GDPR – DietaFlex

GDPR form

Attention! This anonymisation request form is only for current customers (those who have placed an order and/or registered on the site).

Policy on the processing of personal data

We consider ensuring the right to personal data protection as a fundamental commitment of DietaFlex, therefore we will devote all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation in Romania. As one of the key principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services, including through our website or mobile apps. We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of any such changes, we will post the amended version of the Privacy Policy on our website, so please check the content of this Privacy Policy periodically.

Who we are and how to contact us

DietaFlex is the trade name of DIETAFLEX COACHING S.R.L, BLD. PANDURILOR NO.1 SC.B AP.10, Targu-Mures, Mures, 540506, Romania (hereinafter DietaFlex) As we are always open to hearing your views, as well as providing you with any additional information you may need regarding the processing of your data, we encourage you to contact the DietaFlex Data Protection Officer at the following e-mail address [at] DietaFlex.ro, by phone or via the contact form. What categories of personal data we process In general, we collect your data. personal information directly from you, so you have control over the type of information you give us. By way of example, we receive information from you. such:

When you create a DietaFlex account, please provide us with: your email address, first and last name;
Within your page personal (My Account) in the DietaFlex platform you can add additional information such as: photo, gender, nickname, mobile phone number, landline number, date of birth, level of education, delivery addresses, alternative email address, bank card details etc.;
When you place an order, you provide us with information such as: the product you want, your first and last name, delivery address, billing details, payment method, phone number, credit card details, etc.

We also offer you the possibility to register on the DietaFlex platform through your Facebook or Google account. If you choose one of these options, you will be directed to a page managed by Facebook Inc / Google LLC, where they will inform you about the transfer of your data. to DietaFlex. You can view Facebook’s and Google’s privacy policies using the following links:

https://www.facebook.com/about/privacy
https://policies.google.com/privacy

We may also collect and further process certain information about your behaviour while visiting our website or using our smartphone app, in order to personalise your online experience and provide you with offers tailored to your profile. We invite you to learn more about this by consulting the section on processing purposes below. On our website and smartphone app we may store and collect information in cookies and similar technologies in accordance with our Cookie Policy. We do not collect or otherwise process sensitive data, which are included by the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data from minors under the age of 16.

What are the purposes and grounds for processing

We will use your data. personal data for the following purposes: To provide DietaFlex services for your benefit. This general purpose may include, as appropriate, the following:

Create and manage your account on the DietaFlex platform;
Order processing, including order taking, validation, dispatch and invoicing;
Solving cancellations or problems of any kind relating to an order, goods or services purchased;
Return of products according to legal provisions;
Reimbursement of the value of the products according to legal provisions;
Providing support services, including providing answers to your questions about your orders or DietaFlex goods and services.

Processing your data for these purposes is in most cases necessary for the conclusion and execution of a contract between DietaFlex and you. In addition, certain processing for these purposes is required by applicable law, including tax and accounting law. To improve our services We always strive to give you the best online shopping experience. To do this, we may collect and use certain information about your behaviour. We can invite you to complete satisfaction questionnaires after you have completed an order or we can conduct market research and surveys directly or with partners. We base these activities on our legitimate interest in doing business, always taking care that your rights and freedoms are protected. fundamental not to be affected. For marketing We want to keep you up to date with the best offers for the products/services you are interested in. To this end, we can send you any type of message (such as email/SMS/phone/mobile push/webpush/etc.) containing general and thematic information, information about products similar or complementary to the ones you have purchased, information about offers or promotions, information about products added in the “Account/My Account” or “Account/Favorites” section or you have shown interest in purchasing, as well as other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the website and in the smartphone app. In order to provide you with information of interest to you, we may use certain data about your shopping behaviour (e.g. products viewed/added to wishlist/purchased) to create a profile for you. We always ensure that these processing operations are carried out with respect for your rights and freedoms and that decisions taken on the basis of these operations do not have legal effects on you and do not affect you in a similar way to a significant extent. In most cases, we base our marketing communications on your consent. beforehand. You can change your mind and withdraw your consent at any time by:

Change your customer account settings in the “My subscriptions” section;
By accessing the unsubscribe link displayed within the messages you receive from us; or by
Contact DietaFlex using the contact details described above.

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you. for our legitimate interest, we take care and all necessary measures to ensure that your rights and freedoms are protected. fundamental not to be affected. However, you can ask us at any time, by the means described above, to stop processing your data. personal data for marketing purposes and we will follow up on your request. In defence of our legitimate interests There may be situations where we use or transmit information to protect our rights and business. These may include:

Measures to protect the website and users of the DietaFlex platform from cyber attacks:
Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in safeguarding our business, it being understood that we ensure that any measures we take guarantee a balance between our interests and your rights and freedoms. fundamental. Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the security of goods and valuables provided for by the applicable legislation in this matter.

How long do we keep your data? personal

As a general rule, we will store your data. personal data as long as you have an account on the DietaFlex platform. You may request that we delete certain information or close your account at any time and we will comply with such requests, subject to the retention of certain information even after account closure, where required by applicable law or our legitimate interests.

To whom we pass on your data personal

Where appropriate, we may transmit or provide access to certain of your personal data. the following categories of recipients:

courier service providers;
payment/banking service providers;
marketing/telemarketing service providers;
market research service providers;
IT service providers;
other companies with whom we can develop joint programmes to market our goods and services.

If we are under a legal obligation to do so or if it is necessary to protect a legitimate interest, we may also disclose certain personal data to public authorities. We make sure that access to your data by third parties who are private legal entities is carried out in accordance with the legal provisions on data protection and confidentiality of information, on the basis of contracts concluded with them.

To which countries do we transfer your data? personal

We currently store and process your data. personal data on the territory of Romania. However, we may transfer some of your data. personal data to entities located in the European Union or outside the European Union, including in countries that are not recognised by the European Commission as having an adequate level of protection of personal data. We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes such as the Privacy Shield for the protection of personal data transferred from within the EU to the United States. You can contact us at any time, using the contact details set out above, to find out more information about the countries to which we transfer your data, and the safeguards we have put in place in relation to these transfers.

How we protect the security of your data personal

We are committed to ensuring the security of personal data by implementing appropriate technical and organisational measures in accordance with industry standards. Transmission of your data personal data is done using state-of-the-art encryption algorithms and stored on secure servers while ensuring data redundancy. We use the services of the payment processor PayU to make payments. Any payment information is encrypted using HTTPS technology with TSL 1.2 encryption. Despite the measures taken to protect your data. personal data, please note that the transmission of information over the Internet in general, or via other public networks, is not completely secure and there is a risk that data may be seen and used by unauthorised third parties. We cannot be responsible for such vulnerabilities in systems that are not under our control.

What rights do you have

The General Data Protection Regulation gives you a number of rights in relation to your personal data. You can request access to your data, correct any mistakes in our files and/or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to take legal action. Where applicable, you may also benefit from the right to request the erasure of your personal data, the right to restrict the processing of your data and the right to data portability. More information on each of these rights can be found in the table below. To exercise your rights, you can contact us using the contact details above. Please note the following if you wish to exercise these rights: Identity. We take the confidentiality of all records containing personal data seriously. For this reason, please send us your requests. about such registrations using the e-mail address of your DietaFlex account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity. Fees. We will not charge you a fee to exercise any rights in relation to your data. personal data, unless your request access to information is unfounded, i.e. repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees charged before we settle your claim. Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We might ask if you can tell us exactly what you want to receive or what you are worried about. This will help us to act faster and shorten the response time to your request. Third party rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects. Access You can ask us:

to confirm whether we process your personal data;
to provide you with a copy of this data;
provide you with other information about your personal data, such as what data we hold, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that information has not already been provided to you through this notice.
Correction You can ask us to correct or complete your inaccurate or incomplete personal data.
We may try to verify the accuracy of the data before correcting it.
Data deletion You can ask us to delete your personal data, but only if:

they are no longer necessary for the purposes for which they were collected; or you have withdrawn your consent (if the processing is based on consent); or you are exercising a legal right to object; or they have been processed unlawfully; or we have a legal obligation to do so. We are not obliged to comply with your request. to delete your data. personal data if the processing of your personal data personal data is necessary: to comply with a legal obligation; or to establish, exercise or defend a legal claim. There are certain other circumstances in which we are not obliged to comply with your request. deletion of data, although these are the two most likely circumstances in which we would refuse your request Before exercising this right, you should download from your DietaFlex account and save all documents related to orders placed with DietaFlex, regardless of whether the invoicing was made to you or to another natural or legal person (such as: invoices, warranty certificates). If you do not take this step before exercising your right of deletion, you will lose all these documents and DietaFlex will be unable to make them available to you, if necessary, because the process of deleting data, i.e. the DietaFlex account, with all data and documents related to it, is an irreversible process. Restriction of data processing You can ask us to restrict the processing of personal data, but only if: their accuracy is contested (see rectification section), to allow us to verify their accuracy; or the processing is unlawful, but you do not want the data to be deleted; or they are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court; or you have exercised your right to object, and verification of whether our rights prevail is ongoing. We may continue to use your personal data following a restriction request if: we have your consent; or to establish, exercise or defend a right in court; or to protect the rights of DietaFlex or another natural or legal person. Data portability You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can ask for it to be “ported” directly to another data controller, but in each case only if: the processing is based on your consent. or on the conclusion or performance of a contract with you; and the processing is done by automated means. Opposition You may object at any time, for reasons relating to your particular situation, to the processing of your data. personal data on the basis of our legitimate interest, if you consider that your rights and freedoms are not respected. fundamental interests prevail over this interest. You can also object to the processing of your data at any time. for direct marketing purposes (including profiling), without giving any reason, in which case we will cease such processing as soon as possible. Automated decision making You can ask not to be subject to a decision based solely on automated processing, but only when that decision: produces legal effects concerning you; or otherwise affects you in a similar way and to a significant extent. This right does not apply if the decision reached as a result of automated decision-making: is necessary for us to enter into or perform a contract with you; is authorised by law and there are adequate safeguards for your rights and freedoms; or is based on your explicit consent. Complaints You have the right to lodge a complaint with the supervisory authority about the processing of your data. personal data. In Romania, the contact details of the data protection supervisory authority are as follows: National Supervisory Authority for Personal Data Processing B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania Phone: +40746590633 E-mail:anspdcp@dataprotection.ro Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise to make every effort to resolve any issues amicably. We remind you that you can contact the DietaFlex Data Protection Officer at any time by sending your request in any of the following ways:

by e-mail to: office [at] dietaflex.ro
via GDPR form