Privacy Policy
(Information notice on the processing of personal data in accordance with Regulation 679/2016)
THOSAY DESIGN SRL., as the Data Controller (hereinafter: “THOSAY DESIGN SRL” or “Data Controller”) in accordance with Romanian Legislative Decree 95/46/CE (“Code”), and EU Regulation 679/2016 (hereinafter: “Regulation”) – considers the privacy and protection of personal data to be one of the main objectives of its activity. Therefore, we invite you, prior to communicating any personal data to the Controller, to carefully read this Privacy Policy as it contains important information on the protection of your personal data.
This Privacy Policy:
is considered applicable to the website www.thosay.com (hereinafter: “Website”);
constitutes an integral part of the Website and of the services we offer;
is issued in accordance with Art. 13 of the Code, as well as Art. 13 of the Regulation, for anyone interacting with the web services of the Website;
The processing of your personal data shall be based on the principles of correctness, lawfulness, transparency, limitation of the aims and storage, minimization and exactness, integrity and confidentiality, and the principle of accountability in accordance with Art. 5 of the Regulation. Your personal data shall therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations envisaged therein.
Processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data such as the collection, recording, organization, structuring, storage, adaptation or amendment, extraction, consultation, use, communication through transmission, disclosure or any other form of provision, comparison or interconnection, limitation, deletion or destruction.
CONTENTS
The contents of the Privacy Policy are provided below, so that you can easily find the information inherent to the processing of your personal data affecting you.
1. DATA CONTROLLER AND PROCESSOR
2. PERSONAL DATA SUBJECT TO PROCESSING
3. PROCESSING AIMS
4. LEGAL BASIS AND COMPULSORY OR VOLUNTARY NATURE OF PROCESSING
5. PERSONAL DATA RECIPIENTS
6. TRANSFERS OF PERSONAL DATA
7. STORAGE OF PERSONAL DATA
8. RIGHTS OF THE INTERESTED PARTY
9. CONTACTS
1. DATA CONTROLLER AND PROCESSOR
The Data Controller is THOSAY DESIGN SRL having its registered office in Vetis (Stau Mare, Romania), Careiului street, no. 11, VAT no. RO44686580 and registration number with the Romanian Companies Register J30/769/2021.
2. PERSONAL DATA SUBJECT TO PROCESSING
We would like to inform you that the personal data subject to processing may comprise an identification label such as the name, identification number, data related to the location, an online ID or one or more characteristic elements of your physical, physiological, psychological, economic, cultural or social identity suitable to make the interested party identified or identifiable, according to the type of services requested (hereinafter “personal data”). The personal data processed through the Website are as follows:
1. Navigation data
During their normal process, the IT systems and software procedures in place for the operation of the Website acquire some personal data whose transmission is implicit in the use of internet communication protocols. This refers to information that is not collected to be associated with identified interested parties, but that by its very nature could, through processing and association with data held by third parties, allow the users to be identified. IP addresses or domain names of the computers used by the users who connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used for making the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the IT environment of the user all fit into this category of data. These data used for the sole purpose of gaining anonymous statistical information on the use of the Website to control the correct operation thereof, to identify any anomalies and/or abuse, are deleted straight after being processed. The data could be used for ascertaining responsibility in the event of any IT crimes that may damage the Website or third parties.
2. Cookies
The information on the cookies served by the Website is available here
3. PROCESSING AIMS
Your personal data shall be processed for the following aims:
1. To allow navigation of the Website and the provision of the services made available there by the Controller, including the management of the Website security;
2. To fulfil any obligations envisaged by laws in force, regulations or EU legislation or to comply with any requests from authorities;
3. To process statistics, without it being possible to trace your identity.
Specific security measures are observed in order to prevent the loss of data, illicit use or incorrect use and unauthorized access.
4. LEGAL BASIS AND COMPULSORY OR VOLUNTARY NATURE OF PROCESSING
The legal basis for the processing of personal data for the aims according to section 3 point 1 is Art. 6(1)(b) of the Regulation ([…]processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing is necessary for the provision of services. The legal basis for the processing of personal data for the aims according to section 3 point 2 is instead, Art. 6(1)(c) of the Regulation ([…]processing is necessary for compliance with a legal obligation to which the controller is subject). The provision of personal data for these purposes is optional, but any failure to provide data could imply the impossibility to activate the required services. It is instead specified that the processing according to section 3 point 3 is not performed on personal data and therefore can be freely performed by the Controller.
5. PERSONAL DATA RECIPIENTS
Your personal data may be shared, for the purposes according to section 3 of this Privacy Policy, with:
1. Subjects who typically act as processors, subjects that cooperate with the Data Controller for pursuing the above aims, including subjects appointed to perform technical maintenance activities (collectively “Recipients”);
2. Subjects, bodies or authorities to whom it is compulsory to communicate your personal data on the basis of legal provisions or orders of the authorities;
3. Persons authorized by the Data Controller, in accordance with Articles 30 of the Code and 29 of the Regulation, to process the personal data necessary for performing activities strictly connected with the provision of services, who have committed to confidentiality or who have a suitable legal confidentiality obligation. The updated list of subjects who could process your personal data as processors is available by sending a written request to the Data Controller to the addresses indicated in the “Contacts” section of this information notice.
6. TRANSFERS OF PERSONAL DATA
Some of your personal data may be shared with Recipients who are located outside the European Economic Area The Data Controller guarantees that the processing of your personal data by these Recipients takes place in compliance with Articles 43 and 44 of the Code, and with Articles 44 – 49 of the Regulation. More information is available by sending a written request to the Data Controller to the addresses indicated in the “Contacts” section of this information notice.
7. STORAGE OF PERSONAL DATA
The personal data processed for the aims according to section 3 Point 1 shall be stored for the amount of time strictly necessary to achieve such purposes. However, since the processing is performed in order to provide services, the Data Controller shall store the personal data for the amount of time envisaged and permitted by legislation for the protection of its interests .The personal data processed for the aims according to section 3 Poinit 2 shall be stored for the amount of time envisaged by the specific obligation or applicable legal standard. More information related to the data storage period and the criteria used to determine such period can be requested by sending a written request to the Data Controller to the addresses indicated in the “Contacts” section of this information notice.
8. RIGHTS OF THE INTERESTED PARTY
You have the right at any time to obtain confirmation of the existence or not of your personal data and to find out the contents and origin thereof, verify the accuracy or request the addition, updating or correction there of ;you have the right to request the deletion, transformation into anonymous format or blocking of data processed against the law, or to oppose in any case, for legitimate reasons, the processing thereof ;you also have the right to request access to your data, to oppose processing and to request the limitation of processing in the cases envisaged by Art. 18 of the Regulation, where technically possible, and to obtain in a structured format, of common use and legible by an automatic device, the data regarding you, in the cases envisaged by Art. 20 of the Regulation. Requests are to be sent in writing to the Data Controller to the addresses indicated in the “Contacts” section of this information notice. You always have the right to lodge a complaint with the competent control authority (Data Protection Authority) in accordance with Art. 77 of the Regulation, should you consider that the processing of your data infringes legislation in force.
9. CONTACTS
To exercise the above rights or for any other requests, please write to the Data Controller at the detail indicated here, preferably inserting the wording “request for exercise of privacy rights” in the subject field of the communication.