you personalized commercial communications through our newsletter. You have the right to express your point of view regarding the respective automated decision and to object to an automated decision-making process.
9. Right to address the National Data Protection Authority
You have the right to contact us at any time if you believe that your rights granted by the personal data protection legislation have been violated.
If you believe your rights have been violated, you have the right to appeal to a data protection supervisory authority, namely the National Authority for Supervising Personal Data Processing (ANSPDCP), either at the address Bulevardul General Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, or online. Additionally, you can also address the competent courts if you believe that your rights regarding the processing of personal data have been violated.
Before exercising your rights, we need to identify you to protect your personal data against any fraudulent attempts.
Your requests regarding the processing of personal data by Nuntă la Mare will be honored as soon as possible. Regarding our internal processes, we will make efforts to provide a response regarding the processing of your personal data activities within one month (usually 20 working days) by sending an email to nuntalamareromania@gmail.com. If the complexity of your request requires an extension of the response period, this period will not exceed 35 working days from the date of submitting the request.
Important information regarding identity verification:
In cases where we have doubts about the commission of fraud on our website or for the purpose of combating fraud, we may request proof of identity, address, purchase/sale, or bank card. We will instruct you on how to provide us with these documents so that only the information we strictly need is transmitted (e.g., a black-and-white copy of an ID card, a photograph of a part of a document, etc.). Only employees/collaborators/institutions who are authorized to view these documents will process your data. We retain these documents only for the time necessary to verify them, and then we immediately delete them.
12. UPDATES
Our privacy policy may be changed from time to time (usually to comply with data protection laws and practices). Updated versions will be posted on our website, and to the extent that these changes substantially affect the legal relationship with Nuntă la Mare, we will inform you through any other means available to us.
13. FINAL PROVISIONS
The clauses of this Privacy Policy should be read and interpreted in conjunction with the Data Retention (Storage) Policy, Terms and Conditions of Website Use, and the Cookie Policy.
