Why this Policy is important
APITHERAPY.COM respects and protects the privacy of its users, and we are dedicated to be as transparent as possible regarding the use of personal data.
We encourage you to read it carefully !
In this Privacy Notice, “we”, “us” and “our” refers to APITHERAPY.COM.
Who we are
APITHERAPY.COM is operated by APITHERAPY CONSULTING & TRADING INTERNATIONAL SRL, a company registered in ROMANIA, Trade Registry no. J15/594/2011, tax code RO2986698, headquartered in ROMANIA, Dâmbovița county, Conțești, Mereni, 106A Strada Principală.
We process personal data as DATA CONTROLLER. This means that we make decisions about data processing activities. We exercise overall control of the personal data being processed and are ultimately in charge of and responsible for the processing.
We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – „GDPR”), the subsequent legislation for the application thereof as well as the guidelines imposed by the relevant authorities.
For us, GDPR is not just another acronym.
It also stands for our motto: Give Data Proper Respect!
Privacy is one of our fundamental commitments, and therefore, we take utmost care when we process personal data:
- we only collect data we actually need for our purposes
- we periodically review the data we hold
- we delete the data that no longer serves our purposes
- we install appropriate technical and organisational safeguards.
personal data &
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
How we collect personal data
We collect personal data:
- When a data subject makes enquiries or books an appointment through our website form, purchases products from us through our website, registers for an account on our website, requests marketing material or signs up to receive our newsletter.
- When the data subject emails, calls us or writes to us, visits our office or provides us with information in any other way, including by interacting with us via social media such as Facebook and Twitter.
Grounds for processing personal data
The legal ground for processing personal data differs depending on the specific situation and the personal data processed. We may process data based on various legal grounds laid down by GDPR, such as:
- the data subject’s consent
- our legitimate interest
- execution of the contract
- compliance with the legal obligations.
When we process personal data based on consent, we will seek free, informed, specific and unequivocal consent.
TYPE OF DATA
What personal data we process
We process the following types of personal data:
- name, title, postal address, telephone number and email address;
- if a purchase is made from us, the credit or debit card details will be processed exclusively by the payment gateway suppliers, we do not have access to any such data;
- use of our call centre and your office visits
- information you provide to us during communications you have with us, whether by email, post, telephone, in person or through our website, for example comments or queries about the products and services we provide
- if you register for a consultation with us, you may give us sensitive information about your health (this could include for example whether your medical condition and where appropriate your family medical history) – we will only collect and use sensitive information about your health with your explicit consent.
We will do our best to ensure that the personal data we process is correct. We will also make sure to update personal data continuously. As our services depend on correct and updated personal data, we kindly ask you to inform us, if there are any relevant changes regarding your personal data. You may use our contact form to notify us of any changes.
USE OF DATA
Why we process personal data
We use your personal data for the following purposes:
- To process and respond to requests, enquiries and complaints we receive, in accordance with our legitimate interest to provide our customers with a responsive service.
- To provide services and products requested and/or purchased and to communicate about such services and/or products, in order to carry out a contract with the data subject and in accordance with our legitimate interest to operate a business, which offers apitherapy related products and services.
- For accounting and internal audit purposes, in accordance with our legitimate interest to do so and/or when required by legislation.
- To prevent or detect fraud and to establish, exercise or in defence of legal claims, in accordance with our legitimate interest to do so.
- Where legally required or where it is in our legitimate interests to do so, to comply with requests from law enforcement and regulatory authorities.
- To analyse trends and profiles, for our legitimate interest to aim to enhance, modify, personalise and improve our services and communications for the benefit of our customers.
- To carry out customer satisfaction research, for our legitimate interest to aim to enhance, modify, personalise and improve our services and communications for the benefit of our customers.
- To recommend products and services, in accordance with our legitimate interest to carry out direct marketing to our customers and also the data subject’s explicit consent.
Keeping personal data safe
We process personal data by applying reasonable technical and organizational measures, such as limiting access to personal data, encryption or anonymization of personal data, storage on secure environments.
However, despite our efforts, we cannot always guarantee the effectiveness of the security measures implemented, and therefore we cannot guarantee the security of personal data at any point in time.
Disclosing personal data to third parties
We will not rent, sell or otherwise share or disclose personal data, except as described herein or otherwise stated at the time the data is collected.
We may transfer personal data, to the necessary extent, to the following categories of recipients:
- IT services suppliers
- payroll & accounting suppliers
- marketing services suppliers
- legal advisors
- payment gateway suppliers
- public authorities.
We will only share personal data if it is necessary in order for our service providers to perform the service for us. These service providers are not authorised to keep or use personal data for any other purposes, and they will always be under an obligation to keep personal data safe and confidential.
These recipients can be located in the European Union and/or in the European Economic Area.
Where recipients are located outside the European Union and the European Economic Area, including in countries not recognized as ensuring an adequate level of protection, the transfer of personal data shall be carried out only if there are appropriate guarantees, in accordance with applicable law. In this respect, we rely on several guarantees, such as the standard contractual clauses issued by the European Commission.
What data subjects can ask
Data subjects have the right, at any time, to request information about the personal data we are processing about them, where the data is collected from, what we are using it for, how long we will keep such data and who we share the data with.
If the data subject requests so, we can give details (and a copy) of the personal data we hold. The access to the data can be restricted to ensure other people’s privacy protection, trade secrets and intellectual property rights.
Data subjects also have the right to data portability. Insofar the personal data is processed based on consent or on the execution of a contract with us and the processing is carried out by automated means, we can provide personal data in a structured format and transfer such data to another controller.
If the personal data we are processing about a data subject is inaccurate or incomplete, such has the right to request correction.
In some instances, we are obliged to delete the personal data we hold. This might be the case if consent is withdrawn, without affecting the lawfulness of processing based on consent before withdrawal. When personal data is no longer necessary in accordance to the purpose for which we collected them, the data subject is entitled to request deletion.
When we receive a request of having personal data rectified or erased, we will investigate if the conditions are fulfilled. If so, we will carry out the amendments or deletion as soon as possible.
Data subjects also have the right to object to our processing of personal data. This also applies to the use of personal data for marketing purposes.
The data subject has the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing in relation to any breach of rights regarding personal data processed by us – you can find more information here.
How you can reach us
Last update: 1 December 2020