+40 (770) 531 842 utopikcarplake@gmail.com
Register Login |

Privacy Policy

General policy regarding the protection and confidentiality of personal data.

 

1. General Presentation

1.1 Legal Framework, Purpose

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) transposed into national legislation through Law no. 190 of 18 July 2018 regarding measures for implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and through Law no. 102 of 3 May 2005 regarding the establishment, organization and functioning of the National Supervisory Authority for Personal Data Processing.

SC Utopik Carp Lake SRL processes personal data in connection with customers, suppliers, employees and other persons with whom the company has concluded a contract or with whom it is in a relationship.

This policy describes how personal data is collected, used and stored to be in accordance with the company's standards and with relevant legal provisions in the matter.

This policy applies to all persons within SC Utopik Carp Lake SRL who have access to personal data held by SC Utopik Carp Lake SRL, as well as to the systems and processes that constitute the paper and/or IT infrastructure and support of the company through which personal data is stored and processed.

This policy applies to all personal data processing, regardless of whether the data is stored in electronic format, on paper or on another type of medium.

1.2. Purpose of the Policy

This Policy highlights the general practices of SC Utopik Carp Lake SRL company regarding the collection, processing, handling, storage of personal information of natural persons according to law, for the purposes mentioned below, including the types of information collected, how it is used and protected, and how the natural person can correct/intervene in this process.

This data protection policy has been designed and implemented to ensure:

  1. Compliance with personal data protection legislation and best practices at this level
  2. Protection of the rights of data subjects: for example partners, customers, suppliers, representatives, employees
  3. An efficient and secure way of storing and processing personal data
  4. Protection of the company from possible risks related to data security breaches

1.3. Objectives and Scope of Application of This Policy

SC Utopik Carp Lake SRL company attaches great importance to adequate protection, security and confidentiality of all personal information belonging to persons whose personal data it holds such as: customers, visitors, contractual partners or their representatives, employees.

Therefore, SC Utopik Carp Lake SRL undertakes to comply with the requirements of applicable data protection legislation, respectively of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

A large part of the personal data that SC Utopik Carp Lake SRL processes was obtained directly from the data subject, but there is also personal data obtained from external sources.

In order to protect the collected data, SC Utopik Carp Lake SRL has implemented security and encryption measures, so that a possible security breach is avoided as much as possible. The applied measures are periodically re-evaluated in order to update with new technologies.

The procedures regarding the protection of personal data, organizational and technical measures, are structured in order to ensure confidentiality and security of personal data and all information related to personal data in the care of SC Utopik Carp Lake SRL.

At the same time, we, SC Utopik Carp Lake SRL, undertake to use all technical and organizational measures at our disposal to ensure the security of your personal data, protecting them against destruction, modification, disclosure or unauthorized access to them. We periodically verify the adequacy of the implemented measures.

1.4. Scope of Applicability

This policy applies to all contractors, suppliers, customers and other persons working with and on behalf of SC Utopik Carp Lake SRL. This policy applies to all data that SC Utopik Carp Lake SRL holds in relation to natural persons and which may lead to their identification. Personal information is collected and processed fairly, stored securely. Illegal use of personal data held by SC Utopik Carp Lake SRL is not permitted; SC Utopik Carp Lake SRL sanctions any attempt at illegal use of personal data.

1.5. Definitions

The definitions of the concepts on which this policy is based are as follows:

Personal data: any information concerning an identified or identifiable natural person (Data Subject), such as: name, surname, CNP (Personal Identification Number), ID card series and number, home address, date of birth, phone number, email address, bank account, ID, brand, information about family members, etc...

Data Subject: an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number (CNP, ID, brand), location data, an online identifier, or to one or more elements specific to their physical identity;

Processing: any operation or set of operations performed on personal data or on sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, or making available in any other way, combining, restricting, erasure or destruction;

Controller: the natural or legal person, public authority, agency or other body which, alone or together with others, determines the purposes and means of processing personal data;

Person authorized by the controller: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

1.6. Principles Regarding Personal Data Processing

Personal data are:

  1. processed lawfully, fairly and transparently in relation to the data subject (lawfulness, fairness and transparency);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (purpose limitation);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
  4. accurate and, where necessary, kept up to date; SC Utopik Carp Lake SRL shall take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with law, subject to implementation of the appropriate technical and organisational measures required by this regulation in order to safeguard the rights and freedoms of the Data Subject (storage limitation);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

Personal data:

  1. are processed lawfully, fairly and correctly in relation to the Data Subject;
  2. are obtained only for determined, legitimate, legal, specified and relevant purposes for fulfilling operational needs and will not be processed in any manner incompatible with the purposes for which they were obtained;
  3. are processed in a transparent manner.
  4. are processed strictly limited to what is absolutely necessary for the purposes for which they are processed, in the sense that personal data will not be kept longer than necessary with regard to the respective purpose;
  5. will be kept up to date. The processing of personal data will be done under the safest conditions, aiming at protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical and/or organizational measures.

1.7. Rights of the Data Subject

These rights consist of:

  1. The right to withdraw consent;
  2. The right to information;
  3. The right of access;
  4. The right to rectification;
  5. The right to erasure of data (the right to be forgotten);
  6. The right to restrict processing;
  7. The right to data portability;
  8. The right to object to processing;
  9. The right not to be subject to a decision based solely on automated processing, including profiling;
  10. The right to lodge a complaint with the Authority;
  11. The right to address the courts.

The Data Subject has the right to request information from us about the personal data held, can request their correction if they are inaccurate. In case SC Utopik Carp Lake SRL has the consent of the Data Subject for processing personal data, they can withdraw this consent at any time (legal contract cancellation). If SC Utopik Carp Lake SRL processes personal data based on consent or legitimate interest, the Data Subject can request the deletion of data. The Data Subject can request a copy of the information held in a readable format. To send a request regarding personal data, the Data Subject will contact SC Utopik Carp Lake SRL personally, by email, by mail, or telephone.

1.8. Legal Basis for Processing

There are the following alternative ways in which the legality of a specific case of personal data processing can be established:

Consent

Except where not necessary, SC Utopik Carp Lake SRL will always obtain explicit agreement from the Data Subject for the collection and processing of data. Information provided about the use of our personal data will be provided to data subjects at the time of obtaining consent and explaining their rights regarding their data, such as the right to withdraw consent. Where personal data are not obtained directly from the data subject, this information will be provided to the Data Subject within a reasonable time after obtaining the data.

Performance or Conclusion of a Contract

Where the personal data collected and processed is necessary to conclude or perform a contract with the data subject, explicit consent is not required. This will be the case where the contract cannot be concluded without the personal data in question, for example a preliminary contract or sale-purchase contract, a delivery (billing) cannot be performed without the buyer's (customer's) name and surname, or without an address for delivery.

Legal Obligation

Where personal data must be collected and processed in accordance with the law, explicit consent is not required. For example, individual employment contract (IEC). In this case, collection, processing, storage will be performed according to law.

Vital Interests of the Data Subject

Where personal data is necessary to protect the vital interests of the data subject or of another natural person, then this may be used as the legal basis for processing. SC Utopik Carp Lake SRL will maintain reasonable, documented evidence showing that this reason is used as a legal basis for personal data processing.

Activity Carried Out in the Public Interest

Where SC Utopik Carp Lake SRL must perform a task that it considers to be in the public interest or as part of an official obligation, then the consent of the data subject will not be requested. The assessment of public interest will be documented and made available as evidence when necessary.

Legitimate Interest

If the processing of specific personal data is in the legitimate interest of SC Utopik Carp Lake SRL and is considered not to significantly affect the rights and freedoms of the data subject, then this may be defined as the legal reason for processing.

2. Purposes for Which Personal Data Will Be Collected/Processed

SC Utopik Carp Lake SRL may collect/process personal data of Data Subjects as customers, suppliers, business partners and/or their representatives/employees, for the following purposes:

  1. for financial-accounting purposes, for the purpose of conducting contractual relations;
  2. for the purpose of maintaining contact details of the company's contractual partners;
  3. conducting business contractual relations;

SC Utopik Carp Lake SRL will use personal data (obtained online or in person), to manage purchases of products and/or services, to respond to questions from Data Subjects, as well as to send personalized communications.

SC Utopik Carp Lake SRL will process personal data of Data Subjects for the mentioned purposes, as applicable the following:

  1. identification data (for example, name, surname, CNP, country, contact information, etc.);
  2. economic and transactional information (for example, information regarding payments or regarding bank card or bank account, information about purchases, orders, returns, etc.);
  3. data regarding connection, geolocation and navigation (in case you interact with us, for example, from your mobile phone);
  4. commercial information;

When SC Utopik Carp Lake SRL requests completion of personal data to provide access to certain functionalities or services of the utopikcarplake.ro platform, some fields may be marked as mandatory, because this information is strictly necessary to be able to provide the product or service or to provide access to the respective functionality. If the Data Subject decides not to provide this necessary information, it may not be possible to complete the registration of the request.

3. Method of Collection/Processing of Personal Data

SC Utopik Carp Lake SRL collects personal data of data subjects from the moment of beginning contractual relations, from the moment of beginning collaboration relations with SC Utopik Carp Lake SRL.

Types of personal data that will be collected/processed:

SC Utopik Carp Lake SRL collects and processes personal data of customers and potential customers who are natural persons, representatives of organizations and their contact persons, contact data of persons with whom it interacts and of customers, suppliers and persons who contact the company unexpectedly, as well as of relevant persons who make their personal data publicly available in a manifest manner. SC Utopik Carp Lake SRL collects and processes personal data when it obtains consent, in writing or through IT means or when it is made publicly available in a manifest manner, as well as when it is mandatory by law.

The data collected differs from case to case. Example: the customer's name and surname, the name and surname of the contact person, position, telephone number, e-mail address, postal address, CNP, date, time and other possible contact details, which help us remember the context of interaction with us. SC Utopik Carp Lake SRL collects the personal identification number (CNP), for preliminary contracts and sale-purchase contracts and always with adequate security measures. If personal data accidentally reaches SC Utopik Carp Lake SRL, it will be deleted immediately.

For the purposes mentioned above, SC Utopik Carp Lake SRL collects/processes the following categories of data regarding customers, business partners, their representatives/employees:

  • Name, surname, CNP, telephone, fax, email address, postal address, home address, signature, for financial-accounting purposes, for the purpose of conducting contractual relations
  • Processing is necessary for compliance with a legal obligation to which the controller is subject (maintaining accounting records, maintaining legal documents)
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller;

4. Storage of Personal Data

The period of storage of personal data depends on the purposes for which they are processed, as follows:

4.1. Development, fulfillment and execution of the sales contract (under this GDPR policy an invoice can also be considered a sales contract): personal data will be stored for the time necessary to manage the purchase of products or services, including possible returns, complaints or complaints related to the purchase of the respective product or service.

4.2. Accounting: personal data will be stored for the time required by law. Regardless of how personal data is processed, for the time strictly necessary to achieve the targeted purpose, subsequently they will be stored and protected appropriately for the time during which responsibilities may arise from the respective processing, in accordance with regulations in force. Once the possible actions are prescribed in each case, the deletion of personal data will be proceeded.

Personal data is stored on SC Utopik Carp Lake SRL's server, is not used to make any automated decision based on it and will be kept as long as necessary for the assumed processing, and longer periods of personal data storage are exceptions associated with legal provisions, as follows:
- for financial-accounting purposes, for the purpose of conducting contractual relations: for the contractual duration, for a period of 10 years after registration in accounting;
- for the purpose of maintaining contact details of the company's contractual partners: for the contractual duration, for a period of 3 years from the date of termination of contracts.

Personal data will be subject to adequate technical and organizational measures reasonably necessary to protect them against destruction, loss, alteration, unauthorized or accidental access or other processing. SC Utopik Carp Lake SRL will undertake measures regarding data processing security and will establish its own internal policy for the security of personal data processing.

5. Disclosure of Personal Data

SC Utopik Carp Lake SRL will disclose personal data of data subjects, in the case of contractual partners/representatives of SC Utopik Carp Lake SRL's contractual partners to contractual partners. SC Utopik Carp Lake SRL will grant access to personal data to third parties who provide support in the services offered by SC Utopik Carp Lake SRL namely: financial institutions, bodies specialized in fraud detection and prevention, technology service providers, logistics, transport and delivery service providers and collaborators, marketing and advertising service providers and collaborators, public notaries.

6. Right of the Data Subject to Make Requests and Lodge Complaints

If the data subject has a complaint regarding the use of personal information, they will first contact SC Utopik Carp Lake SRL, in order to remedy the request amicably. For this purpose, for any problem, question or dissatisfaction regarding the way personal data is processed, the Data Subject can send an email to the address: utopikcarplake@gmail.com. Also, the Data Subject can contact the National Supervisory Authority for Personal Data Processing for Information through their website at https://www.dataprotection.ro/ or through the correspondence address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania.

SC Utopik Carp Lake SRL will provide a response within a maximum of one month, and in certain exceptional cases within at most two months from receipt or date of registration of the request. This term may be extended with justification by at most 15 calendar days if SC Utopik Carp Lake SRL has to resolve multiple requests and/or the request is complex. SC Utopik Carp Lake SRL will transmit the response to the data subject by registered letter to the address indicated by the data subject or by e-mail.

7. DPA Notification in Case of Personal Data Security Breach

In case a personal data security breach occurs, SC Utopik Carp Lake SRL notifies the National Supervisory Authority for Personal Data Processing, without unjustified delays and, if possible, within at most 72 hours from the date it became aware of it.

The notification:

  1. will describe the nature of the personal data security breach, including, where possible, the categories and approximate number of data subjects concerned, as well as the categories and approximate number of personal data records concerned;
  2. will communicate the name and contact details of the data protection officer or a contact point from where more information can be obtained;
  3. will describe the probable consequences of the personal data security breach;
  4. will describe the measures taken or proposed to be taken by SC Utopik Carp Lake SRL to remedy the personal data security breach problem, including, where appropriate, measures to mitigate its possible negative effects.

SC Utopik Carp Lake SRL maintains documents regarding all cases of personal data security breaches, which include a description of the factual situation in which the personal data security breach occurred, its effects and the remedial measures undertaken. This documentation allows the DPA National Supervisory Authority for Personal Data Processing to verify compliance with GDPR provisions.

In case the personal data security breach is likely to result in a high risk to the rights and freedoms of natural persons, SC Utopik Carp Lake SRL informs the data subjects without unjustified delays about this breach.

8. Privacy Policy Updates

SC Utopik Carp Lake SRL periodically verifies whether this Policy is correct and complete, in accordance with the requirements of applicable legislation and its principles. In case any modifications to this Policy are necessary, SC Utopik Carp Lake SRL will modify this Policy and will publish it in due time on utopikcarplake.ro. Data subjects can formulate any question, comment regarding this Policy including regarding applicable law. This Policy will be brought to the attention of all customers, collaborators, business partners or other third parties through publication on the utopikcarplake.ro website.

Contact

Utopik Carp Lake

Ineu 725/D, judetul Bihor

+40 (770) 531 842 utopikcarplake@gmail.com
Follow Us: