PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA
We consider ensuring the right to personal data protection as a fundamental commitment for MICHELSBERGER HAUS SRL, and therefore we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation in Romania. Since one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer, and protect your personal data when you interact with us in relation to our products and services, including through our website. We reserve the right to update and modify this Privacy Policy periodically to reflect any changes in how we process your personal data or any changes in legal requirements. In case of any such modifications, we will display the modified version of the Privacy Policy on our website, and we kindly ask you to check the content of this Privacy Policy periodically. Who We Are and How You Can Contact Us MICHELSBERGER HAUS SRL is a legal entity of Romanian nationality, headquartered in Piata Gozelinus, no. 202, Cisnadioara village, Sibiu County, J32/1124/2021, CUI: 44405642. In terms of data protection legislation, we are the data controller when processing your personal data. As we are always open to receiving your feedback and providing any additional information you may need regarding the processing of your data, we encourage you to contact the Data Protection Officer of MICHELSBERGER HAUS SRL at the email address office@michelsbergerhaus.com or by mail or courier at: Piata Gozelinus, no. 202, Cisnadioara village, Sibiu County. What Categories of Personal Data We Process In general, we collect your personal data directly from you, so you have control over the type of information you provide to us. For example, we receive information from you as follows: • When you send us an email through the contact page at office@michelsbergerhaus.com, you provide us with your name, surname, and email address. • We may also collect and further process certain information about your behavior while visiting our website, to personalize your online experience and offer you products tailored to your profile. You are invited to learn more about this by consulting the section regarding the purposes of processing below. On our website, we may store and collect information in cookies in accordance with our Cookie Policy. We do not collect or otherwise process sensitive data, included in the General Data Protection Regulation as special categories of personal data. Additionally, we do not wish to collect or process data from minors under the age of 16. What Are the Purposes and Legal Grounds for Processing We will use your personal data for the following purposes: 1. Provision of services by MICHELSBERGER HAUS SRL for your benefit This general purpose may include creating personalized offers and services for you when you request an offer for products or services provided by us. Processing your data for these purposes is most often necessary for the conclusion and execution of a contract between MICHELSBERGER HAUS SRL and you. Also, certain processing under these purposes is imposed by applicable legislation, including fiscal and accounting laws. We use this information to design our website and application in such a way that it better adapts to the needs of our users. 2. Use of the website The website automatically collects certain information and stores it in log files. This information includes the internet protocol (IP) address, the general location of your computer or device (at city level), the type of browser, the operating system, the time of access, the accessed page link, browsing history of our website pages, and device information. 3. For marketing purposes We want to keep you informed about the best offers for products/services that interest you. To do so, we may send you any type of message (e.g., email/SMS/phone, etc.) containing general and topical information, information about similar or complementary products and services to those you have purchased, information about offers or promotions, information about services you have purchased from us or shown interest in purchasing, as well as other commercial communications such as market research and opinion surveys, and we may display personalized recommendations on the website. To provide you with information of interest, we may use certain data about your shopping behavior (e.g., viewed/purchased services) to create a profile for you. We always ensure that these processes are carried out respecting your rights and freedoms and that the decisions made based on them do not have legal effects on you or significantly affect you in any way. In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by: ◦ Accessing the unsubscribe link displayed in the messages you receive from us, or by ◦ Contacting MICHELSBERGER HAUS SRL using the contact details described above. In certain situations, we may rely on our legitimate interest to promote and develop our business activities. In any situation where we use your information for our legitimate interest, we ensure and take all necessary steps to ensure that your fundamental rights and freedoms are not affected. However, you can always request, through the means described above, that we stop processing your personal data for marketing purposes, and we will comply with your request. 4. To defend our legitimate interests There may be situations where we will use or transfer information to protect our rights and business activities. These may include: ◦ Measures to protect the website and platform users of MICHELSBERGER HAUS SRL from cyber-attacks; ◦ Measures to prevent and detect fraud attempts, including transmitting information to competent public authorities; ◦ Measures to manage various other risks. The general legal basis for these types of processing is our legitimate interest in defending our business activity, understanding that we ensure that all measures we take guarantee a balance between our interests and your fundamental rights and freedoms. Also, in certain cases, we base our processing on legal provisions such as the obligation to ensure the security of goods and valuables, as provided by the applicable legislation in this matter. How Long We Keep Your Personal Data As a general rule, we will store your personal data for as long as MICHELSBERGER HAUS SRL operates legally. You may request the deletion of certain information at any time, and we will comply with these requests, subject to the retention of certain information where applicable legislation or our legitimate interests require it. To Whom We Disclose Your Personal Data As applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients: • Marketing service providers; • IT service providers; • Other companies with whom we may develop joint programs for offering our goods and services on the market. In case we are legally obliged or if necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities. We ensure that access to your data by third-party private legal entities is carried out in accordance with data protection and information confidentiality regulations, based on contracts concluded with them. In Which Countries We Transfer Your Personal Data Currently, we store and process your personal data on the territory of Romania. How We Protect the Security of Your Personal Data We are committed to ensuring the security of personal data through the implementation of appropriate technical and organizational measures according to industry standards. The transmission of your personal data is done using state-of-the-art encryption algorithms, and we store them on secure servers. Despite the measures taken to protect your personal data, we draw your attention to the fact that transmitting information via the Internet, in general, or through other public networks, is not completely secure, and there is a risk that the data could be viewed and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities in systems that are not under our control.
Your Rights The General Data Protection Regulation grants you a series of rights in relation to your personal data. You can request access to your data, correct any errors in our files, and/or object to the processing of your personal data. You may also exercise your right to file a complaint with the competent supervisory authority or to seek justice. Depending on the case, you may also benefit from the right to request the deletion of your personal data, the right to restrict the processing of your data, and the right to data portability. More information about each of these rights is provided below. To exercise your rights, you can contact us using the contact details provided above. Please note the following if you wish to exercise these rights: 1. We take the confidentiality of all records containing personal data very seriously. For this reason, please send your requests regarding such records using the email address related to your offer request. Otherwise, we reserve the right to verify your identity by asking for additional information aimed at confirming your identity. 2. We will not charge a fee for exercising any right related to your personal data unless your request for access to information is unfounded, repetitive, or excessive, in which case we will charge a reasonable amount under such circumstances. We will inform you of any applicable fees before we process your request. Response Time. We aim to respond to all valid requests within a maximum of one month, unless this is particularly complicated or you have made several requests, in which case we will respond within a maximum of two months. We will notify you if we need more than a month. We may ask you to clarify exactly what you would like to receive or what concerns you. This will help us act more quickly and reduce the response time to your request. Third-Party Rights. We do not have to comply with a request if it would negatively affect the rights and freedoms of other individuals. Rights of the Data Subject: Access You can request: • confirmation as to whether or not we are processing your personal data; • a copy of these data; • other information about your personal data, such as what data we hold, what we use them for, who we disclose them to, if we transfer them abroad and how we protect them, how long we keep them, what rights you have, how you can file a complaint, where we obtained your data from, insofar as this information has not already been provided to you through this notification. Rectification You can request us to correct or complete your inaccurate or incomplete personal data. We may attempt to verify the accuracy of the data before correcting them. Deletion of Data You can request that we delete your personal data, but only if: • they are no longer necessary for the purposes for which they were collected; or • you have withdrawn your consent (if the processing of data was based on consent); or • you exercise a legal right to object; or • they have been processed unlawfully; or • we have a legal obligation to delete them. However, we are not obligated to comply with your request for the deletion of your personal data if the processing of your personal data is necessary: • to comply with a legal obligation; or • for the establishment, exercise, or defense of a legal claim. There are some other circumstances where we are not required to comply with your request for deletion of your data, but these two are the most likely situations where we could refuse this request. Restriction of Processing You can request that we restrict the processing of your personal data, but only if: • the accuracy of the data is disputed (see the section on rectification), to allow us to verify its accuracy; or • the processing is unlawful, but you do not want the data to be deleted; or • the data is no longer necessary for the purposes for which they were collected, but you need them to establish, exercise, or defend a legal claim; or • you have exercised your right to object, and we are in the process of verifying whether our interests prevail. We may continue to use your personal data after a restriction request if: • we have your consent; or • for the establishment, exercise, or defense of a legal claim; or • to protect our rights or the rights of another natural or legal person. Data Portability You can request that we provide your personal data in a structured, commonly used, and machine-readable format, or you may request that it be “ported” directly to another data controller, but in each case only if: • the processing is based on your consent or the conclusion or performance of a contract with you; and • the processing is carried out by automated means. Objection You may object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interest, if you believe that your fundamental rights and freedoms outweigh this interest. You may also object at any time to the processing of your data for direct marketing purposes without giving any reason, in which case we will stop this processing as soon as possible. Automated Decision-Making You can request not to be subject to a decision based solely on automated processing, but only when the decision: • has legal effects concerning you; or • affects you similarly in a significant way. This right does not apply when the decision resulting from automated decision-making: • is necessary for the conclusion or performance of a contract with you; • is authorized by law and there are adequate safeguards for your rights and freedoms; or • is based on your explicit consent. Complaints You have the right to file a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows: National Supervisory Authority for Personal Data Processing B-dul G-ral. Gheorghe Magheru No. 28-30, Sector 1, Postal Code 010336, Bucharest, Romania Phone: +40.318.059.211 or +40.318.059.212 Email: anspdcp@dataprotection.ro Without affecting your right to contact the supervisory authority at any time, we kindly ask you to contact us first, and we promise to make every effort to resolve any issues amicably. We remind you that you can contact our Data Protection Officer at any time by sending your request through any of the following methods: Piata Gozelinus, No. 202, Cisnadioara Village, Sibiu County – Romania – with the mention “Attention: Responsible MICHELSBERG.”
