SECTION I. CONFIDENTIALITY POLICY REGARDING THE PROCESSING OF PERSONAL DATA
HAMZA guarantees the right to the protection of personal data and undertakes to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation in the Romanian territory.
Who we are and how you can contact us
HAMZA is the trade name of S.C. Grateful Hamza S.R.L, having its registered office in Bucharest, Soseaua Pipera, no. 61, sector 2, with serial number in the Trade Register J 40/8786/2020
unique fiscal registration code 42834915
(“HAMZA”). For the purposes of data protection legislation, we are the operator when we process your personal data.
If you need any additional information regarding the processing of your data, we encourage you to contact the HAMZA Data Protection Officer at the e-mail address: firstname.lastname@example.org or by mail or courier at Strada Spatarului nr. 41, Bucharest, sector 2.
What categories of personal data do we process
In general, we collect your personal data directly from you, so you have control over the type of information you provide to us. By way of example, we receive information from you as follows:
When you create a HAMZA account, you send us: your e-mail address, first and last name;
Within your personal page (My Account) from the HAMZA platform you can add additional information, such as: mobile phone number, delivery addresses;
When you place an order, you provide us with information such as: desired product, first and last name, delivery address, billing details, payment method, phone number, etc.
Through the www.hamza.ro page, you send us: your name, e-mail address and / or telephone number, the city where you live, date of birth, favorite color and size worn.
Subscribing to the newsletter involves collecting your name and email address.
We may also collect and further process certain information regarding your behavior while visiting our website, in order to personalize your online experience and provide you with offers tailored to your profile. We invite you to learn more details in this regard by consulting the section on the purposes of processing below.
On our website we may store and collect information in cookies and similar technologies, according to the Cookies Policy.
We do not collect or otherwise process sensitive data, included by the General Regulation on data protection in special categories of personal data. We also do not want to collect or process data from minors under the age of 16.
What are the purposes and grounds of processing
We will use your personal data for the following purposes:
- To provide HAMZA services for your benefit.
This general purpose may include, depending on the given case, the following:
- a) Creation and administration of the account within the HAMZA platform;
- b) Order processing, including takeovers, validation, shipping and invoicing;
- c) Solving cancellations or problems of any kind related to an order, the goods or services purchased;
- d) Returning the products according to the legal provisions;
- e) Reimbursement of the value of the products according to the legal provisions;
- f) Providing support services, including providing answers to your questions about your orders or HAMZA goods and services.
The processing of your data for these purposes is, in most cases, necessary for the conclusion and execution of a contract between HAMZA and you. Also, certain processing subject to these purposes are required by applicable law, including tax and accounting law.
- To improve our services
We always want to offer you the best online shopping experience. For this, we may collect and use certain information regarding your Buyer's behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order or we may conduct market studies and research.
We base these activities on our legitimate interest in conducting business, always taking care that your fundamental freedom and rights are not affected.
- For marketing
We want to keep you informed about the best offers for the products / services that interest you. In this regard, we can send you any type of message (such as: e-mail / SMS / webpush / etc.) containing general and thematic information, information on products similar or complementary to those you have purchased, information about offers or promotions, product information added to the "My Account / Cart" section or the "Account / Favorites" section, and other business communications such as market research and surveys. In order to provide you with information which might be of interest to you, we may use certain data regarding your buyer behavior (eg products viewed / added to wishlist / purchased) to create a profile for you. We always ensure that such processing is carried out in compliance with your rights and freedom and that the decisions made thereunder have no legal effect on you and do not affect you in a similar manner or to a significant extent.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:
- Accessing the unsubscribe link displayed in the messages you receive from us;
- Accessing the personal data update link displayed in the messages received from us;
- Contacting HAMZA at the e-mail address: email@example.com or through post-mail using the contact address above.
- To unsubscribe from webpush notifications, you will need to access the site settings section of the browser used (Google chrome, Internet Explorer, Mozilla Firefox, etc.) and choose the block option from the notifications section.
In any case where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental freedom and rights are not affected. However, you can ask us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will process your request.
- To defend our legitimate interests
There may be situations in which we use or transmit information to protect our rights and business. These may include:
- Measures to protect the website and the users of the HAMZA platform against cyber attacks;
- Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;
- Measures to manage various other risks.
The general basis of these types of processing is our legitimate interest in defending our commercial activity, ensuring that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
Also, in certain cases we base our processing on legal provisions, such as the obligation to ensure the protection of goods and values provided by the applicable legislation in this matter.
How long we keep your personal data
We will store your personal data as long as you have an account on the HAMZA platform. You may ask us to delete certain information or close your account at any time, and we will respond to such requests, subject to the retention of certain information, including after closing the account, in cases where applicable law or our legitimate interests so require.
To whom we transmit your personal data
Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients:
- courier service providers;
- payment / banking service providers;
- IT service providers;
If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
In which countries we transfer your personal data
HAMZA stores and processes your personal data in Romania.
How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.
The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while ensuring data redundancy.
To make payments through the platform, we use the services of the Vivawallet payment processor. All payment information is encrypted using HTTPS technology with TLS 1.3 encryption.
Despite the measures taken to protect your personal data, we warn you that the transmission of information via the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data may be viewed and used by third parties. unauthorized parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.
What are your rights
The general data protection regulations will recognize a number of rights in relation to your personal data. You may request access to your data, the correction of any errors in our files and / or you may object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or go to court. Depending on the case, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information on each of these rights can be obtained by consulting the section below.
In order to exercise your rights, you may contact us using the contact details listed above. Please note the following if you wish to exercise these rights:
Identity. We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such registrations using the e-mail address of the HAMZA account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees. We will not charge you a fee to exercise any rights with respect to your personal data.
Response time. We intend to respond to any valid requests within a maximum of 15 working days, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of 1 month. We will let you know if the response time will exceed 1 month. We may ask for further clarification to help us act faster and shorten the response time to your request.
Third party rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.
You have the following personal data rights:
- Access to your data
You can ask us:
- to confirm if we process your personal data;
- to provide you with a copy of this data;
- to provide you with other information about your personal data, such as the data we have, what we use it for, to whom we disclose it, if we transfer it abroad and how we protect it, how long we keep it, what rights you have, how can you make a complaint, from where we obtained your data, so far as the info has not already been provided to you by the last rows.
- Rectifying your data
You may ask us to rectify or complete your inaccurate or incomplete personal data.
We may try to verify the accuracy of the data before rectifying it.
- Deleting your data
You can ask us to delete your personal data in any of the following situations:
- they are no longer needed for the purposes for which they were collected;
- you have withdrawn your consent (if the data processing is based on consent);
- exercise a legal right to oppose;
- they were processed illegally;
- we have a legal obligation in this regard;
We have no obligation to comply with your request to delete your personal data if the processing of your personal data is necessary:
- for the observance of a legal obligation;
- for finding, exercising or defending a right in court.
- other circumstances in which we are not required to comply with your request to delete data.
- Restricting data processing
You can ask us to restrict the processing of personal data in any of the following situations:
- their accuracy is contested (see the rectification section), to allow us to verify their accuracy;
- the processing is illegal, but you do not want the data to be deleted;
- they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court;
- You have exercised your right to object, and verification that our rights prevail is ongoing.
We may continue to use your personal data following a request for a restriction if:
- we have your consent;
- to ascertain, exercise or ensure the defense of a right in court;
- to protect the rights of HAMZA or any other natural or legal person.
- Data portability
You can ask us to provide you with personal data in a structured, commonly used and automatically readable format, or you may request that it be "ported" directly to another data controller, but in any case, only if:
- the processing is based on your consent or on the conclusion or execution of a contract with you;
- processing is done by automatic means.
You may object at any time, for reasons related to your particular situation, to the processing of your personal data under our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.
You may also object at any time to the processing of your data for direct marketing purposes (including profiling), without giving any reason, in which case we will cease processing as soon as possible.
- Automatic decision making
You can request not to be subject to a decision based solely on automatic processing, but only when that decision:
- produces legal effects on you or affects you in a similar way and to a significant extent.
This right does not apply if the decision reached following the automatic processing:
- We are required to end or to start a contract with you;
- is authorized by law and there are adequate safeguards for your rights and freedoms.
- is based on your explicit consent.
You have the right to file a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:
National Authority for the Supervision of Personal Data Processing
B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issue amicably.
We remind you that you can contact us at any time with data protection by sending your request in any of the following ways:
- by e-mail to: firstname.lastname@example.org or
- by post or courier to the address: Strada Spatarului nr.41, Bucharest, sector 2.