Privacy Policy for processing personal data

 

We consider ensuring the right to personal data protection as a fundamental commitment to ISARA, so we will dedicate all the resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (the"General Data Protection Regulation" or" GDPR"), as well as any other applicable legislation on the territory of Romania. Since one of the key principles of this legal framework is transparency, we have prepared this document through which we want to inform you about how we collect, use, transfer, and protect your personal data when interacting with us about products and services including our website or the applications available on mobile phones.

 

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in regards to the way we process your personal data or any changes to your legal requirements. In the event of such change, we will display on our website the modified version of the Privacy Policy, which is why we recommend a periodically check on the contents of this Privacy Policy.

 

Who we are and how to contact us

 

ISARA is the trade name of Deneris Trade SRL, a Romanian legal entity, having its registered office in Floresti, Tăuțiului Street, ap. 1, nr. 21G, Cluj County, Trade Registered with the serial number J12 / 1524 / 06.06., tax registration RO30284214. For the purposes of data protection law, we are an operatorwhen we process your personal data.

 

Since we are always open to listening to your point of view and providing you with any further information you may need regarding the processing of your data, we encourage you to contact the ISARA Data Protection Officer at office@isara.ro or by post or courier at Floresti, Tautiului street, ap. 1, nr.21G, Cluj County, with the mention: to the attention of the ISARA Data Protection Officer.

 

Which categories of personal data will we process

 

In general, we collect your personal data directly from you, so you have control over the type of information you provide us with. For example, we receive information from you as follows:

 

When you create an ISARA account, you are sending us: your email address, your first and last name.You can add additional information to your personal page (My Account) on the ISARA platform, such as: mobile phone number, delivery addresses.

When placing an order, you provide us with information such as the product you want, your first and last name, delivery address, billing details, payment method, phone number, bank card details, etc.

 

We can also collect and then process certain information about your behavior while browsing our website or using your smartphone to personalize your online experience and make provide tailored to your profile. We invite you to find out more details in this regard by consulting the section below about the purposes of processing data. 

On our website and smartphone we can store and collect information in cookies and similar technologies, according to the Cookie Policy.

 

We do not collect or otherwise process sensitive data included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data for minors who are under the age of 16.

 

 

What are the purposes and basics of processing data

 

We will use your personal data for the following purposes:

 

1.To provide ISARA Services for your own benefit 

This general purpose may include, as appropriate, the following:

a) Creating and managing the account within ISARA’s platform

b) Processing of orders, including taking over, validating, shipping and invoicing;

c) Resolving cancellations or any issues related to an order, purchased goods or services;

d) Returning products according to the legal legislation;

e) Reimbursement of the value of the products according to the legal legislation;

f) Issuance of ISARA Gift Voucher;

h) Provide support services, including providing answers to your questions about your orders or ISARA goods and other services.

Processing your data for the aforementioned purposes is in most cases necessary for the conclusion and performance of a contract between ISARA and you. Certain processing underlying these purposes is also required by applicable law, including tax and accounting legislation.

 

 2. For marketing

We want to keep you informed about the best offers for the products / services you are interested in. In this regard, we may send you any type of message (such as e-mail / SMS / telephone, etc.) containing general and thematic information, information about similar or complementary products to those you have purchased, information on offers or promotions, product information added in the "Account / My Basket" section or the "Account / Favorites" section or you have shown interest in acquiring them, as well as other commercial communications such as market research and opinion surveys, and we can display personalized recommendations on our website and smartphone. In order to provide information of interest to you, we may use certain data about your buyer behavior (e.g., products viewed / added to wishlist / purchased) to create a profile. We always ensure that such processing is done with all due respect to your rights and freedom, and that decisions taken thereon have no legal effect on you and do not affect you to a significant extent.

In most cases, we establish our marketing announcements on your prior consent. You can change your mind and withdraw your consent at any time by:

- Accessing the unsubscribe link in the messages you receive from us; or through

- Contacting ISARA using the contact details described above.

In certain situations, we can establish our marketing activities on our legitimate interest in promoting and developing our commercial activity. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you may, at any time, request, as described above, to stop processing your personal data for marketing purposes. 

 

3.To defend our legitimate interests

There may be situations in which we use or relay information to protect our rights and commercial activity. These may include:

- Measures to protect ISARA’s website and users from cyber attacks

- Measures to prevent and detect fraud attempts, including the transfer of information to competent public authorities;

- Measures to manage various other risks.

The general basis of these types of processing regards our legitimate interest in defending our commercial activity,  ensuring that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

Moreover, in some cases, we establish our processing on legal provisions such as the obligation to safeguard the goods and values provided by applicable legislation in this field.

 

How long will we keep your personal data?

 

As a general rule, we will store your personal data as long as you have an account on the Sport Virus platform. You may request at any time to delete certain information or close the account and we will respond to these requests as soon as possible, subjected to the storage of certain information, including after the closure of the account, in cases where applicable law or legitimate interests impose it.

 

 

Transfer of personal data

 

As the case may be, we may transfer or permit access to certain personal data for the following categories of recipients:

- courier service providers;

- payment / banking service providers;

- marketing / telemarketing service providers;

- market research service providers;

- IT service providers;

- other companies with whom we can develop joint programs to market our goods and services.

If we have a legal obligation or if it is necessary to protect our legitimate interest, we can also disclose certain personal data to public authorities.

We ensure that access to your data by third party private juridical entities is done in accordance with the legal provisions on data protection and information confidentiality, based on contracts concluded with them.

 

Transfer of personal data to a foreign country

 

We currently store and process your personal data on the territory of Romania.

 

Security of personal data

 

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.

The transfer of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while ensuring data redundancy.

We use the services of Euplatesc payment processor to make payments. Any information regarding payments is encrypted. Despite the steps taken to protect your personal data, we must note that the transfer of information via the Internet in general or through other public networks is not completely secure, risking that data may be seen and used by third parties unauthorized parts. We can not be responsible for such vulnerable systems that are not under our control.  

 

Your rights

 

The General Data Protection Regulation recognizes a series of rights with respect to your personal data. You may request access to your data, correct any mistakes in our files, and / or you can oppose to the processing of your personal data. You can also exercise your right to complain to a competent authority or to court. As the case may be, you may also have the right to request the deletion of your personal data, the right to restrict your data processing and the right to data portability.

More information about each of these rights can be obtained by reviewing the table below.

In order to exercise your rights, you may contact us using the contact details listed above. Please note the following if you want to exercise these rights:

Identity.We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such records using  ISARA’s email address contact@isara.ro. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.

Fees.We will not charge fees to exercise any right with respect to your personal data unless your request for access to information is groundless, repetitive or excessive, in such circumstance we will charge a reasonable amount. We will inform you of any fees applied before we resolve your request.

Response time. We plan to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We will inform you if we require more than a month. We may ask if you can tell us exactly what you want to receive or what you are worried about.This will help us to act faster and shorten the response time for your request.

Rights of third parties. We do not have to comply with requests that may negatively affects the rights and freedoms of other targeted people.

 

Rights

 

Access

 

You can request:

- confirmation that we process your personal data;

- proof of copy of the data;

- to provide you with other information about your personal data, such as data we have, what we use, who we divulge to, whether we transfer them abroad and how we protect them, how long we keep them, what rights you have, how you can make a complaint, from where we obtained your data to the extent that the information has not already been provided to you through this information.

 

Rectification

 

You may ask us to rectify or complete your inaccurate or incomplete personal data.

We may try to verify the accuracy of the data before correcting it.

 

Deleting personal data

 

You may ask us to delete your personal data, but only if:

- they are no longer necessary for the purposes for which they were collected, or

- you have withdrawn your consent (if the data processing is based on consent); or

- You request it through a legal action; or

- they have been illegally processed; or

- we have a legal obligation to do so.

 

We do not have to comply with your request for deletion of your personal data if processing of your personal data is required:

- to comply with a legal obligation; or

- for the establishment, exercise or defending of a right in court.

There are certain other circumstances in which we are not obliged to comply with your request for data deletion, although these are the most likely circumstances in which we may decline your request.

Be aware that before exercising this right, download and save all the documents related to your orders from the Sport Virus account (such as invoices, warranty certificates). If you do not do this before exercising your right, you will lose all of these documents and the Sport Virus will be unable to provide you with data, because the process of deleting the data or the account Sport Virus, with all the data and documents related to it, is an irreversible process.

 

Right to restriction of processing

 

You may ask us to restrict the processing of personal data, but only if:

 

- their accuracy is contested (see rectification section) to allow us to verify their accuracy; or

- processing is illegal, but you do not want the data to be deleted; or

- they are no longer necessary for the purposes for which they were collected, but you need them to state, exercise or defend a right in court; or

- You have exercised the right to oppose to, and checking whether our rights are prevailing is ongoing.

We may continue to use your personal data following a restriction request if:

- we have your consent; or

- to establish, exercise or defend a right in court; or

- to protect our rights, other individuals and juridical person. 

 

Data portability

 

You may ask us to provide your personal data in a structured, commonly used and readable form, or request it "ported" directly to another data operator, but in each case only if:

- processing is based on your consent or on the conclusion or performance of a contract with you; and

- processing is done by automatic means.

 

Opposition

 

You may oppose at any time, the processing of your personal data on our legitimate interest if you believe that your fundamental rights and freedoms prevail over this interest.

You can also disapprove at any time the processing of your data for direct marketing purposes without any reason, in which case we will terminate this processing as soon as possible.

 

Automated-decision making

 

You can require to not be a subject of a decision based solely on automatic processing, but only when that decision:

- produces legal effects on you; or

- affects you in a similar way and to a significant extent.

This right shall not be applied if the decision taken following automatic decision-making:

- we are required to conclude or run a contract with you;

- is authorized by law and there are adequate safeguards for your rights and freedoms; or

- is based on your explicit consent.

  

Complaints

 

You have the right to file a complaint with the officer regarding the processing of your personal data. In Romania, the data protection authority's contact data is as follows:

National Supervisory Authority for Personal Data Processing

B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212;

E-mail: anspdcp@dataprotection.ro

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will do our best to resolve any issues amicably.

 

We remind you that you can contact the Data Protection Officer at any time by submitting your request in any of the following ways:

-      By e-mail at office@isara.ro

-      By post or courier at: Floresti, Tăuțiului Street, nr 21G, ap1, Cluj County- with the mention: to the attention of the ISARA Data Protection Officer.