We consider ensuring the right to the protection of personal data as a fundamental commitment of refkeys.com, therefore we will dedicate all the necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as with any other legislation applicable on the territory of Romania. As one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to products and our services, including through our website or apps available on your mobile phone.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of any such change, we will display the modified version of the Privacy Policy on our website, so please check the content of this Privacy Policy periodically.
1. Who we are and how you can contact us
refkeys.com is the trade name of XXX S.R.L. from Romania, with registered office in XXXX, with order number in the Trade Register XXXX, unique fiscal registration code XXXX (hereinafter “refkeys.com” or “us”). For the purposes of data protection legislation, we are the controller when we process your personal data.
As we are always open to your views, as well as to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact the refkeys.com Data Protection Officer at contact@refkeys.com.
2. What categories of personal data do we process?
We generally collect your personal data directly from you, so you have control over the type of information you give us. With the example title, we receive information from you as follows:
- When you create a refkeys.com account or when you contact us for requests for offers, you send us: email address, name and surname, phone number, city;
- Within your account on the refkeys.com platform, you can add additional information, such as: address, company identification data (for legal entities), etc.;
- When you place an order, you provide us with information such as: desired product, name and surname, address, billing details, payment method, phone number, etc.;
- We may collect and subsequently process certain information about your behavior while visiting our site in order to personalize your online experience and provide you with offers tailored to your profile. We invite you to learn more about this by consulting the section on purposes of processing below.
- On our website we may store and collect information in cookies and similar technologies in accordance with our Cookie Policy.
- We do not collect or otherwise process sensitive data, included by the General Data Protection Regulation in special categories of personal data. We also do not wish to collect or process data of minors under the age of 16.
3. What are the purposes and grounds of the processing
We will use your personal data for the following purposes:
3.1 To provide refkeys.com services for your benefit.
This general purpose may include, as appropriate, the following:
- Account creation and administration within the refkeys.com platform;
- Order processing, validation and invoicing;
- Resolving cancellations or issues of any nature related to an order, digital products or purchased services;
- Return of digital services/products according to legal provisions;
- Reimbursement of the value of digital services/products according to legal provisions;
- Providing answers to your questions about your orders or the digital products and services of refkeys.com or refkeys.com contributors.
The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a service between refkeys.com and you. Also, certain processing subsumed for these purposes is required by applicable law, including tax and accounting law.
3.2 To improve our services
We always want to give you the best online shopping experience. For this, we may collect and use certain information related to your Buyer behavior, we may invite you to complete satisfaction surveys following the completion of an order, or we may conduct, directly or with the help of partners, studies and market research.
We base these activities on our legitimate interest in carrying out commercial activities, always taking care that your fundamental rights and freedoms are not affected.
3.3 For marketing
We want to keep you informed about the best offers for the products/services that interest you. In this regard, we may send you any type of message (such as: e-mail/SMS/telephone/mobile push/webpush/etc.) containing general and thematic information, information regarding services/products similar or complementary to those that you have purchased, information regarding offers or promotions, information regarding services/products added to the “Account/My Basket” section or the “Account/Favorites” section or you have shown interest in purchasing, as well as other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the Website. In order to provide you with information of interest to you, we may use certain data regarding your purchasing behavior (eg digital products viewed / wishlisted / purchased) to create a profile for you. We always ensure that this processing is carried out with respect to your rights and freedoms and that the decisions made on the basis of them do not have legal effects on you and do not similarly affect you to a significant extent.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:
- Accessing the unsubscribe link displayed in the messages you receive from us;
- Contacting refkeys.com using the contact details described above.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, by the means described above, to stop processing your personal data for marketing purposes, and we will comply with your request.
3.4 To defend our legitimate interests
There may be situations where we will use or share information to protect our rights and business. These may include:
- Measures to protect the website and users of the refkeys.com platform against cyber attacks;
- Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
- Measures to manage various other risks.
The general basis for these types of processing is our legitimate interest in protecting our commercial activity, it being understood that we ensure that all measures we take ensure a balance between our interests and your fundamental rights and freedoms.
4. How long we keep your personal data
As a general rule, we will store your personal data for as long as you have an account on the refkeys.com platform. You may request that we delete certain information or close your account at any time, and we will comply with such requests, subject to the retention of certain information including after account closure, where applicable law or our legitimate interests require it.
5. To whom we transmit your personal data
As appropriate, we may transmit or provide access to certain of your personal data to the following categories of recipients:
- refkeys.com partners/vendors;
- payment/banking service providers;
- marketing / telemarketing service providers;
- market research service providers;
- IT service providers;
- other companies with whom we can develop joint programs to market our products and services.
If we are under a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your data by third-party legal entities under private law is carried out in accordance with the legal provisions on data protection and information confidentiality, based on contracts concluded with them.
6. To which countries we transfer your personal data
Currently, we store and process your personal data on the territory of Romania.
However, we may transfer certain of your personal data to entities located in the European Union or outside the Union, including countries that have not been recognized by the European Commission as having an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is handled carefully to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where applicable, other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as the Privacy Shield for the Protection of Personal Data transferred from within the EU to the United States of America.
You can contact us at any time, using the contact details set out above, to find out more information about the countries to which we transfer your data, as well as the safeguards we have put in place in relation to these transfers.
7. How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.
The transmission of your personal data is done using state-of-the-art encryption algorithms and we store it on secure servers while ensuring data redundancy.
Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet in general or through other public networks is not completely secure and there is a risk that the data may be seen and used by third parties unauthorized parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.
8. What rights do you have?
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You can request access to your data, correct any mistakes in our files and/or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or go to court. If applicable, you may also benefit from the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information about each of these rights can be obtained by consulting the table below.
In order to exercise your rights, you can contact us using the contact details set out above. Please note the following points if you wish to exercise these rights:
Identity. We take the privacy of all records containing personal data seriously. For this reason, please submit your requests regarding such records to us using the email address associated with your refkeys.com account. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.
Fees. We will not charge a fee to exercise any right in relation to your personal data, unless your request for access to the information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before we settle your claim.
Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask if you can tell us exactly what you want to receive or what you are concerned about. This will help us act faster and shorten the response time to your request.
Third Party Rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.
Drepturi vizate | Descriere |
Access | You can ask us: – to confirm whether we are processing your personal data; – to provide you with a copy of this data; – to provide you with other information about your personal data, such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you by this notice. |
Correction | You can ask us to correct or complete your inaccurate or incomplete personal data. We may attempt to verify the accuracy of the data before rectifying it. |
Data deletion | You can ask us to delete your personal data, but only if: – they are no longer necessary for the purposes for which they were collected; or – you have withdrawn your consent (if data processing was based on consent); or – exercise a legal right to object; or – they were processed illegally; or – we have a legal obligation to do so. We are not obliged to comply with your request to delete your personal data where the processing of your personal data is necessary: – to comply with a legal obligation; or – to establish, exercise or defend a right in court. There are certain other circumstances in which we are not obliged to comply with your data deletion request, although these two are the most likely circumstances in which we may refuse this request. view that, before exercising this right, you download from your refkeys.com account and save all the documents related to the orders made from refkeys.com, regardless of whether the billing was done to you or to another natural or legal person (such as : invoices, warranty certificates). If you do not take this step before exercising your right to deletion, you will lose all these documents and refkeys.com will be unable to make them available to you, as the case may be, because the data deletion process, respectively the refkeys.com account, with all the data and documents related to it, is an irreversible process. |
Restriction of data processing | You can ask us to restrict the processing of your personal data, but only if: – their accuracy is contested (see rectification section), to allow us to verify their accuracy; or – the processing is illegal, but you do not want the data to be deleted; or – they are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise – or defend a right in court; or – you have exercised your right to object, and checking whether our rights prevail is ongoing. We may continue to use your personal data following a restriction request if: – we have your consent; or to establish, exercise or ensure the defense of a right in court; or – to protect the rights of refkeys.com or another natural or legal person. |
Data portability | You may ask us to provide your personal data in a structured, commonly used and machine-readable format, or you may request that it be “ported” directly to another data controller, but in each case only if: – the processing is based on your consent or on the conclusion or execution of a contract with you; and the processing is done by automatic means. |
Opposition | You can object at any time, for reasons related to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest. You can also object to the processing of your data for direct marketing purposes (including profiling) at any time without giving any reason, in which case we will stop this processing as soon as possible. |
Automated decision making | You can ask not to be the subject of a decision based solely on automated processing, but only where that decision: – produces legal effects regarding you; or – affects you in another similar and significant way. This right does not apply if the decision reached by automated decision-making: – it is necessary for us to conclude or perform a contract with you; – is authorized by law and there are adequate safeguards for your rights and freedoms; or – is based on your explicit consent. |
Claims | You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows: The National Supervisory Authority for the Processing of Personal Data G-ral Blvd. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania Telephone: +40.318.059.211 or +40.318.059.212; E-mail: anspdcp@dataprotection.ro Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to solve any problem by friendly. |
We remind you that you can contact us at any time by sending your request to the email address contact@refkeys.com.