1. PREAMBLE

  1. This Privacy Policy governs the manner in which “Amiramour” S.R.L. collects, uses, maintains and discloses information collected from the users of its website. This Privacy Policy only covers information collected through Amiramour’s Website www.amiramour.eu and it does not apply for third party websites or external links that our website could redirect you to.
  2. Amiramour S.R.L. is committed to ensure that your privacy is protected, and we are compliant with the General Data Protection Regulation (EU) 2016/679 and the Romanian applicable law.
  3. By using our website (www.amiramour.eu), or by purchasing any products from it you agree that you have read and accepted Amiramour’s Privacy Policy. If you do not agree with this Privacy Policy, we advise you to cease using our Website immediately.
Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation in this document - GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on 27 April 2016, its provisions being directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46 / EC, thus replacing the provisions of Romanian Law no. 677/2001 (currently repealed).
The regulation is directly applicable in all Member States, protecting the rights of all natural persons located within the territory of the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data concerning legal persons and, in particular, undertakings with legal personality, including the name and type of legal person and the contact details of the legal person.
Personal data is defined as any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier or one or more specific elements of his physical, physiological, genetic, mental, economic, cultural or social identity.
The processing of personal data involves any operation or set of operations performed on personal data or data sets, with or without the use of automated means such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

2. WHO ARE WE AND HOW CAN YOU CONTACT US?
  1. Amiramour S.R.L. is a Romanian legal entity. We are registered at the Romanian National Trade Register Office with nr. J12/5326/2018 and our unique registration code is RO 40257799.
  2. For the purpose of General Data Protection Regulation, Amiramour is your data controller. You can reach us anytime at:

3. DIFFERENT TYPES OF PERSONAL DATA THAT WE MAY COLLECT

Information regarding personal identification and non-personal identification

  1. We advise you that we can collect personal identification information from our Users in a variety of ways, including, but not limited to, when Users visit our Site, register on the Site, place an order (either online or via phone call), fill out a form, respond to a survey, subscribe to our newsletter and in connection with other activities, services, features, or resources we make available on our Site.
  2. We will only collect personal identification information from our Users if they voluntarily submit such information to us. Users can always refuse to supply personal identification information. If you choose not to submit personal information to us, please take into consideration that this action may prevent you from accessing certain Website-related activities or engaging in certain privileged areas of our website (such as the User Control Panel Menu).
  3. Taking into consideration the previous statement, you have the control over the personal data information that you provide us with. For example, we can collect your personal in the following manners:
    • When you create an account on www.amiramour.eu, you provide us with your name/surname, your e-mail address and/or a phone number;
    • In the User Control Panel Menu from our website, you have the option to add different other personal information which will make your experience on our website better (such as, but not limited to: date of birth, the city where you live in, the address where you prefer your packages to be delivered, the preferred payment method, alternate phone number etc.);
    • When you place an order, either online or via phone call, we can collect information such as: your name/surname, e-mail address, payment method, the delivery address etc.
  4. We inform you that we may collect non-personal identification information from you whenever you interact with our website. This type of information may consist of:
    • The type of browser from which you accessed our website;
    • The IP address of the device you used to connect to our website;
    • The IP address of the device you used to connect to our website;
    • The website which redirected you to www.amiramour.eu;
    • The operating system of the device;
    • The Internet service provider used;

4. WEB BROWSER COOKIES

  1. We are using "cookies" to enhance an advanced and user-friendly experience on our website. We advise you that the web browser you are using can also place cookies on your hard drive. You have the option to set the web browser to refuse storing cookies, or to alert you when cookies are being sent. If you choose to activate that option, please take into consideration that some parts of our Website may not function properly. For further information regarding the “cookies” topic, please click here.

5. THE LEGAL BASIS OF PROCESSING PERSONAL DATA

  1. The legal basis of processing the personal data stated above resides in article 6 letter c) and f) of General Data Protection Regulation of E.U. 2016/679, in particular because all the personal data we request from you: i) is necessary for compliance with a legal obligation to which Amiramour is subject and ii) is intended to accomplish our legitimate interests. Furthermore, the legal basis of processing data collected through cookies (if you accept cookies) resides in article 6 letter a) from the Regulation, meaning that you give us your express consent regarding this type of data processing.

6. DURATION OF THE PROCESSING

  1. As a general rule, we will store your personal data as long as you have an account on our website. You can ask us at any time to delete certain information and we will respond to these requests, subject to the preservation of certain information including after closing the account, in cases where applicable law or our legitimate interests require it.
  2. We review the data collected, at least every two years, analyzing the extent to which their retention is necessary for the purposes mentioned, your legitimate interests or the fulfillment of legal obligations by Amiramour.

7. PURPOSES OF PROCESSING PERSONAL DATA

  1. Amiramour collects and uses Users’ personal information for the following purposes:
    • To improve our customer service:
      The information we collect from you helps us to be more effective in response to your customer service requests and support needs. We aim to constantly improve our customer service in order to provide our users with the most efficient and intuitive online services.
    • To personalize your experience on our website:
      We may use the information you provide us in order to understand how you use the services and resources provided on our Site, what are your preferences regarding our products. We aim to create an intuitive interface which will make your experience online a much easier and helpful one.
    • To improve our website:
      We are engaged to continually improve our website offerings and options, based on the information and feedback we receive from our users. We strongly believe that by working close to our customers, listening to their needs or preferences, we can provide a fully functional and well-organised website which will suit the majority of customers’ tastes.
    • To process the transactions regarding your order:
      We use the information you provide us with when placing an order on our website only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the delivery service.
    • To send periodic emails: When you make an online order on our website, among other personal data, you provide us your email address. The email address you provide us in this procedure will only be used to send you the information and updates relevant and helpful regarding your order. It may also be used to respond to their inquiries, and/or other requests or questions.
  2. You will also have the opportunity to opt-in to our newsletter (mailing list). If you choose to subscribe to our newsletter, you will receive emails that may include company news, updates, related product or service information, new arrivals, changes that occur on our website etc. If at any given time the you would like to unsubscribe from receiving our newsletter via email, please take into consideration that we will include unsubscribe instructions at the bottom of each email or you may contact us via telephone 0040 757 455 050 or in writing at info@amiramour.eu. If you decided to write us an email in order to unsubscribe from our newsletter, please provide your full name, mailing address, email address and phone number when sending this request.

8. HOW WE SECURE YOUR PERSONAL INFORMATION

  1. In order to secure the personal information which we collect, we are focused on adopting appropriate data collection, storage / processing practices and security measures to protect against unauthorized access or against any kind of alteration, disclosure or destruction of your personal information, username, password, transaction information, and data stored on our Website.
  2. We advise you that sensitive and private data exchange between our website and our users happens over an SSL secured communication channel and is encrypted and fully protected.
  3. Regarding your Amiramour account (if you choose to create one), we advise you that the information you will add on your profile is password-protected for your own privacy and security. Please be aware of the fact that Amiramour will never ask you for your password in an unsolicited phone call or e-mail. Furthermore, please take into consideration that you are responsible for maintaining the secrecy of your password and account information. Remember to sign out of your account and close your browser window when you have finished shopping to help ensure that others cannot access your personal information. Amiramour reserves the right to refuse service, terminate accounts, ban accounts, remove or edit content or cancel orders at any time if there are reasonable suspicions regarding a certain user account.
  4. In addition, regarding online payments, we mention that when you submit sensitive information via the checkout on our web site, that information is also encrypted and protected by Secure Sockets Layer (SSL) advanced encryption technology. In no circumstance will we store that type of information, nor will we be able to view your full payment details and hence we cannot retrieve any data related to your banking details.
  5. Access to your personal information will only be granted to our authorized personnel and only for the purpose of fulfilling the duties specific to accomplish the purposes we stated above at section 6. Our personnel has the legal and the contractual obligation to keep your data secured and confidential.
  6. If at any given time a data breach occurs on our website or on the servers where it is hosted, we will contact all users via email in order to notify them about the breach and what are the next measures / steps that need to be done in order to maintain the security of their personal information. In that case, we will also notify the Romanian National Supervisory Authority for Personal Data Processing within 72 hours since the breach occurred.

9. WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

  1. In the first place, we advise you that we do not sell, trade or rent Users’ personal identification information to others.
  2. In the second place, we may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above at section 6.
  3. We can also use third-party service providers (online payment providers, banking services, IT solutions providers, marketing) to help us operate our business and the Website or administer activities on our behalf, such as sending out newsletters or surveys. We may share your personal information with these third parties for the limited purposes stated above.

10. CONTACT FORM:

If you send us questions via the contact form, we will collect the data entered in the form, including the contact details you provide, to answer your and other questions. We do not transfer this information without your permission. Therefore, we will process all data that you enter in the contact form only with your consent [in accordance with the provisions of art. 6 par. 1 a) GDPR]. You can revoke your agreement at any time, as an informal email will be sufficient. Data processed before your request is received may be legally processed. We will keep the data you provide on the contact form until:

  1. request data deletion;
  2. revoke your consent for their storage or if
  3. the purpose for its storage is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.


11. CONTACTING US BY EMAIL OR TELEPHONE

If you contact us by email or telephone, your request, including any personal data you provide, will be stored and processed by us for the purpose of resolving your request, based on your consent.

Therefore, we will process all data you provide under the following legal provisions in the GDPR, respectively:

  1. only with your consent - in accordance with the provisions of art. 6 par. 1 a) GDPR;
  2. for the execution of a contract or in the pre-contractual stage - in accordance with the provisions of art. 6 par. 1 b) GDPR;
  3. for the fulfillment of the purpose and the legitimate interest pursued by us, respectively that of efficient processing of the requests sent by you - in accordance with the provisions of art. 6 par. 1 f) GDPR.

We will keep the data you provide in this way until:

  1. request data deletion;
  2. revoke your consent for their storage or if
  3. the purpose for its storage is no longer valid in all cases, except mandatory data retention periods.

 12. SITE REGISTRATION (USER ACCOUNT)

You can register on this website to access additional features and services offered by our company. In this regard, the data you enter will be used and processed in order to use the service or functions for which you have registered. The required registration data must be provided by you in its entirety, otherwise the registration operation will be rejected.

To inform you of important changes, such as those in the scope of our site or technical changes, we will use the email address you specified at the time of registration.

The processing of personal data, provided in the registration procedure, is done only with your consent and in compliance with the provisions of art. 6 par. 1 a) GDPR. You can revoke your agreement at any time, as an informal email will suffice. We will continue to store data collected during registration as long as you remain registered on this website, but mandatory storage periods remain valid and will be respected.


13. OUR OBLIGATIONS

  1. PROCEDURES OF PROCESSING ACTIVITIES

According to the GDPR Regulation, the controller or the person authorized by the controller should keep, for a reasonable period of time, records of the processing activities under his responsibility. Thus, these records will contain all the following information:

  • the name and contact details of the operator;
  • processing purposes;
  • description of the categories of data subjects and of the categories of personal data;
  • the categories of recipients to whom the personal data have been or will be disclosed;
  • if applicable / possible:
    • transfers of personal data;
    • expected deadlines for deleting various categories of data;
    • a general description of the technical and organizational security measures.

The obligation set out above does not apply to an enterprise or organization with less than 250 employees, unless its processing is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional or the processing includes special categories data or personal data relating to criminal convictions and offenses.

B. ADEQUATE TECHNICAL AND ORGANIZATIONAL MEASURES

Given the current state of technology, the context and purposes of the processing, as well as the risks to the rights and freedoms of individuals, the controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data that are required for each specific purpose of the processing.

C. INFORMING the data subject about personal data breach

Compared to the provisions of art. 34 of the GDPR, if the breach of security of personal data is likely to pose a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay about such breach, unless:

    • appropriate technical and organizational safeguards have been implemented, and these measures have been applied to personal data affected by personal data breaches, in particular measures to ensure that personal data become unintelligible to anyone who does not is authorized to access them, such as encryption;
    • further steps have been taken to ensure that the high risk to the rights and freedoms of the persons concerned referred to above is no longer likely to materialize;
    • it would require a disproportionate effort. In this case, public information shall be provided instead or a similar measure shall be taken to inform the data subjects in an equally effective.

14. SHIPPING & DELIVERY

We ensure, through courier services, the delivery of the products ordered by you. The personal data processed for the delivery of orders placed are protected by each provider of such services, in accordance with its own Privacy Policy. The legal basis for processing the data necessary for the processing of deliveries is represented by art. 6 par. 1 a) GDPR (you, as the data subject, have given your consent for the processing of personal data for the purpose of delivery of orders), art. 6 par. 1 b) GDPR (processing is necessary for the execution of a contract in respect of which you are the beneficiary) and art. 6 par. 1 f) - the processing is necessary for the purpose of the legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, especially when the data subject is a child.

The purposes for which the personal data are processed are expressly set out in the Privacy Policy of the providers of such services, details also exist regarding the transfer of data (to affiliates, partners, employees, authorities and public institutions), but also with on the legal basis or duration of processing and storage.

A. DHL

Your order, placed on this website, will be delivered through DHL's courier services. The company that ensures the deliveries is Deutsche Post AG, registered under no. HRB 6792 and with VAT identification number DE 169838187, headquartered in Bonn, Charles-de-Gaulle-Straße 20, 53113, Germany.

Deutsche Post AG and its subsidiaries operating under the DHL brand process your personal data for the following purposes:

a) for the pre-contractual phase and for the performance of a contract to which the data subject is a party:

a) data is processed such as: customer identification data, email, telephone, delivery addresses, bank details;

b) the legal basis for the processing of the aforementioned data is art. 6 par. 1 b) of the Regulation.

b) for advertising and direct marketing purposes:

a) data is processed such as: name, email address, postal data;

b) the legal basis for the processing of the aforementioned data is art. 6 par. 1 f) of the Regulation;

c) for sending newsletters, the legal basis is represented by art. 6 par. 1 a) GDPR. If you unsubscribe from email communications or revoke your consent, the corresponding data will be removed or blocked from your mailing list and will no longer be processed for this purpose (including your email address in a blocked list takes place in order to protect the legitimate interests of Deutsche Post AG in accordance with Article 6 (1) (f) of the Regulation).

c) to ensure the security and configuration of the connection without problems, when visiting the Company's websites:

a) it processes the login data of the computer that connects to the DHL site, a list of web pages that you visit within the DHL site, the date and time of your visit, the IP address of your device, the the type of browser and operating system used;

b) following the use of the contact form or the request for information, data provided voluntarily by the user, such as name, address, telephone number or e-mail address (the legal basis in this case being Article 6 paragraph 1) letter a) GDPR);

c) the legal basis for the processing of the aforementioned data is art. 6 par. 1 a) of the Regulation, the storage time of the web tracking data to be stored for a period of 36 months and then deleted automatically.

 d) In accordance with the Privacy Policy, which can be found here: https://www.dhl.com/en-en/home/footer/local-privacy-notice.html, DHL states that certain shipping information will be provided to the authorities in the country of transit or destination for customs clearance and tax authorization or for security clearance, in accordance with the laws of that country.

B. SAMEDAY

 We collaborate with Sameday on local, national and international courier services for your orders. Sameday is operated by DELIVERY SOLUTIONS S.A., with CUI RO23743772 and J40 / 7031/2008 and its headquarters in Bucharest, Splaiul Independenței 319 OB17C Building, Sector 6.

Sameday processes personal data in accordance with the GDPR and for the purposes listed below, namely:

  1. For the provision and improvement of specific postal and courier services - the processed data includes those necessary for taking over, validating, transporting, delivering, invoicing orders, but also those for creating and managing user accounts; user behavior information can also be collected;
  2. For communications, especially regarding the status of orders - the data thus processed may include name, surname, email, telephone;
  3. For the protection of legitimate interests, such as for taking measures to prevent fraud attempts or measures to protect the website https://sameday.ro/ and users from cyber attacks.

The processing of data for the purposes set out above has as legal basis art. 6 of the Regulation, letters a), b) and f), more details can be analyzed here: https://sameday.ro/politica-de-confidentialitate/.


15. ONLINE PAYMENTS

According to GDPR, “in order to maintain security and prevent processing in breach of this Regulation, the controller or the controller should assess the risks inherent in the processing and implement measures to mitigate such risks, such as encryption”, the availability of strong and efficient encryption is a must to ensure the protection, confidentiality and integrity of personal data.

During the process of buying the products sold through this website, your bank details are safe!

We use secure encryption methods, the data being transmitted over high security connections to financial units. Therefore, the data you provide for payment is not passed on to third parties and is not saved in databases.

Among other options, we offer payment via PayPal on our website. The provider of this payment processing service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

If you choose to pay with PayPal, certain data and information that you enter with PayPal will be shared for the purposes and reasons set forth below:

a) to provide the services requested or authorized by you - certain data will be disclosed to other legal entities affiliated with PayPal;

b) for processing transactions - necessary data and information will be directed to third parties, service providers who perform functions in the interest and on behalf of PayPal;

c) for the provision of other financial benefits - certain personal data will be shared with other financial institutions and entities;

d) to improve user experiences and help merchants better understand the use of payment services (including dispute resolution or fraud prevention and detection).

The legal basis for the transfer of your data with PayPal, in the ways described above, is Art. 6 par. 1 a) GDPR (your consent), as well as art. 6 par. 1 b) GDPR (processing for the fulfillment of obligations arising from a contract). You have the option to withdraw your consent to the processing of your data at any time. Such revocation has no impact on the effectiveness of data processing transactions that have taken place in the past.

For more details, go to: https://www.paypal.com/en/webapps/mpp/ua/privacy-full .

Also regarding the payments on this website, NETOPIA mobilPay constantly works to achieve customer objectives through secure, fast and easy payments. NETOPIA mobilPay is a service offered by NETOPIA SRL, which is based in Bucharest, Pierre de Coubertin Boulevard 3-5 Office Building, 4th floor, sector 2, 021901.

To the extent that you are a user of the services provided by Netopia, this entity will process your data as follows:

  • as a representative of the merchant to whom you make a payment using Netopia services, under the contract between you and that merchant, for the purpose of facilitating (processing) your payments to that merchant;
  • as an operator, under the legal obligations of Netopia, for the purpose of anti-fraud monitoring and filtering.

There are certain processing purposes, for which it is necessary, according to the applicable regulations, for Netopia to obtain your consent. Your consent may be withdrawn at any time, and Netopia will take your preferences into account. The purposes for which Netopia is most likely to seek your consent are: direct marketing, advertising through the promotion / promotion of the most appropriate Netopia products and services, Netopia affiliates or Netopia partners, as appropriate (including the transfer of certain categories of data to the entities mentioned - to the extent necessary), as well as the transmission by Netopia of commercial communications for this purpose.

Netopia processes the following categories of personal data:

  • Identification data, consisting of name, surname, telephone number, e-mail address, delivery address, customer code assigned by the merchant to which you make a payment using Netopia services;
  • Financial data, consisting of the value paid, the card number, the name on the card, the expiry date, the CVV code, the unique transaction identification code and any other data on the payment methods used, to the extent necessary for Netopia, in the purposes described below;
  • Data on fraudulent / potentially fraudulent activity, consisting of data on charges and convictions related to crimes such as fraud, money laundering and terrorist financing;
  • Data derived from the above-mentioned categories, consisting of data on the history of use of Netopia services, information resulting from non-compliances reported by any person.

Your refusal to provide the personal data requested by Netopia may make it impossible for you to provide Netopia services and / or to fulfill other processing purposes by Netopia.

For more details, you can access: https://www.mobilpay.ro/public/politica-de-confidientialitate/.


16. YOUR RIGHTS

  1. According to the General Data Protection Regulation 2016/679 you have the following rights:
    • The right to be informed: you have the right to be informed about the collection and use of your personal data;
    • The right of access: you have the right of access to your personal data. You can ask confirmation of whether your data is being processed or not, other supplementary information (including mandatory privacy information) or a copy of the personal data that is processed;
    • The right to rectification: you can ask the data controller to rectify inaccurate or incomplete data;
    • The right to erasure: you can ask the data controller to erase your personal information data that has been processed;
    • The right to restrict processing: you have the right to limit the processing of your personal data in case you consider that the information is not accurate and in other circumstances as stated in the Regulation;
    • The right to data portability: you have the right to receive your personal data which you have provided to the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
    • The right to object: you have the right to oppose to any processing of personal data
    • The right to not be evaluated based on automated processing: you have the right not to be subject to a decision that is based solely on automated processing and which significantly affects you (eg. profiling for jobs, insurance premiums etc.).

17. CHANGES TO THIS PRIVACY POLICY

  1. We reserve the discretion to update this privacy policy at any time. When we update our policy, we will inform you at the top of the webpage when the document has been lastly modified.
  2. We strongly encourage and advise you to frequently check this page for any changes that may occur, in order to stay informed about how we are helping to protect the personal information we are collecting. Thus, you acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of the changes that have been made to it over time.

18. YOUR ACCEPTANCE OF THESE TERMS

  1. By using www.amiramour.eu, you therefore accept this policy and our Terms and Conditions. If you do not agree to this policy, please cease immediately using this website. If you continue using our Website following the posting of changes to this policy it will be considered that you have read and accepted the updated form of this policy.

19. CONTACTING US

  1. If you have any questions about this Privacy Policy, about how your data is being processed or any other question regarding this matter, please contact us at:
    Phone number: 0040 757 455 050
    Address: 13, Anemonelor Alley, Cluj-Napoca, 400482, Romania
    Email address: data.protection@amiramour.eu

GET IN TOUCH

* Required fields