Privacy Policy

PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA

 THROUGH NESTELLI.RO

 

  1. WHO WE ARE AND WHAT THE PURPOSE OF THIS DOCUMENT IS

This Privacy Policy has been provided by NESTELLI DIAMONDS S.R.L., a company with its headquarters in Romania, Bucharest District 1, Str. Atena, No 26, registered with the Trade Register under No. J40/6860/2023 and CUI 47970411 (hereinafter, "we" or "the Company" or "Nestelli Diamonds"), as the owner of the platform https://www.nestelli.ro/ (hereinafter ”Site”).

Through this document, we want to explain why and how we use the personal data of our Site visitors.

This Privacy Policy applies to our relationship with visitors to our Site and people who buy or contact us.

"Personal data" means any information relating to an identified or identifiable natural person, and an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, economic, cultural or social identity.

This Privacy Policy contains important information about the Company's use of your personal data. Therefore, we encourage you to take the time to read it fully and carefully before interacting with us. Please feel free to let us know if you have any questions using the contact details at the end of this notice. We want it to be transparent to you why and how we use your personal data, how we protect it, and your rights in relation to our use of your personal data.

This Privacy Policy mainly explains:

  • who we are;
  • the purposes for which we collect and use your personal data;
  • the legal basis on which we process your personal data (i.e., the legal basis that allows us to process your personal data);
  • the categories of personal data we process;
  • the duration of the processing of such personal data;
  • your rights as a data subject and the manner in which you can exercise those rights; and
  • to whom we disclose or may disclose your personal data.

This Privacy Policy is issued by NESTELLI DIAMONDS S.R.L. acting as data controller, under the data protection legislation applicable in Romania, in particular Articles 13-14 of Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC. („GDPR”). 

  1. THE PURPOSES, GROUNDS FOR PROCESSING AND CATEGORIES OF PERSONAL DATA WE PROCESS

Depending on the circumstances in which you interact with us, we use the following categories of your personal data for the purposes and on the grounds described later in this section. To access the information relevant to you, please go to the links related to the category of data subject you represent.

  • If you are a visitor to our site www.nestelli.ro

Activity

Purposes

Categories of Personal Data

Processing grounds

Contacting you via the contact form on the site nestelli.ro

Communicating with you in relation to setting up an appointment or in relation to our business and/or products sold by us

Name and surname, email, phone number, date of birth

The processing is necessary in order to take steps at your request prior to the conclusion of a contract (Art. 6 (1) (b) GDPR)

  • If you subscribed to our newsletter

Activity

Purpose

Categories Of Personal Data

Processing grounds

Sending newsletters about new information or news about our products and the Company's activity on nestelli.ro

Sending newsletters about new information or news about the Company's products and activities on nestelli.ro

E-mail address, your name

Your consent (Art. 6 (1) (a) GDPR)

If you have subscribed to our newsletter, we analyze and document whether and how you open and use the newsletter you receive from us

Structuring our newsletters according to your needs and improving the reach of our information or marketing campaigns

E-mail address, your name, details of the equipment you use to access our newsletters (operating system, type of equipment, etc.)

Our legitimate interest to structure the newsletter according to your needs and to improve the reach of our information or marketing campaigns (Art. 6 (1) (f) GDPR)

Your consent (Art. 6 (1) (a) GDPR)

  • If you make purchases from the Site or from our shop

Activity

Purposes

Categories Of Personal Data

Processing grounds

Placing an order and selling products

Taking and dispatching orders, invoicing, dealing with your requests and complaints, including return and exchange requests, refund of the price paid, execution of the sales contract.

Desired product, name and surname, contact details (phone number, email address), delivery address, billing address, payment method, credit card details, invoice details.

The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to the conclusion of a contract (Art. 6 (1) (b) GDPR).

Our legitimate interest to defend our rights and interests in case you make a request or complaint (Art. 6 (1) (f) GDPR).

Archiving of documents relating to products sold

Keeping an archive of accounting documents

Identification data

Financial data (invoices, contracts, payments, other data)

Our legal obligation to archive and comply with the accounting provisions (Article 6 (1) (c) GDPR).

 

  1. PROVIDING OF PERSONAL DATA AND CONSENT BY YOU

When you provide us directly with your personal data, please provide all categories of personal data requested by us. Otherwise, we may not be able to properly carry out the activity for which you contact us (including, among other things, responding to your requests).

If we use your data on the basis of your consent, in the situations set out in Section 2 above, you should be aware that you can withdraw your consent at any time and we will no longer use your data from that point onwards. In any event, however, our activities performed prior to the withdrawal of your consent, including those involving your data, will remain in effect.

You may withdraw your consent to the processing of your personal data, where this is the basis on which we use your personal data as set out in Section 2 above, by contacting us using the contact details set out below.

 

  1. TO WHOM WE DISCLOSE YOUR PERSONAL DATA

We disclose your personal data to our external service providers, such as, for example, IT service providers, consulting and marketing service providers, or newsletter providers. They will only access and use the personal data necessary for the provision of the services contracted by us, based on appropriate contractual documentation, the basis for this disclosure being our legitimate interest in contracting and benefiting from the services offered by these providers for the performance of our activities.

We may also disclose your personal data as follows:

  • to our auditors, consultants, attorneys or other providers of specialized professional services, if necessary for the provision by them of services contracted by us in view of our legitimate interest or legal obligation to contract for such services; and
  • public authorities and institutions, where we have a legal obligation to do so or at their express request, if permitted by law.

As a rule, we only transfer your personal data to recipients in European Union (EU) and/or European Economic Area (EEA) countries; we do not transfer your data to non-EEA countries and we ask the same of our service providers.

 

  1. HOW WE PROTECT YOUR PERSONAL DATA

It is very important for us to protect your personal data. To achieve this, we apply appropriate measures to ensure the security of personal data, including: dedicated policies, specific technical measures, control of our service providers and data minimization.

We also undertake to take any further steps required by law in the area of personal data protection in relation to the use of your personal data.

 

  1. HOW LONG WE KEEP YOUR PERSONAL DATA

We intend to keep your personal data for as long as necessary to fulfil the data processing purposes, we are pursuing.

Where we use your data on the basis of your consent, e.g., when sending you newsletters or interacting with you via social media, we will in principle keep your data until you withdraw your consent.

If you contact us via the contact form, we will retain your data for no longer than the duration of the resolution of your request and for a reasonable period after the completion of your request, which will not exceed 3 years from the completion of your request, unless we deem it necessary to retain the data for longer to protect our rights and interests or in accordance with our legal obligations (such as archiving for financial and accounting management purposes).

 

  1. YOUR RIGHTS

According to the law, you have the following rights in relation to the processing of your personal data:

Right of access: you can obtain from us the confirmation that we process your personal data, as well as information on the specifics of the processing such as: purpose, categories of personal data processed, recipients of the personal data, period for which the personal data are kept, existence of the right of rectification, erasure or restriction of processing. This right allows you to obtain a copy of the personal data processed free of charge, as well as any additional copies for a fee.

Right to rectification of personal data: you can ask us to amend your personal data that are incorrect or, where appropriate, to complete data that are incomplete.

Right to erasure: you may request the erasure of your personal data when: (i) it is no longer necessary for the purposes for which we collected and process it; (ii) you have withdrawn your consent to the processing of your personal data and we can no longer process it on other legal grounds; (iii) your personal data is processed unlawfully; or (iv) your personal data must be erased in accordance with the relevant legislation.

Withdrawal of consent: you may withdraw your consent to the processing of personal data processed on the basis of consent at any time, without this in any way affecting the processing carried out prior to the withdrawal. You can withdraw your consent to the sending of newsletters at any time by clicking on the UNSUBSCRIBE button in each newsletter we send you.

Right to object: you may object at any time to processing based on the legitimate interest of the Company by providing us with reasons relating to your specific situation. For details of the processing we carry out in the legitimate interest, please see Section 2 above.

Restriction of data processing: you can request restriction of the processing of your data. personal data by us if: (i) you dispute the accuracy of the personal data, for a period that allows us to verify the accuracy of the data concerned; (ii) the processing is unlawful and you object to the erasure of the personal data, requesting instead the restriction of its use; (iii) the data is no longer needed by us for processing, but you request it from us for a legal claim; or (iv) if you have objected to the processing, for the period of time during which it is verified whether our legitimate rights as a controller override your rights as a data subject.

Right to portability: you can ask us, under the law, to provide you with personal data that you have provided to us in a structured, frequently used and machine-readable form (e.g., in CSV format). We may also, if you expressly request us to do so, transmit your personal data to another entity if technically possible. You will only be able to exercise your right to portability if (cumulatively): (i) the processing is carried out by automated means; and (ii) the processing is carried out on the basis of your consent or to perform a contract with you.

The right not to be subject to automated individual decision-making, including profiling: we currently do not process your personal data exclusively through automated individual decision-making processes. Should we initiate such processing of personal data, we will supplement this Privacy Policy accordingly.

Right to file a complaint with the National Supervisory Authority for Personal Data Processing: you have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro) if you believe your rights have been violated. However, we respectfully request that you contact us with any complaints or concerns you may have before contacting the authority.

You can exercise any of these rights against us using the contact details below.

To exercise one or more of the rights set out above or to ask a question about these rights or about our processing of your personal data, please contact us by e-mail at contact@nestelli.ro