Login

Country

Language

Cart

Your cart is empty

Privacy policy

1. INTRODUCTION

Thank you for your interest in our company, products and/or services. The protection and confidentiality of personal data is a very important topic for us. When you enter into a relationship of any kind with us, you entrust us with your information. This information presented in this document (hereinafter referred to as the "Privacy Policy" or the "Document") is important. We recommend that you read them carefully.

We recommend that this document be read in conjunction with the Terms and Conditions of Use. In the event of a conflict or inconsistency between the terms of this Privacy Policy and any other clause. For more information about the use of cookies or other similar technologies, please see our Cookie Policy.

The purpose of this Privacy Policy is to explain to you what data we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can exercise these rights. In collecting this information, we act as a controller and are required by law to provide this information to you.

Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not provide information to third parties without informing you as required by law if this information is required by law. We do not make exclusively automated decisions with legal or similar significant impact on you.

By visiting the site, purchasing our services/products or interacting with us by any means and/or through any communication channel (email, phone, social media, etc.), you agree to this Privacy Policy. If you do not agree with what is described in this Privacy Policy, please do not use our services.

SC JEWELRY STUDIO SRL – jasiri.ro is a data controller within the meaning of GDPR. This Privacy Policy only covers data processing for which SC JEWELRY STUDIO SRL is the operator.

2. DEFINITIONS

1.1. "GDPR" , "RGPD" or "Regulation" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

1.2. "Operator" or "We" means SC JEWELRY STUDIO SRL (jasiri.ro), a company of Romanian nationality with registered office in Str. Oboru, no. 8, Vatra Dornei, Jud. Suceava, registered in the Trade Register under no. of order J33/174/2022, having fiscal registration code 45521521.

1.3. "Data subject " means any identified or identifiable natural person whose personal data is processed by us as an operator, such as customers, potential customers or site visitors.

1.4. "Processing" means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extract, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy.

1.5. "Consent" means any manifestation of the data subject's free, specific, informed and unambiguous will by which he/she accepts, through a statement or an unequivocal action, that the personal data concerning him/her be processed.

1.6. "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.

The other terms used in this document have the meaning conferred by the GDPR and the other applicable legal provisions.

3. OTHER SERVICES

This Privacy Policy does not cover the applications and websites of other third parties that you may reach by accessing links on our website. This is beyond our control. We encourage you to review the Privacy Policy on any site and/or application before providing personal data.

4. WHO ARE WE?

Jasiri.ro, SC JEWELRY STUDIO SRL, company of Romanian nationality with registered office in Str. Oboru, no. 8, Vatra Dornei, Jud. Suceava, registered in the Trade Register under no. of order J33/174/2024, having tax registration code 45521521, e-mail: contact@jasiri.ro is responsible for processing your personal data that we collect directly from you or from other sources.

According to the legislation, our company is a personal data operator. In order for your data to be processed safely, we have made every effort to implement reasonable and appropriate technical and organizational measures to protect your personal data.

5. WHO ARE YOU?

According to the legislation, you, the natural person beneficiary of our services/products, the representative or contact person of a company that is our client or potential client, the website visitor or the person in a relationship of any kind with us, are a "data subject" means an identified or identifiable natural person. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of rights. For more information, see Sections 12 and 13 of this document.

6. OUR COMMITMENT

The protection of your personal information is very important to us. That is why we are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016, also known as GDPR, and the following principles:

✓ Legality, fairness and transparency

We process your data legally and fairly. We are always transparent about the information we use and you are properly informed.

✓ You are in control

To the extent permitted by law, we provide you with the opportunity to review, modify, delete the personal data you have shared with us, and exercise your other rights. For more information, see Sections 12, 13 and 14 hereof.

✓ Data integrity and purpose limitation

We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.

✓ Security

We have implemented reasonable personal data security measures in order to protect your personal information as best as possible. However, keep in mind that no website, app, or internet connection is completely secure.

7. CHANGES

We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately upon notification, which we will provide by posting on the Site and/or email notification.

8. YOUR INFORMATION PURPOSES. LEGAL GROUNDS.

When you browse our website, send us an email request or contact us for any other purpose and through any other communication channel, you may provide us with the following personal data, which we collect directly from you, or from other sources, as we explain in the table below.

Personal data processed*

 

Purpose/Purposes*

Grounds/Legal Basis

Name

Address

· For the purpose of creating an account on the site.

· For invoicing.

· To comply with legislation.

· To prevent fraud and other crimes.

· For direct marketing (only if we have your prior consent).

· Conclusion or execution of a contract - Art. 6 (1) b GDPR.

· legal obligation - Art. 6 (1) c GDPR.

· consent – ​​Art. 6 (1) a)(only for direct marketing).

e-mail

· For the purpose of creating an account on the site.

· For invoicing.

· To comply with legislation.

· To prevent fraud and other crimes.

· For direct marketing (only if we have your prior consent).

· Conclusion or execution of a contract - Art. 6 (1) b GDPR.

· consent – ​​Art. 6 (1) a)(only for direct marketing).

· legitimate interest - Art. 6 (1) f) GDPR.

IP address

 

· to defend against cyber attacks.

· for fraud prevention.

· for network operation.

· legitimate interest - Art. 6 (1) f) GDPR

 

Other data

*While we have made every effort to identify all personal data processed and purposes, please note that the table above is not exhaustive.

 

We collect most information directly from you (for example, by completing a form on the website). Most of the information is as described above, but there may be situations where we collect data from third parties (ie partners, platforms).

In addition to the information indicated above, we may also collect the following information, depending on the circumstances:

  • How you interact with our website(s) (for example, information about how and when you access our website or what device you use to access the website). For more information in this regard, we invite you to read our Policy on the use of cookie modules.
  • Information provided when you complete forms or surveys;
  • Content of messages sent via messaging systems and e-mail.

When you make purchases, certain payment information (card data) will be collected, but will be stored by our processing partners in a way that we cannot read or access that data.

8.1. purposes

In addition to the purposes listed in the table in the previous section, we also process personal data for the following purposes:

  • To respond to your questions and requests and provide you with customer support service;
  • For marketing purposes, but only where we have your prior consent

or where there is a legal exception to obtaining consent;

  • To provide and improve the services we offer;
  • To diagnose or fix technical problems;
  • To defend against cyber attacks;
  • To create and/or maintain accounts;
  • To comply with legislation, such as compliance with tax legislation which

requires us to keep accounting documents for a period of 10 years;

  • In the unlikely event of litigation, to establish or claim a right in court.

8.2 ADDITIONAL INFORMATION ABOUT PURPOSES

(a) Registering as a User. If you decide to register as a user on our site, we must process your data to identify you as a user of it and to provide you with access to its various functionalities or services available to you as a registered user.

  1. b) Improvement of services. If you use our services, we inform you that we will process your browsing data for analytical and statistical purposes, i.e. to understand how users interact with our website and so we can make improvements to it.

8.3. WHAT HAPPENS IF YOU DON'T PROVIDE US WITH YOUR DATA

When we ask you to fill in personal data to give you access to certain functionalities or services of the site, we will mark some fields as mandatory , because this is information we need to be able to provide you with the service or to offer you access to that functionality.

Please note that if you choose not to provide us with this information, you may not be able to complete your user registration or benefit from these services or features.

8.4. OTHER INFORMATION ABOUT LEGAL BASIS

(a) Legitimate Interest. In the situation where we use legitimate interest, we perform a legitimate interest analysis (balancing test) through which we can balance our interest and your interests. In the situation where our interests prevail, we will use legitimate interest. In the situation where your interests prevail, we will not use the legitimate interest, and to the extent that we fail to identify another correct legal basis, we will not carry out that processing activity. We currently use legitimate interest for the categories of data listed in the table in Section 8.

(b) Consent. Please note that obtaining consent is not mandatory and we will only obtain your consent where we have failed to use another legal basis. We currently only use consent for email marketing.

(c) Vital interest. In the unlikely event of a medical emergency or other exceptional event, processing may be necessary to protect the vital interests of you or another natural person.

9. STORAGE PERIOD

We store your personal data only for the period necessary to fulfill the purposes, but no longer than 5 years after the termination of the contract or the last interaction with us.

After the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data to be used for scientific, historical or statistical research purposes.

Note that in certain expressly regulated situations, we store data for the period required by law.

The following table explains the storage period for different categories of records.

Categories of personal data

 

Storage period

Name

Email address

5 years since your last interaction with us

Data required for invoicing (ie address, customer name, delegate name)

 

10 years according to the law

Other personal data

 

5 years

10. DATA TRANSFERS

We may disclose your data, subject to applicable law, to business partners or other third parties. We always make reasonable efforts to ensure that these third parties have adequate protection and security measures in place. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate under the law.

For example, we may provide your data to other companies, such as IT service providers (cloud, hosting) or telecommunications, accounting, legal services and other third parties with whom we have a contractual relationship. These third parties are selected with particular care so that your data is processed only for the purposes we indicate and according to security standards.

We may also pass the data on to other parties with your consent or according to your instructions, such as if you exercise a portability request.

We will also be able to provide your personal information to the prosecutor's office, the police, the courts and other competent bodies of the state, based on and within the limits of the legal provisions and as a result of expressly formulated requests.

The transfer of personal data to a third country can only take place if the country to which the transfer is intended ensures an adequate level of protection.

The transfer of data to a state whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of the data subjects. These guarantees will be established by us through contracts concluded with the suppliers/service providers to which your personal data will be transferred.

Whenever we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguards:

  • we will transfer your personal data to countries where it has been demonstrated by the European Commission that they provide an adequate level of security for personal data. For more details, click here .
  • when we use certain service providers, we may use certain model contracts provided and approved by the European Commission that give personal data the same protection as it has in Europe. For more details, click here .
  • in the absence of the measures indicated in the previous points, we can base our international transfers for specific situations on the derogations provided for in art. 49 GDPR

Please contact us at contact@jasiri.ro if you would like more information about the specific mechanism we use when we transfer your personal data outside the EEA.

11. DATA SECURITY

We understand how important the security of personal data is and take the necessary measures to protect our customers and other persons whose data we process from unauthorized access to personal data, as well as from the unauthorized modification, disclosure or destruction of data that we process in the current business .

We have implemented the following technical and organizational security measures for personal data:

  1. a) Dedicated policies. We adopt and constantly review internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from possible unauthorized access or other possible threats to their security. These policies are subject to constant review to ensure that we comply with legal requirements and that the systems are working properly.
  2. b) Data minimization. We ensure that your personal data that we process is limited to only what is necessary, appropriate and relevant for the purposes stated in this Policy.
  3. c) Restricting access to data. We try to restrict as much as possible access to the personal data we process to the minimum necessary: ​​employees, collaborators and other people who need to access this data in order to process it and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (whether contractual or statutory).
  4. d) Specific technical measures. We use technologies to ensure the security of our customers, always trying to implement the most optimal solutions for data protection. We also make periodic data back-ups to be able to recover them in the event of an incident, and we have implemented periodic audit procedures regarding the security of the equipment used. However, no website, app, or internet connection is completely secure and untouchable.
  5. e) Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or timeliness of your data to be sure that it reflects reality.
  6. f) Staff training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.
  1. g) Anonymization of data. Where we can, we try as much as possible to anonymize/pseudo-anonymize the personal data we process, so that we can no longer identify the persons to whom it relates.

However, although we make constant efforts to ensure the security of the data you entrust to us, we may also experience less fortunate events and have security incidents/breaches. In these cases, we will strictly follow the security incident reporting and notification procedure and will take all necessary measures to restore the situation to normal as soon as possible.

12. DIRECT MARKETING

To the extent that we have obtained your prior consent or you are already a customer of the Company, we may use direct marketing technologies using the information collected about you. We currently send commercial messages by e-mail (e-mail marketing) to people who have given consent to this in advance.

12.1. HOW CAN YOU OPT OUT OF DIRECT MARKETING?

You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email ("unsubscribe") or by sending a request to this effect to contact@jasiri.ro.

13. YOUR RIGHTS.

Your rights under the GDPR Regulation are as follows:

(a) The right to be informed about the processing of your data.

(b) Right of access to data. You have the right to obtain from us a confirmation that personal data concerning you is being processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of the GDPR.

(c) The right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.

(d) The right to erasure ("the right to be forgotten"). In the situations provided for in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data.

  1. e) The right to restrict processing. In the cases provided for in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing.
  2. f) The right to transmit the data we hold about you to another operator ("the right to portability"). The right to transfer the data we hold about you to another operator ("the right to portability")
  3. g) The right to object to data processing. In the cases provided for in art. 21 of the GDPR, you have the right to object to data processing.
  4. h) The right not to be subject to a decision based solely on automatic processing, including the creation of profiles with legal or similar significant effects on you.
  5. i) The right to go to court to defend your rights and interests.
  6. j) The right to a complaint before a Supervisory Authority.

Name

The National Supervisory Authority for the Processing of Personal Data

Address

G-ral Blvd. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone:

+40.318.059.211 or +40.318.059.212

E-mail

anspdcp@dataprotection.ro

 

Please note that:

(1) You can withdraw your consent to direct marketing at any time by following the unsubscribe instructions in each email.

(2) You can exercise your rights by sending a written, signed and dated request to the e-mail address: contact@jasiri.ro

(3) The rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed to decide whether it is justified or not. To the extent that the request is justified, we will facilitate the exercise of the rights. If the request is unfounded, we will reject it, but we will inform you, within the legal term, about the reasons for the refusal and about your rights to file a complaint with the Supervisory Authority and address you to justice.

(4) We will try to respond to the request within one month. However, the deadline can be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a useful period.

(5) If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with the request.

14. Questions, requests and exercise of rights

If you have any questions or concerns about the processing of your information or wish to exercise your legal rights or have any other concern about confidentiality, you can contact us at the e-mail address: contact@jasiri.ro.