Privacy policy

PRIVACY POLICY

Thank you for your interest in our company, website, services and/or products.

When you want to establish a relationship with us and use the services of our company (hereinafter referred to as SC Art & Business Today srl), you entrust us with information about yourself, also known as personal data, and we thank you for your trust. The protection and privacy of personal data is a very important topic for us and we strive to store it safely and process it carefully, and in this respect we explain to you in a clear and transparent way what our practices are regarding the privacy of your data .

This information is presented in this document (hereinafter referred to as the "Privacy Policy", "This document" or the "Document" ) and please read together with the Terms and Conditions section (which you can find here .

Our privacy policy wishes to inform you about the processing of your Personal Data in connection with your visit to our website www.millamilla.shop (hereinafter referred to as "the website" ) and your use of any additional services offered by SC Art & Business Today srl.

By visiting the Site, purchasing our products and/or services, or interacting with us in any way, you agree to our Privacy Policy. If you do not agree with what is described in this Document, please do not use our services.

We inform you that SC Art & Business Today srl is a personal data operator within the meaning of the GDPR for the processing of personal data.

  1. Definitions.

1.1. Purpose of the privacy policy

1.2. Who are we?

1.3. Who are you?

1.4. Definitions

1.5. Other services

1.6. Claims

  1. Personal data and data processing

2.1. The data we collect and how we use it

2.2. What happens if you don't provide us with your data

2.3. The purpose for which we collect your personal data

2.4. The legal grounds for the processing of personal data

  1. Disclosure of Personal Data and Data Transfers
  2. Storage of personal data
  3. Security of personal data
  4. Your rights - questions, requests and exercising rights
  5. Privacy Policy Changes/Modifications/Updates

 

 

  1. Definitions.

1.1. Purpose of the privacy policy

The purpose of this Privacy Policy is to explain to you what information we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can update, manage, export and delete, and for this purpose we act as an operator and are required by law to provide this information to you.

We would like to inform you that this Privacy Policy applies everywhere you find us online.

1.2. Who are we?

Below you will find our identification data:

Name

Art & Business Today srl

Social headquarters

Episcopul Ilarion str. no. 11, Bucharest sec. 2

Trade register number

J40/1143/2008

Tax registration code

23127764

E-mail

info@millamilla.shop

Phone

+40 722 788 450

In accordance with the legislation in force, our company is a personal data controller , and in order for your data to be processed safely, we make every effort to implement reasonable and appropriate technical and organizational measures to protect your personal data personal.

1.3. Who are you?

According to the legislation, you, the natural person beneficiary of our services/products, the representative or contact person of a company that is our client or potential client, the website visitor or the person in a relationship of any kind with us, are a "data subject" means an identified or identifiable natural person. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of rights.

1.4. Definitions

Personal data - means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;

Processing - means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction , viewing, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying;

GDPR (General Data Protection Regulation) or RGPD (General Data Protection Regulation) or Regulation - means REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF THE EUROPEAN UNION no. 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, together with the repeal of Directive 95/46/EC;

The Operator or We - means SC Art & Business Todays srl, a company of Romanian nationality with its registered office in Bucharest, sec. 2, str. E[iscopul Ilarion no. 11, registered in the Trade Register under no. order J40/1143/2008, having fiscal registration code 23127764;

Data subject - represents any identified or identifiable natural person whose data is processed by us as an operator, such as customers, potential customers or site visitors;

Consent - means any free, specific, informed and unambiguous manifestation of the data subject's will by which he accepts, through a statement or an unequivocal action, that the personal data concerning him be processed;

Anonymization - means the irreversible de-identification of personal data so that the person cannot be identified by using a reasonable period of time, costs and technology, either by the Operator or by any other person, to identify that natural person . The principles of personal data processing do not apply to anonymized data, as they are no longer personal data.

1.5. Other services

This Privacy Policy does not cover other third-party applications and websites that you may reach by accessing links on our website, and we encourage you to review the Privacy Policy of any website and/or application before providing personal data. .

We are also not responsible for any links of our commercial partners or those who place advertising within our podcasts or articles, including those on social media profiles. When you click on those links, third parties may collect or share data about you.

You should know that we do not control any kind of link that is placed on the site by us or by other Users (such as, for example, links left in comments, videos, community, on social networks, etc.) and that you are fully responsible at the time you access such links and assume any kind of damage (direct or indirect) that may occur.

1.6. Claims

For any kind of problem or concern related to the processing of personal data, you should know that you can file a complaint with the personal data supervisory authority, but please send us a request first at the address mentioned in this document, and we will make every effort to resolve your request as soon as possible, amicably.

For Romania, the contact details are as follows:

Name

The National Supervisory Authority for the Processing of Personal Data

Address

G-ral Blvd. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone

+40.318.059.211 or +40.318.059.212

E-mail

anspdcp@dataprotection.ro

  1. Personal data and data processing

2.1. The data we collect and how we use it

Personal data or personal information is all information about an individual that can help identify that person, and this does not include data where the identity has been removed (anonymized data).

When you browse our website or when you contact us for any purpose and using any communication channel, you may communicate your personal data to us. We will need to collect, use, store or transfer certain personal data, directly from you or from other sources, as we explain in the table below:

Category

Data included

Legal grounds

Identification data

Name, surname, company name, trade register registration number, unique identification code, username or similar identifier, function, date of birth, gender, language in which you wish to interact with us, country, etc.

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of this data and repealing Directive 95/46/EC (General Data Protection Regulation)

Contacts

Billing address, shipping address, email address, phone number

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of this data and repealing Directive 95/46/EC (General Data Protection Regulation)

Profile and Usage Data

Username, password, orders made by you, your interests and preferences, feedback provided, answers provided to surveys

Information about how you use our website, products and services.

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of this data and repealing Directive 95/46/EC (General Data Protection Regulation)

Financial and Trading Data

 

Payment or card/bank account information, purchase information

Details of payments from and to you and other details of products and services you have purchased from us

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of this data and repealing Directive 95/46/EC (General Data Protection Regulation)

Marketing & Communication Data

Your preferences to receive marketing materials from us and our third parties and preferred methods of communication

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of this data and repealing Directive 95/46/EC (General Data Protection Regulation)

Automated data/

TECHNICAL

IP (internet protocol) address, login data, browser type and version, location and time zone settings, browser plug-ins and their versions, operating system, operating platform and other technologies on devices on that you use to access this site

Art. 6 (1) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the Directive 95/46/EC (General Data Protection Regulation)

We inform you that we do not collect any Special Categories of Personal Data about you (this includes data about racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for your unique identification, health data or data about your sex life or sexual orientation or information about criminal convictions and offences.

2.2. What happens if you don't provide us with your data

When we ask you to fill in personal data to give you access to certain features or services of the site, we will mark some fields as mandatory because this is information we need to be able to provide you with the service or to offer you access to that functionality.

Please note that if you choose not to provide us with this information, you may not be able to complete your user registration or benefit from these services or features.

2.3. The purpose for which we collect your personal data

Personal data

Purpose

Identification data (including audio-video, where applicable)

Contacts

Registering as a user

Access to materials and products

Identification data

Contacts

Financial and Trading Data

Profile data

Marketing and Communication Data

Automated/technical data

Improving services

Using analytics data to improve the site, products, services, customer service and experience

Identification data

Contacts

Financial and Transaction Data

Profile data

Marketing and Communication Data

Entering into and performing the contract of sale or provision of services that you enter into with us

Identification data

Contacts

Financial data

Transaction Data

Profile data

Marketing and Communication Data

Requests or requests made through Customer Service/Support

To manage the relationship we have with you, which may include notifying you about changes to our terms and conditions and processing policies, or asking us to leave a review or take a survey

Identification data

Contacts

Financial and Trading Data Profile Data

Usage data

Marketing and Communication Data

Automated/technical data

Marketing

To deliver relevant content and personalized advertisements and to measure and understand the effectiveness of the advertisements we serve to you

Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another reason and that reason is compatible with the original purpose.

Please note that we may process your personal data without informing you or needing your consent, in accordance with the rules above, where the law allows us to do so.

2.4. The legal grounds for the processing of personal data

Our legal grounds for processing your personal data will generally be as follows:

  • There is your consent for the processing of personal data;
  • The processing is necessary for the conclusion or performance of a contract between you and us;
  • Processing is necessary for the purposes of our or another party's legitimate interests.

  1. Disclosure of Personal Data and Data Transfers

We inform you that we may disclose your data, subject to applicable law, to business partners or other third parties. We always make reasonable efforts to ensure that these third parties have adequate protection and security measures in place. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate under the law.

We can also transmit the data to other parties with your consent or according to your instructions, for example, in the situation where you exercise a request for portability or to competent state bodies, based on and within the limits of legal provisions and as a result of express requests formulated.

The transfer of personal data to a third country can only take place if the country to which the transfer is intended ensures an adequate level of protection.

The transfer of data to a state whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of the data subjects. These guarantees will be established by us through contracts concluded with the suppliers/service providers to which your personal data will be transferred.

Whenever we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguards:

  • we will transfer your personal data to countries where it has been demonstrated by the European Commission that they provide an adequate level of security for personal data.
  • when we use certain service providers, we may use certain model contracts provided and approved by the European Commission that give personal data the same protection as it has in Europe.

  1. Data storage

You should note that we store your personal data only for the period necessary to fulfill the purposes, but no longer than 5 years after the termination of the contract or the last interaction with us.

After the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data to be used for scientific, historical or statistical research purposes.

In certain circumstances, we may anonymize personal data (so that it can no longer be associated with you) for scientific, historical or statistical research purposes, in which case we may use this information indefinitely without prior notice. Note that in certain expressly regulated situations, we store data for the period required by law.

Categories of personal data

 

Storage period

Email address

Content of messages

5 years since your last interaction with us

Data required for invoicing (ie address, customer name, delegate name)

 

10 years according to the law

Other personal data

 

5 years

 

 

 

  1. Data security

We understand how important the security of personal data is and we take the necessary measures to protect our customers and other people whose data we process, from unauthorized access to personal data, as well as from the unauthorized modification, disclosure or destruction of the data we process in the activity current.

We have implemented the following technical and organizational security measures for personal data:

Dedicated policies

We adopt and constantly review internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from possible unauthorized access or other possible threats to their security. These policies are subject to constant review to ensure that we comply with legal requirements and that the systems are working properly.

Data minimization

We ensure that your personal data that we process is limited to only that which is necessary, appropriate and relevant for the purposes stated in this Policy.

Restricting access to data

We try to restrict as much as possible access to the personal data we process to the minimum necessary: ​​employees, collaborators and other people who need to access this data in order to process it and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (whether contractual or statutory).

Specific technical measures

We use technologies to ensure the security of our customers, always trying to implement the most optimal solutions for data protection. We also make periodic data back-ups to be able to recover them in the event of an incident, and we have implemented periodic audit procedures regarding the security of the equipment used. However, no website, app, or internet connection is completely secure and untouchable.

Ensuring the accuracy of your data

Sometimes we may ask you to confirm the accuracy or timeliness of your data to ensure that it reflects reality.

Staff training

We constantly train and test our employees and collaborators on legislation and best practices in the field of personal data processing.

Anonymization of data

Where we can, we try as much as possible to anonymize / pseudo-anonymize the personal data we process, so that we can no longer identify the persons to whom they refer.

However, although we make constant efforts to ensure the security of the data you entrust to us, we may also experience less fortunate events and have security incidents/breaches. In these cases, we will strictly follow the security incident reporting and notification procedure and will take all necessary measures to restore the situation to normal as soon as possible.

Direct marketing

To the extent that we have obtained your prior consent or you are already a customer of the Company, we may use direct marketing technologies using the information collected about you. We currently send commercial messages by email (email marketing).

You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email ("unsubscribe") or by sending a request to this effect to info@millamilla.shop.

  1. Your rights - questions, requests and exercising rights

We are under no obligation to appoint a personal data protection officer, so any questions about the use of your personal data should be directed to the contact details above.

For any questions, concerns, observations or complaints regarding the processing of your information or if you wish to exercise your legal or privacy rights, you can contact us at e-mail info@millamilla.shop.

Your rights under the GDPR Regulation are as follows:

The right to be informed about the processing of your data.

Right of access to data

You have the right to obtain from us a confirmation that personal data concerning you is being processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of the GDPR.

The right to rectify inaccurate or incomplete data

You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.

Right to erasure ("right to be forgotten")

In the situations provided for in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data.

The right to restriction of processing

In the cases provided for in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing.

The right to transfer the data we hold about you to another operator ("the right to portability").

The right to transfer the data we hold about you to another operator ("the right to portability")

The right to object to data processing

In the cases provided for in art. 21 of the GDPR, you have the right to object to data processing.

The right not to be subject to a decision based solely on automated processing, including the creation of profiles with legal or similar significant effects on you.

The right to go to court to defend your rights and interests.

Please note that the rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed in order to decide whether it is justified or not. To the extent that the request is well-founded, we will facilitate the exercise of your rights, and if the request is unfounded, we will reject it, but we will inform you about the reasons for the refusal and about your rights to file a complaint with the Supervisory Authority and to go to court.

We will also try to respond to your request within 30 (thirty) days. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a useful period. If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to enable us to identify you, we are under no obligation to comply with the request.

  1. Privacy Policy Changes/Modifications/Updates

We may update the Privacy Policy from time to time and will notify you via the Site or by email of the latest version. All updates and changes to this document are effective immediately upon notification, which we will make by posting on the website and/or email notification. Even if you do not receive a notification, we encourage you to periodically access and read the Privacy Policy to stay up to date with the latest versions.

Privacy policy updated on 04/10/2023.