We are aware that the security of your private information is an important concern, the protection of your personal data being a priority for our business. We pay special attention to the processing of your personal data (hereafter referred to as the “Data“) and we will take all measures to ensure that data is processed in accordance with the principles set out in applicable data protection legislation in Romania, including Regulation (EU) 2016/679 on the protection of natural persons with regard to data processing and the free movement of such data and repealing Directive 95/46 / EC (“GDPR“).
The controller is PLAYEDBY S.R.L., a company incorporated under Romanian law with its corporate seat at Bucharest, 3 Av. Popisteanu St., Building 2, Ap. 24, Romania, registered with the Trade Register under no. J40/6418/2018, sole registration code 39320868, VAT no. RO38235098, phone +40 736 866 853, email: firstname.lastname@example.org (hereinafter “PlayedBy”, “we” or “us”).
SECTION 1. GENERAL PRINCIPLES
Personal data means any information regarding an identified or identifiable person; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, of his/her physical, physiological, genetic, moral, economic, cultural or social identity.
Obligation to provide data
In the case of data processing carried out for the performance of a contract/ purchase of Products, fulfilling legal obligations or our legitimate interest, the provision of personal data may be mandatory. In the case of processing based on the consent, the consent and provision of personal data is entirely voluntary; for these cases, there are no negative effects for you if you choose not to give your consent or provide personal data. However, there are cases where we needs certain personal data in order to fulfill our obligations, for example when this personal data is needed to process your requests. In these cases, unfortunately, it will not be possible to offer you what you ask without providing relevant personal data.
Please read the “Specific terms and conditions concerning your personal data” in Section 2 below for details on the purposes of data processing and the legal grounds for such processing.
Use of automatic processing means
In our activities, we usually do not use automated decision-making processes within the meaning of Article 22 of the GDPR. If we apply such processes in the future, we will inform the data subjects separately, in accordance with the applicable provisions.
Disclosure of data
It may be necessary to disclose personal data (including by providing remote access), only through secured applications, to third parties such as commercial partners of PlayedBy, acting as data processors for and on behalf of PlayedBy. (e.g. hosting, legal and financial advisors, payment processor provider, technical service providers or service providers providing dispatch support), with whom PlayedBy has made the necessary contractual agreements required by EU and national regulations.
We will only disclose data to third parties to the extent necessary to perform the processing for the purposes for which the data was originally collected and will impose appropriate confidentiality obligations.
We may disclose the data in order to comply with our obligations under applicable legal regulations or to comply with an order from a court or other public authority, such as a warrant or summons. We may also disclose your personal data if we believe in good faith that such disclosure is necessary to prevent fraud, combat money laundering or terrorist financing operations, and to protect our legitimate interests.
Data transfer outside the EU / EEA
Third Party Links
Generally, personal data collected and used will be stored as long as we have a legitimate interest in retaining such data or for any longer period provided by law, a record-keeping regulation, or required by public authorities. In the case of lawsuits, we may retain your personal data until the proceedings are completed, including during the course of any appeal before the court.
Immediately after the expiration of the applicable retention period, the data shall be deleted or destroyed safely; or transferred to an archive (unless prohibited by law or applicable record keeping regulation). In any case, your personal data will not be retained in a form that will allow you to identify yourself more than is necessary to fulfill the purposes for which it was collected or processed, or under the relevant legislation in force.
We have taken organizational and technical measures to ensure an adequate level of security against the risks arising from processing, in particular through unauthorized destruction, loss, modification, disclosure, acquiring or access, willful or accidental handling, third party access, erasure or modifying personal data. You shall be notified with respect to a data security breach, within a reasonable period of time following discovery of such breach, unless a law enforcement official determines that notification would impede a criminal investigation or cause damage to national security. In this case, notification shall be delayed as instructed by such law enforcement official. We shall promptly respond to your enquiries relating to such data security breach.
Rights of Data Subjects
As a data subject, you enjoy certain rights, as detailed below:
- Withdrawal. If you were expressly requested to consent to a specific processing, you can withdraw your consent at any time.
- Access. You can request access to your personal data. If you send us such a request, we will give you all the information about the purposes of the processing, the categories of data processed, the categories of recipients, data retention period, your rights to rectify, delete or restrict the accessed data, if applicable. As long as such an option is technically available, we will give you the opportunity to access an interactive interface that can give you direct access to your personal data.
- Portability. You can get a copy of the personal data we have recorded in a compatible format and a structure that allows you to exercise your data portability right.
- Restriction. You may request a restriction in the following cases: for a period that allows us to verify the accuracy of your personal data if you object to it; if the processing is illegal and you prefer to restrict personal data, and not to delete them; if you want us to keep your personal data when you need this data to defend a right in court. If you objected to the processing, we will verify that there are legitimate processing interests that prevail over the rights you invoke, and we will notify you of the outcome of these verifications.
- Rectification/erasure. You may request the correction, modification, erasure of any information that is incomplete, expired or incorrect. You may request the deletion of your personal data in the following cases:
– if your personal data is no longer required for the purpose of processing;
– if you withdrew your consent to data processing in the case of consent-based processing;
– if you objected to the processing of data and there are no overriding legitimate grounds for the processing;
– if the data must be deleted to meet a legal obligation.
- Objection. You may object to the processing of your personal data for reasons relating to your particular circumstances, within the limits and under the conditions laid down by law.
- Lodging a complaint. You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro).
Requests for access, correction, restriction or deletion of processing must be made in writing and subject to legal restrictions in force. We will ensure that all appropriate measures are taken to resolve your request without delay and, in any case, within 30 (thirty) days of receipt of your application. Information will be provided by electronic means if possible, unless you requested in writing otherwise.
SECTION 2: SPECIFIC CONDITIONS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
This section describes how we obtain and use your data (the purpose of the processing), the legitimate interest in processing for these purposes, and the specific conditions of such processing. Please read the subsections of interest carefully so that the processing is as clear, transparent and secure as possible.
- Information concerning data privacy for our Website Visitors
- Information concerning data privacy for Account Owners
- Information concerning data privacy for Customers and potential Customers
- Information concerning data privacy for Representative, Contact Person, Employee or Other Collaborator of a PlayedBy’s Business Partner
- Data Privacy for Website Visitors
You can browse our Website without revealing personal data. However, if you would like to receive our newsletter or contact us to address any questions, comments or suggestions, you will be required to provide certain personal Data.
We use the personal data we collect from you when filling in the form in the Contact section of our Website, for analyzing your request and, if accepted by PlayedBy, for taking all necessary measures to provide an answer or take appropriate action. Refusing to provide the requested information prevents the completion of the application registration process and makes communication between you and PlayedBy impossible. We base this data processing activity on your consent. We will retain your data for a period of 3 years (the general limitation period according to Romanian law), in all cases where, according to your application, the data may be necessary for the establishment, exercise or defense of a right before the court, irrespective of whether it occurs during proceedings before a court or an administrative or extrajudicial procedure. Upon expiration of this period, your data will be erased.
We may also use your contact details in order to provide to you in electronic form our newsletters on new Products available for purchase on the Website, marketing communications or invitations to events, but only if you have subscribed and, hence, given your express consent to such processing. For the newsletter dispatch we use the so-called double opt-in process, meaning that we will only send you the newsletter if you have confirmed your registration by accessing the dedicated link in the confirmation e-mail we send after you subscription to our Newsletter. This way, we wish to ensure that only you, as the owner of the specified e-mail address, are able to register for and receive our newsletters. You can withdraw your consent at any time, by clicking the “Unsubscribe” button in each e-mail you receive or by writing us at email@example.com. Your data will be automatically erased from our database when you unsubscribe from our newsletters.
- Data Privacy for Account Owners
Please note that placing an Order shall not be conditioned by the registration of an Account on our Website. However, if you already have an Account, your Customer information, including registered addresses, will be used on the checkout page by default.
In case you would like to set up an Account (in My Account section on the Website), you will be required to provide your personal Data during a registration process, such as: full name, phone number, e-mail, shipping address and billing address if different from shipping address, as the case may be.
While we do our best to protect your personal information, we cannot guarantee the security of any information that you disclose to PlayedBy and you are solely responsible for maintaining the secrecy of any passwords or other account information. Your data will be used exclusively in view of registering and operating your Account on our Website, for the sole purpose of granting you the opportunity to effectively manage your Orders.
Refusing to complete the registration process by failing to provide all required, correct and complete Data will prevent your Account registration process from being completed and accessing your activity history on the Website.
Your personal data related to the use of an Account on our Website will only be stored until you opt for closing your Account. No information shall be available to you on our Website after closing an Account.
- Data Privacy for Customers and potential Customers
You can use our Website without disclosing your personal data. However, in case you would like to purchase a Product, you will be required to provide your personal Data during a registration process, such as: full name, phone number, e-mail, shipping address and billing address if different from shipping address, as the case may be, in case such Data is necessary for the following processing purposes:
- processing your purchase Orders for Products listed on the Website, processing of payments and suppling you with the purchased Products (this data processing is made for performance of a contract, or taking measures, at your request, prior to entering into a contract);
- subscription to services offered by PlayedBy such as services related to promotions, including the use of coupons (we base this data processing activity on your consent);
- managing your relationship or contract with us and to deal with your enquiries or requests (this data processing is made for performance of a contract);
- complying with legal obligations to which we are subject, for example mandatory disclosure of personal data to (tax) authorities or as required for audit purposes, keeping of records obligations, preparing and keeping financial accounting documents and, in certain cases, the obligation to know your customer by obtaining proof of your identity to enable us to meet our anti-money laundering obligations (the grounds for processing is a legal obligation).
Your Data shall be used only for the processing purposes for which they were originally collected. The Data may be processed for a legitimate purpose different than the above processing purposes only if such legitimate purpose is closely related. Any processing for other purposes shall be notified to the data subjects.
Refusal to complete the registration process by failing to provide all required, correct and complete Data will prevent completion of the placing your purchase Order or, as the case may be, the processing of your payment, resulting immediate termination by PlayedBy of your purchase Order of the supply of any Products you ordered.
Personal data collected and used for the supply of Products by PlayedBy will be stored for a period of 3 years after the termination of contractual relations or any other longer period imposed by the law, an applicable records retention regulation or public authorities.
- Data Privacy for Representative, Contact Person, Employee or Other Collaborator of a PlayedBy’s Business Partner
We use your relevant personal data for the performance of our business contracts. For instance, we may use the personal data of representatives, contact persons, employees or other collaborators of our Business Partners within the limits of data normally included on business cards (name, surname, position, company, telephone number, e-mail address), to manage the relationship with the Business Partner you represent. We rely in this case on the legitimate interest in the performance of our business contracts and managing the relationship with our Business Partners. Personal data will be stored for a period of 3 years after the termination of contractual relations or any other longer period imposed by the law, an applicable records retention regulation or public authorities.