Who we are?
We are the “DIANA” Group, respectively DIANA LTD (Registered under J38 / 258/1991, unique registration code RO 2540090, headquarters: 227 Calea lui Traian Street, , Râmnicu Vâlcea, Vâlcea, Romania telephone: 0250 749 540, fax: 250 748 880), DIANA COM LTD (registered under J38 / 185/2002, Unique registration code 14572789, headquarters: V1, parter, Râmnicu Vâlcea, Vâlcea county, Romania), BARRECO LTD (Registered under J38 / 1/1991, Unique registration code RO 1472737, headquarters: Calea lui Traian nr.227, Râmnicu Vâlcea, Vâlcea County, Romania) and we want to inform you about the processing of your personal data in connection with certain operations carried out by us in accordance with the European Data Protection Directive 679/2016.
DIANA Group will do its best to respect privacy and protect personal data. In order to be fully transparent regarding data processing and to allow you to easily exercise any time your rights, we have implemented measures to facilitate communication between us, your data operator and you.
We chose DIANA LTD as contact point. Address: 227 Calea lui Traian Street, Râmnicu Vâlcea, Vâlcea County, Romania.
Email address responsible for data protection: email@example.com.
Data Protection Officer: DATA PROTECTION SPECIALIST SRL
Our information notice applies to the following websites: http://www.diana.com.ro/, http://www.magazinediana.ro/, http://www.pub-union.ro/ and e- our emails. In this note, we will explain how your personal data is processed by DIANA Group and how we ensure that your data is processed responsibly and in accordance with applicable law.
Protecting your personal information is very important to us. That is why we are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016, also known as GDPR, and the following principles:
Legality, fairness and transparency
We process your data legally and correctly. We are always transparent about the information we use and you are properly informed.
Control belongs to you
Within the limits of the law, we offer you the opportunity to examine, modify, delete the personal data that you have shared with us and exercise your other rights.
Data Integrity and purpose limitation
We only use the data for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.
We have implemented reasonable security and encryption measures to help protect your information. However, please note that no website, application or internet connection is completely secure.
What data we collect, why we collect it, how long we process it and who we share with
Categories of processed personal data
DIANA company will process your personal data that you provide directly in the context of the use of the website, such as the data you provide in the contact section / careers, to the extent that you contact us this kind. (eg name and surname, phone number, e-mail address, facebook user, quoted data in the careers section, data on how you use the site).
DIANA company may also collect other data (IP address, time of visit, access point, Internet browser name and version, operating system, including other parameters) provided by the internet browser through which is made accessible to the Site and can be used by DIANA company to improve the services provided to its customers, or for statistical purposes.
The purposes and bases of the processing
DIANA group processes your personal data:
Providing your personal data is required for the performance of this contract. Refusal to provide data may result in the contractual relationship between you and DIANA Company being inaccessible.
to develop the contractual relationship between you and DIANA group if you want to become a distributor.
Providing your personal data is required for the execution of this agreement. Refusal to provide data may result in the contractual relationship between you and DIANA Company being inaccessible.
to develop the contractual relationship between you and DIANA Group if you want to be part of “DIANA family”.
Providing your data for this purpose is based on the legitimate interest of the DIANA Company to ensure the proper functioning of the Site, as well as to permanently improve the visitor experience of the website, including solving various comments, questions or complaints.
to monitor traffic and improve your experience on the webite.
The length of time we are processing your data
DIANA group will process your personal data for as long as is necessary to achieve the above mentioned processing goals.
If you are a distributor, we will process your data for the duration of the contractual relationship and subsequently, in accordance with the legal obligations upon the DIANA Group (for example, in the case of financial and accounting supporting documents for which the term the retention provided by law is 10 years from the date of the financial year in which they were drawn up).
if you want to be a part of the “DIANA Family” and send us your CV, we will process your data for the duration of the contractual relationship and subsequently, in accordance with the legal obligations of DIANA Group of Companies for example, in the case of financial accounting documents for which the retention period prescribed by law is 10 years from the date of the financial year in which they were drawn up). If there is no agreement between you and your company, your data will be retained for two years, and at the end of this period if no contractual reports are established, the data will be deleted.
How we share your information with others
We may disclose your data, in accordance with applicable law, to business partners or other third parties, such as companies looking for staff, as well as companies in the group.
We are continually making reasonable efforts to ensure that these third parties have implemented appropriate safeguards and security measures. With these third parties we have contractual terms so your data is protected. We will inform you of the identity of these companies prior to transmission or within a reasonable time and we will ensure that any transfer is legitimate based on your consent or other legal basis.
For example, we could provide your data to other companies, such as IT service providers or telecommunications, accounting, legal services, and other third parties with whom we have a contractual relationship. These third parties are selected with special care so that your data can only be processed for the purposes we specify.
When we use a person or company as the person empowered to process your personal data, we will ensure that it has entered into a Personal Data Processing Agreement, which assumes, among other obligations that the legislation provides, an the obligation to: (1) process personal data only in accordance with our written instructions we have provided in advance and (2) actually implement measures to protect confidentiality and ensure the security of personal data.
Although unlikely, we may sell the business or part of the business in the future, which will include the transfer of your data.
We may share data with other parties with your consent or instructions.
We will also be able to provide your personal information to the Prosecutor’s Office, the police, the courts and other competent state bodies, on the basis of and within the limits of the legal provisions and as a result of express requests made.
We will ensure, within reasonable limits, that your data does not leave the European Economic Area, but in so far as we transfer data to non-EEA countries, we will ensure in all cases that transfers are legitimate based on your explicit consent or other legal basis.
We keep your data on our servers and servers hosted by third parties. We use appropriate technical and organizational measures to protect your personal data and prevent unauthorized access. We have entered into contractual relationships with third parties providing hosting services and these contracts include obligations on the organizational and technical security of personal data.
Privacy of minors
DIANA group does not knowingly collect personally identifiable data from people under the age of 16 on webite. If a parent or tutor is aware that one of his children has provided the company with their personal data, they must immediately inform the company. If one of the companies in the DIANA Group discovers that a person under the age of 16 has provided him with personal data, he will destroy this information on his servers immediately, unless the parent or the tutor explicit expresses consent to the company’s processing of personal data of the child for the specified purposes.
Cookies and social communication widgets
An HTTP or a cookie is a special text, often encoded, sent by a web browser server and then sent back (unmodified) by the browser whenever accessing that server. On our sites, cookies are used to track user behavior. For more details, please visit: http//ro.wikipedia.org/wiki/Cookie.
These modules allow you to quickly and efficiently navigate between pages, memorize your choices, options and preferences, and optimize the use of web sites.
Cookies are kept in browser memory and contain information such as: the name of the server from which the cookie was sent, the cookie retention time, a value, usually a randomly generated unique number. Cookies do not allow your personal identification.
If you agree with the inclusion of cookies in your browser via banner front-page starter website, please note that your consent can be withdrawn at any time. Current browsers (web browsers) offer the ability to set / disable cookies. To do this, you generally go to Options or Preferences.
What are your rights?
Your rights under GDPR are as following:
- The right to be informed about your data processing and the right to access to data. You have the right to request information about the personal data we hold about you, including information about the categories of data we own or control, for what use they are, the source from which we collected them, we obtained indirectly, and to whom these data are divulged. We will give you a copy of your personal data on request. If you request more copies of your personal data, we can charge you a reasonable fee based on administrative costs.
- The right to data rectification. You may obtain the rectification of your data that we process or control if they are incorrect.
- The right to delete data (the “right to be forgotten”). You have the right to obtain from us the deletion of your data that we process or control.
- The right to restrict data processing. You may obtain from us restricting the processing of your personal data if: (1) you dispute their correctness for the period we need to verify this, (2) the processing is illegal, but you oppose the delete your personal data (3) we no longer need your data but ask for the establishment, exercise or defense of a right in court, or (4) oppose your processing, for the length of time we check whether the interests our legitimate beliefs prevail over you.
- The right to object to the use of personal data. Under certain circumstances, you have the right to object to your data processing by us or on our behalf. Where processing is not based on your consent, but on our legitimate interests or those of a party, you may at any time object to processing your data for reasons related to your particular situation. In this case, we will no longer process your personal data unless: (a) we can show legitimate and compelling reasons that justify the processing anprevails over your interests, rights and freedoms; or (b) if the purpose is to establish, exercise or defend a right in court.
- The right not to be the subject of a decision based solely on automatic processing, including the creation of profiles. You have the right to object in situations where decisions are based solely on automatic processing, including by creating profiles. Once you have expressed your desire not to be part of such profiling, you will be removed from the database of subjects involved in such a process.
- The right to data portability. You have the right to receive your personal data you have provided to us and, if technically feasible, request that we transmit your personal data (supplied by you) to another organization.
- The right to withdraw consent. In situations where we process your data under your consent, you have the right to withdraw your consent. You can do this at any time, at least as easy as giving us your initial consent. Withdrawing it will not affect the lawfulness of processing your data processing that we made before withdrawing.
- The right to lodge a complaint with the supervisory authority. If you are dissatisfied with the way we process your data, we would prefer you to contact us directly in order to be able to resolve your issue. However, if you still have any complaints, you may contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro):
Address: B-dul G-ral. Gheorghe Magheru, Bucharest, Romania,
Telephone: + 40.318.059.211 / +40.318.059.212
Please note that:
If you wish to exercise your rights, you can do so by submitting a written request, signed and dated to the e-mail address firstname.lastname@example.org.
the rights listed above are not absolute. There are exceptions, so each request received will be analyzed so that we can decide whether it is founded or not. Insofar as the application is well founded, we will facilitate the exercise of your rights. If the petition is unfounded, we will reject it, but we will inform you of the reasons for the refusal and the rights to file a complaint with the Surveillance Authority and address your case to the court.
we will try to respond to the request within 30 days. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the inability to identify you within a useful time.
If, while we make every effort, we fail to identify you, and you do not provide us with additional information to identify you, we are not obligated to comply with the request.
Questions and requests
If you have any questions or concerns regarding the processing of your data or you wish to exercise your legal rights in relation to our data, or if you are concerned about the way we deal with any privacy issues, you can write to us at-mail: email@example.com.
SIGNIFICANCE OF TERMS USED IN THE PRESENT NOTE
|What does personal data processing mean?
||Any use of a data means processing of personal data. Accordingly, any operation or set of operations performed on personal data, with or without the use of automated means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing, disseminate or otherwise make available, align or combine, restrict, erase or destroy.
|What does personal data mean?
||Any information relating to a person who can be identified directly or indirectly from this information. An identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier, location data, an online identifier, or to one or more specific elements of his physical, physiological, genetic, psychic, economic, cultural or social.
|What does a personal data operator mean?
||Personal data operator means any natural or legal person, public authority, agency or other organization that, alone or with others, establishes the purposes and means of processing personal data.
|What does a empowered person?
||Natural or legal person, public authority, agency or other body processing personal data on behalf of the operator. Examples: accountants, lawyers, media agencies, courier services, cloud service providers, e-mail providers, hosting, e-mail / sms providers, billing programs. In other words, any entity that has access to the personal data processed by the operator, which it processes only on behalf of the operator.
|What does a concerned person mean?
||The person concerned is the individual to whom they refer (some of which belong to him) certain personal data. In your relationship with us (the operator), you are the target person.
|What is the Surveillance Authority?
||An independent public authority, which, according to the law, has duties related to the supervision of the observance of the legislation on the protection of personal data. In Romania, this authority is the National Authority for the Supervision of Personal Data Processing (ANSPDCP).