Personal data protection policy

Personal Data Protection Policy

In accordance with the legislative provisions imposed by the European Union through the General Data Protection Regulation no. 679/2016, supplemented by current Romanian legislation,

S.C. SOAPMILL S.R.L. assumes the legislative provisions and undertakes to manage, under safe conditions and only for the declared purposes, the personal data provided by you through our forms, emails, or web applications.

We are committed to complying with the current regulations in force regarding personal data protection, especially the following principles governing processing:

  • Principle of lawful, fair, and transparent processing of data;
  • Principle of processing personal data for specified purposes;
  • Principle of collecting adequate, relevant, and non-excessive data for the purpose of processing;
  • Principle of informing the data subject;
  • Principle of data storage limitation;
  • Principle of protection and security of personal data.

PURPOSE

The purpose of data processing is:

  • Processing your orders, confirming them, informing about their status and delivery;
  • Communicating offers, promotions, or marketing messages;
  • Sending notifications and newsletters, with your consent;
  • Receiving and processing payments;
  • Offering support in case of issues with website usage;
  • Performing statistical data/analyses;
  • Resolving cancellations or complaints regarding purchased orders, services, or products.
  • To ensure access to restricted sections of the website.

WHAT DATA WE PROCESS

Categories of data we collect directly from you by filling out the account creation form and placing an order on the website:

  • First Name and Last Name
  • Email address
  • Phone number
  • Delivery address
  • Billing address
  • Social media profiles
  • Bank information
  • Interests and preferences

Categories of data processed automatically:

  • IP
  • Cookies LINK TO COOKIE POLICY
  • Browser
  • Location
  • Ads you clicked on
  • Pages you visited

LEGAL BASIS

Personal data may be processed in accordance with Article 6 of the GDPR if:

  • The data subject/User has given consent to the processing of their personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Compliance with a legal obligation of the data controller (e.g., issuing an invoice).

STORAGE PERIOD

The storage period for personal data is 10 years from the last interaction with us. After this period, the data will be anonymized.

DATA DESTINATION

The registered information is intended for use by the operator and is communicated only to the following recipients:

  • Hosting or Developers
  • Couriers
  • Payment processors
  • Marketing providers (Newsletter, Retargeting, Adwords, Facebook, Instagram, Analytics, WEB Agency, Hotjar)
  • Invoicing system (SmartBill)
  • Accounting Firm
  • State Authorities (in case of inspection)

PERSONAL DATA SECURITY

Personal data security measures:

  • The website uses appropriate security measures (SSL Software) to protect personal data against accidental destruction, loss, alteration, disclosure, unauthorized access, or misuse of information in our database.
  • Implementation of antivirus protection
  • Taking necessary legal, organizational, and technical measures to protect personal data against unauthorized access
  • Employees maintaining processing security (contractual clauses)
  • Backup
  • Pseudonymization and encryption of personal data (users are recommended to create an account with a password composed of multiple characters, numbers, and letters)

The site administration has the right to make changes and additions to this Privacy Policy without the user's consent.

 

DATA SUBJECT'S RIGHTS

According to current legislation, you benefit from the following rights:

  • Right to information – you can request information regarding the processing activities of your personal data;
  • Right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time. Withdrawal of consent will only have prospective effect; processing carried out prior to withdrawal will remain valid;
  • Right of access – to data; you can request and obtain confirmation as to whether or not your personal data is being processed by SC ADDO VISION SOLUTIONS SRL, and if so, you can request access to it, as well as certain information;
  • Right to intervention/rectification of data – you can rectify inaccurate personal data or complete it;
  • Right to object to data processing – you can object, in particular, to data processing based on our legitimate interest. You can exercise this right online, by phone, or at the email address office@soapmill.ro. We will consider your objection and whether the processing of your information has any unjustified impact on you that requires the cessation of such data processing. You can also object to receiving personalized commercial messages from us. When you become a client, we may ask you if you wish to receive personalized offers. If you change your mind later, you can opt out of receiving messages by using the "unsubscribe" link at the bottom of each commercial email.
  • Right to judicial recourse – you can file a complaint regarding the processing of personal data with the National Supervisory Authority for Personal Data Processing;
  • Right to erasure of data ("right to be forgotten") – you can obtain the erasure of data if its processing was not legal or in other cases provided by law;
  • Right to restriction of processing – you can request restriction of processing if you dispute the accuracy of the data, as well as in other cases provided by law;
  • Right to data portability – you can receive, under certain conditions, the personal data you have provided to us, in a machine-readable format, or you can request that such data be transmitted to another controller;

To exercise these rights, you can submit a written, dated, and signed request to the email address office@soapmill.ro.

If you find that some of the data provided by you is incorrect, please inform us as soon as possible, so that we can fulfill your orders and send you any announcements or information regarding those orders.

 

Thank you for choosing us!