GDPR POLICY / PERSONAL DATA PROTECTION POLICY
1. Our commitment to your personal data
1.1. Teilor will process personal data in accordance with this GDPR Policy / Personal Data Protection Policy (“GDPR Policy”), in accordance with the legislation in force.
1.2. The GDPR policy is based on the provisions of Regulation no. 2016/679 on the protection of natural entities as regards the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”), which entered into force on 25 May 2018, as well as on the applicable national legislation.
1.3. The GDPR defines personal data as “any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or to one or more specific elements appropriate to his/her physical, physiological, genetic, mental, economic, cultural or social identity”.
1.4. Teilor undertakes to make best efforts in order to implement the highest standards of confidentiality and transparency regarding the personal data they process in their day-to-day work. Full protection and transparency as regards the processing of your personal data within our business are our most important objectives.
1.5. Please also refer to the Cookies Policy, the Video Surveillance Policy and the Terms and Conditions available on www.teilor.com that this GDPR Policy is completed with.
1.6. Any information relating to the processing of your personal data may be requested in writing at the above mentioned registered office or at the e-mail address: gdpr@teilor.com.
2. Agreement
2.1. Your use of our services is subject to this GDPR Policy. When you use our services, you agree to the terms of this GDPR Policy. The purpose of the GDPR Policy is to inform our customers about how we collect, store and use personal data.
3. Categories of personal data collected
The personal data we process as a result of your use of the site may include:
• surname, first name, series and number of Identity Card, date and place of visit, time of entry and exit, footage recorded by our surveillance systems (CCTV) and the car by which you travel (incusive but not limited to the car’s registration plates).
• details of your visits to our website (in this respect we recommend that you read the Cookies Policy);
• other information you provide to us when making a request on the website or as a result of sending it by email or phone.
• the data needed to issue fiscal invoices, as well as any other relevant data.
4. Ways to collect your personal data
4.1. We collect your data mainly following a visit to www.teilor.com, launching an online order or visiting our actual stores.
4.1.1. We collect and process personal data relating to your surname, first name, email address, telephone number for the purpose of maintaining correspondence or communicating with you. Thus, if you make a request by email or phone, we will process your data to resolve it.
4.1.2. In this context, if the situation exposed by you to be solved so requires, we will be able to transmit your contact details to financial and governmental institutions, transport companies or mailing companies.
4.2. We collect your data as a result of a request to be contacted
4.2.1. We collect personal data that relates to your surname, first name, email address, telephone number, interest in contracting and arising from the fact that you have requested to be contacted by filling in the fields on the website.
4.2.2. In this regard, our consultants will contact you to provide you with more information.
4.2.3. After filling in the contact form your data is imported into the database of Teilor.
4.2.4. If you have expressly consented to your personal data being processed for marketing purposes by Teilor, i.e. for sending newsletters, information about our products and services or events, competitions organized by us, Teilor or its agents will process your data for this purpose.
5. Purposes for processing your personal data
We may collect and process personal data for the following purposes:
• offering our products and services;
• sending invitations to organized events;
• compliance with our legal obligations (such as obligations to keep accounting records and supporting documents);
• analyzing, improving our services and communications to you;
• protecting the security and management of websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
• forwarding them to third parties if you have expressly consented;
• marketing campaigns, customer surveys, market analysis, raffles, contests or other promotional activities or events if you have expressly given your consent;
• ensuring the actual security of the premises, according to the special legislation applicable in the field;
• relations with public authorities, according to the applicable legal rules in civil and criminal matters;
• for any related and/or ancillary purpose to any of the above or any other purpose for which your personal data have been provided to us.
6. Direct Marketing
6.1. We advertise our services to you and others. We use customer information to transmit invitations and communications that advertise the products and services provided by us.
6.2. In all cases, you will be able to unsubscribe from receiving marketing information by accessing the unsubscribe link that you will find in each such communication or by submitting a written request to the aforementioned registered office or to the e-mail address: gdpr@teilor.com.
6.3. Please note that in the case of a unsubscribe request there may be a time limit of up to 48/72 hours during which you may still receive marketing information or communications due to the operation of changes into the system. Unsubscribing from receiving marketing emails does not prevent further transmission of transactional emails through which we can inform you of the status of the transaction we may conclude.
7. Sharing and transferring your personal data
7.1. We may provide access to the personal data that you provide to us and our processors, on the basis of contracts concluded for this purpose, but we will maintain control over your personal data and use appropriate safeguards, in accordance with applicable law, to ensure the integrity and security of your personal data.
7.2. We will also be able to disclose your personal data to you when you instruct us or grant us permission to do so, or when required by applicable law, following requests from judicial or official bodies to do so, or to investigate fraudulent or criminal activities, whether real or suspected.
7.3. We will not transfer personal data outside the EEA unless one or more specified warranties or exceptions apply to the transfer, i.e. an adequacy decision, Privacy Shield, binding corporate rules.
7.4. In the absence of an adequacy decision, Privacy Shield membership or binding corporate rules, the transfer of personal data to a third country or to an international organisation shall take place only under the following conditions:
7.4.1. the data subject has explicitly agreed to the proposed transfer, after being informed of the possible risks of such transfers to the data subject, due to the lack of an adequacy decision and appropriate safeguards;
7.4.2. the transfer is necessary for the performance of a contract between the data subject and the controller or for the performance of pre-contractual provisions adopted at the request of the data subject;
7.4.3. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
7.4.4. the transfer is necessary for important reasons of public interest;
7.4.5. the transfer is necessary for the establishment, exercise or defence of legal claims.
8. Storage and security of personal data
8.1. Ensuring the confidentiality of the personal data you transmit to us is an important concern for us. We have implemented technical and organizational measures to maintain the confidentiality and security of your personal data, in accordance with our internal procedures regarding the storage, disclosure and access to personal data. Personal data may be stored on our personal data technology systems, those of our contractors or in hard copy, for a period of 5 years or any other period in accordance with applicable legal regulations.
8.2. The website www.teilor.com is protected by the standard SSL (Secured Socket Layer) encryption system. This technology encrypts all your personal data that you transfer to Teilor.
9. Your rights
9.1. We would like to inform you that, within the new regulations on personal data protection provided by the General Regulation on EU data protection 679/2016, if we process your personal data, you have the following rights listed below, as well as any other applicable legal rights:
• the right of access, provided by art. 15 of the GDPR, based on which you can ask us, free of charge, to confirm whether or not we process personal data concerning you. You can also ask us for a copy of the data we process about you. Applications must include relevant information in order to be able to identify you in our database. We will resolve your request within the legal deadline;
• the right to information - implies the information in a concise, transparent and easily accessible manner of the data subjects regarding the processed data;
• the right to rectification, provided by art. 16 of the GDPR, which you can exercise, by formulating a request by which you can ask us to modify the information we already have about you. You can make such a request when you notice that your data is incomplete or inaccurate;
• the right to restrict the processing, provided by art. 18 of the GDPR, which you can exercise when you challenge the accuracy of the data, you consider that the processing is illegal or you oppose to the deletion of the data. Following the exercise of this right, we will still be able to store your data, other processing operations being possible only with your consent, except in cases expressly provided by law;
• the right to portability, provided by art. 20 of the GDPR, which you can exercise only for cases where the processing is based on your consent or contract and only if your data is processed by automated means. If you meet the conditions, you can send us a data porting request to the operator you want;
• the right to oppose to the processing of data for marketing purposes, provided by art. 21 of the GDPR. You can exercise this right at any time, and we guarantee that your data will no longer be processed for this purpose. However, it may take a reasonable amount of time (up to 72 hours) to register and resolve your request, and you may still receive marketing information from us;
• the right to deletion, provided by art. 17 of the GDPR, based on which we have the obligation to delete the personal data we process about you. This right is not an absolute one, having applicability only in certain situations expressly provided by law. When making a deletion request, please keep in mind that deleting them can be a complex process.
• the right to address the National Authority for the Supervision of Personal Data, Romanian public authority, headquartered in B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postcode 010336, Bucharest, Romania, website http://www.dataprotection.ro, which aims to defend the fundamental rights and freedoms of individuals, especially the right to intimate, family and private life, in connection with the processing of personal data and the free movement of such data (“ANSPDCP”) if you report a breach of the GDPR.
9.2. In order to exercise these rights, please send us a written request to the above-mentioned registered office or to the e-mail address: gdpr@teilor.com, entitled “Request for personal information”.
Also, if you wish to withdraw your consent given to direct marketing purposes, you may use the “unsubscribe” option that is included in each marketing message.
10. Updating the GDPR Policy
We reserve the right to periodically update and amend this GDPR Policy to reflect any changes to the way we process your personal data or any changes to legal requirements.
In case of any such change, we will display on our website www.teilor.com the modified version of the GDPR Policy and/or we will make it available in another way.
11. Contact
For further information on the content of the GDPR Policy, please contact us in writing at the abovementioned registered office or by e-mail: gdpr@teilor.com.