Last update: 22 January 2024
Pai of Pai, as controller, hereby undertakes to respect confidentiality, complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (“Regulation” or “GDPR“) as well as the personal data of the data subjects whose data it processes as controller. It will also specify what kind of information the policy contains and to whom it is addressed.
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pai din Pai takes all necessary measures to ensure compliance with your right to personal data protection, and this document represents the notification established by art. 13 or 14 of the Regulation informing you about how we collect, use, transfer and protect your personal data when you interact with us in connection with our products, including through our www.paidinpai.ro website (the “Site“).
We reserve the right to periodically update and modify this Privacy Policy to reflect any changes to the way we process your personal data. personal information or any changes in legal requirements. In case of any such change, we will display on the Site the modified version of the Privacy Policy, which is why we ask you to periodically check its content.
We encourage you to read the document carefully and ask us for any additional information or clarification you consider necessary regarding the content of this information.
1) OUR CONTACT DETAILS
Pai din Pai is the commercial name of PAI DIN PAI S.R.L., legal person of Romanian nationality, having its registered office in Bucharest, Sector 2, 5 DOAMNA GHICA Street, ROOM 2, Block 3, Staircase 3, 6th Floor, Ap. 107, having serial number in the Trade Register J40 / 11279/2023, unique fiscal registration code 48351944. For the purposes of data protection legislation, we are an operator when we process your personal data. personal.
You can contact us, including to provide you with any additional information you may need regarding the processing of your data, using the following email address: office@paidinpai.ro or the following postal address: Romania, Dobromir Village, Dobromir Commune, Baneasa Street, Nr. 27, ROOM NO.4/ WAREHOUSE 55.74 SQM, Constanta County or through the contact form in the “contact” section of the Site (https://www.paidinpai.ro/contact/ ).
2) CATEGORIES OF PERSONAL DATA WE PROCESS
In general, we collect your personal data. personal information directly from you, so you have control over the type of information you give us. By way of example, we receive information from you. thus:
- When you create an Account on the Site, you send us: e-mail address, first and last name, delivery address / billing address, no. phone, nickname;
The User is solely responsible for all data provided at the time of creating the Account on the Site. In order to confirm the data and Account, the User will be notified by Pai din Pai at the e-mail address declared when creating the Account. This confirmation email is designed to stop fraudulent actions by users who use other people’s email addresses to create fictitious accounts. If you receive such a message, if you have not personally registered on the Site, please send us, as soon as possible, an e-mail to office@paidinpai.ro address to delete the respective Account. The Pai email from Pai will contain links(s) to the current version of this document, as well as the Terms and Conditions and the Cookies Policy.
The User profile form related to the Account contains fields that can be edited if you want to modify or complete the data provided when creating the Account.
The Website may also be used if the User decides not to create an Account by providing personal data, with the exceptions set out in the Cookies Policy.
- When you place an order, you provide us with information such as: desired product, first and last name, delivery address, billing details, payment method, telephone number, bank card details, etc.;
- When you send us a request by email, you can provide us with information such as: first and last name, billing details, mobile / landline phone number, delivery address, etc.
We may also collect and further process certain information about your behavior. while visiting the Site, to personalize your online experience and provide you with offers tailored to your profile. We invite you to find out more details in this regard by consulting the section on the purposes of processing below.
On the Site we may store and collect information in cookies and similar technologies, according to the Cookies Policy.
We do not collect or otherwise process sensitive data, included by the Regulation in special categories of personal data. We also do not want to collect or process data of minors under the age of 16.
The provision of the data indicated above is not mandatory to view the Site, except for those concerning Cookies – see in this regard the Cookies Policy.
3) PURPOSES AND GROUNDS OF PERSONAL DATA PROCESSING
We will use your personal data. personal data for the following purposes:
- For the provision of Pai services for your benefit.
This general purpose may include, as appropriate, the following:
- Creating and administering the Account within the Pai Site in Pai;
- Processing Orders, including picking, validating, shipping and invoicing them;
- Resolving cancellations or problems of any kind related to an Order, purchased goods;
- Returning products according to the legal provisions;
- Reimbursement of the value of the products according to the legal provisions;
- Providing support services, including answering your questions. regarding your orders or to the goods sold by Pai din Pai.
The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between Pai of Pai and you. (basis for processing under GDPR: performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract – Article 6 paragraph 1 letter b of the Regulation). Also, certain processing subsumed to these purposes is required by applicable law, including tax and accounting legislation (basis for processing in the GDPR: fulfillment of a legal obligation incumbent on the operator – art. 6 para. 1 lit. c of the Regulation).
- To improve Pai services in Pai
Because we always want to provide you with the best online shopping experience, we may collect and use certain information about your online shopping behavior. by the Buyer. In this regard, we may invite you to fill in satisfaction questionnaires subsequent to the completion of an order or we may conduct, directly or with the help of partners, market studies and research.
We base these activities on our legitimate interest in conducting business activities, always taking care that your fundamental rights and freedoms are not affected (basis for processing in the GDPR: legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, prevail, In particular when the data subject is a child – Art. 6 para. 1 lit. f of the Regulation).
III. For marketing
We want to keep you updated on the best deals for our products.
In this regard, we can send you any type of message (such as: e-mail / SMS / telephone / mobile push / webpush / etc.) containing general and thematic information, information on products similar or complementary to those you have purchased, information on offers or promotions, information on products added to the “Cart” section or you have shown interest in purchasing them, as well as other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the Site.
In order to provide you with information of interest to you, we may use certain data regarding your behavior. buyer (e.g. products viewed/added to Cart/purchased) to create a profile for you. We always ensure that this processing is carried out in compliance with your rights and freedoms. and that decisions taken on the basis thereof have no legal effect on you. and does not affect you similarly to a significant extent.
These personal data will be stored until you express your wish to unsubscribe, after which they will be destroyed. They may be transmitted to our partners, providers of profile services that comply with GDPR rules, only in order to achieve the purpose mentioned above.
Pai of Pai undertakes to maintain the confidentiality of the data transmitted for subscribing / subscribing to Commercial Communications and not to transfer them for other purposes.
Given that we base our marketing communications on your consent. In advance (GDPR processing basis: the data subject has given consent to the processing of his or her personal data for one or more specific purposes – Article 6 paragraph 1 letter a of the Regulation), you can change your mind and withdraw your consent, respectively you can unsubscribe, at any time, by:
- accessing the unsubscribe link displayed in the messages received from Pai in Pai by e-mail (at the bottom of the e-mail in the section “click here to unsubscribe”); or
- changing the settings in the user account in the “My subscriptions” section, for those who have an Account on the Site; or
- contacting Pai from Pai using the contact details described above.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business activity (GDPR processing basis: legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, prevail, In particular when the data subject is a child – Art. 6 para. 1 lit. f of the Regulation). In any situation where we use information about you. For our legitimate interest, we take care and take all necessary measures to ensure that your rights and freedoms are safe. fundamental not to be affected. However, you can ask us at any time, by the means described above, to stop processing your personal data. for marketing purposes, and we will respond to your request.
Personal data requested at the time you create an account on the Site and the data entered by you. in the account on the Site are not used for marketing and/or statistical purposes.
The Site undertakes not to send spam messages (commercial messages for which it does not have the explicit prior consent of the User) and to undertake all accessible technical means to ensure the security and confidentiality of the User’s data.
- To defend our legitimate interests
There may be situations in which we will use or transmit information to protect our rights and commercial activity. These may include:
- measures to protect the Site and users of the Site against cyber attacks;
- measures to prevent and detect fraud attempts, including the transmission of information to competent public authorities;
- measures to manage various other risks.
The general basis for these types of processing is our legitimate interest in defending our business activity (GDPR processing grounds: legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which require protection of personal data, in particular where the data subject is a child – Art. 6 para. 1 lit. f of Regulation), being understood that we ensure that all the measures we take guarantee a balance between our interests and your rights and freedoms. Fundamental.
4) RETENTION PERIOD OF PERSONAL DATA
As a general rule, if you have an Account on the Site, we will store your personal data for as long as you have that Account. You can ask us at any time to delete certain information or close your Account and we will comply with these requests, subject to the retention of certain information even after closing the Account, in situations where applicable law or our legitimate interests require it, for example in cases where the data entered are the basis of confirmed orders for which invoices have been issued (In this situation, the data, respectively name, surname, telephone number and address, must be kept, according to the Romanian legislation in force, for a period of 5 years calculated from July 1 of the year following that of the end of the financial year in which the mandatory accounting registers and supporting documents underlying the entries in the financial accounting were drawn up).
If you do not have an account on the Site, but place an Order, your name, surname, telephone number and email address. will be used for the purpose of creating transport documents and will be used by the partner courier company on behalf of Pai of Pai exclusively for the purpose of fulfilling the contact: SMS notification regarding the time of delivery and the actual delivery of the package.
This information is stored for a period of 10 years, after which it will be destroyed. They can only be passed on to our partners in order to achieve the purpose mentioned above.
5) TO WHOM WE SEND YOUR PERSONAL DATA; PERSONAL CHARACTER
Where applicable, we may transmit or provide access to certain of your personal data. the following categories of recipients:
- companies in the same group as us, if applicable;
- courier service providers (for example, but this list is not limiting: Sameday, DPD, FAN Courier, GLS), if a product order has been made;
- payment service providers, payment administration (including confirmation of a payment) and anti-fraud protection (NETOPIA FINANCIAL SERVICES S.R.L. – Netopia Payments) in order to process card payments for online orders placed on the Site;
- service providers for sending Commercial Communications, if applicable;
- providers of technical support and maintenance services of the Site (Croif Web Solutions S.R.L.);
- hosting and backup service providers for hosting the Site (Croif Web Solutions S.R.L. – evohost.ro);
- billing and management service providers (Intelligent IT S.R.L. – Smartbill);
- provider of its own business communication platform that offers many functions in IRC style – Internet Relay Chat – instant communication via the Internet;
- market research service providers;
- other companies with whom we can develop joint programs to offer our goods on the market.
If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your personal data is accessible to you. by third parties legal entities of private law is carried out in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
6) TO WHICH COUNTRY DO WE TRANSFER YOUR PERSONAL DATA? PERSONAL CHARACTER
As a general rule, your personal data will be processed by the personal data. personal information is stored and processed on the territory of the European Union and the European Economic Area (EEA).
Where your personal data will be transferred outside the European Union or EEA, the transfer will be made (a) on the basis of a decision of the European Commission deciding that the third country in question ensures an adequate level of protection, (b) on the basis of binding corporate rules or (c) on the basis of standard contractual clauses adopted by the European Commission. In addition, if we identify that one of these measures is not sufficient to ensure an adequate level of protection, on a case-by-case basis, we will adopt additional technical and/or organizational security measures in accordance with the recommendations of the European Commission.
You can contact us at any time, using the contact details set out above, to find out more information about the countries to which we transfer your data, as well as the guarantees we have put in place regarding these transfers.
7) HOW WE PROTECT THE SECURITY OF YOUR PERSONAL DATA PERSONAL CHARACTER
Security of your personal information is important to us, including, but not limited to, personal information collected through the Site and our services. We use reasonable security measures to protect against loss, misuse and alteration of personal information under our control, both during transmission and after we receive it. These include, but are not limited to, data encryption.
For data privacy and security, the Pai account in Pai is protected by a password and username. Not all employees / company representatives have access to databases, and those who have access have previously signed an agreement to comply with the legal provisions in the field.
Pai din Pai is not responsible for malfunctions that may endanger the security of the server on which the database containing personal data is hosted.
To make payments we use the Netopia Payments service provided by NETOPIA FINANCIAL SERVICES S.R.L., registered with the Trade Registry under no. J40/12763/2020, unique registration code RO43131360, headquartered in Bd. Dimitrie Pompeiu 9-9A, IRIDE BUSINESS PARK, Building 24, 4th floor, Sector 2, Bucharest, 020335. Any payment information is encrypted.
Text 3D Secure
3D Secure means a new global approach to authenticating buyers and sellers in secure transactions on the Internet. This security measure involves redirecting the user when making the payment to a secure page where the registration of each cardholder is done by assigning an authorization code for each online transaction. The cards accepted for payment are those issued under the Visa/Visa Electron and Mastercard/Maestro logos.
Pai of Pai does not request or store any information regarding the Users’ bank card or cards, which are processed directly on the servers of the online payment service provider.
Despite the measures taken to protect your personal data. We draw your attention that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data will be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.
While we strive to ensure the integrity and security of our networks and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining this information.
If we learn of a security breach involving your personal information. We may try to inform you electronically so that you can take appropriate protective steps. By using the Site or providing personal information to us, you agree that we may communicate with you. electronically, regarding security, privacy and administrative issues related to your use. of the Site. If a security breach occurs, we may display a notice on our homepage or elsewhere on the Website and may send you an email to the address you have provided to us.
8) YOUR RIGHTS ON PERSONAL DATA AND THEIR EXERCISE
In order to protect data as high as possible, the User has a series of rights regulated by GDPR, which we briefly present below.
In order to exercise your rights, you can contact us using the contact details set out above.
Please note the following if you wish to exercise these rights:
Identity. We take seriously the confidentiality of all records containing personal data. For this reason, please send us your requests. with respect to such registrations using the email address associated with the Account on the Site, if any, or the email address provided at the last order placed on the Site, if you do not have an account on the Site. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.
Fees. We will not charge a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before processing your claim.
Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask if you can tell us exactly what you want to receive or what worries you. This will help us act faster and shorten the response time to your request.
Third Party Rights. We do not have to comply with a request if it would adversely affect the rights and freedoms of other data subjects.
- Right of access
The user can ask us:
- confirm whether we process their personal data;
- provide them with a copy of this data;
- to provide him with other information about his personal data, such as what data we have, what we use it for, to whom we disclose it, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how he can make a complaint, where we obtained his data, insofar as the information has not already been provided to him through this information.
- Right to rectification of data
The user has the right to obtain the rectification of any inaccuracies concerning his personal data processed by us. It also has the right to obtain the completion of any personal data that is incomplete. We may try to verify the accuracy of the data before rectifying it.
- Right to erasure (“right to be forgotten“)
The user has the right to delete personal data if:
- they are no longer necessary for the purposes for which they were collected; or
- withdrew consent (where data processing was based on consent); or
- has exercised a legal right to object; or
- they have been processed illegally; or
- We have a legal obligation to do so.
This right is not an absolute right, which means that the law places certain limitations on the exercise of this right.
Thus, we are under no obligation to comply with your request. to delete your personal data. personal data where the processing of your personal data Personal data is required:
- for compliance with a legal obligation; or
- for establishing, exercising or defending a right in court; or
- for the protection of the rights of another natural or legal person.
Please note that before exercising this right, you download from your Account and save all documents related to orders made from Pai from Pai, regardless of whether billing was made to you. or to another natural or legal person (such as: invoices, warranty certificates, if applicable, etc.). If you do not take this step before exercising your right to delete, you will lose all these documents and Pai from Pai will be unable to make them available to you, as the case may be, because the process of deleting the data, respectively the Account on the Site, with all the data and documents related to it, It is an irreversible process.
- Right to restriction of data processing
The user has the right to obtain restriction of processing of his/her personal data that we collect and process, in particular if their accuracy is contested (see rectification section), to allow us to verify their accuracy, in case data processing is illegal, but does not want the data to be deleted, or if the processing of such data is no longer necessary for the purposes for which they were collected, but the User needs them to establish, exercise or defend a right in court, or the User has exercised his right to object, and the verification whether our rights prevail is ongoing.
In this case, we may continue to use your personal data. personal following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend a right in court.
- Data portability
The user has the right to obtain from us the provision of personal data in a structured, commonly used and machine-readable format, or may request that it be “ported” directly to another data controller, but in each case only if:
- the processing is based on your consent or on entering into, or performance of, a contract with you; and
- processing is carried out by automatic means.
- Right to object
The user has the right to object at any time, on grounds relating to his particular situation, to the processing of his personal data on the basis of our legitimate interest, if he considers that his fundamental rights and freedoms prevail over this interest.
Also, the User may object at any time to the processing of his data for direct marketing purposes (including profiling, if applicable), without invoking any reason, in which case we will cease this processing as soon as possible.
- Right to withdraw consent
For personal data processed on the basis of consent, the User has the right to withdraw consent at any time, as easily as he initially granted it. However, the withdrawal of consent will not affect the lawfulness of the data processing we carried out before the withdrawal of consent. The right to withdraw consent is not absolute, which means that there are cases in which data will not be deleted as a result of withdrawal of consent (for example, if personal data is used for Pai of Pai to comply with a legal obligation such as the storage period of accounting data according to the applicable legal provisions). The withdrawal of consent applies from the moment of its registration and the withdrawal of consent will be made within maximum 3 working days from registration.
- Right to lodge a complaint with the competent authority
The user has the right to file a complaint with the National Supervisory Authority for Personal Data Processing regarding the aspects regarding the processing of personal data by Pai din Pai.
The contact details of the National Supervisory Authority for Personal Data Processing are as follows:
Blvd. G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Email: anspdcp@dataprotection.ro
Without affecting your right. to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issue amicably.
- Automated decision-making, including profiling and the right to request that decisions based on automated data processing or affecting to a significant extent be taken by natural persons, not exclusively by computers
You may request not to be subject to a decision based solely on automated processing, but only when that decision:
- produces legal effects concerning you; or
- affects you in another, similar way and to a significant extent.
This right shall not apply if the decision reached as a result of automatic decision-making:
- it is necessary for us to enter into, or perform a contract with, you;
- is authorised by law and there are appropriate safeguards for your rights and freedoms; or
- is based on your consent. explicit.