PRIVACY POLICY 

Protecting your personal data is important to us. We process your personal data in accordance with the applicable European data protection legislation. With this Privacy Policy, we would like to inform you about the type, scope and purposes of the collection and processing of personal data when you visit our website, use our online shop, contact us or subscribe to our newsletter, as well as about your rights and the storage period. 

WHO WE ARE 

SIDAYA PHARMA ROMANIA S.R.L., Romanian company with registered address: 50 Turturelelor Street, 4th Floor, Apt. 8, Sector 3, Bucharest, Romania, entered into the Commercial Register under No. J40/21052/2007, VAT No. BG3077831591, is a data controller pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation or GDPR). 

As a data controller, we are committed to processing and protecting your personal data as an individual in accordance with the requirements of the GDPR and this Privacy Policy. Please read it carefully and get informed about your rights. 

WHEN AND WHAT PERSONAL DATA WE PROCESS 

  1. When you place an order through our online shop

When you place an order through our online shop, we process the following personal data about you: names, e-mail address, telephone number, delivery address, credit card information. 

If you would like an invoice to be issued to you, you are also required by law to provide us with your personal identification number and/or date of birth. 

  1. When you contact us

When you contact us via email or the contact form on our website, we use the email address you provide, as well as any other information you have voluntarily chosen to provide in your enquiry.  

If you contact us by phone, the conversation will be recorded. Thus, we process your phone number, voice data and other information you provide during the call.  

  1. When you subscribe to our newsletter

When you subscribe to our newsletter, you voluntarily give your consent for us to use your e-mail for the purpose of sending you our newsletter with the latest news and offers. 

WHAT WE PROCESS YOUR PERSONAL DATA FOR 

When you shop through our online store, you enter into a contractual relationship with us and provide us with your personal data, so that we are able to send and deliver the products you have purchased, and also to communicate with you about the progress of your order, tracking deliveries and payments, exercising your consumer rights. 

We also process your personal data in case you decide to contact us in any of the possible ways, in order to respond to your inquiry and to improve our services. When you contact us by phone, conversations are recorded for the purposes of protecting our rights and legitimate interests, including improving service and efficiently handling enquiries, orders and resolving disputes. 

Your email may be used for direct marketing purposes and to find out your opinion of a product you have purchased. You can unsubscribe to stop us processing your email for the purposes in the previous sentence by clicking on the unsubscribe link available in every email you receive. 

We may also use your personal data in the event of official proceedings such as civil proceedings, administrative checks, consumer claims and disputes, etc.  

We may also process your personal data for other purposes where certain applicable law requires us to carry out that processing. 

THE LEGAL GROUND ON WHICH WE PROCESS YOUR PERSONAL DATA 

We process your personal data on the following legal grounds: 

  1. On the basis of your consent (Art. 6 par. 1 letter “a” GDPR). This is the ground on which we process your personal data when you agree to receive our newsletter, contact us, and consent to the use of cookies, which are optional and not necessary. You can withdraw your consent at any time.
  2. For the performance of a contract or to take steps at the request of the data subject before entering into a contract (Art. 6 par. 1 letter ‘b’ GDPR). On this basis, we process your personal data when you purchase products via our online store.
  3. To comply with our legal obligations (Art. 6 par. 1 letter “c” GDPR). On this basis, we process your personal data where this is expressly required by law.
  4. Where processing is necessary for the purposes of our legitimate interests (Art. 6 par. 1 letter “f” GDPR). On this basis we may send you notices about offers, special offers and new products, or ask for your opinion about a purchase you have made. We also record our phone conversations with you on the same basis. We also need to process your data to prevent and investigate abuse of online orders and related deliveries, and in the event of any official proceedings.

DO WE USE COOKIES 

In order to improve the quality of the services we offer, we use cookies, through which we can collect personal data. You can find out more about the use and management of cookies in our Cookie Policy. 

AUTOMATED DECISION MAKING 

We do not carry out automated decision-making with your personal data. 

WHAT DATA WE DO NOT PROCESS 

We only process personal data of individuals who are 18 years of age or older.  

We do not process personal data that reveals racial or ethnic origin, reveals political, religious or philosophical beliefs, membership of political parties or organizations, associations with religious, philosophical, political or trade union aims, data relating to health, sex life or the human genome. 

WHOM WE PROVIDE YOUR PERSONAL DATA TO 

Your personal data may be provided to third parties in order to achieve the purposes for which we process it. If you do not want your personal data to be provided to third parties, you will not be able to benefit from the services provided by the Controller. 

In this regard, we provide your personal data to hosting providers and other IT support companies. Your data is provided to couriers and suppliers in order to deliver the goods you have requested and, where applicable, to other partners and service providers, including for the purpose of making online payments for purchases of products from our website. We may also provide your data to companies that provide legal and accounting services to us. 

Your personal data may also be provided to government authorities in connection with official proceedings.  

We have put in place appropriate technical and organizational measures to ensure your rights and freedoms. We may share your personal data with the above categories of recipients, but only if they have taken the necessary guarantees and measures to ensure an appropriate level of security. 

HOW LONG WE PROCESS YOUR PERSONAL DATA 

Your personal data will be kept for the shortest period necessary to carry out the intended purposes or for the statutory periods, if any. 

Data processed on a contractual basis will be kept for up to 5 (five) years from the date of the specific sale unless longer processing is required.  

Data processed in connection with accounting records shall be kept for up to ten (10) years from the 1st January of the accounting period following the accounting period to which they relate. 

Data processed on the basis of your explicit consent shall be processed until the consent is withdrawn.  

Data processed for the purposes of our legitimate interests are processed until you object to such processing or until such legitimate interests no longer exist. 

LINKS TO THIRD-PARTY WEBSITES 

Our website, our newsletters and the information and communications we email to you may sometimes contain links to third-party websites. The personal data you provide through your visit to these websites is not subject to this privacy policy and the processing of your personal data by these websites is not our responsibility. 

If you follow the link to other websites, please be aware that these websites have their own privacy policies that govern how your information is collected and processed when you visit these websites. 

HOW WE SECURE YOUR DATA 

We are well aware of how important it is that your personal data is processed correctly and protected, and therefore we have put in place adequate technical and organizational measures to protect your personal data which, among other things, ensure compliance with the principles set out in the processing of your personal data. 

 

WHAT ARE YOUR RIGHTS 

You have the following rights: 

  1. Right to information – you have the right to receive information at the time of collection of your personal data about the data we collect, who will process it, for what purposes and on what grounds.
  2. Right to access – you have the right to request information about your personal data, including a copy of the information we hold, at any time.
  3. Right to correction – you have the right to request correction and amendment of your personal data after contacting us and after verification of your identity.
  1. Right to erasure (right to be forgotten) – you have the right to request the erasure of your data when the need for data processing ceases to exist, when consent is withdrawn, in cases where processing is based on consent, in the event of unlawful data processing or when a legal requirement for erasure arises. This right may not be respected in the cases provided for by law or in the absence of verification of your identity.
  2. Right to restriction of processing – you have the right to ask us to restrict processing where the accuracy of the data is disputed, for the period in which the accuracy of the data needs to be verified, or where the processing of the data has no legal basis but instead of erasing it you request its restricted processing, or where we no longer need your personal data but you require it for the establishment, exercise or defense of legal claims.
  3. Right to portability of machine-readable data – you have the right to request that we provide your data directly to you or to another controller of your choice upon your written request and subject to a technical feasibility.
  4. Right to object – you may object to our processing of your personal data where we use it on the basis of our legitimate interest. Thus, we may be obliged not to use them in the future.
  5. Right to withdraw your consent – you can always withdraw your consent to us processing your personal data by contacting us at [email protected] or by unsubscribing by clicking on the unsubscribe link available in every email you receive. Withdrawal of your consent does not affect the lawfulness of the processing based on the consent given before its withdrawal!
  6. Right to file a complaint to a supervisory authority.

For Romania, the supervisory authority is the National Supervisory Authority for the Processing of Personal Data, more information on which can be found here. If you would like to obtain information and contacts for a supervisory authority in another EU Member State, you can send a request to the email below. 

HOW TO EXERCISE YOUR RIGHTS 

In order to exercise your rights, you can contact us by email at  [email protected] or by sending us a written notification to the following address: 118 Bulgaria Blvd., 5th Floor, Sofia. Upon verification of your identity, we will try to provide you with information on the basis of your requests within 30 days of receipt of your written request, and we will do our best to respond to your requests in relation to the above rights free of charge, but if your requests are obviously unreasonable or excessive, particularly due to their repetitive nature, then we may charge a reasonable fee to cover the administrative costs of processing them and providing you with information. 

CHANGES TO OUR PRIVACY POLICY 

Any changes we make to our privacy policy will be posted on our website and will thus become accessible and binding on you.