Privacy policy

Privacy Policy regarding the processing of personal data

We consider ensuring the right to personal data protection as a fundamental commitment of Cafendo, therefore we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “ GDPR ”), as well as with any other legislation applicable on the territory of Romania. As one of the key principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us about products and services. including our website or mobile applications.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process personal data or any changes in legal requirements. In the event of any such changes, we will post on our website an amended version of the Privacy Policy, which is why we will periodically request the content of this Privacy Policy.

Who we are and how you can contact us

Cafendo is the trade name of WEB PUSH S.R.L., a legal entity of Romanian nationality, having its registered office in Oradea, Strada Gheorghe Doja no. 24, ap. 6, with serial number in the Trade Register J40 / 372 / 23.01.2002, unique fiscal registration code RO14399840 (hereinafter “Cafendo” or “new”). For the purposes of data protection law, we are the operator when we process your personal data.

As we are always open to hearing your views, as well as providing you with any additional information you may need regarding the processing of your data, we encourage you to contact the Cafendo Data Protection Officer at [email protected] or by mail or courier at Oradea, Strada Gheorghe Doja no. 24, ap. 6, Bihor County - with the mention: in the attention of the Cafendo Data Protection Officer.

Examples of Information Collected

Information you give us when you use Cafendo Services

You provide information to us when you:

  • Search or shop for products or services in our stores;
  • Add or remove an item from your cart, or place an order through or use Cafendo Services;
  • Download, stream, view, or use the content on a device or through a service or application on a device;
  • Provide information in Your Account (and you might have more than one if you have used more than one email address or mobile number when shopping with us) or Your Profile;
  • Configure your settings on, provide data access permissions for, or interact with a Cafendo service;
  • Provide information in your Seller Account, Customer account, or any other account we make available that allows you to develop or offer software, goods, or services to Cafendo customers;
  • Offer your products or services on or through Cafendo Services;
  • Communicate with us by phone, email, or otherwise;
  • Complete a questionnaire, a support ticket, or a contest entry form;
  • Provide and rate reviews;

As a result of those actions, you might supply us with such information as:

  • Identifying information such as your name, address, and phone numbers;
  • Device ID;
  • Payment information;
  • Your age;
  • Your location information;
  • Your IP address;
  • People, addresses, and phone numbers listed in your Addresses;
  • Content of reviews and emails to us;
  • Personal description and photograph in Your Profile;
  • Corporate and financial information;
  • Credit history information;

All this information will be used for orders, application functionality, communication, and marketing purpose.

Automatic information

Examples of the information we collect and analyze include:

  • The internet protocol (IP) address used to connect your computer to the internet;
  • Login, email address, and password;
  • The location of your device or computer;
  • Device metrics such as when a device is in use, application usage, connectivity data, and any errors or event failures;
  • Cafendo Services metrics (e.g., the occurrences of technical errors, your interactions with service features and content, your settings preferences and backup information, location of your device running an application, information about uploaded images and files such as the file name, dates, times and location of your images);
  • Version and time zone settings;
  • Purchase and content use history, which we sometimes aggregate with similar information from other customers to create features like Top Sellers;
  • The full Uniform Resource Locator (URL) clickstream to, through, and from our websites, including date and time; products and content you viewed or searched for; page response times, download errors, length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs);
  • Phone numbers used to call our customer service number;

We may also use device identifiers, cookies, and other technologies on devices, applications, and our web pages to collect browsing, usage, or other technical information.

Information from other sources

Examples of information we receive from other sources include:

  • Updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily;
  • Account information, purchase or redemption information, and page-view information from some merchants with which we operate co-branded businesses or for which we provide technical, fulfillment, advertising, or other services;
  • Information about your interactions with products and services offered by our subsidiaries;
  • Search results and links, including paid listings (such as Sponsored Links);
  • Credit history information from credit bureaus, which we use to help prevent and detect fraud and to offer certain credit or financial services to some customers.

Information you can access

Examples of information you can access through Cafendo Services include:

  • Status of recent orders (including subscriptions);
  • Your complete order history;
  • Personally identifiable information (including name, email, password, and address book);
  • Payment settings (including payment card information, promotional certificate and gift card balances, and 1-Click settings);
  • Email notification settings (including Product Availability Alerts, Delivers, Special Occasion Reminders, and newsletters);
  • Recommendations and the products you recently viewed that are the basis for recommendations (including Recommended for You and Improve Your Recommendations);
  • Shopping lists and gift registries (including Wish Lists and Baby and Wedding Registries);
  • Your content, devices, services, and related settings, and communications and personalized advertising preferences;
  • Content that you recently viewed;
  • Your Profile (including your product Reviews, Recommendations, Reminders, and personal profile);
  • If you are a seller, you can access your account and other information, and adjust your communications preferences, by updating your account;
  • If you are a customer, you can access your account and other information, and adjust your communications preferences, by updating your account;

What categories of personal data do we process?

We generally collect your personal data directly from you so that you have control over the type of information you provide to us. By way of example, we receive information from you as follows:

When you create a Cafendo account, send us: your email address, name, and surname;

Within your personal page (My Account) on the Cafendo platform you can add additional information, such as photo, gender, nickname, mobile phone number, landline number, date of birth, level of education, delivery addresses, alternative email address -mail, bank card details, etc .;

When you place an order, you provide us with information such as the desired product, name and surname, delivery address, billing details, payment method, phone number, bank card details, etc.

We also offer you the opportunity to register on the Cafendo platform through your Facebook or Google account. If you opt for one of these options, you will be directed to a page managed by Facebook Inc/Google LLC, where they will inform you about the transfer of your data to Cafendo. You can view the privacy policies of Facebook and Google, respectively, using the following links:

https://www.facebook.com/about/privacy

https://policies.google.com/privacy

We may also collect and subsequently process certain information about your behavior while visiting our website or using your smartphone to personalize your online experience and provide you with offers tailored to your profile. we invite you to find out more details in this regard by consulting the section on the purposes of processing below.

On our website and in the smartphone application we can store and collect information in cookies and similar technologies, according to the Cookies Policy.

We do not collect or otherwise process sensitive data, included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data on minors under the age of 16.

What are the purposes and grounds of processing

We will use your personal data for the following purposes:

1. To provide Cafendo services for your benefit.

This general purpose may include, as appropriate, the following:

a) Creation and administration of the account within the Cafendo platform;

b) Order processing, including taking over, validating, shipping, and invoicing;

c) Resolving cancellations or problems of any kind related to an order, the goods or services purchased;

d) Returning the products according to the legal provisions;

e) Reimbursement of the value of the products according to the legal provisions;

f) Providing support services, including providing answers to your questions about your orders or Cafendo goods or services or those of Cafendo Marketplace partners.

The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between Cafendo and you. Also, certain processing subject to these purposes is required by applicable law, including tax and accounting law.

2. To improve our services

We always want to offer you the best online shopping experience. To do this, we may collect and use certain information about your Buyer's behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order or we may conduct, directly or with the help of partners, market research and research.

We base these activities on our legitimate interest in doing business, always making sure that your fundamental rights and freedoms are not affected.

3. For marketing

We want to keep you informed about the best offers for the products/services that interest you. In this regard, we can send you any type of message (such as e-mail / SMS / telephone / mobile push/web push / etc.) Containing general and thematic information, information on products similar or complementary to those on that you have purchased, information about offers or promotions, information about products added to the “My Account / Cart” section or the “Account / Favorites” section, or that you have shown interest in purchasing them, as well as other commercial communications such as market research and opinion polls, and we can display personalized recommendations on the website and in the smartphone app. In order to provide you with information of interest to you, we may use certain data about your buyer behavior (eg products viewed/added to your wishlist / purchased) to create a profile for you. We always make sure that this processing is carried out in compliance with your rights and freedoms and that the decisions taken on the basis of them do not have legal effects on you and do not affect you in a similar way to a significant extent.

In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:

- Changing the settings in the client account in the "My Subscriptions" section;

- Accessing the unsubscribe link displayed in the messages you receive from us; or through

- Contact Cafendo using the contact details described above.

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case, where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will process your request.

4. To defend our legitimate interests

There may be situations in which we use or transmit information to protect our rights and business. These may include:

- Measures to protect the website and users of the Cafendo platform from cyber attacks:

- Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;

- Measures to manage various other risks.

The general basis of these types of processing is our legitimate interest in defending our commercial activity, it is understood that we ensure that all the measures we take to guarantee a balance between our interests and your fundamental rights and freedoms.

We also, in certain cases, base our processing on legal provisions such as the obligation to ensure the protection of goods and values provided by the applicable legislation in this matter.

As long as we keep your personal data

As a general rule, we will store your personal data as long as you have an account on the Cafendo platform. You may ask us to delete certain information or close your account at any time, and we will respond to such requests, subject to the retention of certain information, including after closing your account, where applicable law or our legitimate interests so require.

To whom we transmit your personal data

Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients:

- companies within the same group of companies as Cafendo,

- Cafendo Marketplace partners;

- courier service providers;

- payment/banking service providers;

- marketing/telemarketing service providers;

- market research service providers;

- insurance companies;

- IT service providers;

- other companies with which we can develop joint programs to offer our goods and services on the market.

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

In which countries do we transfer your personal data

We currently store and process your personal data in Romania.

However, we may transfer certain of your personal data to entities located in the European Union or outside the Union, including in countries for which the European Commission has not recognized an adequate level of protection of personal data.

We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data. transferred from within the EU to the United States.

You can contact us at any time, using the contact details set out above, to find out more about the countries in which we transfer your data, as well as the guarantees we have put in place regarding these transfers.

How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.

The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers while ensuring data redundancy.

We use PayU payment processor services to make payments. Any payment information is encrypted using HTTPS technology with TSL 1.2 encryption.

Despite the measures taken to protect your personal data, we warn you that the transmission of information via the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data may be viewed and used by third parties. unauthorized parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.

What rights do you have?

The General Data Protection Regulation gives you a number of rights in relation to your personal data. You may request access to your data, correct any errors in our files, and/or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to go to court. Where applicable, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data, and the right to data portability.

More information about each of these rights can be obtained by consulting the table below.

In order to exercise your rights, you can contact us using the contact details listed above. Please note the following if you wish to exercise these rights:

Identity. We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such registrations using the Cafendo account email address. Otherwise, we reserve the right to verify your identity by requesting additional information for the purpose of confirming your identity.

Fees. We will not charge you a fee to exercise any right in respect of your personal data, unless your request for access to information is unfounded, repetitive, or excessive, in which case we will charge a reasonable amount. in such circumstances. We will inform you of any fees applied before resolving your application.

Response time. We intend to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what worries you. This will help us act faster and shorten the response time to your request.

Third-party rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.

Targeted rights Description

Access You can ask us:

  • to confirm if we process your personal data;
  • provide you with a copy of this data;
  • to provide you with other information about your personal data, such as the data we have, what we use it for, to whom we disclose it, if we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you by this information.

Correction

You may ask us to rectify or complete your inaccurate or incomplete personal data.

We may try to verify the accuracy of the data before rectifying it.

Data deletion

You can ask us to delete your personal data, but only if:

  • they are no longer necessary for the purposes for which they were collected; or
  • you withdraw your consent (if the data processing was based on consent); or
  • exercise a legal right to oppose; or
  • they were processed illegally, or we have a legal obligation in this regard.

We are not obligated to comply with your request to delete your personal data if the processing of your personal data is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise, or defense of a right in court.

There are certain other circumstances in which we are not required to comply with your request to delete data, although these are the two most likely circumstances in which we may deny this request.

Please note that before exercising this right, you must download from your Cafendo account and save all documents related to orders placed from Cafendo, regardless of whether the invoicing was made to you or to another natural or legal person (such as invoices, warranty certificates). If you do not do this before exercising your right to delete, you will lose all these documents and Cafendo will be unable to make them available to you, as appropriate, because the process of deleting data, respectively Cafendo account, with all its data and documents, is an irreversible process.

Restricting data processing

You can ask us to restrict the processing of personal data, but only if:

  • their accuracy is contested (see rectification section) to allow us to verify their accuracy; or
  • processing is illegal, but you do not want the data to be deleted; or
  • they are no longer necessary for the purposes for which they were collected, but you need them to ascertain, exercise, or defend a right in court; or
  • you have exercised your right to object, and the verification of whether our rights prevail is ongoing.

We may continue to use your personal data following a request for a restriction if:

we have your consent; or

  • to establish, exercise, or ensure the defense of a right in court; or
  • to protect the rights of Cafendo or any other natural or legal person.

Data portability

You can ask us to provide you with personal data in a structured, commonly used, and automatically readable format, or you can request that it be "ported" directly to another data controller, but in each case only if:

  • processing is based on your consent or the conclusion or execution of a contract with you; and
  • processing is done by automatic means.

Opposition

You may object at any time, for reasons related to your particular situation, to the processing of your personal data under our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.

You may also object at any time to the processing of your data for direct marketing purposes (including profiling), without giving any reason, in which case we will cease this processing as soon as possible.

Automatic decision making

You can request not to be subject to a decision based solely on automatic processing, but only when that decision:

  • produces legal effects on you; or
  • it affects you in a similar way and to a significant extent.

This right shall not apply where the decision reached as a result of automatic decision-making:

  • we are required to enter into or enter into a contract with you;
  • is authorized by law and there are adequate guarantees for your rights and freedoms; or
  • is based on your explicit consent.

Complaints

You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are the following:

National Authority for the Supervision of Personal Data Processing

B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212;

E-mail: [email protected]

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issue amicably.

  • We remind you that you can contact the Cafendo Data Protection Officer at any time by submitting your request in any of the following ways:

- by e-mail to: [email protected] or

- by post or courier to the address: Strada Gheorghe Doja no. 24, ap. 6, Oradea, Bihor County - with the mention in the attention of the Cafendo Data Protection Officer.