The purpose of this Personal Data Processing Policy is to explain the type of personal data collected, how it is processed, the rights of data subjects, the retention period of such data, and other information related to the processing of personal data.

Data protection is a priority for the management of Smart Products I&D SRL, headquartered in Bucharest, Strada Serg. Gheorghe Latea, Nr.18, Bl. C37, SC. B, Etaj 5, Apt. 89, Sector 6, registered with the Trade Registry under no. J40/1917/2014, with the fiscal identification code RO32806659, hereinafter referred to as Smart Products. Browsing our website pages is possible without any declaration of personal data. However, for certain specific situations such as completing a questionnaire or participating in a contest, personal data may be collected and processed. If the processing of personal data is necessary and there is no legal basis for this processing, we are obliged to obtain the consent of the data subject.

The processing of personal data – such as the first name, last name, address, email address, phone number of a data subject – will always be carried out in accordance with the provisions of Regulation No. 679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“Regulation”), and in compliance with the specific data protection regulations of the country in which Smart Products operates. Through this Policy, our company wishes to inform the general public about the nature, scope, and purpose for which we collect and process personal data. In addition, data subjects are informed of their rights, which are regulated by the Regulation. As an operator, Smart Products has implemented numerous technical and organizational measures to ensure the complete protection of personal data.

Definitions

This Policy is based on the Regulation and any other applicable laws regarding personal data protection. The policy must be easy to understand for both the general public and our clients and business partners. To ensure this, we will explain the terminology used. Therefore, in the Personal Data Processing Policy, we will use the following terms:

Personal Data refers to any information that can identify a natural person.

Data Subject - refers to an identified or identifiable natural person, directly or indirectly, including through reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity.

Data Processing - refers to any operation or set of operations performed on personal data, whether by automated means or not, such as collecting, recording, organizing, storing, adapting or altering, retrieving, consulting, using, disclosing (by transmission, dissemination, or making available in another way), aligning or combining, blocking, deleting, or destroying.

Restriction of processing - refers to marking personal data with the aim of limiting their processing in the future.

Profiling - refers to any authorized form of personal data processing consisting of using personal data to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects related to the performance at work, economic situation, health, personal preferences, interests, reliability, location, or movements of a natural person.

Anonymization - is the processing of personal data in such a way that the personal data can no longer be attributed to a data subject without the use of additional information, provided that this additional information is stored separately and subject to technical and organizational measures that ensure personal data cannot be attributed to an identified or identifiable person.

Data Controller or Data Processing Controller - is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes or means of the processing of personal data; where the purposes and means of processing are determined by the Union or Member State law, the controller or the specific criteria for its designation may be provided by Union or Member State law.

Recipient - is a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a particular investigation in accordance with Union or Member State law are not regarded as recipients; the processing of those data by public authorities will be in accordance with the applicable data protection rules in line with the purposes of the processing.

Third Party - is a natural or legal person, public authority, agency, or other body outside the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent - the consent of the data subject is any indication given freely, specifically, informed, and clearly by the data subject, through a statement or by a clear affirmative action, signifying agreement to the processing of their personal data.

GDPR – General Data Protection Regulation.

Data Protection Officer's Address

Any data subject can contact us directly at any time with any questions or suggestions regarding personal data protection at the following email address: [email protected].

Cookies

Cookies are small text packages used to store information in web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. We also use other technologies for similar purposes, such as data stored in your web browser or on the device you are using, identifiers associated with your device, and other software elements. In this policy, we use the term "cookies" to refer to all of these technologies.

This policy explains how we use cookies and what options are available to you. Except in cases where otherwise stated in this policy, the Data Usage Policy will apply to the ways in which we process the data we collect through cookies.

Cookies help us provide, protect, and improve your experience on the www.smartproducts.ro website, for example by personalizing content, tailoring and measuring ads, and ensuring a safer user experience.

For more information about the use of cookies, please visit our dedicated cookie page: Cookie Policy.

Data Storage by Smart Products

The data stored by Smart Products, which is not shared with third parties, is stored on DigitalOcean's servers. Please note that DigitalOcean is a company that fully complies with the Personal Data Processing Policy (GDPR).

Subscription to the Smart Products Newsletter

On the Smart Products website, users are offered the opportunity to subscribe to the company’s newsletter. Smart Products regularly informs its customers and business partners via a newsletter about the company’s offers. The company’s newsletter can only be received by the data subject if they have a valid email address and if the data subject registers to receive the newsletter.

Subscription to the newsletter occurs when a user places an order on the Smart Products website; therefore, if they wish to subscribe, the user will need to check a box in this regard. The subscription box is not checked automatically, so users will not be subscribed automatically.

The email address and the names of the users subscribed to the newsletter are automatically transferred and stored by Mailchimp, which fully complies with the Personal Data Processing Regulation (GDPR).

Subscriptions to our newsletter can be terminated by the data subject at any time. The consent to store personal data, given by the data subject for receiving the newsletter, can be revoked at any time. There is a link at the end of each newsletter for unsubscribing, and by accessing it, you will unsubscribe, and your data collected on the Mailchimp website will be deleted.

Contacting via the Website

The Smart Products website contains information that allows brief electronic contact with our company, as well as direct communication with us, by including a general email address. If a data subject contacts us by email or through the contact form, the personal data voluntarily provided by them is automatically stored. Such personal data, voluntarily provided by the data subject to the operator, is stored for the purpose of processing and contacting the data subject.

Routine Deletion and Blocking of Personal Data

Smart Products will process and store personal data of the data subject only for the period necessary to fulfill its storage purpose, or for the period required by European legislation or other applicable laws. If the storage purpose is no longer applicable, or if the storage period provided by applicable legislation expires, personal data will be deleted in accordance with legal requirements.

Rights of the Data Subject

Right of Access of the Data Subject. To exercise the right of access, the data subject may contact Smart Products at any time with a request to obtain a report of personal data.

Right to Rectification. Each data subject has the right to obtain the rectification of personal data when they are inaccurate or have undergone changes or need to be completed.

Right to Deletion. Each data subject has the right to request the deletion of personal data as follows:

- when the data is no longer necessary for the purpose for which it was collected or processed

- the data subject withdraws consent on which the processing is based

- personal data has been processed illegally or a legal provision requires their deletion.

Right to Restriction of Processing. Each data subject has the right to obtain the restriction of processing where one of the following cases applies:

- the accuracy of the personal data is contested by the data subject

- the processing is unlawful and the data subject opposes the deletion of personal data but requests instead the restriction of their use

- Smart Products no longer needs the personal data for processing purposes, but the data is required by the data subject for the establishment, exercise, or defense of legal rights.

Right to Data Portability. Each data subject has the right to request the transfer of personal data to a third party or to the data subject themselves.

Right to Object. Each data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them. This applies also to profiling. Smart Products will no longer process personal data in the event of an objection unless we can demonstrate compelling and legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. If Smart Products processes personal data for direct marketing purposes, where prior consent is given, the data subject has the right to object at any time to the processing of their personal data for such marketing. This applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the processing carried out by Smart Products for direct marketing purposes, then Smart Products will no longer process their personal data for these purposes. Additionally, the data subject has the right, on grounds relating to their particular situation, to object to the processing of their personal data by Smart Products for scientific research, historical research, or statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

Individual decision-making, including profiling. Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is based on the explicit consent of the data subject. Smart Products will implement appropriate supporting measures to protect the rights and freedoms of the data subject and their legitimate interests, at least the right to obtain human intervention from Smart Products, to express their point of view, and to contest the decision.

Right to withdraw consent. Every data subject has the right to withdraw their consent for the processing of personal data at any time.

Right to lodge a complaint with the supervisory authority – if the data subject believes that their legitimate rights regarding the processing of personal data have been violated, they can file a complaint with the National Supervisory Authority for Personal Data Processing, located at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania.

If you wish to exercise your rights or send us a notification/request, please complete the contact form indicated in this Policy. Smart Products will respond as soon as possible but no later than 30 days. In case of any delays, we will inform you and provide the justified reasons for the delay.

Legal basis for processing

The regulation serves as the legal basis for the processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when the processing operations are necessary for the provision of goods or any other service. The same applies to processing operations that are necessary for pre-contractual measures, for example, in the case of inquiries regarding our products or services.

Our company is subject to a legal obligation requiring the processing of personal data, such as fulfilling tax obligations. In rare cases, processing personal data may be necessary to protect the vital interests of the data subject or another individual. This would be the case, for example, if a visitor was injured on our premises and their name, age, health insurance details, or other vital information need to be passed on to a doctor, hospital, or other third party. This legal basis is used for processing operations not covered by any of the legal grounds mentioned above, if the processing is necessary for the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data. Such processing operations are explicitly permitted as they are specifically mentioned by the European legislator.

Retention period for personal data

Personal data will be kept only for the period necessary for the purpose for which it was collected. After the expiration of this period, the corresponding data will be deleted. Only personal data that forms part of records/documents for which the law provides for a retention period will be retained, and once the legal retention period expires, these will be destroyed.

Provision of personal data as a legal or contractual requirement

We clarify that the provision of personal data is partially required by law (e.g., fiscal regulations) or may also arise from contractual provisions (e.g., information about the contractual partner). Sometimes, it may be necessary to conclude a contract under which the data subject provides us with personal data that needs to be processed by us later. The data subject is, for example, obligated to provide us with personal data when our company enters into a contract with them.

Protection of personal data

Smart Products applies an internal framework of policies and minimum standards for the protection of personal data. These policies and standards are periodically updated to comply with regulations and market developments. In accordance with the applicable legal provisions, we take appropriate technical and organizational measures (policies, procedures, security) to ensure the confidentiality and integrity of personal data and to provide the necessary framework for its processing.

Data storage by Smart Products

The data storage by Smart Products is grouped into three categories, each serving a specific purpose as follows:

1) Necessary

Checkout process – personal data is stored for billing and to process and ship the order. This data is stored on the secure DigitalOcean servers, a company that complies with the personal data processing protection regulation (GDPR). Access to this data is granted to the following departments within Smart Products: accounting, order processing, and management.

Winmentor – is the accounting software in which customer invoices are stored. According to Romanian legislation, all invoices containing customer data must be stored. Within Smart Products, Winmentor can only be accessed by the accountant via a secure key.

Courier service – customer data is transferred to the courier companies Smart Products works with (Fan Courier Express and DPD – Dynamic Parcel Distribution). The transmission of data to these companies is necessary for the delivery of products to final customers. It is worth mentioning that both companies comply with the personal data processing protection regulation (GDPR).

Online payments – when you choose to pay for an order placed with Smart Products using online payment, your data will be transferred to the payment processor. If you do not choose to pay online for the placed order, your data will remain with us. Please note that the payment processor, PlatiOnline.ro, complies with the regulation on the protection of personal data processing (GDPR).

2) Statistics

Google Analytics – this application allows us to measure sales and conversions on the website and, at the same time, provides us with information about how our visitors use the site or how they arrived on the site. Google Analytics does not provide us with any personal data about the visitors of Smart Products. For the creation of these statistics, the company Google collects the IP address from visitors, but this information can only be accessed by Google. Even so, Smart Products has chosen to anonymize the IP addresses so that they cannot be stored by Google. Please note that Google complies with the regulation on the protection of personal data processing (GDPR).

Google Tag Manager – as its name suggests (Tag Manager), Google Tag Manager is a tag management system that allows us to quickly and easily update tags and code snippets on the Smart Products website. Through this application, Smart Products does not have access to your personal data, and Google is a company that complies with the regulation on the protection of personal data processing (GDPR).

3) Marketing

Retargeting – this is a module implemented on the Smart Products website through which we can offer you discount coupons for certain products and recommend other products similar to those you visit, in real-time. Your personal data (name, email address, city, and address) is sent to the company that developed this module, Retargeting.biz, a company that complies with the terms of GDPR.

Mailchimp – on the Smart Products website, users are given the opportunity to subscribe to the company's newsletter. Smart Products regularly informs its customers and business partners through a newsletter about the company's offers. The newsletter can only be received by the intended recipient if they have a valid email address and if they register to receive the newsletter.

Subscription to the newsletter is done when a user places an order on the Smart Products website. If they wish to subscribe, the user must check a box in this regard. The subscription box is not checked automatically, so users will not be subscribed automatically.

The email address and the names of users subscribed to the newsletter are automatically transferred and stored by Mailchimp, a site that fully complies with the regulation on the protection of personal data processing (GDPR).

Subscriptions to our newsletter can be terminated by the intended recipient at any time. The consent to store personal data, given by the recipient for receiving the newsletter, can be revoked at any time. There is a link at the end of each newsletter to unsubscribe, and by clicking it, you will unsubscribe, and your data collected on the Mailchimp site will be deleted.

Facebook Pixel – we use this module to serve users ads on the Facebook platform, to make announcements, discount campaigns, or remarketing campaigns. The data is processed by Facebook, a company that complies with the regulation on the protection of personal data processing (GDPR).

Viral Loops – this is a module we used to create campaigns for subscribing to the Smart Products newsletter. The personal data collected (name and email) were automatically transferred to the Mailchimp account. Mailchimp complies with the regulation on the protection of personal data processing (GDPR).

What types of information do we collect?

To provide accurate information, we need to process information about you. The types of information we collect depend on how you use the website www.smartproducts.ro.

Information and content you provide

We collect content, communications, and other information you provide when you use the website www.smartproducts.ro, including when you create an account, complete a contact form, or place an order.

Your usage. We collect information about how you use the website www.smartproducts.ro, such as information about the types of content you view or interact with, the features you use, the actions you take, and the time, frequency, and duration of your activities. For example, we log when you use and when you most recently used www.smartproducts.ro, and which pages, products, and other content you view on the site.

Information about transactions made on the website www.smartproducts.ro. If you use www.smartproducts.ro for product purchases, we collect information about that purchase or transaction. This includes information about payments, account and authentication details, and billing, shipping, and contact information.

Device Information

As described below, we collect information from and about the computers, phones, tablets, and other devices connected to the web that you use to access the website www.smartproducts.ro, and we combine this information across all the different devices you use. For example, we use the information collected about your use of www.smartproducts.ro on your phone to better personalize the content (including ads) or features you see when you use www.smartproducts.ro on another device, such as your laptop or tablet, or to measure if you reacted to an ad we presented to you on your phone or a different device.

The information we obtain from these devices includes:

Device attributes: information such as the operating system, browser type.

Device operations: information about operations and actions taken on the device, such as pages visited on www.smartproducts.ro.

Device settings data: information you allow us to receive through the device settings you enable, such as access to your GPS location.

Network and connections: information such as the name of your mobile carrier or Internet service provider, language, IP address.

Cookie data: data from cookies stored on your device, including identifiers and cookie settings.

How do we use this information?

We use the information we have (respecting the options you express) as described below to provide and support the www.smartproducts.ro website and related services. Here's how:

To provide, personalize, and improve www.smartproducts.ro

We use the information we have to provide www.smartproducts.ro, including personalizing features and content and presenting you with suggestions (e.g., product recommendations you may be interested in) both on and off www.smartproducts.ro. To create personalized, unique, and relevant ads for you, we use your connections, preferences, interests, and activities based on the data we collect from you and others (including any data you choose to provide that is protected by special privacy regulations), as well as how you use www.smartproducts.ro and interact with it.

Information from all applications and devices: We connect information about your activities across different devices to provide you with a more personalized and consistent experience on www.smartproducts.ro. For example, we may suggest a product similar to one you recently viewed.

Location information: We use location information to provide, personalize, and improve www.smartproducts.ro, including advertisements for you. Location information may be based on factors such as the exact location of your device (if you've allowed us to access it), IP addresses, and information about your use of www.smartproducts.ro.

Research and development of www.smartproducts.ro: We use the information we have to develop, test, and improve www.smartproducts.ro, including conducting surveys and research, and testing and troubleshooting new products and features.

Ads and other sponsored content: We use the information we have about you, including your interests, actions, and connections, to select and personalize the ads, offers, and other forms of sponsored content we present to you.

To promote safety, integrity, and security.

We use the information we have to verify activity and accounts, combat harmful behaviors, detect and prevent spam and other unwanted experiences, maintain the integrity of www.smartproducts.ro, and promote safety and security within www.smartproducts.ro.

To communicate with you.

We use the information we have to send you marketing messages, communicate with you about www.smartproducts.ro, and inform you about our policies and terms of use. We also use your information to respond when you contact us.

Sharing with third-party partners

We do not collaborate with third-party partners to improve and operate www.smartproducts.ro. We do not sell your information to anyone, and we will never do so.

How can you exercise your rights under the General Data Protection Regulation (GDPR)?

Under the General Data Protection Regulation, you have the right to access, rectify, port, and delete your data. You also have the right to object to and restrict certain processing of your data. These include:

the right to object to the processing of your data for direct marketing purposes, which you can exercise by using the "unsubscribe" link in such marketing messages; and
the right to object to the processing of your data by us when we carry out actions in the public interest or in the legitimate interests of ourselves or a third party.

Data retention, deactivation, and account deletion

We store data as long as necessary to provide our services and www.smartproducts.ro or until your account is deleted – whichever occurs first. This is determined on a case-by-case basis, depending on factors such as the nature of the data, the purpose of collecting and processing it, and the relevant legal or operational requirements for retaining the data.

How do we respond to legal requests and prevent harm?

We access and retain your information and may disclose it to regulatory authorities, law enforcement agencies, or other entities:

In response to a legal request when we believe, in good faith, that the law requires it. We may also respond to legal requests when we believe, in good faith, that the response is required by the laws of the relevant jurisdiction, affects users in that jurisdiction, and complies with internationally recognized standards.

When we believe, in good faith, that it is necessary to: detect, prevent, and respond to fraud, unauthorized use of our Products, violations of our terms or policies, or other harmful or illegal activities, to protect ourselves (including our rights, property, or Products), you, and others, including during investigations or inquiries, or to prevent death or imminent bodily harm. For example, if necessary, we share information with third-party partners about the reliability of your account to prevent fraud, abuse, and other harmful activities on www.smartproducts.ro and beyond.

Information we receive about you (including transaction data associated with purchases made on www.smartproducts.ro) may be accessed and retained for longer periods when subject to a legal request, legal obligation, governmental investigation, or investigation into potential violations of our terms or policies or other cases to prevent harm. We also retain information from deactivated accounts for policy violations for at least one year to prevent repeated abuse or other violations of the terms.

How will we notify you about changes to this policy?

We will send you a notification before making any changes to this policy and will give you the opportunity to review the revised policy before you choose to continue using www.smartproducts.ro.

How can you contact www.smartproducts.ro?

If you have questions about this policy, you can contact us as described below.

The data controller for your information is Smart Products I&D SRL, and you can contact them online, by phone, or by mail at the following address:

Address: Recon Business Park - Strada Macului Nr. 3, Hala C3/1, Chitila (Rudeni)

Website: www.smartproducts.ro

Phone: +4 037 461 52 26 || +4 0733 108 399

You also have the right to file a complaint with the Romanian supervisory authority, the Data Protection Commissioner of Romania, or your local supervisory authority.