Purpose of information
This document contains informative data regarding the protection of personal data and was established by S.C. YELLOWTICKETS SRL, in order to comply with the applicable legal provisions on personal data protection imposed by Regulation (EU) 2016/679 (“General Regulation on Data Protection” or “GDPR”), as well as by any other legislation applicable in Romania.
The document presents in a simple and transparent manner information about how we collect, use and protect your personal data when you interact with us in connection with our services and products, through our website or through the applications available on your mobile phone. (whatsapp, facebook, messenger and sms).
This document has the role of informing you about the processing of your personal data, in the context of using the website www.winetrips.ro. ( “Site”).
Who we are
YELLOWTICKETS S.R.L., legal person of Romanian nationality, based in Domneşti Commune, 309 Tudor Vladimirescu St., Ilfov County, Unique Registration Code RO37900222, registered at the Trade Register Office under no. J23 / 3519/2017.
Who are we addressing?
This document aims at unitary information of natural or legal persons whose personal data are processed by YELLOWTICKETS SRL, including but not limited to the following persons:
- beneficiaries of our services, even after the termination of the contractual relationship;
- potential clients;
- contact persons, legal or conventional representatives of the collaborators / contractual partners (eg suppliers);
What is personal data
According to Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), personal data is any information that refers to an identified or identifiable natural person, any information that may lead to the identification of a specific person, also constitutes personal data. Examples of personal data: a name and surname, a home address, CNP, an identity document number, an e-mail address (eg first email@example.com/com), location data , an internet protocol (IP) address, a cookie identifier, etc.
What does data processing mean?
The processing involves performing any operations on personal data: collection, registration, organization, structuring, storage, adaptation, modification, extraction, consultation, use, disclosure by transmission, dissemination, making available in any other way, alignment, combination, restriction, deletion , destruction.
What categories of personal data we process
The personal data we collect are provided directly by individuals who visit our site, so they always have control over the type of information they provide us. We receive information regarding a name and surname, e-mail address, telephone number.
We also inform you that there is the possibility to collect other data / information through your interaction with channels and websites that do not belong to us, that do not reveal your specific identity or are not directly correlated with a person. These may include, but are not limited to:
- Unique IDs, such as a cookie placed on your computer, mobile device or device IDs;
- Internet Protocol address (“IP address”) and information derived from your IP address, such as your geographical location;
- information about your device, such as information included in HTTP headers or other signals by Internet Transfer Protocol, the type and version of your browser or device, operating system, user-agent strings, and information about or from the presence or use of ” applications ”on your mobile devices, screen resolution and your preferred language;
- behavioral data about your use of channels, such as the web pages you clicked on, the websites and content areas you visited, the date and time of the activities;
- the web search you use to find and browse sites.
In certain situations, we may combine the above data with Personal Data, such as the derivation of your geographic location from your IP address, and the combination of behavioral data about your use of Channels with your name. In such cases, we will process the data. / information combined as personal data.
What are the purposes and grounds for the processing of personal data
We will use your personal data only for the purpose for which it was collected. Access to personal data is strictly limited to our staff in accordance with working procedures regarding data protection.
They will be used for the following purposes:
- Meeting your needs with the aim of informing / marketing / advertising about promotions, offers, contests and other actions carried out by the company;
- Submitting the information requested by you through the forms you fill out
- Improving our business, services and products by conducting studies, statistics so we can learn more about your shopping preferences;
- Defending and ensuring legitimate interests, in order to protect our rights and commercial activity, to maintain security and to prevent fraud;
The legal bases for the processing of personal data are substantiated:
- To provide and improve our services; compliance with legal obligations; administrative-financial management; managing the controls performed by the authorities; ensuring security inside our company; preservation, storage (prior to archiving) and archiving of documents; implementation of personal data security measures.
- To ensure the defense and exercise of our rights in litigious situations; for the management of complaints and notifications received regarding our services or for taking steps before concluding a contract;
- To prevent fraud; monitoring and security of the persons inside our company, of the spaces and / or movable goods inside.
With whom we share personal data
Your personal data will not be disclosed to others to be used for their own marketing or commercial purposes without your consent, if there is such a situation.
However, we may disclose your information to service providers and / or other service providers when we work with another company to offer or offer our customers products, services, contests or promotions with the companies that manage us. the financial-accounting and / or invoicing part, the companies that take care of the maintenance of the website or that send e-mails on our behalf.
We inform you that based on a legal obligation or to defend a legitimate interest, we may disclose certain personal data to public authorities.
We will ensure at all times that access to your data by other legal entities under private law will be made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
What is the storage period of your personal data
In order to fulfill the mentioned processing purposes, personal data will be processed throughout the contractual relationship, to supply the products and carry out the transactions you have requested or for other essential purposes, as well as when there is a legitimate commercial need for do so (eg, to provide you with the required information or to comply with our legal, tax or accounting obligations) or to comply with applicable legal provisions in this area.
How we protect the security of your personal data
Internally, we apply security policies and standards, and take technical and organizational measures (computer security procedures) to ensure the confidentiality and integrity of personal data and the way it is processed.
Despite all the measures taken to protect your personal data, however, we warn you that the transmission of information via the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data will be seen and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.
How to proceed if several different devices are used to access our site
Access to our site can be done from several different devices, such as mobile phone, home computer, laptop, a smart personal assistance device, and applications can personally associate you with each of your devices.
Thus, the information we collect from your various devices may be combined with other information you have provided to us, including details about: the history of transactions with our brands; how you use our site and services; the products you are viewing. See the Cookies Policy to learn how you can exercise your cookie-based tracking options to learn more about your online advertising choices.
How we protect juvenile data
Regarding minors, we adopt measures to protect their privacy and safety when using our site. The request for personal data from persons under the age of 16 will not be made without verifiable parental consent.
What other data can we collect
What links to other sites are there?
What are the rights of the data subject
The general regulation on the protection of personal data provides a number of rights in relation to your personal data. You can request access to your data, correct any errors in our records and / or object to the processing of your personal data. Where applicable, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability. Last but not least, you can exercise your right to complain to the competent supervisory authority (National Authority for the Supervision of Personal Data Processing, 28 – 30 G-ral Gheorghe Magheru Blvd., Bucharest, sector 1, postal code 010336, telephone: +40.318.059.211, E-mail: firstname.lastname@example.org) or to address the competent court, for situations in which we will not promptly and amicably respond to your requests.
A comprehensive description of your rights can be found in the following:
Right to information: the right of the data subject to be informed about the way in which personal data are processed.
Right of access: the right of the data subject to ask the controller if his data is processed, and in case of an affirmative answer to obtain a copy of this data.
Right to rectification: the right of the data subject to request the correction and completion of inaccurate or incomplete personal data on the basis of the information he / she provides.
Right to deletion of data (“right to be forgotten”): the data subject has the right to obtain from the controller the deletion of personal data concerning him, without undue delay if the data are processed illegally, without consent or if the data are no longer necessary for the purpose for which they were originally processed.
The right to restrict the processing – the data subject has this right if: he challenges the accuracy of the data, for a period that allows the verification of the correctness of the data; the processing is illegal and the person opposes the deletion of personal data, instead of requesting the restriction; personal data are no longer necessary for the purpose of processing, but the person requests them for the establishment, exercise or defense of a right in court; the person objected to the processing for the period of time in which it is verified whether the legitimate rights of the operator prevail over those of that person.
Right to data portability: the data subject has the right to receive personal data concerning him and which he has provided to the controller in a structured, commonly used and automatically readable format and has the right to transmit these data. data to another operator, without obstacles from the operator to whom the personal data were provided.
Right to object: the data subject has the right to object to the processing which is based on the legitimate interest of the controller, a third party or the public interest. If this right has been exercised, the controller must justify the reasons for the processing and suspend it for a certain period. The processing will only operate if the controller demonstrates that he has legitimate reasons justifying it and that the processing prevails over the interests, rights and freedoms of the data subject or that the purpose is to establish, exercise or defend a right in court.
Right not to be subject to an automatic decision with significant effect: the data subject has the right not to be subject to an automatic decision, including the creation of profiles if the decision has a significant or legal effect on it. The data subject also has the right to express his / her point of view, to request human intervention and to challenge the decision.
How can you contact us?
You can contact us, using the contact details provided on our website, by e-mail (email@example.com), the forms in the “Contact” section or using the address of our headquarters: Domneşti, 309 Tudor Vladimirescu St., Ilfov County.
Date: September 2020