Privacy Policy

General

Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document - GDPR, Regulation or GDPR) was adopted by the European Parliament and the Council of the European Union on 27 April 2016 and its provisions are directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all individuals within the European Union. From a substantive point of view, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons, and in particular to undertakings having legal personality, including the name and type of legal person and the contact details of the legal person.

Personal data are defined as any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Identity of the operator

In view of Article 4(7) of the Regulation, which defines the notion of "controller" as the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data, the controller processing personal data through this website is the Association "Botoșănean Shield", established in Botosani, JUD. BOTOȘANI, MUN BOTOȘANI STR. POD DE PIATRĂ, NR.6, registered at the Trade Register Office 36846940, with CUI 36846940, legally represented by Ionuț-Bogdan Cărăușu, with contact details admin@scutbotoșănean.ro, +40735613329, .

Collection of personal data

What personal data is collected

The operator of this website collects, stores and processes the following personal data of / about you:

• Name, first name
• Contact details (such as e-mail, telephone, fax)

Obtaining Consent

General

For the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject's prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has given his or her consent to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions laid down in the GDPR.

Consent must be given by an unequivocal statement or action which constitutes a freely expressed, specific, informed and clear expression of the data subject's agreement to the processing of his or her personal data. Where the data subject's consent is given in the context of a statement, in electronic or written form, which also relates to other matters, the request for consent must be presented in a form which clearly distinguishes it from the other matters and may even be made by ticking a box. For the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject's prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has given his or her consent to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions laid down in the GDPR.

Cookies

Cookies are used on this site. They do not harm your computer and do not contain viruses, but are intended to help make the site easier, more efficient and safer to use. They are small text files that are stored on your computer and saved by the browser you are using.

Many of the cookies used are called "session cookies", which are automatically deleted after visiting this site. Others remain in the memory of your computer until you delete them, making it possible to recognise your browser on a subsequent visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be set to automatically accept cookies under certain conditions or to always reject cookies or automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you want to use (such as shopping cart) are stored in accordance with the provisions of Article 6 (1) (f) of the GDPR, according to which processing is lawful only if and to the extent that it is necessary for the legitimate interests pursued by the controller or a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies in order to ensure technical error-free optimization. Other cookies (such as, for example, those used to analyse your browsing behaviour) are also stored and will be dealt with separately in this document.

Contact form

If you send us questions via the contact form, we will collect the data you enter in the form, including the contact details you provide, in order to respond to your questions and subsequent questions. We do not transmit this information without your permission. We will therefore only process any data you enter into the contact form with your consent. [You can revoke your consent at any time, an informal e-mail to this effect is sufficient. Data processed prior to receiving your request may be processed lawfully. We will keep the data you provide on the contact form until:

• request deletion of data;
• you revoke your consent to their storage or if 
• the purpose for storing it is no longer valid. 

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contact by e-mail, phone or fax

If you contact us by e-mail, telephone or fax, your request, including any personal data you provide, will be stored and processed by us for the purpose of dealing with your request, based on your consent.

Therefore, we will process any data you provide under the following legal provisions in the GDPR, respectively:

• only with your consent - in accordance with the provisions of Article 6 para. 1 lit. a) GDPR
• for the performance of a contract or at the pre-contractual stage - in accordance with the provisions of Art. 6 para. 1 lit. b) GDPR
• in order to fulfil the purpose and legitimate interest pursued by us, namely that of efficiently processing the requests sent by you - in accordance with the provisions of Article 6 para. 1 lit. f) GDPR.

We will keep the data you provide in this way until:

• request deletion of data;
• you revoke your consent to their storage or if 
• the purpose for its storage is no longer valid in all cases except for mandatory data retention periods.

Register on the website

You can register on this website to access additional features and services offered by our company. In this regard, the data entered by you will be used and processed for the purpose of using the respective service or function for which you have registered. The mandatory data requested at registration must be provided by you in full, otherwise the registration operation will be rejected.

In order to inform you about important changes, such as those within the scope of our website or technical changes, we will use the email address you specified at the time of registration.

The processing of personal data, provided in the registration procedure, is done only with your consent and in compliance with the provisions of Article 6 para. 1 lit. a) GDPR. You may revoke your consent at any time, an informal e-mail to this effect being sufficient. We will continue to store the data collected during registration for as long as you remain registered on this website, but the mandatory storage periods remain valid and will be respected.

Comments section

By accessing the Comments section, certain personal data (such as, but not limited to email address, username, IP address) will be processed and stored, some of which is necessary from the perspective of preventing illegal actions or libelous content.

There is also the possibility to sign up/subscribe to this site in order to receive comments via the email provided, so:

• Your email address may be verified by a confirmation email;
• You can unsubscribe at any time by clicking on the link in the emails, and the data you provide will be deleted immediately, except for data provided as a result of accessing other sections (for example, when signing up for the newsletter) which will remain stored;

We comply with the relevant legal provisions, namely we store your comments and personal data on the basis of your consent (Art. 6 para. 1 lit. a GDPR), which can be withdrawn at any time (an informal email to this effect is sufficient).

The purpose of processing the collected data

Some of the data collected on this site is used to:

• Providing the services we offer for your benefit (e.g. to solve problems of any kind related to our products and services, to provide support services, etc.).
• Optimal operation and optimization of this site (statistical and analytical) - We always want to give you the best experience on our site, which is why we may collect and use certain information about your satisfaction with your use of this site, invite you to fill out questionnaires for suggestions or the like.
• Online advertising and promotion activities. You can ask us at any time, by the means described in this document, to stop processing your personal data for marketing purposes and we will comply with your request as soon as possible.
• Regular user information - We want to keep you up to date with our offers. To this end, we may send you any type of message containing general and thematic information, information on offers or promotions, as well as other commercial communications such as market research and opinion polls. For such communications, we rely on your prior consent. You can change your mind and withdraw your consent at any time.
• To defend our legitimate interests. There may be situations where we will use or transmit information to protect our rights and business. These may include: measures to protect our website and the user of our website from cyber-attacks; measures to prevent and detect fraud attempts, including the transmission of information to the relevant public authorities; measures to manage other types of risks.

The processing of personal data shall be carried out in accordance with the provisions of the General Data Protection Regulation, based on the consent of the data subject and for reasons of proper performance of contracts or the legitimate interests of the controller (except where the interests or fundamental rights and freedoms of the data subject require the protection of personal data, in particular where the data subject is a child).

User rights

Your rights regarding personal data and the means to exercise them are: Right of information, Right of access, Right to rectification, Right to erasure of data, Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated processing, Right to lodge a complaint and to apply to the courts, Right to withdraw consent.

• Right to information - you can request information on the processing activities of your personal data, on the identity of the controller and its representative or on the recipients of your data;
• Right of access - you may obtain from the controller confirmation as to whether or not personal data relating to you are being processed and, if so, access to those data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations ; where possible, the period for which the personal data are intended to be stored or, if this is not possible, the criteria used to determine this period ; the right to request the controller to rectify or erase the personal data or to restrict the processing of the personal data or the right to object to the processing, etc.
• Right to rectification - you can correct inaccurate personal data or complete them;
• Right to erasure of data - you can obtain the erasure of the data if the processing was not lawful or in other cases provided for by law;
• Right to restrict processing - you may request restriction of processing if you contest the accuracy of the data and in other cases provided for by law;
• Right to data portability - you may receive, under certain conditions, the personal data you have provided to us in a machine-readable format or request that such data be transmitted to another controller
• The right to oppose - you can object in particular to data processing based on the legitimate interest of the controller;
• The right not to be subject to a decision based solely on automatic processing of data - you can ask for and obtain human intervention in relation to that processing or express your own views on that processing;
• The right to complain and to go to court - you can lodge a complaint about the way your personal data is processed with the National Supervisory Authority for Personal Data Processing and/or you can apply to the courts to have your rights respected;
• Right to withdraw consent - in cases where the processing is based on your consent, you can withdraw it at any time. Withdrawal of consent will only be effective for the future, the processing carried out prior to withdrawal will remain valid.

Obligations of the data controller

Hosting

Personal data recorded on this website is stored on our own servers. The processing of the data provided and stored complies with the following legal provisions:

• art. 6 para. 1 lit. a) GDPR - the processing of personal data is carried out on the basis of your consent, obtained after a correct and complete information;
• art. 6 para. 1 lit. f) GDPR - data processing is carried out for the purposes of the legitimate interests pursued by us.

Data encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you by the lock icon that appears in your browser bar and by changing your browser address from http:// to https://. Once this type of encryption is activated, the data transmitted or transferred will not be visible to third parties.

According to the GDPR, if a breach of personal data security is likely to result in a high risk to your rights and freedoms, the operator of this website will inform you, without undue delay, of this breach, unless the additional provisions of the same Regulation become applicable (Article 34(3)).

Data Protection Officer

As the provisions of the GDPR (Art. 37 para. 1 - according to which the controller and the processor shall appoint a data protection officer whenever:

1. the processing is carried out by a public authority or body, with the exception of courts acting in their judicial role;
2. the main activities of the controller or processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, necessitate regular and systematic monitoring of data subjects on a large scale; or
3. the main activities of the controller or processor consist of the large-scale processing of special categories of data pursuant to Article 9 or of personal data relating to criminal convictions and offences referred to in Article 10)

Regarding the obligation to appoint a Data Protection Officer, for any information or clarification on the operation of this website, please contact us at the following details:

• Name: Ionuț-Bogdan Cărăușu
• E-mail: admin@scutbotoșănean.ro
• Tel: +40735613329
• Fax:
• Mailing address: JUD. BOTOȘANI, MUN BOTOȘANI STR. POD DE PEDRA, NR.6

Records of processing activities

According to the GDPR Regulation, the controller or processor should keep, for a reasonable period of time, records of the processing activities under its responsibility. Thus, these records will include all of the following information:

• name and contact details of the operator 
• the purposes of processing;
• description of the categories of data subjects and categories of personal data;
• the categories of recipients to whom personal data have been or will be disclosed;
• if applicable/possible:
  • transfers of personal data
  • the expected deadlines for deletion of different categories of data
  • a general description of the technical and organisational security measures

The obligation detailed above does not apply to an undertaking or organisation with fewer than 250 employees, unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Appropriate technical and organisational measures

Taking into account the state of the art, the context and purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.

Notification of the supervisory authority in the event of a personal data breach

According to Article 33 para. 1 of the GDPR, if a personal data breach occurs, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, if possible, within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

Informing the data subject about the personal data breach

With reference to the provisions of Article 34 of the GDPR, if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject without undue delay of the breach, unless:

• appropriate technical and organisational safeguards have been implemented and applied to personal data affected by personal data breaches, in particular measures ensuring that personal data are rendered unintelligible to anyone not authorised to access them, such as encryption;
• subsequent measures have been taken to ensure that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialise;
• would require a disproportionate effort. In this case, public information or a similar measure is carried out instead, whereby the persons concerned are informed in an equally effective way.

Social Media

Facebook plugins (Like & Share Button)

This service uses social plugins ("plugins") managed by the facebook.com social network. Plugins can be identified by a Facebook logo (a white "f" on a blue plate or a "thumbs up" sign) or are labelled by adding the phrase "Facebook Social Plugin". The list and layout of Facebook plugins can be seen here: https://developers.facebook.com/docs/plugins/. As long as you use the Like extension, you will like the Facebook page of our site without having to leave it. To the extent that you use the Share extension, you will share our site or certain content from it on your personal Facebook page without having to leave the site. 

Through the plugin, Facebook receives the information you access on our website. If you are logged in and on Facebook at the same time, Facebook can attribute the actions performed on the page to your account and therefore to you personally. When you interact with the plugins, for example by clicking on the Like button or by sharing certain content on the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, there is still a possibility that the social network obtains and stores your IP address. 

By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Facebook. We have no control over the nature and purpose of this transmitted data and its further processing. With regard to the purpose and extent of data collection, further processing and use of data by Facebook, as well as permissions and privacy settings.

If you do not want Facebook to associate your visit to this site with your Facebook account information, you may opt-out.

Twitter plugin

This service uses social plugins ("plugins") managed by the social network twitter.com. Plugins can be identified by a Twitter logo. 

Through the plugin, Twitter receives the information you access on our page. If you are logged in and on the social network at the same time, Twitter may attribute the actions taken on the page to your Twitter account and therefore to you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Twitter and stored. Even if you are not a member of Twitter, there is still a possibility that Twitter may obtain and store your IP address. 

By clicking on one of the plugin buttons, you can consent to their use and therefore to the transfer of personal data to Twitter. We have no control over the nature and purpose of this transmitted data and its further processing. Regarding the purpose and extent of data collection, further processing and use of data by Twitter, as well as permissions and settings to protect user privacy, you can consult Twitter's privacy policies at: https://twitter.com/en/privacy. 

If you are a member of Twitter and do not want it to collect your data through the plugin and link it to data already stored on Twitter, you must log out of the social network before visiting the site.

Newsletter

In order to receive a newsletter, a valid e-mail address must be provided, along with specific information identifying the holder of that address. Your consent is also required for the newsletter to be sent and we therefore inform you that any further personal data will only be collected and stored with your consent. The data collected in this way will only be processed for the purpose of sending the newsletter and will not be passed on to third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Article 6 para. 1 lit. a GDPR. 

Plugins and Tools

Youtube

Our website uses plugins from the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you visit a page on our website where a YouTube plug-in has been integrated, a connection to the YouTube servers will be created. As a result, the YouTube server will be notified, which pages you have visited

In addition, YouTube will also be able to set different cookies, which will allow us to obtain information about visitors to our site. Among other things, this information will be used to generate video statistics in order to improve usability and prevent fraud attempts. 

If you are logged in to your YouTube account while visiting our site, you allow YouTube to host your navigation patterns directly in your personal profile. You have the option to prevent this by logging out of your YouTube account.

Our use of YouTube is based on our interest in presenting online content to you in an engaging way. According to Art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.

Having regard to the judgment of 16 July 2020 (Case C-311/18 - Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems)The European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate. The transmission of personal data to the US and other countries outside the European Economic Area (EEA) should therefore be based on the European Commission's Standard Contractual Clauses (SCC).

For more information about how YouTube handles user data, see YouTube's Data Privacy Policy: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses Google Maps, a mapping and location service, via an API. The provider is Google Inc, 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

To ensure data protection on our website, you will find that Google Maps has been disabled when you visit our website for the first time. A direct connection to Google's servers will not be established before the autonomous activation of Google Maps, i.e. with your consent in accordance with Article 6 para. 1 lit. a) GDPR. This will prevent the transfer of data to Google during your first visit to our website. Once you have activated the service, Google Maps will store your IP address. As a rule, it is subsequently transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.

Having regard to the judgment of 16 July 2020 (Case C-311/18 - Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems)The European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.

The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission's Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you go to https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro. 

Google Maps uses Standard Contractual Clauses as adequate data protection safeguards in line with the level of protection guaranteed by the GDPR. For more information, see Google's Data Privacy Statement at the following link: https://policies.google.com/privacy

Online Chat

Online Chat Platforms

Facebook Messenger

On this website we use Facebook Messenger, a free instant messaging application, ensuring instant exchange of text messages with one or even more people or computers at once. It is an American messaging application and platform developed by Facebook, Inc. Originally developed as Facebook Chat in 2008, the company revamped its messaging service in 2010.

Through Facebook Messenger, we can provide you with quick support, allowing you to interact with us, including tracking purchases, receiving notifications and initiating personal conversations with our customer service representatives.

The legal basis for processing personal data via Facebook Messenger is Article 6 para. 1 lit. f) of the Regulation, based on our legitimate interest in the lawfulness of the processing. In relation to the processing of personal data, Facebook Ireland can be contacted online or by post at Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data collected through Facebook Messenger is used, among other things, to provide, personalize and improve the chat, to enable the provision of analytics services, and to communicate with you. 

Having regard to the judgment of 16 July 2020 (Case C-311/18 - Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems)The European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.

The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission's Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you go to https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro. 

Facebook Messenger complies with the GDPR and the Standard Contractual Clauses (SSC) approved by the European Commission, taking into account its decisions on data transfers to the United States and other countries at all times. The European Commission has recognised countries such as Andorra, Argentina, Canada (trading organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection. 

More information is available here https://www.facebook.com/privacy/explanation and here  https://www.facebook.com/legal/EU_data_transfer_addendum

WhatsApp

Through WhatsApp, we ensure effective communication with our customers. For those living in a country in the European Economic Area (which includes the European Union) and any other country or territory included (collectively referred to as the "European Region"), Whatsapp is operated by WhatsApp Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

As per WhatsApp policy, which can be viewed and reviewed here: https://www.whatsapp.com/legal/#privacy-policy, Whatsapp Ltd. being also part of the Facebook Companies, through this service personal data is collected and processed in compliance with applicable European (in particular, GDPR) or international (if we are talking about services provided by Whatsapp Inc. - EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework) security and privacy principles.

Through Whastapp it is processed:

• data provided by users themselves (such as user account data - phone number, profile name, photo - user connections. As far as sent messages are concerned, they are not stored on WhatsApp servers, except for those that could not be sent (e.g. for an offline user) and are stored for a period of 30 days before being deleted.
• Automatically collected data (user "last seen status" information, user preferences stored via cookies, IP address, browser information, some transaction and payment information - for payment terms and conditions, we recommend consulting https://www.whatsapp.com/legal/?eea=0#payments-in).

The legal basis for processing personal data via Whatsapp is Article 6(f) of the Regulation, based on our legitimate interest in the lawfulness of the processing.

Having regard to the judgment of 16 July 2020 (Case C-311/18 - Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems)The European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.

The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission's Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you go to https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

WhatsApp uses Standard Contractual Clauses as adequate data protection safeguards in line with the level of protection guaranteed by the GDPR, as available here https://www.whatsapp.com/legal/#privacy-policy-our-global-operations

Payment Methods

We process personal data only to the extent necessary to enter into or modify a contractual relationship with our association/the company managing this website, in compliance with the provisions of Article 6 para. 1 lit. b) of the GDPR1. Thus, we process (collect, record, structure, store, modify, extract, etc.) personal data from the time of access to this website only for the purpose of facilitating access to our products or services or/and to collect payment.

Online payments

According to the Regulation, "in order to maintain security and prevent processing in breach of this Regulation, the controller or processor should assess the risks inherent in the processing and implement measures to mitigate those risks, such as encryption" - Recital 83. Thus the availability of strong and effective encryption is a necessity to guarantee the protection, confidentiality and integrity of personal data.

During the purchase process of products sold through this website, your bank details are safe! 

We use secure encryption methods, with data being transmitted over high-security connections to financial units. This means that the data you provide to make payments is not passed on to third parties and is not stored in databases.

Other payment methods

According to the information available at https://www.scutbotoșănean.ro/, Paypal's information system, Stripe provides appropriate methods for the protection of users' personal data, as well as the operations, transactions they carry out through Paypal, Stripe

The purposes of the processing, the data processed, the conditions of their transfer and distribution, ensuring the security of the operations and of the data processed and stored, as well as all other information made available by Paypal, Stripe, are based on some of the mechanisms for ensuring the lawfulness of the processing, according to the GDPR, namely: the consent of the data subject (Art. 6 para. 1 lit. a), the performance of a contract (Art. 6 para. 1 lit. b) and the fulfilment of the legitimate interest of the controller (Art. 6 para. 1 lit. f).

Conclusion

This policy on the processing of personal data is generated in accordance with the provisions of Regulation No 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy on a regular basis for accurate and up-to-date information regarding the processing of personal data.

For further details regarding this GDPR Policy, as well as to exercise any of the above rights, written notice may be sent to the contact details indicated above.