TERMS AND CONDITIONS.
• Thank you for visiting this website and we hope you will be delighted to learn more about www.tessuto.ro. This website is owned and administered by SC Tessuto Textil SRL-D, Str. Bucharest no. 64 ap. 71 400148 Cluj-Napoca, Cluj county Romania CUI RO 36739374, J12/4078/14.11.2016.
• We also assure you that when browsing our website, the connection is secure: E.g. account passwords if you authenticate, there is a VALID SSL certificate. You can find out more by pressing Learn more.
• Data protection is a particularly important aspect for us. The use of our Internet pages is possible without the indication of personal data, however, if someone wants to use our services through the site, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis or contract for such processing, we obtain the consent of the data subject.
• In order to comply with the provisions of the General Data Protection Regulation (GDPR), we have implemented numerous technical and organizational measures aimed at ensuring the most complete protection of personal data processed through this website. However, data transfer via the Internet can, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, each data subject has the freedom to transfer personal data to us by alternative means, e.g. by phone, in writing, etc.
Our data protection policy uses the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). We want our Data Protection Policy to be readable and easy to understand for everyone. In order to achieve this goal, we first explain the terminology used. In this data protection policy, we use, among others, the following expressions:
A) PERSONAL DATA
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific physical, physiological factors , genetic, mental, economic, cultural or social of that natural person.
B) THE PERSON CONCERNED
The data subject is any identified or identifiable natural person, whose personal data is processed by the operator (data controller) or authorized person (data processor).
Processing is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation , disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
D) RESTRICTION OF PROCESSING
Restriction of processing is the selection of stored personal data in order to limit future processing.
Profiling means any form of automatic processing of personal data that consists in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or anticipate aspects of the natural person's performance at work, the situation economic, health, personal preferences, interests, behavior, location or travel.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person.
G) OPERATOR OR CONTROLLER RESPONSIBLE FOR PROCESSING
The operator or controller responsible for processing is the natural or legal person, public authority, agency or other body that, alone or together with others, determines the purposes and means of personal data processing; if the purposes and means of such processing are established by the legislation of the Union or the Member State, the operator or the specific criteria for its appointment may be provided by the legislation of the Union or the Member State.
H) AUTHORIZED PERSON – THE PROCESSOR
Authorized person – The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator.
I) THE BENEFICIARY
The recipient is a natural or legal person, public authority, agency or other body to whom the personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data in the course of an investigation, in accordance with Union or Member State legislation, are not considered beneficiaries; the processing of this data by the respective public authorities must be in accordance with the applicable data protection rules in accordance with the purposes of the processing.
J) THIRD PARTIES
It may be a third party, a natural or legal person, a public authority, an agency or a body, other than the data subject, the operator, the authorized person, which, under the direct authority of the operator or the authorized person, is authorized to process data personal.
The data subject's consent is any specific, informed and unambiguous indication of the data subject's wishes by which he, through a statement or a clear affirmative action, accepts the processing of personal data concerning him.
By means of a cookie, the information and offers on our website can be optimized according to the user. Cookies allow us, as previously mentioned, to recognize users of our website. The purpose of this recognition is to facilitate the use of our website. The website user e.g. they do not have to enter access data every time the site is accessed, because it is retrieved and the cookie is thus stored in the user's computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart by means of a cookie.
This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website can be used in full.
The principles governing our privacy and personal data processing policy are:
• The principle of legality, fairness and transparency. This requires that personal data be processed in a legal, fair and transparent manner in relation to the data subjects.
• Principle of goal limitation. This requires that personal data must only be collected for specified, explicit and legitimate purposes.
• Principle of minimum data collection to achieve the purpose for which consent was obtained. According to this principle, personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
• The principle of keeping data up to date ensures that personal data is correct and updated where necessary.
• The principle of data storage strictly for the period for which consent was obtained. This requires that personal data be kept in a form that allows identification of the data subjects for as long as necessary for data processing.
• Principle of ensuring adequate data security so that they are intact, confidential and available.
• Principle of responsibility, the operator is responsible for compliance with the principles listed in Article 5(1) of the GDPR and must be able to demonstrate compliance with them.
According to Regulation (EU) 679/2016 (applicable at the EU level from May 25, 2018), known as the GDPR acronym, it refers to the protection of natural persons with regard to the processing of personal data and the free movement of such data and repeals the Directive 95/46/EC.
Personal data, in the sense of the GDPR, means any information regarding an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element such as a name, an identification number, location data, an online identifier or one or more elements specific, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
• Questions and requests
If you have questions or concerns about the processing of your data, or wish to exercise your legal rights in relation to the data we hold, or if you have concerns about how we handle any privacy issue, you can contact the data protection contact data at the level of TESSUTO TEXTIL SRL-D has the email: firstname.lastname@example.org.
Personal data collected
• Information you voluntarily provide to us
When you use the website to place an order or when you contact us by phone, email or communicate with us in any way (e.g. by phone) you voluntarily give us your personal information. This information includes your first and last name, shipping/billing address, email address and phone number. By giving us this information, we keep it secure and confidential in our database.
• Information we collect automatically
We store personal data only for the period necessary to fulfill the purposes, but no longer than 10 years after the last visit to the site or the last interaction with us, for the following purposes:
• to take the necessary steps in order to promote advantageous promotional offers for you or for other marketing activities, but only if you have given your consent in advance;
• to answer your questions and requests;
• to offer and improve the services we offer, both directly and through our collaborators
Also, the data regarding invoicing and other such legal obligations are kept in accordance with the Law - Fiscal Code and Application Rules - applicable on the territory of Romania.
• Processing of personal data
Regarding the data that you voluntarily provide us by completing and sending the forms or by contacting us in any way, the legal basis is to take measures at the request of the data subject before providing services (art. 5, para. 2 letter (a) of Law no. 677/2001) and to take steps at the request of the data subject for the provision of a service (art. 6, paragraph (1) letter b of Regulation (EU) 679/2016). Both according to the current legislation and according to the GDPR (applicable from May 25, 2018), your consent is not required in the situation where the processing is necessary to carry out steps to provide a service, fulfill a legal obligation or legitimate interest.
Disclosure and transmission of personal information
We will not disclose your information to unauthorized third parties for their own marketing or commercial purposes. However, we may disclose your information to the following entities:
• Service providers. We may disclose your information to other partner companies of TESSUTO TEXTIL SRL-D (e.g. Accounting) or to third parties that provide us with services and act as authorized persons, such as companies that help us with website maintenance or specialized companies by courier.
Although in principle we only use the courier company FAN COURIER, we would like you to give us feedback regarding your experience in relation to the delivery of products, in order to be able to choose a courier company that fully respects the rules and policy of TESSUTO TEXTIL SRL-D. The confidentiality and personal data protection policy of FAN COURIER can be consulted at the following website: https://www.fancourier.ro/politica-de-prelucrare-a-datelor-cu-caracter-personal/
• Courts, prosecutors or other public authorities to comply with the law or in response to a mandatory legal process (such as a search warrant or court order);
• The rights of data subjects
1. The right to withdraw consent.
In the situation where the processing is based on consent, you can withdraw your consent at any time and free of charge by sending an e-mail to the address email@example.com
2. The right to lodge a complaint with a supervisory authority.
According to the GDPR Regulation, the data subject has the right to file a complaint (art. 77) with the National Authority for the Supervision of Personal Data Processing, at its headquarters in B-dul G-ral Gheorghe Magheru no. 28 - 30, sector 1, Bucharest, postal code 0103336, e-mail: firstname.lastname@example.org or to address the court (art. 79).
3. The right to appeal to justice.
If the answer provided by Societatea Noastra is unsatisfactory or evasive for you, you have the possibility to address the Court. This Right can also be exercised directly, without contacting our company, but to avoid any misunderstandings or unwanted interpretations, please contact us.
4. Right of access.
You have the right to obtain from us a confirmation that personal data concerning you is being processed or not and, if so, you have the right of access to that data.
5. The right to rectification.
You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you. In some cases, we may not be able to search your personal data because of the identifiers you provide in your request. An example of personal data that we cannot consult when you provide us with your name and email address is data collected through cookies by your browser. In such cases, if we are unable to identify you as a data subject, we are unable to comply with your request unless you provide additional information to enable identification. Taking into account the purposes for which the data were processed, you have the right to obtain the completion of personal data that are incomplete, including by providing an additional statement.
6. Right to data deletion (right to be forgotten).
In situations where the data is no longer necessary for the fulfillment of the purposes, the consent has been withdrawn and there is no other legal basis for the processing, you object to the processing and there are no legitimate reasons that prevail with regard to the processing or the personal data have been processed unlawful, you have the right to obtain the deletion of data concerning you without undue delay.
7. The right to restrict processing.
You have the right to obtain from us the restriction of processing if one of the following cases applies:
• you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data;
• the processing is illegal, and you object to the deletion of personal data, requesting instead the restriction of their use;
• we no longer need the personal data for the purpose of processing, but you request them to establish, exercise or defend a right in court;
• you have objected to processing in accordance with Article 21(1) of the GDPR, for the period of time in which it is checked whether our legitimate rights prevail over your rights.
8. The right to data portability.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another operator, without obstacles from our part, if:
• the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of GDPR; and
• the processing is carried out by automatic means.
9. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or similarly affect you to a significant extent.
You do not have this right if the decision:
• is necessary for the conclusion or execution of a contract between you and a data operator;
• is authorized by Union law or domestic law that applies to the operator and that also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or
• is based on your explicit consent.
For all the rights or concerns that they attract, please address them by email the first time to email@example.com, in order to receive all the necessary information.
SECURITY OF YOUR DATA
We have implemented the following technical and organizational measures to ensure the security of personal data:
• Dedicated policies. We adopt and review our practices and policies for processing the data of our customers and others, including physical and electronic security measures, to protect our systems from unauthorized access and other potential security threats