Skip to main content

October 24, 2023

Overview Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or 'the GDPR') became directly applicable in all member states starting from May 25, 2018. This Regulation repeals Directive 95/46/EC and introduces new provisions regarding the processing of personal data.

The GDPR applies directly in all member states, safeguarding the rights of natural persons within the European Union. In scope, it covers all entities that process personal data. However, it does not apply to the processing of personal data of legal entities, particularly businesses with legal personality, including their name, form, and contact details.

Personal data is defined as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Personal data processing refers to any operation or set of operations performed on personal data, whether automated or not. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Identity of the Data Controller

According to Article 4(7) of the GDPR, a "controller" is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. The data controller responsible for processing personal data through this website is ENTRYRISE S.R.L, located in Romania, Suceava County, Gura Humorului, Bloc D18, AP 2, registered with the Trade Registry under number J33/46/2021, with CUI 43541700 and VAT ID RO43674391, legally represented by Deleanu Stefan-Lucian, who can be contacted at:

[email protected]

Personal Data Collection What Personal Data Is Collected, (+4) 0373805555.

The operator of this website collects, stores, and processes the following personal data about you or related to you:

First Name, Last Name

Personal Numeric Code

  • Identity document information (ID card or passport), depending on your onboarding choice
  • Home and/or residence address
  • Information required by Law 31/1990 and Law 255/2022 for business registration.
  • Contact details (such as email, phone, fax)
  • Information as required by Law 31/1990 and Law 255/2022 regarding business registration.
  • Contact details (such as email, phone, fax)
  • - IP: Intellectual Property
  • Visual images or sequences (photos, videos)

Considering that the Regulation primarily prohibits "the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the unique identification of a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation" (in compliance with Article 9(1)), the following situations in which such data processing is permitted are defined:

  1. Explicit consent from the data subject is given.
  2. The processing is necessary for the fulfillment of obligations and the exercise of specific rights of the operator or the data subjects in the field of employment, social security, and protection.
  3. The processing is essential to protect the vital interests of the data subject or another individual when the data subject is incapable of giving consent.
  4. The processing is carried out by a foundation, association, or non-profit organization with political, philosophical, religious, or trade union affiliations, provided it relates only to members or former members and those with regular contact, and appropriate safeguards are in place. Personal data must not be disclosed to third parties without consent.
  5. The processing involves personal data that has been manifestly made public by the data subject.
  6. The processing is necessary for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity.
  7. There is a substantial public interest in the processing, based on Union or national law, which is proportionate and respects the right to privacy, with appropriate measures to safeguard the data subject's fundamental rights and interests.
  8. The processing is necessary for preventive or occupational medicine, employee work capacity assessments, medical diagnoses, health or social care, or the management of health or social care systems and services, in accordance with Union or national law, or a contract with a health professional, subject to conditions and safeguards.
  9. The processing is necessary for public health interests, such as protecting against serious cross-border health threats or ensuring high standards of quality and safety of healthcare, medicinal products, or medical devices, per Union or national law, with appropriate measures to protect the data subject's rights and freedoms, especially professional secrecy.
  10. The processing is necessary for archiving purposes in the public interest, scientific or historical research, or statistical purposes, proportionate to the aim, respecting data protection rights, and with appropriate measures to safeguard the fundamental rights and interests of the data subject.

General Aspects

For the processing of personal data to be lawful under the GDPR, there must be a legitimate basis for it. This could be the execution or conclusion of a contract, compliance with a legal obligation, or the valid consent of the individual. In the case of consent, the operator must be able to demonstrate that the data subject has given their consent for the specific processing activity. Any consent given under the previous law, Directive 95/46/EC, remains valid if it meets the conditions outlined in the GDPR.

Consent must be given through a clear statement or action that indicates a specific, informed, and unambiguous agreement to the processing of one's personal data. When consent is given as part of a declaration, whether electronic or written, that covers other aspects, the consent request must be presented distinctly, possibly through a checkbox. For the lawful processing of personal data, the GDPR mandates a legitimate basis such as contractual necessity, legal obligation, or valid advance consent. In the latter case, the onus is on the operator to prove the individual's consent for specific processing activities. Consent provided under Directive 95/46/EC remains valid if it complies with the conditions set out in the GDPR.

Cookies

This website uses cookies. These small text files are stored on your computer and do not harm your device or contain viruses. They enhance your experience by enabling comfortable and efficient site navigation and usage.

The cookies used include "session cookies," which are automatically deleted after your visit. Others remain stored on your device until manually deleted and allow your browser to be recognized during future visits.

You can customize your browser settings to notify you about cookie usage, allowing you to decide whether to accept or decline each cookie. Alternatively, you can configure your browser to automatically accept cookies under specific conditions, always reject them, or delete them upon closing your browser. Please note that disabling cookies may limit the functionality of this website.

Cookies essential for electronic communication or providing necessary functions you wish to use (such as the shopping cart) are stored based on Art. 6 (1) (f) of the GDPR. This legal basis permits processing for legitimate interests pursued by the operator or third parties, ensuring a technically error-free and optimized website experience. Other cookies, such as those used for analyzing browsing behavior, are also stored and will be discussed in a separate section of this document.

Server Log Files

This website's provider automatically collects and stores information that your browser automatically transmits to us in server log files. This includes:

  • - Browser type and version
  • - Operating system
  • - Referrer URL (the page that led you to our site)
  • - Hostname of the accessing computer
  • - Time and date of the server request
  • - IP address

The legal basis for processing this data is Art. 6 (1) (b) GDPR, which allows data processing for contract performance or to take steps prior to entering into a contract upon the data subject's request.

Contact Form

If you send inquiries via the contact form, we collect the information provided, including your contact details, to answer your query and any follow-up questions. We do not share this information without your permission. Thus, we process the data entered into the contact form only with your consent [Art. 6 (1) (a) GDPR]. You can revoke consent at any time via email. We will continue to process the data provided until you request deletion, revoke consent for storage, or the purpose for data storage ceases to apply. Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.

Contacting Us by Email, Telephone, or Fax

When you contact us via email, telephone, or fax, your requestβ€”including all personal data (name, contact details, and conversation content)β€”will be stored and processed based on your consent to handle your inquiry. We process this data according to the following legal bases within the GDPR:

  • - With your consent - Art. 6 (1) (a) GDPR
  • - For contract performance or pre-contractual steps - Art. 6 (1) (b) GDPR
  • - To pursue our legitimate interest in efficiently processing your requests - Art. 6 (1) (f) GDPR.

We will retain the data you provide through this method until you request its deletion or revoke your consent for storage, or if the purpose for storage no longer applies, excluding mandatory data retention periods.

Registering on Our Website

By registering on this website, you gain access to additional functions and services provided by our company. The data you enter during registration will be used solely for the purpose of providing the service or functionality you have signed up for. All mandatory data fields during registration must be completed for your registration to be accepted.

The email address you provide during registration will be used to notify you about significant changes, such as updates to our site's scope or technical modifications.

The processing of personal data provided during registration is based on your consent, in accordance with Art. 6 Para. 1 lit. a) GDPR. You have the right to revoke your consent at any time via email without affecting the legality of the processing carried out based on the consent given prior to your withdrawal. We will continue to store the data collected during registration for as long as you remain registered on our website, taking into account any mandatory storage periods that may apply.

Comments Section

By accessing the Comments section, you agree to the processing and storage of certain personal data, including but not limited to your email address, username, and IP address. This data is necessary to prevent illegal actions and manage slanderous content.

Registration/Subscription for Comments

  • You have the option to register or subscribe to this site to receive comments via email. As part of this process:
  • Email Verification: We may send you a confirmation email to verify your email address.

Unsubscribe: You can easily unsubscribe at any time by clicking the link in the emails. Upon unsubscription, your data provided for this purpose will be immediately deleted, except for data provided for other purposes (e.g., newsletter subscription) which will be retained.

Purpose of Processing Collected Data

- Providing the services that we offer for your benefit (for example, for solving problems of any nature related to our products and services, for ensuring support services etc.)
- Optimal functioning and optimization of this site (statistical and analytical) - We always want to offer you the best experience on our site, which is why we can collect and use certain information related to the level of satisfaction you had during navigation on this site, we can invite you to complete suggestion questionnaires or similar.
- Online advertising and promotion activities. You can request at any time, through the means described in this document, to stop processing your personal data for marketing purposes, and we will comply with your request as soon as possible.
- Periodic information of users - We want to keep you up to date with our offers. In this regard, we can send you any type of message containing general and thematic information, information about offers or promotions, as well as other commercial communications such as market research and opinion polls. For these types of communications, we have your prior consent. You can change your mind and withdraw your consent at any time.
- For the defense of our legitimate interests. There may be situations where we will use or transmit information to protect our rights and commercial activity. These may include: measures for the protection of the website and the user of our site against cyber attacks; measures to prevent and detect attempts at fraud, including the transmission of information to competent public authorities; managing other types of risks.

The data collected on this site is used for various purposes, including:

Personal data processing is carried out in accordance with the General Data Protection Regulation (GDPR). This processing is based on the consent of the data subject and legitimate interests, while also ensuring proper contract execution, unless the rights and freedoms of the data subject related to the protection of personal data, especially for minors, take precedence.

User Rights

  • You have the following rights regarding your personal data: - The right to be informed: You can request information about how your personal data is processed, who the operator is, and their representative, as well as details about the recipients of your data. - The right of access: You can ask the operator to confirm whether your personal data is being processed and, if so, access your data and related information, including processing purposes, categories of personal data, and recipients or categories of recipients. - The right to rectification: You can correct or complete inaccurate or incomplete personal data. - The right to data deletion: You may request the deletion of your data if their processing is not lawful or in other cases stipulated by law. - The right to restrict processing: You can request to restrict the processing of your data in certain situations, such as when contesting the accuracy of the data, for a period that allows the operator to verify its accuracy. - The right to data portability: Under certain conditions, you can receive the personal data you provided in a structured, commonly used, and machine-readable format, or request its transmission to another operator. - The right to object: You have the right to object to the processing of your data, particularly when it is based on the operator's legitimate interests. - The right not to be subject to automated decision-making: You can request human intervention and challenge decisions made solely based on automated processing, including profiling. - The right to file a complaint and address the courts: If you believe your rights have been violated, you can file a complaint with the National Supervisory Authority for Personal Data Protection and/or seek judicial redress. - The right to withdraw consent: If you have given consent for any data processing activities, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Data Operator's Obligations
  • Hosting:
  • The personal data registered on this website is stored on secure servers provided by OVH Hosting LTD (OVH Group) and Cloudflare, INC. The processing of your data complies with legal provisions, ensuring its security and confidentiality.
  • The right to data deletion - You can request the deletion of your data if their processing was not legal or in other cases provided by law.
  • The right to restrict processing - You may request a restriction on the processing of your data if you contest the accuracy of the data or if there are other legal grounds.
  • The right to data portability - Under certain conditions, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that we transmit this data to another controller.
  • The right to object - You have the right to object to the processing of your data, especially when it is based on the legitimate interest of the data controller.
  • The right not to be subject to automated decision-making - You have the right to request human intervention and challenge decisions based solely on automated processing, including profiling, and you may provide your point of view regarding such processing.
  • The right to lodge a complaint and seek judicial remedy - If you believe that your personal data is not being processed in accordance with the law, you can file a complaint with the National Supervisory Authority for Personal Data Processing and/or seek a judicial remedy to defend your rights.
  • The right to withdraw consent - If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Data controller's obligations

Hosting

The personal data registered on this website are stored on servers belonging to OVH Hosting LTD (OVH Group) and Cloudflare, Inc. The processing of the provided and stored data complies with the following legal provisions:

  • Art. 6 para. 1 lit. a) GDPR - the processing of data by OVH Hosting LTD (OVH Group) and Cloudflare, Inc. is based on your consent, given after proper and complete information has been provided;
  • Art. 6 para. 1 lit. b) GDPR - the processing of data by OVH Hosting LTD (OVH Group) and Cloudflare, Inc. is necessary for the performance of a contract to which you are a party;
  • 33Art. 6 para. 1 lit. f) GDPR - the processing of data by OVH Hosting LTD (OVH Group) and Cloudflare, Inc. is carried out to protect the legitimate interests of the controller

Regardless of the legal basis for data processing, we always process your personal data in accordance with the principles of legality, fairness, and transparency. We ensure that the data processed is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

To learn more about how OVH Hosting LTD (OVH Group) and Cloudflare, Inc. process personal data, please visit: https://www.ovh.ie/support/termsofservice/GENERAL_TERMS_AND_CONDITIONS_OF_SERVICES.pdf; https://www.cloudflare.com/trust-hub/gdpr/;

We have entered into a contract with OVH Hosting LTD (OVH Group) and Cloudflare, Inc. to ensure that any personal data processing carried out by them on our behalf complies with legal requirements. In accordance with Article 28 of the GDPR, we have chosen service providers who provide sufficient guarantees regarding the implementation of technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects your rights as a data subject.

Data Encryption

This website utilizes SSL encryption to enhance security and protect the transmission of confidential information. You can identify this encryption by looking for the lock symbol in your browser's address bar, as well as the change from "http://" to "https://". With this type of encryption activated, transmitted data will be unreadable to third parties. In accordance with the GDPR, if a breach of personal data security is likely to result in a high risk to your rights and freedoms, we will notify you of the breach without undue delay, unless certain exceptions apply as outlined in Article 34 paragraph 3 of the same Regulation. Data Protection Officer

It is not necessary to inform the data subject (the user) in the following cases: - The controller has implemented appropriate technical and organizational protection measures, and these measures were applied to the personal data affected by the breach, such as encryption, ensuring that the data is unintelligible to any unauthorized persons. - Subsequent measures have been taken by the controller to ensure that the high risk to the rights and freedoms of data subjects mentioned in paragraph (1) is no longer likely to materialize. - It would require a disproportionate effort to notify all data subjects. In such cases, a public communication or similar measure shall be undertaken to inform data subjects in an equally effective manner.

To exercise your rights as detailed in this Policy, please submit a written, dated, and signed request to the following contact details: [Provide contact details here]

Records of Processing Activities

  • According to the GDPR, the controller or the processor shall maintain records of processing activities under their responsibility. These records shall contain the following information: - The name and contact details of the controller. - The purposes of the processing. - A description of the categories of data subjects and the categories of personal data. - The categories of recipients with whom the personal data has been or will be shared. - Details of transfers of personal data to third countries or international organizations, if applicable. - The envisaged time limits for erasure of the different categories of data. - A general description of the technical and organizational security measures in place.
  • You can opt-out of remarketing by turning off personalized ads in your Google account by following this link:
  • https://www.google.com/settings/ads/onweb/

For more information about Google's privacy practices, please visit:

Data Protection Officer: Dragos-Mihail Sava
E-mail: [email protected]
Tel: +40744685164
Mailing address: Aurel Vlaicu, nr 2, Block 5A, SC I, Apartment 28

https://policies.google.com/technologies/ads

Google Ads and Google Conversion Tracking

  • This website uses Google Ads and its associated conversion tracking feature. If you click on a Google-placed ad, a conversion tracking cookie will be stored on your computer. This tool allows us to analyze user behavior and create efficient advertising campaigns. For more information and to review Google's data protection provisions, please visit:
  • https://policies.google.com/privacy
  • Google AdSense
  • This website uses Google AdSense, which employs cookies to analyze your use of this site.
  • This website uses Google AdSense, which employs cookies to analyze your use of this site and provide relevant ads.
  • - Deletion deadlines for the various categories of data.
  • - A general description of the technical and organizational security measures implemented.

The detailed obligation described above does not apply to enterprises or organizations with fewer than 250 employees, unless their data processing is likely to result in a risk to the rights and freedoms of data subjects, the processing is more than occasional, or it includes special categories of data or data relating to criminal convictions and offenses.

Appropriate technical and organizational measures

Considering the current state of technology, the context and purposes of data processing, and the potential risks to individuals' rights and freedoms, the operator implements suitable technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose is processed.

Notification to the supervisory authority in case of a personal data breach

In accordance with Article 33(1) of the GDPR, in the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify the National Supervisory Authority for Personal Data Processing without undue delay, and, where feasible, no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

Informing the data subject about a personal data breach

With respect to Article 34 of the GDPR, if a breach of security of personal data is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the breach to the data subject without undue delay, unless any of the following conditions are met:

  • appropriate technical and organizational protection measures were applied to the personal data affected by the breach, in particular those that render the data unintelligible to any person who is not authorized to access it, such as encryption;
  • subsequent measures have been taken to ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
  • it would involve a disproportionate effort. In this case, a public communication or similar measure shall be taken, ensuring that data subjects are informed in an equally effective manner.

Social Media

Facebook Plug-ins (Like & Share Button)

This service incorporates social plugins ("plugins") operated by the social network facebook.com. These plugins are identifiable by the Facebook logo (a white 'f' on a blue background or a 'thumbs up' sign), or are labeled as "Facebook Social Plugin". You can view the list and appearance of Facebook plugins here:https://developers.facebook.com/docs/plugins/

The Like button allows you to like and promote our Facebook page without leaving our website. The Share button enables you to share our website or specific content from it on your personal Facebook page seamlessly.

Facebook receives information about your activities on our site through the use of these plugins. If you are logged into your Facebook account while browsing our site, Facebook can directly associate your visits with your account. When you interact with the plugins, such as by clicking the Like button or sharing content, your browser transmits this information directly to Facebook, where it is stored. Even if you do not have a Facebook account, the social network may still obtain and store your IP address.

By clicking on any of these buttons, you consent to the use of the plugin and the transfer of your data to Facebook. We have no control over the nature and extent of the data that Facebook collects, nor over how this data is subsequently processed and utilized. For details on the scope and purpose of data collection and processing, as well as your rights and privacy settings, please review Facebook's privacy policies.

If you wish to prevent Facebook from associating your visit to our site with your Facebook account, ensure that you are not logged in to Facebook when visiting our site.

Instagram, Twitter, and Pinterest plugins

These social networks operate similarly to Facebook regarding the functionality of their plugins, your interaction with these plugins, and the subsequent data protection implications.

Youtube

Our website utilizes plugins from the platform Youtube, owned by Google. If you are logged into your Youtube account while visiting our website, Youtube may link your browsing behavior to your personal profile. Clicking on any of the plugin buttons signifies your consent to the transfer of your data to Youtube. We do not control the type and amount of data transmitted or its subsequent processing.

Regarding the use and protection of your data by Youtube, Instagram, Twitter, Pinterest, and Google Web Fonts: An EU court ruling on July 16, 2020, declared that the EU-US Privacy Shield did not provide adequate protection. As a result, the transfer of personal data to the USA and other non-European Economic Area (EEA) countries is now based on Standard Contractual Clauses (SCCs) as outlined by the European Commission.

Newsletter

To subscribe to our newsletter, you must provide a valid email address and consent to receive it. Any other personal data collected will be used solely for delivering the newsletter and will not be shared with third parties.

Google Web Fonts

This site uses Google Web Fonts to ensure that content is displayed in a uniform manner for all users. When you visit a page on our website, your browser loads the necessary web fonts from Google's servers to ensure texts and fonts are displayed correctly. The use of Google Web Fonts is in the interest of uniform content rendering, and is a legitimate interest as per Art. 6 Para. 1 lit. f) GDPR.

For detailed information on data protection policies of the mentioned entities, please visit their official websites.

Advertising and Analysis

Google Analytics

This website utilizes functions of the web analysis service Google Analytics, provided by Google Inc., based in the United States.

Google Analytics employs cookies, which are text files placed on your computer, to help analyze how users navigate the site. The cookie generates information about your use of the website, which is typically transmitted to and stored on a Google server in the US.

IP anonymization is activated on this website, so Google will truncate IP addresses from within the European Union or other signatories of the Agreement on the European Economic Area prior to transmission to the US.

Your data will either be anonymized or deleted after a period of 14 months.

Other Advertising and Analysis Services

Google Analytics Remarketing

Our website employs Google Analytics Remarketing functions in conjunction with Google AdWords and Google DoubleClick across all devices, managed by Google Inc., USA.

These features tailor advertisements based on your previous behavior and interests.

This functionality is only enabled for users who have provided their consent.

You can opt out of remarketing by turning off personalized ads in your Google account: https://www.google.com/settings/ads/onweb/ For more information on Google's privacy practices, please visit: https://policies.google.com/technologies/ads.

Google Ads and Google Conversion Tracking This website uses Google Ads and its conversion tracking feature. If you click on a Google ad, a conversion tracking cookie will be stored on your computer..

For more details and privacy regulations, please visit: https://policies.google.com/privacy

Google AdSense

This site also uses Google AdSense, which employs cookies to analyze your site usage. The legal basis for storing AdSense cookies is Art. 6 Sect. 1 lit. f GDPR..

Refer to Google's privacy policies for more information: https://policies.google.com/privacy

Facebook Pixel

Our website uses Facebook Pixel, a tool provided by Facebook Inc., for measuring conversion rates.

Facebook Pixel helps evaluate the effectiveness of Facebook advertisements for statistical and market research purposes. The use of Facebook Pixel is based on Art. 6 Sect. 1 lit. f GDPR..

You can opt out of the "Custom Audiences" remarketing feature for ads by visiting: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Microsoft Clarity

This website utilizes the Microsoft Clarity plugin, a tool designed to analyze user behavior.

Microsoft Clarity processes the following data:

- IP Address - Location - Browser information - Display resolution - Language settings - Pages visited - Time and date of visit Microsoft asserts that it does not sell user data or disclose personal information. Refer to the Microsoft Privacy Statement for more details: [Microsoft Privacy Statement link or URL]. Following a judgment by the European Court of Justice on July 16, 2020, it has been determined that the EU-US Privacy Shield does not provide adequate protection. Consequently, the transfer of personal data to the US and countries outside the European Economic Area is based on the Standard Contractual Clauses (SCC) issued by the European Commission.

Online Payments

As per the Regulation, > "The operator or the person authorized by the operator should assess the risks inherent in processing and implement measures to mitigate these risks, such as encryption, to maintain security and prevent processing that violates the regulation." (Consideration 83) Thus, strong and efficient encryption is essential for safeguarding personal data's protection, confidentiality, and integrity.

When purchasing products through this website, your banking information is secure.

  • We employ secure encryption methods, and your data is transmitted via high-security connections to financial institutions. The payment data you provide is not shared with third parties or stored in databases.
  • Other Payment Methods
  • For additional information, please refer to the following links:
  • - https://www.zen.com/files/terms-and-conditions/ecommerce_terms.pdf - https://stripe.com/privacy
  • Language settings
  • Pages visited
  • Time and date of visit.

Microsoft states that it does not sell user data or disclose personal information. Refer to the Microsoft Privacy Statement for more details.

Following a judgment on July 16, 2020, by the European Court of Justice, it has been stated that the protection afforded by the EU-US Privacy Shield is insufficient. As a result, the transfer of personal data to the US and countries outside the European Economic Area is governed by the Standard Contractual Clauses (SCC) issued by the European Commission.

Online Payments

According to the Regulation, "to maintain security and prevent processing that contravenes this regulation, the operator or a person authorized by the operator should assess the inherent risks of processing and implement measures to mitigate these risks, such as encryption." - Consideration 83. As such, strong and efficient encryption is essential for safeguarding the protection, confidentiality, and integrity of personal data.

Your banking information is secure during the purchase process of products sold on this website!

We employ secure encryption methods, and data transmission to financial institutions is done through highly secure connections. Consequently, the data you provide for payment is not shared with third parties nor stored in databases.

Other Payment Methods

Based on the information available at https://www.zen.com/files/terms-and-conditions/ecommerce_terms.pdf - and https://stripe.com/en-ro/privacy, the computer system of UAB ZEN.COM and Stripe Payments offers adequate methods to protect users' personal data and their operations and transactions conducted through these services.

The processing purposes, data processed, transfer and distribution conditions, operational and data security, and all other information provided by UAB ZEN.COM and Stripe Payments are based on specific mechanisms that ensure the legality of the processing according to the GDPR. These include consent of the data subject (Art. 6 para. 1 lit. a), contract performance (Art. 6 para. 1 lit. b), and the legitimate interest of the operator (Art. 6 para. 1 lit. f).

Conclusion

This personal data processing policy complies with Regulation No. 679/2016 concerning the protection of individuals regarding personal data processing and the free movement of such data, as well as other applicable national legal provisions.

We reserve the right to amend or modify this policy at any time. We recommend reviewing the Policy regularly to stay informed about accurate and updated information regarding personal data processing.

For further details on this GDPR Policy and to exercise any of the mentioned rights, you can send a written notification to the contact details provided above.