- We consider the right to the protection of personal data as a fundamental GoldenTonewood commitment, so we will dedicate all the resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation. Since one of the core principles of this legal framework is transparent, we have prepared this document through which we want to inform you about how we collect, use, transfer and protect your personal data when interacting with us about products and services including our web site.
Who we are and how you can contact us
- GoldenTonewood is the commercial name of SC MAGO LEMS SRL., A legal person of Romanian nationality, having its registered office in Ibanesti, 480/A Principal Street, Mures County, with serial number in the Trade Register J26 / 329/20014, unique fiscal registration code 32968642 (hereinafter “GoldenTonewood” or “us”). For the purpose of data protection law, we are an operator when we process your personal data.
- Since we are always open to your views and to provide you with any further information you may need regarding the processing of your data, we encourage you to contact the GoldenTonewood Data Protection Officer at the firstname.lastname@example.org or by mail or courier to Ibanesti, 480/A Principal Street, Mures County – with the mention: to the attention of the GoldenTonewood Data Protection Officer.
Which categories of personal data we process
- In general, we collect your personal data directly from you, so you have control over the type of information you provide us. For example, we receive information from you as follows:
- When you create a GoldenTonewood account, please send us your e-mail address, phone number, name and surname, delivery address, bank card details.
- When placing an order, you provide us with information such as the desired product, delivery address, billing details, payment method, phone number, etc.
- We can also collect and then process certain information about your behavior while visiting our website or using the smartphone application to personalize your online experience and provide tailored offers for your profile. we invite you to find out more details in this regard by consulting the section on the processing purposes below.
- We do not collect or otherwise process sensitive data included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data of minors who are under the age of 16.
What are the purposes and basics of the processing
We will use your personal data for the following purposes:
- To provide GoldenTonewood services for your benefit
- This general purpose may include, as appropriate, the following:
- Creating and managing your account within the GoldenTonewood platform;
- Order processing, including retrieval, validation, shipping and billing;
- Solving cancellations or problems of any kind related to an order, to purchased goods or services;
- Return of products according to legal provisions;
- Reimbursement of the value of the products according to the legal provisions;
- The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between GoldenTonewood and you. Certain processing underlying these purposes is also required by applicable legislation, including tax and accounting legislation.
- To improve our services
- We always want to offer you the best online shopping experience. For this, we may collect and use certain information about your buyer’s behavior, we may invite you to fill in satisfaction queries subsequent to the completion of an order or we can conduct, directly or with the help of partners, market research and research.
- We base these activities on our legitimate interest in doing business, always taking care that your fundamental rights and freedoms are not affected.
- For Marketing
- We want to keep you informed about the best offers for the products you are interested in. In this regard, we can send you general or thematic newsletters through electronic communication channels (e-mail / SMS / webpush / etc), information on similar or complementary products to those you have purchased or you have shown interest to acquire them, as well as other similar commercial communications, and we can display personalized recommendations on our website and smartphone. In order to provide you with information of interest to you, we may use certain data about your buyer’s behavior (e.g., products viewed / added in wishlist / purchased) to create a profile. We always ensure that such processing is done with due respect for your rights and freedoms, and that decisions taken thereon have no legal effect on you and will not affect you to a significant extent.
- In most cases, we prioritize marketing communications on your prior consent, by ticking the box “I want to receive the weekly newsletter with exclusive GoldenTonewood news and campaigns”. You can revoke and withdraw your consent at any time by:
- Changing client account settings in the “Personal Data” section;
- Accessing the unsubscribe link displayed in the messages you receive from us;
- Contacting GoldenTonewood using the contact details described above.
- In some situations, we can base our marketing activities on our legitimate interest in promoting and developing our commercial activity. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you may request at any time, by the means described above, to stop processing your personal data for marketing purposes, and I will follow up your request as soon as possible.
- To defend our legitimate interests
- There may be situations where we use or transmit information to protect our rights and commercial activity. These may include:
- Measures to protect the web site and users of the GoldenTonewood website against cyber attacks:
- Measures to prevent and detect fraud attempts, including the transmission of information to competent public authorities;
- Measures to manage various other risks.
- The general focus of these types of processing is our legitimate interest in protecting our commercial activity, as we understand that we are ensuring that all the measures we take guarantee a balance between our interests and your fundamental rights and liberties.
- Also, in some cases, we are working on legal provisions such as the obligation to safeguard the goods and values provided by the applicable legislation in this field.
How long do we keep your personal data
- As a general rule, we will store your personal data as long as you have an account in the GoldenTonewood platform. You may request us at any time to delete certain information or to close your account, and we will respond to these requests, subject to the preservation of certain information, including after you close your account, in situations where applicable law or legitimate interests impose it.
- If you do not have an account on the GoldenTonewood platform, the general rule is to keep the information about the orders made for a period of  years from the moment the order is completed. Similar to the previous situation, it is possible to keep certain dates after the expiration of this period in accordance with applicable law or our legitimate interests.
Who we send your personal data to
As the case may be, we may transmit or give you access to certain personal data of the following categories of recipients:
- If we have a legal obligation, or if it is necessary to protect a legitimate interest, we can also disclose certain personal data to public authorities
- other companies with whom we can develop joint programs to market our goods and services.
- IT service providers;
- insurance companies;
- market research service providers
- marketing / telemarketing service providers;
- providers of payment / bank services
- courier service providers;
- We ensure that access to your data by third-party private law entities is done in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
- In which countries transfer your personal data
- We currently store and process your personal data on the territory of Romania.
- However, from time to time, it is possible to transfer certain personal data to entities located outside of Romania. These entities may be located in the European Union or outside the Union, including in countries where the European Commission has not recognized an adequate level of protection of personal data.
- We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual engagements and, as appropriate, by other safeguards, such as standard contract terms issued by the European Commission or certification schemes, such as Privacy Shield for Personal Data Protection transferred from within the EU to the United States.
- You can contact us at any time, using the contact details listed above, to find out more about the countries where we transfer your data, the pairs and the safeguards that we have applied to these transfers.
How do we protect the security of your personal data
- We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
- We keep your personal data on secure servers, using state-of-the-art encryption algorithms and redundancy storage.
- We use the PayPal processor services to make payments. Any payment information is encrypted using SSL technology.
- Despite the measures taken to protect your personal data, we would like to draw attention to the fact that the transmission of information via the Internet in general or through other public networks is not completely secure, with the risk that data may be seen and used by third parties unauthorized. We can not be responsible for such vulnerabilities of systems that are not under our control.
What rights do you have
- The General Data Protection Regulation will recognize a series of rights with respect to your personal data. You may request access to your data, correct any mistakes in our files, and / or you may oppose the processing of your personal data. You can also exercise the right to complain to the competent supervisory authority or to address the court. As the case may be, you also have the right to request the deletion of your personal data, the right to restrict your data processing and the right to data portability.
More information about each of these rights can be obtained by consulting the table below.
In order to exercise your rights, you can contact us using the contact details listed above. Please note the following if you wish to exercise these rights
Identity. We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such records using the email address of your GoldenTonewood account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees. We will not charge a fee to exercise any right in respect of your personal data, unless your request for access to information is ungrounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you about any fees applied before you resolve your request.
Response time. We propose to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made more requests, in which case we will respond within a maximum of two months. We’ll let you know if we’ll need more than a month. We may ask whether you can tell us exactly what you want to receive or what you are worried about. This will help us to act faster and shorten the response time to your request.
Rights of third parties. We do not have to respect an application if it would adversely affect the rights and freedoms of other individuals.
You can ask:
- to confirm whether we process your personal data;
- to provide you with a copy of these data;
- to provide you with other information about your personal data, such as what we have, what we use, who we divulge, whether we transfer them abroad, and how we protect them, how long we keep them, what rights you have , how can you make a complaint from where I obtained your data, to the extent that the information has not already been provided by this information.
- You may ask us to rectify or complete your inaccurate or incomplete personal data. It is possible to try to verify the accuracy of the data before correcting it.
- You may ask us to delete your personal data, but only if:
- they are no longer necessary for the purposes for which they were collected; or
- You have withdrawn your consent (if the data processing is based on consent); or
- You give a legal right to oppose you; or
- these have been illegally processed; or
- we have a legal obligation to do so.
We have no obligation to comply with your request to delete your personal data if processing of your personal data is required:
- to comply with a legal obligation; or
- for the establishment, exercise or defense of a right in court.
- There are certain other circumstances in which we are not obliged to respect your request for data deletion, although these are the most likely circumstances in which we may decline your request.
- Please be aware that before exercising this right, you will download from GoldenTonewood account and save all documents related to orders made by GoldenTonewood, whether the billing has been made to you or to another person or entity (such as be: invoices). If you do not do so before exercising your right of removal, you will lose all of these documents and GoldenTonewood will be unable to provide them because the data erase process, or GoldenTonewood account, with all data and documents related to it, is an irreversible process.
Restriction of Data Processing
You may ask us to restrict the processing of personal data, but only if:
- their accuracy is contested (see rectification section) to allow us to verify their accuracy; or
- processing is illegal, but you do not want the data to be deleted; or
- they are no longer necessary for the purposes for which they were collected, but you need them to find, exercise or defend a right in court; or
- you have exercised the right to oppose you, and checking whether our rights prevail is underway.
We may continue to use your personal data following a restriction request if:
- we have your consent; or
- to establish, exercise or secure the defense of a right in court; or
- to protect the rights of another natural or legal person.
- You may ask us to provide your personal data in a structured format that is currently used and can be read automatically, or you may request that it be “ported” directly to another data operator, but in each case only if:
- processing is based on your consent or the conclusion or performance of a contract with you; and
- processing is done by automatic means.
- You may oppose at any time, for reasons related to your particular circumstances, the processing of your personal data on our legitimate interest, if you believe that your fundamental rights and freedoms prevail over this interest.
- You can also oppose processing of your data for direct marketing purposes (including creating profiles) at any time without invoking any reason, in which case we will cease this processing as soon as possible.
Making automated decisions
You can ask that you not be the subject of a decision based solely on automatic processing, but only when that decision:
- produces legal effects with regard to you; or
- will otherwise affect you to a similar extent and to a significant extent.
This right does not apply if the decision made following automatic decision-making:
- we are required to conclude or run a contract with you;
- is authorized by law and there are adequate safeguards for your rights and freedoms; or
- is based on your explicit consent.
- You have the right to file a complaint with the supervisory authority about the processing of your personal data. In Romania, the contact data of the data protection supervisor is as follows:
The National Supervisory Authority for the Processing of Personal Data;
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania;
Phone: +40.318.059.211 or +40.318.059.212;
Without prejudice to your right to contact the Surveillance Supervisor at any time, please contact us in advance, and we promise that we will do our best to resolve any issues amicably.
We remind you that you can contact the Data Protection Officer at any time by submitting your request in any of the following ways:
by e-mail at: email@example.com or by post or courier at: Ibanesti Nr: 480A, Mures County, Romania – with the attention of PC Garage Data Protection Officer.