Privacy Policy
Thank you for your interest in how we handle your data.
Welcome to our www.critelco.com website (hereinafter referred to as the “Site”). Please read this Privacy Policy carefully and make sure that you understand it. It applies each time you visit the Site, surf through its pages or use its services, regardless of whether you purchase any products. If you have any questions or there is something you do not understand, please contact us. The following outlines how we are applying the guidelines as set out by the new General Data Protection Regulation (EU-GDPR, EU 2016/679), which came in force on May 25, 2018.
By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Site.
This Privacy Policy is incorporated into and is subject to the Terms and Conditions of Sale.
Table of Content
1. Definitions used in this Policy
2. Data protection principles we follow
3. What rights do you have regarding your Personal Data
4. What Personal Data we gather about you
5. How we use your Personal Data
6. Who else has access to your Personal Data
7. How we secure your data
8. Information about cookies
9. Contact information
Definitions
Personal Data. Any information relating to an identified or identifiable natural person.
Processing. Any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject. A natural person whose Personal Data is being Processed.
Child. A natural person under 18 years of age.
Anonymization. By modifying the data, identification of a data subject is no longer possible.
Pseudonymization. Modification of data in such a way that it is no longer possible to allocate it to a certain data subject without additional supplementary information.
Activity data. Data stored about the user’s activities.
Analytical tools. Programs allowing analyses of user behavior.
Cookies. A cookie is a small file browsers use to store information about a user’s interaction with a site.
Read more on our Cookies Policy page.
Collector. The natural person or legal entity that, alone or jointly, determines the purposes and means of the processing of personal data.
Processor. The natural person or legal entity that processes personal data on behalf of the controller.
Supervisory authority. The independent public authority responsible for monitoring the application of this GDPR.
Data Protection Officer (DPO). The natural person responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
Data Protection Principles
We follow the following data protection principles:
• We are thoughtful about the Personal Data we ask you to provide and the Personal Data that we collect about you through the operation of the Site.
• Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
• Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
• Processing is limited with a time period. We will not store your personal data for longer than needed.
• We aim for full transparency on how we gather, use, and share your Personal Data.
• We will do our best to ensure the integrity and confidentiality of data.
Data Subject’s rights
The Data Subject has the following rights:
• Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
• Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
• Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
• Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
• Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
• Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
• Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
• Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
• Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
• Right for the help of the supervisory authority– meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
• Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
To apply a request regarding your privacy visit our Privacy Center.
Data we collect
Information provided by you
• Basic Account Information: We require individuals who sign up for a Site account to provide an email address.
• Contact information: – Whenever you places an information request to us, your name and email.
• Newsletter: When you subscribe to our newsletter service, your email and preferences.
• Order & Payment Information: When you place an order to us:
• Billing Data: your first and last name, the billing address, phone and email.
• Invoice Data: Company name, full address, phone, VAT number and other data required by law.
(When your order is completed, you’ll receive by email the corresponding downloadable document proving your purchase. In case, during the ordering process, you choose Receipt (default), the document will have the above billing data, otherwise, choosing Invoice, then the Invoice Data will replace the Billing Data in document.)
• Shipping Data (tangible goods, only): Receiver’s first and last name, the shipping address, phone and email.
• Refund Data: In case of tangible returnable products we collect: your email and full name, account no., IBAN, bank’s name and SWIFT.
Note:
1. We do not collect any data regarding credit/debit cards, since we use third parties services to fulfill such payments.
2. In case you provide us Personal Data regarding third parties (ex. Shipping data, Invoice’s data, Refund data etc.), we consider that the third parties were prior informed by you about our Privacy Policy and they approved its terms and conditions.
Surveys: We may, from time to time, offer surveys and opinion polls and ask you to provide information about your experience and feedback for our services. Information requested for entry may include personal contact information such as your name, email, address, phone number, etc. Participation is entirely voluntary and it’s up to you whether you choose to disclose any information or not.
Other information collected about you automatically
• Information from Cookies and Other technologies: A cookie is a string of information that a website stores on a visitor’s computer. We may use cookies, web beacons or similar technologies to enhance and personalize your experience of the Site, including to operate and improve offerings through the Site; to help authenticate your identity when you visit and transact with the Site; to remember your preferences and registration information; to present and help measure and research the effectiveness of the various offerings, advertisements, and e-mail communications (by determining which e-mails you open and act upon); and to customize the content and advertisements provided to you. The collected information may include your IP address, the approximate geographical location, referral URL, exit URL, browser software, operating system, date/time and/or clickstream data (navigation history).
• Website Analytics tools: We may use analytics services by third parties to collect information about the use of this Site. Analytics tools use tracking technologies (like cookies) to recognize your device and compile information about you. They collect information such as what pages you visit and how much time you spend on these pages, the IP address assigned to you, what operating system and web browser you use, and what website you visited prior to visiting our Site.
• Information Logs: When you visit the Site, view content provided by us, use our services, ask us a question, request technical assistance in regards to our services, send us an email or participate in a survey on our website, we automatically collect and store certain information in log files. This includes your IP address, URL, referral URL, exit URL, browser software, operating system, date/time, requests type to our Site and error responses returned by our Site.
• Social Media: We may also get information about you from other sources. For example, if you create or log into your account on our Site through another service (like Facebook), we will receive information from that service (such as your username, basic profile information, and friends list) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available.
Information from our partners
We might gather information from our trusted partners with confirmation that they have legal grounds to share that information with us. This is either information you have provided them directly with or that they have gathered about you on other legal grounds.
Publicly available information
We might gather information about you that is publicly available.
How we use your Personal Data
We use your Personal Data in order to:
• Register and maintain your account;
• Charge you for any purchased product;
• Provide you with promotional products and services at your request and communicating with you in relation to them;
• Communicate and interact with you; and notifying you of changes to any products and services.
• To further develop and improve our Site–for example by adding new features that we think our users will need;
• To monitor, analyze and better understand how users interact with our Site, which helps us improve our Site and make it easier to use;
• To measure, gauge, and improve the effectiveness of our advertising, and better understand user feedback–for example, we may analyze how many individuals purchased a product after receiving a marketing message (newsletter) or the features used by those who continue to use our Site after a certain period of time;
• To monitor and prevent any problems with our Site, protect the security of our Site, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect our rights and property and others, which may result in declining by us of a transaction or the use of our Site;
• To communicate with you, for example through an email, about offers and promotions offered by us and others we think will be of interest to you, solicit your feedback, or keep you up to date on us and our products; and
We will inform you of any further Processing and purposes.
Who else can access your Personal Data
We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience. We share your data with:
Our processing partners
• SiteGround Spain S.L., Calle de Prim 19, 28004 Madrid, Spain. – The Site’s processor.
• Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic.
We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data.
Our business partners
• United Parcel Service, Inc., (UPS) is a USA multinational package delivery company.
• PayPal Holdings, Inc. is a USA company operating a worldwide online payments system.
• Authorize.Net is a USA-based payment gateway service provider allowing merchants to accept credit card.
We use Personal Data to PayPal or Authorize.net services to fulfill your payments by debit/credit cards. We do not provide any of your Personal Data to them. They independently from us collect information about you.
Other entities that may access your Personal Data
We may disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
How we secure your data
We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.
Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
How long we keep your Personal Data
For the purposes for which you have expressed your consent to the collection and use of your Personal Data, we will process your data for that purpose until you withdraw your consent to the processing for that purpose. However, we will retain the strictly necessary data if we are required to retain this data for (i) the defense of our rights in the courts, or (ii) the reporting to the competent authorities.
In the case of orders (and corresponding invoices) containing your Personal Data issued in view / execution of the mutual obligations related to a purchase of products on our Site, we will keep them as long as they are necessary according to the purpose and according to the legal provisions.
Children
We do not intend to collect or knowingly collect information from children. We do not target children with our services. We do not sell products, provide services under the age of 18. If you are under the age of 13, you are not allowed to use the Site and you must request your parent or guardian to use the Site instead.
Contact Information
Collector
Critelco SRL
Address: 11, Ion Berindei str., build 1-2, entr. D, ap. 114
Sector 2, Bucharest , Romania
Tel:
Email: privacy@critelco.com
Processor
SiteGround Spain S.L.
Calle de Prim 19, 28004
Madrid, Spain
Supervisory authority
ANSPDCP
B-dul G-ral. Gheorghe Magheru 28-30
Sector 1, cod postal 010336 Bucuresti, Romania
Tel: +40.318.059.211 / 212
Fax: +40.318.059.602
Email: anspdcp@dataprotection.ro
www.dataprotection.ro
Data Protection Officer (DPO)
Theodore Maroulis privacy@critelco.com
Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy. Last modification was made. We encourage visitors to frequently check this page for any changes to Site’s Privacy Policy.
Your further use of the Site after a change to our Privacy Policy will be subject to the updated policy.