Last updated October 24, 2023
Regulation 2016/679 regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable starting from May 25, 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law No. 677/2001 (currently, repealed).
The Regulation is directly applicable in all member states, protecting the rights of all natural persons in the territory of the European Union. From a material point of view, the Regulation applies to all operators that process personal data. The Regulation does not apply to the processing of personal data concerning legal persons and, in particular, enterprises with legal personality, including the name and type of legal person and the contact details of the legal person.
Personal data is defined as any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity.
The processing of personal data involves any operation or set of operations carried out on data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Identity of the operator
Considering Article 4 point 7 of the Regulation, which defines the notion of "operator" as being the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of processing personal data, the operator who processes personal data through this website is ENTRYRISE S.R.L, headquartered at Romania, Suceava County, Gura Humorului, Bloc D18, AP 2, registered with the Office of the Trade Registry J33/46/2021, having CUI 43541700 and VAT ID RO43674391, legally represented by Deleanu Stefan-Lucian, with contact details [email protected], (+4) 0373805555.
Personal data collection
What personal data is collected
The operator of this website collects, stores and processes the following personal data about / related to you:
- First Name, Last Name
- Personal Numeric Code
- Identity card and passport information, depending on your onboarding choice
- Home and/or residence address
- Information as required by law 31/1990 and law 255/2022 in regards to business registration.
- Contact details (such as e-mail, phone, fax)
- Visual images or sequences (photos, videos)
Considering that the Regulation mainly forbids “the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for unique identification of a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation” (in compliance with art. 9 para. 1), the following situations in which such a data processing is allowed are defined:
- the explicit consent of the data subject exists;
- the processing is necessary for the purpose of fulfilling the obligations and of exercising specific rights of the operator or of the individuals concerned in the field of employment and social security and protection;
- the processing is essential to protect the vital interests of the data subject or of another natural person, when the data subject is incapable of giving consent;
- the processing is carried out as part of their legitimate activities with appropriate safeguards by a foundation, association or other non-profit organization with a political, philosophical, religious or trade union orientation, provided that the processing relates only to the members or former members of that body or to persons with permanent contact with it in connection with its purposes and that the personal data are not disclosed to third parties without the individuals’ consent;
- the processing refers to personal data which was clearly made public by the individual concerned;
- the processing is necessary for establishing, exercising or defending a right in court or whenever the courts act in the exercise of their judicial function;
- the processing is necessary for reasons of substantial public interest, on the basis of Union law or national law, which is proportional to the pursued aim, respects the essence of the right to data protection and provides appropriate and specific measures to protect fundamental rights and the interests of the data subject;
- processing is necessary for purposes related to preventive or occupational medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, under Union law or national law or under a contract with a health professional, subject to the conditions and safeguards referred to in paragraph (3);
- processing is necessary for reasons of public interest in the field of public health, such as the protection against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, under Union law or national law, which provides appropriate and specific measures to protect the rights and freedoms of the data subject, especially the professional secret;
- processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, proportionate to the objective pursued, respecting the essence of the right to data protection and provides appropriate and specific measures for protecting the fundamental rights and interests of the person concerned.
For the processing of personal data to be legal, GDPR stipulates that this should be carried out based on a legitimate reason, such as the execution or conclusion of a contract, fulfilling a legal obligation, or based on the valid consent expressed by the person concerned in advance. In this latter case, the operator is obliged to demonstrate that the individual has given their consent for the respective processing. The consent expressed under Directive 95/46/EC remains valid if it fulfills the conditions prescribed by GDPR.
The provision of consent must be made through a declaration or through an unequivocal action that constitutes a freely expressed, specific, informed, and clear manifestation of the agreement of the person concerned for the processing of their personal data. In the event that the individual's consent is given in the context of a declaration, in electronic or written format, which also refers to other aspects, the consent request must be presented in a form that clearly distinguishes it from the other aspects, possibly through ticking a box. For the processing of personal data to be legal, GDPR stipulates that this should be carried out based on a legitimate reason, such as the execution or conclusion of a contract, fulfilling a legal obligation, or based on the valid consent expressed by the individual in advance. In this latter case, the operator is obliged to demonstrate that the individual has given their consent for the respective processing. The consent expressed under Directive 95/46/EC remains valid if it meets the conditions stipulated by GDPR.
Many of the cookies used are called "session cookies", which are automatically deleted after your visit to this site. Others remain saved in your computer's memory until deleted by you, these make it possible to recognize your browser on a subsequent visit.
Cookies that are necessary to allow electronic communication or to provide certain functions you wish to use (such as the shopping cart) are stored in accordance with the provisions of Art. 6 Paragraph 1 lit. f) of GDPR, according to which processing is lawful only if and to the extent that it is necessary for the legitimate interests pursued by the operator or of a third party. Therefore, the operator of this website has a legitimate interest in storing some cookies to ensure a technically error-free optimization. Other cookies (such as those used for analyzing your browsing behavior) are also stored and will be discussed separately in this document.
Server Log Files
The provider of this site automatically collects and stores information that your browser automatically transmits to us in server log files. These are:
- Browser type and version
- Operating system used
- URL of the page that initially generated the request to display the page or current object (Referrer URL)
- Host name of the accessing computer
- Date and time of the server request
- IP address
The legal basis for processing such data is represented by Art. 6 Para. 1 lit. b) GDPR, which allows data processing when it is necessary for the performance of a contract to which the data subject is party or to take steps, at the request of the data subject, before entering into a contract.
If you send us inquiries via the contact form, we collect the data entered on the form, including the contact details you provide, to answer your query and any subsequent queries. We do not share this information without your permission. Therefore, we process any data you enter onto the contact form only with your consent [pursuant to Art. 6 Para. 1 lit. a) GDPR]. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains. Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Contacting Us by Email, Telephone
If you contact us via email, telephone or fax, your request, including all personal data, will be stored and processed by us for the purpose of handling your request, based on your consent given. Hence, we process all the data you provide based on the following legal regulations within the GDPR:
- Only with your consent - in accordance with the provisions of Art. 6 Para. 1 lit. a) GDPR
- For the execution of a contract or in the pre-contractual stage - in accordance with the provisions of Art. 6 Para. 1 lit. b) GDPR
- To fulfill the purpose and legitimate interest pursued by us, namely the efficient processing of the requests sent by you - in accordance with the provisions of Art. 6 Para. 1 lit. f) GDPR.
We will keep the data you provide in this way until you request its deletion, revoke your consent for its storage, or the purpose for its storage is no longer relevant, in all situations except for mandatory data retention periods.
Registering on Our Website
You can register on this website to access additional functions and services offered by our company. In this regard, the data you enter will be used and processed for the purpose of using the service or features for which you have registered. The mandatory data requested during registration must be provided in full, otherwise, the registration process will be rejected.
We will use the email address you provide during registration to inform you about significant changes, such as those in the scope of our site or technical changes.
The processing of personal data, provided during the registration process, is done only with your consent and in compliance with the provisions of Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time. An informal email to this effect is sufficient. We will continue to store the data collected during registration as long as you remain registered on this website, but mandatory storage periods remain valid and will be complied with.
By accessing the Comments section, certain personal data (including, but not limited to, email address, username, IP address) will be processed and stored, some of which are necessary from the perspective of preventing illegal actions or slanderous content.
There is also the possibility to register/subscribe to this site to receive comments via the email provided, thus:
- The email address may be verified through a confirmation email;
- You can always unsubscribe by accessing the link in the emails, and the data provided by you will be immediately deleted, with the exception of data provided as a result of accessing other sections (for example, when signing up for the newsletter) which will remain stored.
Purpose of processing the collected data
Some of the data collected on this site is used for:
- Providing the services that we offer for your benefit (for example, for solving problems of any nature related to our products and services, for ensuring support services etc.)
- Optimal functioning and optimization of this site (statistical and analytical) - We always want to offer you the best experience on our site, which is why we can collect and use certain information related to the level of satisfaction you had during navigation on this site, we can invite you to complete suggestion questionnaires or similar.
- Online advertising and promotion activities. You can request at any time, through the means described in this document, to stop processing your personal data for marketing purposes, and we will comply with your request as soon as possible.
- Periodic information of users - We want to keep you up to date with our offers. In this regard, we can send you any type of message containing general and thematic information, information about offers or promotions, as well as other commercial communications such as market research and opinion polls. For these types of communications, we have your prior consent. You can change your mind and withdraw your consent at any time.
- For the defense of our legitimate interests. There may be situations where we will use or transmit information to protect our rights and commercial activity. These may include: measures for the protection of the website and the user of our site against cyber attacks; measures to prevent and detect attempts at fraud, including the transmission of information to competent public authorities; managing other types of risks.
The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and reasons for proper contract execution or the pursuit of the operator's legitimate interests (except where the interests or fundamental rights and freedoms of the data subject prevail, requiring the protection of personal data, especially when the data subject is a child).
Your rights regarding personal data and the means of exercising them are: The right to be informed, The right of access, The right to rectification, The right to data deletion, The right to restriction of processing, The right to data portability, The right to object, The right not to be subject to a decision based solely on automated processing of data, The right to file a complaint and to address the courts, The right to withdraw consent.
- The right to be informed - you can request information regarding the processing activities of your personal data, regarding the identity of the operator and its representative or regarding the recipients of your data;
- The right of access - you can obtain from the operator a confirmation whether or not personal data concerning you are being processed and, if so, access to such data and the following information: the purposes of processing; the categories of personal data involved; the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients from third countries or international organizations;
- Where possible, the period for which the personal data is expected to be stored or, if this is not possible, the criteria used to determine this period; the right to request the operator to rectify or delete personal data or restrict the processing of personal data or the right to object to processing, etc.
- The right to rectification - you can rectify inaccurate personal data or can complete them;
- The right to data deletion - you can obtain data deletion, if their processing was not legal or in other cases provided by law;
- The right to restrict processing - you can request restriction of processing if you contest the accuracy of the data, and in other cases provided by law;
- The right to data portability - you can receive, under certain conditions, the personal data you have provided us, in a format that can be automatically read or you can request that these data be transmitted to another operator
- The right to object - you can particularly oppose data processing based on the legitimate interest of the operator;
- The right not to be subject to a decision based solely on automated processing of data - you can request and obtain human intervention regarding such processing or you can express your own point of view regarding this type of processing,
- The right to file a complaint and to address the courts - you can file a complaint about how personal data are processed with the National Supervisory Authority for Personal Data Processing and / or you can address the courts to uphold your rights;
- The right to withdraw consent - in cases where processing is based on your consent, you can withdraw it at any time. The withdrawal of consent will have effects only for the future, the processing carried out before the withdrawal remaining otherwise valid.
Data operator's obligations
The personal data registered on this website are stored on OVH Hosting LTD (OVH Group) and Cloudflare, INC. servers. The processing of the data provided and stored respects the following legal provisions:
- art. 6 para. 1 lt. a) GDPR - the processing of data by OVH Hosting LTD (OVH Group) and Cloudflare, INC is based on your consent, obtained after correct and complete information;
- art. 6 para. 1 lt. b) GDPR - the processing of data by OVH Hosting LTD (OVH Group) and Cloudflare, INC takes place for the purpose of fulfilling the contractual obligations assumed;
- 33art. 6 para. 1 lt. f) GDPR - data processing by OVH Hosting LTD (OVH Group) and Cloudflare, INC is done for the purpose of legitimate interests pursued by the operator
Regardless of the purpose for which personal data processing takes place, the principles of legality, fairness and transparency are respected, as well as the principle according to which the personal data processed are adequate, relevant and limited to what is necessary for the purposes for which they are processed.
For more information on the processing of personal data by OVH Hosting LTD (OVH Group) and Cloudflare, INC, visit https://www.ovh.ie/support/termsofservice/GENERAL_TERMS_AND_CONDITIONS_OF_SERVICES.pdf; https://www.cloudflare.com/trust-hub/gdpr/;
We have a contract / agreement / legal act (including the possibility of including and agreeing to the clauses in the Terms and Conditions of the website) concluded with OVH Hosting LTD (OVH Group) and Cloudflare, INC to ensure the processing of personal data in accordance with legal regulations in the field. We comply with the obligations incumbent on us according to article 28 of the GDPR, by choosing an external service provider that offers sufficient guarantees for the implementation of adequate technical and organizational measures, so that the processing complies with the requirements provided in the regulation and ensures the protection of your rights.
This site uses SSL encryption for security reasons and for the protection of the transmission of confidential information. This encryption can be recognized by you after the lock window ("lock icon") that appears in your browser's bar and by changing from http:// to https:// the address of the respective browser. Once this type of encryption is activated, the transmitted or transferred data will not be seen by third parties.
According to the GDPR, if a violation of personal data security is likely to generate a high risk for your rights and freedoms, the operator of this website will inform you, without undue delay, about this violation, unless the incident becomes the supplementary provisions of the same Regulation (art. 34 para. 3).
Data protection officer
Informing the data subject (i.e. the user) is not necessary if any of the following conditions are met:
- the operator has implemented appropriate technical and organizational protection measures, and these measures have been applied in the case of personal data affected by the violation of personal data security, in particular measures by which personal data become unintelligible to any person who is not authorized to access them, such as encryption;
- the operator has taken subsequent measures to ensure that the high risk to the rights and freedoms of data subjects mentioned in paragraph (1) is no longer likely to materialize;
- would require a disproportionate effort. In this situation, a public information or a similar measure is carried out instead, by which the data subjects are informed in an equally effective manner.
To exercise the rights that will be detailed in this Policy, you can address a written request, dated and signed at the following contact details:
Data Protection Officer: Dragos-Mihail Sava
E-mail: [email protected]
Mailing address: Aurel Vlaicu, nr 2, Block 5A, SC I, Apartment 28
Evidence of processing activities
According to the GDPR Regulation, the operator or the person empowered by the operator should keep, for a reasonable period, evidence of the processing activities under their responsibility. Thus, this evidence will contain the following information:
- name and contact details of the operator
- the purposes of processing;
- description of the categories of data subjects and categories of personal data;
- categories of recipients to whom personal data have been or will be disclosed;
- if applicable: personal data transfers
- the deadlines envisaged for deleting the different categories of data
- a general description of the security measures, technical and organizational.
The detailed obligation above does not apply to an enterprise or organization with less than 250 employees, except if the processing they carry out is likely to generate a risk to the rights and freedoms of data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offenses.
Appropriate technical and organizational measures
Considering the current state of technology, the context and purposes of processing, and the risks to the rights and freedoms of individuals, the operator implements appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose of processing is processed.
Notification to the supervisory authority in case of violation of personal data security
According to art. 33 para. 1 of the GDPR, in case a violation of personal data security occurs, we will notify the National Supervisory Authority for Personal Data Processing about this without undue delay and, if possible, within a maximum of 72 hours from the date we became aware of it, unless it is unlikely to generate a risk to the rights and freedoms of individuals.
Informing the data subject about violating the security of personal data data
Relative to art. 34 of the GDPR, if a breach of personal data security is likely to generate a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay about this breach, with the exception of the situations in which:
- appropriate technical and organizational protective measures have been implemented, and these measures have been applied to the personal data affected by the violation of personal data security, in particular measures by which personal data become unintelligible to any person who is not authorized to access them, such as encryption;
- subsequent measures have been taken to ensure that the high risk to the rights and freedoms of the data subjects mentioned above is no longer likely to materialize;
- would require a disproportionate effort. In this situation, a public information is carried out instead or a similar measure is taken by which the data subjects are informed in an equally effective manner.
Facebook Plug-ins (Like & Share Button)
This service uses social plugins ("plugins") managed by the social network facebook.com. You can identify these plugins by the Facebook logo (a white "f" on a blue background or a "thumbs up" sign), or they are labeled as "Facebook Social Plugin". You can see the list and appearance of Facebook plugins here: https://developers.facebook.com/docs/plugins/
If you use the Like extension, you can appreciate our site's Facebook page without leaving our website. If you use the Share extension, you can share our site or its specific content on your personal Facebook page without leaving our site.
Facebook receives information about your activities on our site via the plugin. If you are simultaneously logged into Facebook, it can associate your actions on the page with your account and you personally. When you interact with the plugins, e.g., by clicking the Like button or sharing some content from the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, the social network may obtain and store your IP address.
By clicking any of these buttons, you consent to the use of this plugin, and therefore, the personal data transfer to Facebook. We do not control the nature and purpose of these transmitted data and their further processing. In terms of the purpose and scope of data collection, processing, and further use by Facebook, as well as permissions and settings to protect your privacy, refer to Facebook's policies.
If you do not want Facebook to link your visit to this site with your Facebook account information, you can choose not to log in.
Instagram, Twitter, Pinterest plugins
These social networks function analogously to Facebook concerning their plugins' use, your interaction with them, and the resulting data protection issues.
Our website uses plugins of the platform Youtube, operated by Google. If you are logged into your Youtube account while visiting our website, Youtube can directly link your browsing habits to your personal profile. By clicking on any of the plugin buttons, you give your consent for the personal data transfer to Youtube. We don't control the nature and scope of the transmitted data, nor the further processing.
Regarding the use and protection of your data by Youtube, Instagram, Twitter, Pinterest, Google Web Fonts: an EU court rule from July 16, 2020 dictated that the protection offered by the EU-US Privacy Shield was inadequate. The ruling determined that the transfer of personal data to the USA and other non-European Economic Area (EEA) countries is based on Standard Contractual Clauses (SCCs) of the European Commission.
To subscribe to our newsletter, you need to provide a valid email address and consent to the newsletter's transmission. Any other gathered personal data will solely be used for the newsletter delivery and won't be passed on to third parties.
Google Web Fonts
This site utilizes Google Web Fonts to ensure a uniform display of fonts for all its users. When accessing a page on our website, your browser will load from Google servers the necessary web fonts for a proper display of texts and fonts. The site's use of Google Web Fonts is based on the interest of a uniform font display, which is a legitimate interest as per Art. 6 Para. 1 lit. f) GDPR.
For the detailed policies regarding data protection of the mentioned entities, please visit their respective official webpages.
Advertising and Analysis
This website uses function of the web analysis service Google Analytics, provided by Google Inc, headquartered in the United States.
IP anonymization has been activated on this website, meaning Google will shorten IPs from the European Union or other states part of the Convention on the European Economic Area before transferring to the US.
Your data will be anonymized or deleted after 14 months.
Other Advertising and Analysis Services
Google Analytics Remarketing
Our site uses Google Analytics Remarketing functions combined with Google AdWords and Google DoubleClick on all devices, serviced by Google Inc, US.
These features create a personalized advertising experience based on previous patterns.
This function only applies to those who have given their consent.
You can object to remarketing by deactivating personalized ads in your Google account by following this link : https://www.google.com/settings/ads/onweb/.
Please consult the Google data privacy policies for more info: https://policies.google.com/technologies/ads?hl=en.
Google Ads and Google Conversion Tracking
This site uses Google Ads and the conversion tracking tool that comes with it. If you click on an ad posted by Google, a cookie for conversion tracking is stored on your computer.
This tool analyses patterns of user behaviour for efficient advertising campaigns.
For more information and relevant data protection regulations, you can go here: https://policies.google.com/privacy?hl=en.
This site uses Google AdSense, which utilizes cookies for analysing your use of the site.
The Adsense cookies are stored based on Art. 6 Sect. 1 lit. f GDPR.
For more information you can refer to Google's data privacy policies https://policies.google.com/privacy?hl=en.
Our site uses Facebook pixel for measuring conversion rates, run by Facebook Inc, 1601 US.
This tool lets you evaluate the effectiveness of Facebook ads for statistical and market research purposes.
The utilization of Facebook Pixel is based on Art. 6 Sect. 1 lit. f GDPR.
You can deactivate the "Custom Audiences" remarketing function for ads https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
This website uses Microsoft Clarity plugin, a user behavior analysis tool.
Microsoft Clarity processes the following data:
- IP Address
- Browser information
- Display resolution
- Language settings
- Pages visited
- Time and date of visit.
Microsoft states it doesn’t sell user data or disclose personal information. See Microsoft Privacy Statement for more.
Due to a judgment passed on July 16, 2020 by the European Court of Justice, it's been stated that the protection provided by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the US and countries outside the European Economic Area is based on the Standard Contractual Clauses (SCC) issued by the European Commission.
According to the Regulation, “in order to maintain security and to prevent processing that violates this regulation, the operator or the person authorized by the operator should assess the inherent risks of processing and implement measures to mitigate these risks, such as encryption” - Consideration 83. Therefore, the availability of strong and efficient encryption is a necessity for ensuring the protection, confidentiality, and integrity of personal data.
During the purchase process of products sold through this website, your banking information is secure!
We use secure encryption methods, and the data is transmitted through high-security connections to financial institutions. Thus, the data you provide for payments is not transmitted to third parties and is not saved in databases.
Other Payment Methods
According to the information available at https://www.zen.com/files/terms-and-conditions/ecommerce_terms.pdf and https://stripe.com/en-ro/privacy, the computer system of UAB ZEN.COM and Stripe Payments provides you with adequate methods for protecting the personal data of users, as well as the operations and transactions they perform through UAB ZEN.COM and Stripe Payments.
The purposes of processing, the data processed, the conditions for their transfer and distribution, ensuring the security of the operations and the data processed and stored, as well as all other information provided by UAB ZEN.COM and Stripe Payments, are based on some of the mechanisms for ensuring the legality of the processing, in accordance with GDPR, namely: the consent of the data subject (Art. 6 para. 1 lit. a), the performance of a contract (Art. 6 para. 1 lit. b), and the realization of the legitimate interest of the operator (Art. 6 para. 1 lit. f).
This policy on the processing of personal data is generated in accordance with the provisions of Regulation No. 679/2016 concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, as well as other applicable national legal provisions.
We reserve the right to make any additions or modifications to this policy. We recommend regularly consulting the Policy for accurate and updated information concerning the processing of personal data.
For more details regarding this GDPR Policy, as well as for exercising any of the rights mentioned above, a written notification can be sent to the contact details indicated above.