Privacy Policy

This Privacy Policy describes how the controller collects, uses and shares your personal information when you visit or make a purchase from this website.

1. Data controller

Name:
Beáta Teréz Durnea
Place of residence:
535600, Székelyudvarhely, 1 December 1918 3/5
Address for correspondence, complaints: 
535600, Székelyudvarhely, 1 December 1918 3/5
E-mail:
the.berberis.shop@gmail.com
Phone number:
+36 70 571 70 72, +40 727 346 189
Website:
www.theberberis.com

32 Details of the hosting provider

Name:
Shopify International Limited
Registered office:
2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
E-mail address:
support@shopify.com


3. Concept definitions

Enterprise: natural or legal persons engaged in an economic activity, whatever its legal form, including partnerships and associations engaged in a regular economic activity.

Personal data: any information relating to an identified or identifiable living person (“data subject”). For example: name, number, location data, online identifier or information that can be identified based on one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

Processing: any operation or set of operations performed on personal data or files, whether automated or manual: recording, organization, collection, storage, alteration or amendment, retrieval, consultation, use, communication, transmission, dissemination, making available, alignment or combination, restriction, erasure or destruction.

Controller: means any natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; the purposes and means of the processing may be determined by Union or Member State law.

Profiling: Any form of automated processing of personal data in which personal data are used to evaluate certain personal characteristics relating to a natural person, in particular to analyze or predict characteristics related to job performance, economic situation, interests, health, personal preferences, behavior, location, movement.

Pseudonymisation: Processing of personal data in such a way that, without the use of additional information, it can no longer be established which specific natural person the personal data relate to, provided that such additional information is stored separately, technical and organisational measures are taken to ensure that this personal data cannot be linked to identified or identifiable natural persons.

Registration system: A file of personal data in any way - centralized, decentralized, functional or geographical - that is accessible on the basis of specific criteria.

Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

4. Description of data processing during the operation of the webshop

Information about the use of cookies

What is a cookie?

The Data Controller uses so-called cookies when you visit the website. A cookie is an information package made up of letters and numbers, which is sent by our website to your browser with the aim to save certain settings, to facilitate the use of our website, and to assist collecting certain relevant statistical information on our visitors.

Some of the cookies do not contain personal information and are not suitable for the identification of the individual user, but some of them contain a unique identifier - a secret, accidentally generated sequence of numbers - that is stored by your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.

 

The main attributes of the cookies used for the website:

  • Google Analytics cookie

Google Analytics is Google's analytics tool to assist website and application owners to understand the activity of their visitors. The service may use cookies to collect information and create reports using the statistical data on the use of the website without identifying individual visitors to Google. The main cookie used by Google Analytics is "__ga" cookie. In addition to reporting website usage statistics with Google Analytics - along with some of the advertising cookies described above - it can also be used to show more relevant ads in Google properties (like Google Search) and across the Internet.
  • Remarketing cookies-k

Former visitors or users may see it when browsing other websites on the Google Display Network or when searching for terms related to its products or services
  • Strictly necessary cookies for operation

These cookies are essential for the use the website and allow you to use the basic functions of the website. Without them many of the features of the website will not be available to you. The lifetime of these type of cookies are limited to the duration of the session.
  • Cookies used for improving user experience:

These cookies collect information on how the user uses the website, for example, which pages you visit most often, or what error messages you get on the website. These cookies do not collect information suitable for identifying the visitor, that is they use very general, anonymous information. The data obtained in this way are used for improving the performance of the website. The lifetime of these type of cookies are limited to the duration of the session.
  • Facebook pixel (Facebook cookie)

Facebook pixel (Facebook cookie) A Facebook pixel is a code used for creating a report on website conversions, target audiences can be assembled, and the website owner receives a detailed analysis of data on the use of the website by visitors. Facebook retargeting pixel displays - using tracking pixel - personalized offers and ads for the website visitors on the Facebook platform. You can read Facebook's privacy policy here: https://www.facebook.com/privacy/explanation   

5. Data processed for the purpose of concluding and fulfilling a contract

Several data processing cases may occur for the purpose of concluding and fulfilling a contract. We would like to inform you that data processing related to complaint handling and warranty administration will only take place if you exercise one of the aforementioned rights.

If you do not make a purchase through the webshop, but are a visitor to the webshop, then the data processing for marketing purposes may apply to you if you give us your consent for marketing purposes.

Data processing in order to conclude and fulfill contracts:
  • Contact

    For example, if you contact us by email, contact us by submitting a form or phone with questions about a product. Prior personal contact is not necessary, you can leave it out in case of placing an order.

Data processed: Information you provide when contacting us.
Duration of data processing: The data will only be processed until the end of the contact.
Legal basis for data processing: Your voluntary consent that you give to the Data Controller by contacting us. 
  • Registration on the website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g., data of the data subject do not have to be re-entered when purchasing again). Registration is not a condition of the contract.

Data processed: During the data processing, the Data Controller shall process your name, address, phone number, e-mail address, as well as the features of the purchased product and the date of purchase.
Duration of data processing: Until consent is withdrawn.
Legal basis for data processing: Your voluntary consent that you provide to the Controller by registering.
  • Processing of orders

Processing of orders requires data processing activities in order to fulfil the contract.

Data processed: During the data processing, the Data Controller shall process your name, address, phone number, e-mail address, as well as the features of the purchased product and the date of purchase.
If you have placed an order in the webshop, data management and the provision of data are essential for the performance of the contract.
Duration of data processing: We process data for a period of 5 years according to the civil limitation period.
Legal basis for data processing: Performance of the contract.

  • Issuing the invoice

The data processing activities is carried out in order to issue an invoice in accordance with the law and to fulfill the obligation to keep accounting documents.
  • Data processing related to the delivery of goods

The data processing process is carried out in order to deliver the ordered product.
  • Handling Consumer Union complaints

The data processing is carried out in order to handle consumer complaints. If you have made a complaint to us, the processing and provision of data is essential.
  • Data processed in connection with the verification of the consent
    During the registration, ordering and subscription to the newsletter, the IT system stores the IT data related to the consent in order to prove it later.

6. Data processing for marketing purposes

  • Data processing in connection with the sending of newsletters

Data processed: Name, address, e-mail address, telephone number.
Duration of data processing: Until withdrawn by the Data Subject.
Legal basis for data processing: Your voluntary consent to the Data Controller by subscribing to the newsletter.
  • Data processing in connection with the sending and display of personalized advertisements

Data processed: Name, address, e-mail address, telephone number.
Duration of data processing: Until consent is withdrawn.
Legal basis for data processing: Your voluntary consent that you provide to the Controller by registering.
  • Remarketing

    The data management as a remarketing activity is carried out with the help of cookies.

Data processed: The data processed by the cookies specified in the cookie notice.
Duration of data processing: The data storage period of the given cookie, more information is available here:
  1. Google general cookie notice:  https://www.google.com/policies/technologies/types/ 

  2. Google Analitycs notice:  https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en 

  3. Facebook notice:  https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen 

7.About the use of data processors and their activities related to data management

  • Processing for the storage of personal data

Name of the data processor: Shopify International Limited
Registered office: 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
E-mail address of the data processor: support@shopify.com

The Data Processor performs the storage of personal data on the basis of a contract with the Data Controller. It shall not be entitled to access personal data.
  • Data processing activities related to the transport of goods

Name of the data processor: Packeta Romania S.R.L.
Registered office of the data processor: Str. Calusei, nr.21A, sector 2, București
E-mail address of the data processor:  info@packeta.ro

The Processor participates in the delivery of the ordered goods on the basis of a contract with the Controller. In doing so, the Processor may process the name, address and telephone number of the recipient until the end of the calendar year following the dispatch of the postal mail, after which it shall immediately delete it.
  • Data processing in connection with invoicing

Name of the data processor: SC Oblio Software SRL
Registered office of the data processor: Constanta, Str. Grigore Tocilescu, nr. 1A
Phone number of the data processor: +40 800 831 333
E-mail address of the data processor: contact@oblio.eu

Finally, we may also share your personal information to comply with applicable laws and regulations, to respond to subpoenas, search warrants or other lawful requests for information, or to protect our rights.


8. Your rights during data processing

If you are a European resident, you have the right to access the personal data we hold about you and to request that your personal data be corrected, updated or deleted. To exercise this right, please contact us at the.berberis.shop@gmail.com.

In addition, if you are a European resident, please note that we process your data for the purposes of performing contracts with you (for example, when you place an order through the website) or for the legitimate business interests listed above.

The controller will respond to complaints about the processing within 30 days at the latest.

9. Changes

We may update this Privacy Policy from time to time, for example, to reflect changes in our practices or for other operational, legal or regulatory reasons.

10. Contact us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at the.berberis.shop@gmail.com.