< WORLDWIDE DELIVERY >

< FREE DELIVERY FOR ORDERS OVER 250 RON >

< PREMIUM MANUFACTURER >

Your cart

This Privacy Policy defines how we, SC FREE UKROM ALLIANCE SRL, collect, store and use your personal data when you access or interact with our website www.pandoranarghileashop.com, and where we obtain or collect your data.

This Privacy Policy is applicable from 11.05.2020.

content

  1. Summary
  2. Details about our company
  3. What information we collect when you visit our website
  4. What information we collect when you contact us
  5. What information we collect when you interact with our website
  6. What information do we collect when you place an order on our website
  7. How we collect information about you from third parties
  8. Disclosure and Additional Uses of Your Data
  9. Duration of storage of your data
  10. Securing your information
  11. Transfer of your data outside the European Economic Area
  12. Your rights to personal data
  13. Your right to object to data processing for certain purposes
  14. Sensitive personal data
  15. Changes to our privacy policy
  16. Privacy of minors

  1. Summary

This section summarizes how we obtain, store and use your data. This summary is only intended to provide an overview of the privacy policy. This section is not a complete description and it is necessary to read the additional chapters present in this document for additions.

Data operator : SC FREE UKROM ALLIANCE SRL

How we collect or obtain information about you:

o When you provide that data (by contacting us, subscribing to our newsletter, creating an account and placing an order on our website)

o When you access our website, some data is collected through cookies and other similar technologies, and

o occasionally, from third parties.

What information we collect: name, address, telephone number, email address, IP, information from cookies, information about the device used (for example, device type and web browser), information about how you use our website (which pages you accessed), the date/time you accessed our website and what you clicked on, the geographic location from which you accessed our website (based on the IP address), the name of the company or business (optional), the address of the headquarters social, identification data of the representative of the legal entity

  • How we use your data: for business and administrative purposes (in particular to contact you and process the orders you place on our website, to improve our business and website, to fulfill our obligations contractual, to promote our goods and services, to analyze your use of our website and in relation to our legal rights and obligations)
  • Disclosure of user data to third parties: the minimum necessary for the operation of the business, suppliers, compliance with legal obligations, compliance with any contractual obligation to you.
  • Is user data sold to third parties? (in cases other than the sale or purchase of the business/company): No
  • How long your information is stored: no longer than necessary, depending on our legal obligations (eg to maintain accounting records), or any other legal basis for using the information (eg: consent, contractual obligations, legitimate interests) and certain additional factors described in the section titled How Long We Store Your Data. Information about specific periods when we store user data is in the How Long We Store Your Data section.
  • How your data is secured: by using technical and organizational solutions such as: storing information on secure servers, encrypting data transfers to and from our servers using SSL technology, encrypting payment operations on the site using SSL technology, allowing access to your personal data only when necessary.
  • Use of cookies and similar technologies : We use cookies and similar information-gathering technologies such as web beacons on our website (including essential, functional, analytical and targeting cookies).
  • Transfer of your personal data outside the European Economic Area: In certain circumstances we transfer your information outside the European Economic Area. When we do this, we will ensure that appropriate safeguards are in place.
  • Use of automated decision-making and profiling : We do not use automated decision-making and/or profiling.
  • Your rights in relation to your personal data

o you have the right to access your data and receive information about its use

o you have the right to ask for the correction and/or completion of the information

o you have the right to request data deletion

o you have the right to restrict the use of data

o you have the right to receive the data in a portable format

o you have the right to object to the processing of your data.

o you have the right to withdraw your consent to the processing of your data.

o you have the right not to be subject to a significant decision about you solely on the basis of automated processing of your data, including profiling

o you have the right to appeal to a supervisory authority

  • Sensitive Personal Information: We do not intend to collect what is commonly referred to as "sensitive personal data". Please do not submit sensitive personal information about yourself. For more information, see the main section titled "Sensitive Personal Information".
  1. Details about our company

The data operator regarding our website is: SCFREE UKROM ALLIANCE SRL, a legal entity of Romanian nationality, with its registered office in the Municipality of Caransebeș, Str. Barracks no. 1, Spațiu Comercial, Etaj Parter, Apartment 1. Caraș-Severin district , Postal code 325400 , with registration number J11/732/2022 , CUI 46932649.

You can contact the data controller by email at contact@pandoranarghileashop.com or at the phone number: 0728613359

If you have any questions about this privacy policy, please contact the data controller.

  1. What information we collect when you visit our website

We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.

Web server log information

We use a third party server to host our website called Romarg. Our website server automatically records the IP address you use to access our website, as well as other information about your visit, such as pages accessed, information requested, date and time of request, source of site access- our website (for example, the website or URL (link) that refers you to our website) and your browser and operating system version.

Our server is located in Caransebeș Municipality, Jud. Caraș-Severin .

Use of information from website server logs for IT security purposes

We and our provider collect and store server logs to ensure IT network security . This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, predicting DDOS attacks and other cyber attacks by detecting unusual or suspicious activity.

We do not, nor do we allow our provider to make any attempt to identify you based on information collected through server logs.

Legal basis for processing: compliance with the legal obligations to which we are subject (Article 6 paragraph (1) letter (c) of the General Data Protection Regulation).

Legal obligation: recording access to our website using server log files is a technical measure to ensure an adequate level of security to protect the information collected from our website in accordance with Article 32 par. (1) of the General Data Protection Regulation.

Using website server history information to analyze website usage and improve our website

We use information collected from our server log to analyze how users interact with our website and its features. For example, we analyze the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit, the operating system and browser used.

We use the information collected from the analysis of this information to improve our website. For example, we use the information we collect to change the information, content and structure of our website and individual pages based on what attracts the most users and the length of time they spend on certain pages on our website.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: improving our website for users and knowing the preferences of website users so that our website can better respond to their needs and wishes.

Cookies and similar technologies

Cookies are data files that are sent from a website to a browser to record information about users for various purposes.

We use cookies and similar technologies on our website, including essential, functional, analytical, targeting and web beacons cookies.

You can reject some or all of the cookies we use on our website by changing your browser settings, but by rejecting them you may affect the operation of the website or some features of the website. For more information about cookies, including changing your browser settings, visit www.allaboutcookies.org.

  1. Information we collect when you contact us

We collect and use information from people who contact us in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.

E-mail

When you send a message to the email address displayed on our website, we collect your email address and any other information you provide in that email (such as your name, your phone and the information contained in any signature block in the email).

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : To respond to questions and messages we receive and to keep records of correspondence.

Legal basis for processing : it is necessary to perform a contract or to start the process of engaging in a contract at your request (Article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

The reason why it is necessary for the performance of a contract : if your message concerns the provision of goods or services or taking steps at your request before providing you with our goods and services (for example, providing information about such goods and services); we will process your information to do this).

Transferring and storing your information

We use several third-party email providers to store the emails you send to us. Our email providers are G-mail, Zoho, Mailchimp.

Live chat

When you send a message to us within the messaging application installed on our site, we collect data about your geographical location, IP address, device used, data about the products viewed and any kind of information you provide (such as (such as your name, your phone number, your address, etc.).

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : To respond to questions and messages we receive and to keep records of correspondence.

Legal basis for processing : it is necessary to perform a contract or to start the process of engaging in a contract at your request (Article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

The reason why it is necessary for the performance of a contract : if your message concerns the provision of goods or services or taking steps at your request before providing you with our goods and services (for example, providing information about such goods and services); we will process your information to do this).

Transferring and storing your information

We use the Smartsupp app for live chat.

Phone

When you contact us by phone, we collect your phone number and any information you provide during your conversation with us.

We do not record phone calls.

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)

Legitimate interest : to respond to inquiries and messages we receive and to keep records of correspondence.

The legal basis for processing : it is necessary to perform a contract or to start the process of engaging in a contract at your request (Article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

The reason why it is necessary for the performance of a contract : if your message concerns the provision of goods or services or taking steps at your request before providing you with our goods and services (for example, providing information about such goods and services); we will process your information to do this).

Transferring and storing your information

Information about your call, such as your phone number, the date and time of your call, is processed by our telephone service provider.

Post

If you contact us by post, we will collect all the information you provide to us in any postal communications you send to us.

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)

Legitimate interest : to respond to inquiries and messages we receive and to keep records of correspondence.

The legal basis for processing : it is necessary to perform a contract or to start the process of engaging in a contract at your request (Article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

The reason why it is necessary for the performance of a contract : if your message concerns the provision of goods or services or taking steps at your request before providing you with our goods and services (for example, providing information about such goods and services); we will process your information to do this).

  1. Information we collect when you interact with our website

We collect and use data from individuals who interact with certain features of our website in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.

E-Newsletter

When you sign up for our newsletter, we collect your name and email address.

Legal basis for processing : your consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent : You consent to receive our e-newsletter by signing up to receive it using the steps described above.

Transfer and storage of your data

We use a service provided by a third party to send our e-newsletter and manage our email list, Mailchimp.

Use of web beacons and similar technologies in emails

We use technologies such as web beacons (small graphic files) to measure the performance of our emails such as delivery rates, open rates and click-through rates. We will only use web beacons in our emails if you have given your consent for this.

Registration on our website

When you register and create an account on our website, we collect the following information: first and last name, email address.

If you do not provide the mandatory information required by the registration form, you will not be able to register or create an account on our website.

Legal basis for processing : necessary to perform a contract or to take steps at your request before entering into a contract [Article 6(1)(b) of the General Data Protection Regulation.

The reason why it is necessary to perform a contract : creating an account on our website is necessary to allow you to access the goods and services you have purchased from us.

Transfer and storage of your data

The information you provide us through the registration form on our website will be stored in the European Economic Area on the servers of the web hosting service provider in Romania. Our hosting service provider is Romarg.

  1. The information we collect when you place an order on our website

We collect and use information from individuals who place an order on our website in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.

Information collected when you place an order

When you place an order for goods or services on our website, we collect your email address, name and surname, no. phone number, delivery address, your bank details in certain situations.

If you do not provide this information, you will not be able to purchase goods or services from us on our website or enter into a contract with us.

Legal basis for processing : necessary for the execution of a contract (Article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

Why it is necessary for the performance of a contract : We need the mandatory information collected through our verification form to establish who the contractor is and to contact you to fulfill our obligations under the contract, including sending receipts and order confirmations .

Legal basis for processing : compliance with a legal obligation [Article 6 paragraph (1) letter (c) of the General Data Protection Regulation.

Legal obligation : We have a legal obligation to issue you an invoice for the goods and services you have purchased from us, where you are registered for VAT purposes, and we require the mandatory information collected for this purpose by our payment form.

  1. Information collected or obtained from third parties

This section sets out how we obtain or collect information about you through third parties.

Information received from third parties

We do not receive information about you from third parties.

If we receive information about you in error

If we receive information about you in error from a third party and/or we do not have a lawful basis for processing that information, we will delete your information.

Information obtained by us from third parties

In certain circumstances (for example, to verify the information we hold about you or to obtain missing information we need to provide you with a service), we will obtain data about you from certain publicly accessible sources, both from EU and non-EU, such as online customer databases, media publications, social media, and websites (including your website, if you have one).

Legal basis for processing : necessary to perform a contract or to take action on your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Why it is necessary to enter into a contract : If you have entered into a contract or requested that we enter into a contract with you in certain circumstances, we will obtain information about you from public sources to enable us to understand your business and provide services to a standard sufficient for you.

For example, we will obtain and/or verify your email address from your website if you ask us to send you information by email and we do not have or need confirmation of your email address.

Legal basis for processing : our legitimate interests (Article 6(1)(b) of the General Data Protection Regulation).

Legitimate interests : In certain circumstances, we will have a legitimate interest in obtaining information about you from public and private sources. For example, if you have infringed or we suspect you have infringed any of our legal rights, we will have a legitimate interest in obtaining and processing information about you from these sources in order to investigate and prosecute any suspected or potential infringement.

  1. Disclosure and Additional Use of Your Data

This section sets out the circumstances in which we will disclose your data to third parties and any additional purposes for which we use your data.

Disclosure of Your Information to Service Providers

We use a number of third parties to provide us with services that are necessary to run our business or help us run our business and who process your information for us on our behalf. These include the following:

  • Telephone service provider - from Romania
  • Email service provider - G-mail, Zoho
  • Newsletter service provider - Mailchimp
  • Provider of marketing, graphic and design services
  • Web hosting service provider - Romarg
  • Web analytics providers: Facebook Pixel, Google Analytics
  • Other service providers: Facebook, Facebook Messenger, Instagram, Google Drive, Shoprenter.

Your information will be shared with these service providers where necessary to provide you with the service you have requested, whether that request is to access our website or order goods and services from us.

Legal basis for processing : legitimate interests (Article 6 paragraph (1) letter (f) of the General Data Protection Regulation).

Legitimate interest based on : where we share your information with these third parties in a context other than where it is necessary to perform a contract (or at your request to do so), you we will share information with such third parties to enable us to effectively run and manage our business.

Legal basis for processing : necessary to perform a contract or to take action on your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Why it is necessary to perform a contract : We may share information with our service providers to enable us to fulfill our obligations under that contract or to take steps you have requested before entering into a contract with you.

Disclosure of Your Information to Other Third Parties

We disclose your information to third parties in certain circumstances, as set out below.

Provision of information to third parties such as Google Inc. And the Facebook Pixel. Google collects information through our use of Google Analytics on our website. Google uses this information, including IP addresses and cookie information, for several purposes, such as improving the Google Analytics service. The information is shared with Google on an aggregated and anonymous basis. To learn more about what information Google collects, how it uses this information and how to control the information sent to Google, see the following page: https://www.google.com/policies/privacy/partners/ ].

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests : fulfillment of contractual obligations to Google according to the Google Analytics Terms and Conditions ( https://www.google.com/analytics/terms/us.html )

You can opt out of Google Analytics by installing the browser plugin here: https://tools.google.com/dlpage/gaoptout

Sharing your information with third parties that are either related to or associated with the operation of our business where it is necessary for us. These third parties include accountants, advisors, affiliates, business partners, independent contractors and insurers. Additional information regarding each of these third parties is provided below.

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : the efficient operation and management of our business.

We will disclose your information to a potential or actual buyer or seller in the context of an actual or potential business sale or acquisition, merger or similar event.

Legal basis for processing : legitimate interests (Article 6 paragraph (1) letter (f) of the General Data Protection Regulation).

Legitimate Interest : We allow access to information with a potential buyer, seller or similar person to enable such a transaction to take place.

Disclosure and Use of Your Information for Legal Reasons

Reporting possible criminal acts or threats to public safety to a competent authority

If we suspect that criminal or potential criminal behavior has occurred, we will, in certain circumstances, need to contact an appropriate authority, such as the police. This could be the case, for example, if we suspect that fraud or cybercrime has been committed, or if we receive threats or malicious communications to us or to third parties.

We will generally only need to process your information for this purpose if you have been involved in or affected by such an incident in one way or another.

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : preventing crime or suspected criminal activity (such as fraud).

In connection with the exercise or potential exercise of our legal rights

We will use your information in connection with the enforcement or potential enforcement of our legal rights, including for example sharing information with debt collection agencies, if you do not pay amounts owed when you are contractually obligated to do so . Our legal rights may be contractual (where we have entered into a contract with you) or non-contractual (such as the legal rights we have under copyright or tort law).

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : to enforce our legal rights and take steps to secure our legal rights.

In connection with a legal or potential legal dispute or proceeding

We may need to use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court order or similar process.

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : resolution of disputes and potential disputes.

For continued compliance with laws, regulations and other legal requirements

We will use and process your information to comply with legal obligations to which we are subject. For example, we may be required to disclose your information pursuant to a court order or subpoena, if we receive one.

Legal basis for processing : compliance with a legal obligation [Article 6 paragraph (1) letter (c) of the General Data Protection Regulation.

Legal obligation : legal obligations to disclose information that are part of Romania's laws or if they have been integrated into Romania's legal framework (for example in the form of an international agreement that Romania has signed).

Legal basis for processing : our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest : if the legal obligations are part of the laws of another country and have not been integrated into the legal framework of Romania, we have a legitimate interest to comply with these obligations.

  1. Duration of storage of your data

This section sets out how long we keep the data we collect. We have set specific retention periods where possible. Where this was not possible, we have set out the criteria we use to determine the retention period.

Retention periods

Information regarding orders placed: When you place an order for goods and services, we retain this information in accordance with our legal obligation to keep records for tax purposes.

Correspondence: When you make a request or contact us for any reason, whether by email or via our contact form, or by telephone, we will keep your information for as long as is necessary to respond to resolve your request, after that we will delete your information

E-Newsletter: We retain the information you used to sign up for our e-newsletter for as long as you remain subscribed (unless you unsubscribe) or if we decide to cancel our newsletter service, whichever is earlier .

Criteria for establishing retention periods

In any other circumstances, we will only keep your information for as long as necessary, taking into account the following:

  • the purpose(s) and use of your information both now and in the future (for example, if it is necessary for us to continue to store that information to continue to fulfill our obligations under a contract with you or to contact you in future);
  • if we have a legal obligation to continue processing your information (such as any record-keeping obligations imposed by law or relevant regulations);
  • if we have any legal basis to continue processing the information (such as your consent);
  • how valuable your information is (both now and in the future);
  • any agreed industry practices regarding the retention period of information;
  • the levels of risk, cost and liability involved in continuing to hold the information;
  • how difficult it is to ensure that information can be current and accurate; and
  • any relevant surrounding circumstances (such as the nature and status of our relationship with you)
  1. Securing your information

We take appropriate technical and organizational measures to secure your information and protect it against unauthorized or unlawful use and accidental loss or destruction, including:

  • sharing and providing access to your data to the minimum extent necessary, subject to confidentiality restrictions where applicable and anonymously whenever possible;
  • using secure servers to store information;
  • verifying the identity of any person requesting access to information before granting them access to information;
  • using the Secure Sockets Layer (SSL) standard to encrypt any information you send us through any forms on our website)

Sending information to us by email

Transmission of information over the Internet is not entirely secure, and if you send us information over the Internet (by email, through our website, or by any other means), you do so entirely at your own risk.

We cannot be liable for any expense, loss of profit, damage to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to submit information to us by such means.

  1. Transfer of your data outside the European Economic Area

Your information will be transferred and stored outside the European Economic Area (EEA) under the conditions set out above. We will also transfer your information outside the EEA or to an international organization to comply with legal obligations to which we are subject (for example, complying with a court order). Where we are required to do so, we will ensure that adequate safeguards are in place and safeguards are in place.

  1. Your rights to personal data

Subject to certain restrictions on certain rights, you have the following rights in relation to your data which you can exercise by emailing us:

  • request access to your information and information about the use and processing of your information;
  • request correction or deletion of your data;
  • request the limitation of the use of your data;
  • to receive the information you have provided to us in a structured, commonly used and device-readable format ( for example, a CSV file) and the right to transfer that information to another data controller (including to a third party data controller);
  • to object to the processing of your data for certain purposes (for more information, see the section below entitled "Your right to object to the processing of data for certain purposes"); and
  • withdraw your consent to the use of your data at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of the use and processing of your data based on your consent before the time you withdraw your consent.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority. For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro .

Verifying your identity if you request access to your information.

If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.

These measures are designed to protect your information and reduce the risk of identity fraud, identity theft, or general unauthorized access to your information.

How we verify your identity

If we have adequate information about you on file, we will attempt to verify your identity using that information.

If it is not possible for us to identify you based on this information, or if we do not have enough information about you, we may ask for copies or certificates of documents so that we can verify your identity before we can give you access to your data.

We will be able to confirm the exact information we need to verify your identity in your particular circumstances if and when you make such a request.

  1. Your right to object to data processing for certain purposes

You have the following rights regarding your data which you can exercise by sending an email to: contact@pandoranarghileashop.com:

  • object to us using or processing the information to carry out a task in the public interest or in our legitimate interest, and
  • object to the use or processing of your data for direct marketing purposes (including any profiling we engage in connection with such direct marketing).

You can also exercise your right to object to the use or processing of your data for direct marketing purposes:

  • by clicking on the unsubscribe link contained at the bottom of any marketing email we send you and following the instructions that appear in your browser after you click on that link;

  1. Sensitive personal data

"Sensitive personal data" is information about an individual that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, health information or information regarding the sex life or sexual orientation of a natural person.

We do not knowingly or intentionally collect sensitive personal information from individuals and you must not send sensitive personal information to us.

If, however, you accidentally or intentionally provide us with sensitive personal information, you will be deemed to have given us explicit consent to process the sensitive personal information in accordance with Article 9(2)(a) of the General Regulation on data protection. We will use and process your sensitive personal information for the purpose of erasure.

  1. Changes to our privacy policy

We update and change our privacy policy periodically.

Minor changes to our privacy policy

If we make minor changes to our Privacy Policy, we will update the Privacy Policy with a new effective date stated at the beginning of it. The processing of your information will be governed by the practices set forth in the new version of the Privacy Policy as of its effective date.

Major changes to our privacy policy or the purposes for which we process your information.

If we make major changes to our privacy policy or plan to use your data for a new purpose or for a purpose different from the purposes for which we originally collected it, we will notify you by email (if possible) or by posting an advertisement on our website.

We will provide you with information about the change in question and the purpose and any other relevant information before we use your information for the new purpose.

Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.

  1. Privacy of minors

Because we care about the safety and privacy of children online, we do not knowingly contact or collect information from anyone under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.

We may receive information about persons under the age of 18 through the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will delete the information from our servers. If you wish to notify us of receiving information about persons under the age of 18, please do so by sending an email to contact@pandoranarghileashop.com.