Privacy policy

AL-KIMIYA RETREAT SRL with headquarters in Bucharest, Sector 6, Str. SG. Constantine the Apostle, no. 16, Floor 11, Ap. 1104, registered at the Trade Registry Office with no. J40/5063/08.03.2024, fiscal code 49731755 (the „Operator”) collects and processes personal data in accordance with the legal provisions on the processing of personal data and the free movement of such data – Regulation (EU) 2016/ 679 ( „RGPD”) and Law no. 190/2018 – in order to carry out trade operations with various products in the online environment (the „Activity”), as well as in situations where interested persons visit the arabianretreat.com online store.

1. Categories of personal data that can be processed by the Operator

The categories of personal data processed in the activity of the Operator are the following:

1.1. Personal identification data (surname, surname, address, age, date of birth, telephone, e-mail, nationality, language and country from which you interact with us). The data are necessary for the creation of the user account, respectively for the valid conclusion and development of the contractual relationship with the Operator.

1.2. Business and transaction information (for example, payment or bank card information, information about purchases, orders, product returns, etc.).

1.3. The information we receive from you as a result of requests sent by e-mail, telephone, or any other means of communication (including the addresses, names and contact details of the persons to whose attention the deliveries of the products purchased through website arabianretreat. com.

1.4. Online activity data – we record information about how you use our site, such as when and/or how you visit or use the site, time spent on the site, what types of ads you viewed, IP address, the browsing system used, the type of device used, demographic information and user interests. We also use cookies and similar technologies to remember your preferences. More information about cookie processing can be found in the Cookie Policy –  https://arabianretreat.com/cookies

1.5. Data obtained from third parties – we may receive information about your visits to other sites or platforms that include advertisements, cookies or similar technologies.

It is your decision whether you want to provide us with data and what kind of data you provide us with, but please note that when shopping in the online store, the provision of certain data will be mandatory for the execution of the sales contract, because without it you cannot we will be able to process the order.

The refusal to provide the requested data leads to the impossibility of placing the order, respectively its delivery.

It is not mandatory to give your consent to receive commercial information to the provided email address or the provided telephone number in order to make an agreement for the sale of goods. If you give your consent, you can withdraw it at any time according to your rights under section 6 below.

The online store platform will also be accessible through your Facebook or Google account. If you opt for one of these options, you will be directed to a page managed by Facebook Inc / Google LLC, where they will inform you about the transfer of your data to www.cafeazavida.ro. You can consult the privacy policies of Facebook and Google, respectively, using the following links:

https://www.facebook.com/about/privacy

https://policies.google.com/privacy

We emphasize that we do not collect or otherwise process sensitive data, included by the GDPR in special categories of personal data. We also do not wish to collect or process data of minors under the age of 16.

2. The purposes and grounds of processing your personal data

We process your personal data for the following purposes:

1. Running the commercial activity by the Operator through the website, including, but not limited to: registering the user account on the website, confirming and placing orders, executing the delivery obligation, notifications regarding the status of the order, resolving complaints regarding product defects purchased , ensuring the return of the products and the reimbursement of the related amounts, as well as the execution of any other obligations assumed towards you as a buyer, making available the offers and information available on the Operator’s website, (legal basis: conclusion and execution of the contract – art. 6 (1) letter b) GDPR). The storage of the cards used to pay for the products will be carried out based on the consent of the person concerned – art. 6(1) lit. a) GDPR. In the case of the personal data of the legal or conventional representatives of our clients, legal entities, we have a legitimate interest in ensuring the smooth development of legal relations with our clients (legal basis: legitimate interest – art. 6 (1) letter f) RGPD);
2. Fulfillment of the legal obligations of the Operator (eg communications or reports to the authorized public authorities and institutions, including in terms of financial crimes, fulfillment of tax and fee payment obligations, archiving of documents and information transmitted during the procurement process, including in electronic format) (legal basis: art. 6 (1) letter c) RGPD);
3. Communication of commercial information and offers. We would like to send you information about new products appearing on our website, promotional offers and discounts, as well as other information that we think may be of interest to you. The processing is based on your consent, which you can withdraw at any time, by unsubscribing from our newsletter (legal basis: the consent of the person concerned – art. 6(1) letter a) RGPD);
4. The analysis of data collected in order to improve the Operator’s activity, the realization of analyzes and statistics regarding the marketing campaigns carried out, in order to offer relevant and personalized services, including through Google Analytics, […] (legal basis: legitimate interest – art. 6(1) letter f) GDPR);
5. The transmission of non-commercial or administrative messages such as changes in or in relation to the website, user account, etc. (legal basis: the consent of the person concerned – art. 6(1) letter a) RGPD);
6. Analysis of the data collected with the help of cookies and other similar technologies placed on the website of the Operator or of third parties, in order to improve the operation of the website, to adapt its content according to the preferences and interests of visitors, as well as to carry out advertising, respectively (legal basis: legitimate interest – art. 6 (1) letter f) GDPR and, where applicable, your consent – art. 6 (1) lit. a) RGPD);
7. The resolution of potential disputes, the establishment, exercise or defense of a right in court, the resolution of complaints and requests from customers (legal basis: legitimate interest – art. 6(1) letter f) RGPD).
8.   Categories of recipients to whom personal data may be disclosed

We may disclose your data to the following categories of recipients:

1. state authorities and public institutions, as a result of legal obligations of the Operator;
2. service providers directly/indirectly involved in the execution of the Trade Activity who have the capacity of authorized persons of the Operator according to the provisions of art. 28 of the RGDP Regulation (eg marketing service providers, advertising, invoicing and accounting service providers – , IT support service providers, data center service providers, courier service providers);
3. payment processors to ensure that the receipt and administration of payments is carried out under safe conditions – Banca Trasilvania
4. judicial or arbitration courts, notaries public, lawyers, bailiffs, translation offices, if necessary.
5. third-party providers of cookies and similar technologies as described in the Cookies Policy – https://arabianretreat.com/cookies.html   in these situations, your personal data collected through cookies / similar third-party technologies could be transferred to third countries ( ie from outside the European Union).

The operator could transfer personal data to countries outside the European Union or the European Economic Area. For such transfers, the Operator takes a series of measures to ensure an adequate level of protection of the personal data of natural persons. Among these measures can be found the conclusion of standard contractual clauses approved at the European level.

4. Duration of processing and storage of personal data

We will process your data for the period of time necessary to manage the purchase of products ordered on the site, including any returns, claims or complaints related to the purchase of the product, if a shorter period is not required by mandatory legal regulations.

In some situations, we will only process data for as long as you decide, such as payment (card) data that you ask us to store for future purchases.

Your user data will be kept for as long as you are a registered user (until you decide to unsubscribe). Your User Account can be deleted both at your request, but also as a result of the withdrawal of consent regarding data processing, your objection regarding data processing as well as in the case of requesting data deletion.

Certain data can be kept for the entire period provided by law for the activity of archiving and keeping financial-accounting documents, or until the expiration of the limitation periods applicable to the right of action, for the purpose of defending our rights.

Data related to cookies and similar technologies are stored according to the terms specific to those technologies, the storage term can be between the duration of the browsing session and a duration of 2 years (or more, in the case of third-party cookies).

5. Protection of personal data

We use a number of IT and organizational security measures designed to minimize the risk of data leakage, destruction and disintegration, such as: firewall system, anti-virus and anti-spam systems, internal access procedures, data processing and emergency recovery as well as a multi-level backup system.

Our store offers a very high level of security by using the Web Firewall (WAF) and the security system against DDoS attacks, we use HTTPS / SSL connection encryption level according to the best practices, we work with the hosting provider hostinger

We remind you that the use of the Internet always brings the risk of security incidents, but we assure you that thanks to the implemented procedures of computer system reviews and updates, as well as the active monitoring of critical system points, our goal is to reduce this risk as much as possible.

6. Your rights as a data subject

In connection with the processing of your personal data, you may exercise any of the following rights:

1. The right of access to your own personal data

You have the right to obtain from us a confirmation of whether or not the Operator is processing your data and, if so, you have the right to access that data.

1. The right to rectify your personal data

You have the right to request and obtain the rectification, updating or completion of your inaccurate or incomplete personal data.

1. The right to withdraw your consent

When the processing of personal data has been carried out on the basis of your consent, it can be withdrawn at any time.

1. Right to erasure („right to be forgotten”)

You have the right to request the deletion of your personal data for the following reasons:

• the personal data are no longer necessary to fulfill the purposes for which they were collected or processed;
• the data processing was carried out based on your consent and it has been withdrawn;
• personal data have been processed illegally;
• you exercise your right to object and there are no overriding legitimate reasons or you object to processing aimed at direct marketing;
• personal data must be deleted to comply with a legal obligation of the Operator.

Please note that before exercising this right, you must download from your user account all the documents related to the orders made in the online store, regardless of whether the invoice was made to you or to another natural or legal person (as would be: invoices ). If you do not take this step before exercising your right to deletion, you will lose all these documents and the Operator will be unable to make them available to you, as the case may be, because the process of deleting the data, respectively the account user of the online store, together with all the data and documents related to it, is an irreversible measure.

1. The right to restriction of processing

You have the right to request and obtain the restriction of the processing of your personal data in the following cases:

• when you dispute the accuracy of the data, for a period that would allow the Operator to verify the accuracy of that data;
• the processing is illegal and you object to the deletion of the data, requesting instead the restriction of its use;
• when the Operator no longer needs the personal data for the purpose of processing, but you request them for establishing, exercising or defending a right in court;
• when you objected to the processing by virtue of the right to opposition, for the time interval in which it is verified whether the legitimate rights of the Operator prevail over those of the data subject.

1. The right to data portability

You have the right to receive the personal data concerning you that you have provided to us, with the right to transmit it to another operator, when the processing of the data is based on your consent or on a contract to which you are a party and the processing is carried out by automatic means.

1. The right to opposition

You have the right to oppose, for reasons related to your particular situation, the processing carried out in the legitimate interest of the Operator or the processing for direct marketing purposes, including the creation of profiles.

1. The right not to be subject to a decision based solely on automated processing of your data, including profiling
2. The right to file a complaint with the competent data protection authority:

Contact details of the National Data Protection Authority for Romania:

NATIONAL PERSONAL DATA SUPERVISION AUTHORITY (ANSPDCP)

G-ral Blvd. Gheorghe Magheru 28-30

RO- 010336 Bucharest, RomaniaRO – 010336 Bucharest,

Phone: +40.318.059.211

http://www.dataprotection.ro/

To exercise any of these rights, with the exception of the right to lodge a complaint with the Supervisory Authority, please contact us by choosing any of the communication methods below, stating your name, postal or e-mail address where you wish to you be told the answer and the purpose of the request.

You can contact us:

• by e-mail – to the address: contact@arabianretreat.ro
• through a request sent by post to the address: Bucharest, Sector 6, Str. SG. Constantine the Apostle, no. 16, Et. 11, App. 1104

We will try to complete your requests as quickly as possible and answer your questions about personal data. In any case, you should receive a message from us within a period that will not exceed 30 days from the date of receipt of your request. During this period we will give you an answer or inform you about the extension of the deadline and explain the reasons. If we have doubts about the authenticity of the identity of the person making a specific request, we can ask more questions to verify it.

We may update this Policy from time to time and will notify you of any changes by posting the new version on our Site. Please check this Policy periodically for any changes.

AL-KIMIYA RETREAT SRL team