Politica de confidențialitate
Identity of the operator
S.C. Beyond Business S.R.L., with registered office in Prahova, Ploiești, registered with the Trade Register under no. J29/1092/2021, unique registration code 44176468, is the owner of www.iuliaivan.ro and is the personal data controller for the data processed through this website. The privacy policy applies to this website, and please read it in its entirety.
What categories of personal data do we process
As a personal data controller within the meaning of Regulation (EU) 679/2016 of the European Parliament and of the Council of April 27, 2016 (hereinafter GDPR), S.C. Soul Bloom S.R.L. processes the following personal data through www.cristinaotel.ro, data strictly necessary for the purposes:
A. Identification data:
Name and surname;
User name (username or similar identifier);
Image;
Place of Employment;
Function;
B. Contact Data:
Mailing Address;
Billing address;
Email Address;
Telephone Number;
C. Details of services purchased:
Amount Paid;
Service purchased;
Method of payment;
D. Technical data (cookies):
IP Address;
Login data
Browser type;
Location and time zone settings;
E. Data on whether or not you prefer to receive marketing materials
When do we collect and process your data?
• We collect and process your personal data in the following situations:
• When you purchase the web interface or by email;
• When you participate in online or offline events, with or without a fee;
• When you register for a course;
• When you ask us to subscribe to our newsletter;
• When you ask us to subscribe to free resources;
• When we prepare the legal and necessary paperwork required to register, attend, and complete the courses, workshops, and events we organize;
• When we send marketing communications by email.
From whom and how we collect your personal data:
Your data may be collected
• Directly from you, via web forms, telephone, and email;
• Indirectly, when someone else purchases one of the services we offer to you
Please note that if you order a service/product for another person, you assume that you have obtained that person’s prior consent to process their data.
When we ask you to fill in personal data in order to provide you with access to certain functionalities or services of the website, we will mark some fields as mandatory, as this is information we need in order to provide you with the service you want or to provide you with access to the functionality.
Please note that if you choose not to provide us with this information, you may not be able to complete your user registration or take advantage of these services or features.
In such a case, we may be in a position where we may have to limit your access to a product or service that you want from us, but we will notify you at the time if this happens.
For example, if you would like to download certain materials on the Platform, we will ask you for your e-mail address; if you do not provide us with a valid e-mail address, we will not be able to provide you with that material.
Also, if we are unable to verify your identity at the time you send us a request via the contact address, the form on the platform, or otherwise, we reserve the right not to respond to that request.
Purposes for which we process personal data
In case you decide to register as a user on our website, we need to process your data (name, surname, email address, postal address, telephone number, username, and password) to identify you as a user and to provide you with access to our various functionalities, products, and services available to you. You can cancel your registered user account at any time, either from your account on the website or at the email address in the Rights section.
If you subscribe to our newsletter, we will process your personal data (name, surname, and email address) for marketing purposes and to manage your communication preferences. You will be able to unsubscribe from the newsletter at any time, free of charge, using the instructions provided in each communication.
If you subscribe to free resources, we will process your personal data (first name, surname, and email address) for the purpose of providing you with informative materials. You will be able to unsubscribe from this service at any time, free of charge, using the instructions provided in each communication.
Personal data will be used exclusively for the purposes of the company’s business, namely for: online correspondence (name, surname, email address), creating and managing accounts on the website (username and password), providing advisory services, registering for various events – courses and workshops (name, surname, email address, telephone), and for order taking and invoicing (name, surname, postal address, billing address, email address, telephone) and will not be further processed for any other incompatible purposes.
If you participate in an event organized by the Company, your image will be disclosed on the Company’s website only to the extent that you give your express consent to this.
The personal data processed for testimonials that will appear on the website (name, surname, position, job) will be disclosed only after your consent has been obtained.
In the contests we organize, we will process data of the winners strictly to send the prizes (name, surname, postal address, telephone number, email address).
We may also store and collect information in cookies on our website per our Cookie Policy.
S.C. Beyond Business S.R.L. is not responsible for the personally identifiable information you choose to make public on the blog. In the event that you choose to disclose information about yourself while contributing to our blog by posting public comments or photos, please be advised that this is public information and there can be no expectation of privacy.
You should also be aware that any personally identifiable information you submit during these public activities may be read or collected by others and could be used to send unsolicited messages.
Legal basis for processing
Personal data will be processed by SC Beyond Business S.R.L., for the purposes specified above, on the basis of your consent, a contract to which you are a party, or a legal obligation to which we are subject. Refusal to provide this data entails the impossibility of access to the desired services.
We also inform you that, according to Art. 7 para. (3) of the GDPR, you may withdraw your consent at any time. Please note, however, that withdrawal of consent does not affect the processing that has taken place up to that point.
Recipients of personal data
Your non-sensitive personal data may be processed by third parties with whom we have a contractual relationship for purposes that serve our legitimate or lawful interest: Google Analytics – application for statistics, Mailchimp – for newsletter. These providers act as processors for SC Beyond Business S.R.L.
We do not transfer the personal data of data subjects outside the European Economic Area unless our email marketing provider, mailerlite.com, is certified through the EU-U.S. Privacy Shield Framework to securely intermediate this. For more information about the security offered by Mailerlite’s global email marketing platform, read https://www.mailerlite.com/legal/privacy-policy.
Please note that we work with internal or external providers that offer sufficient guarantees of trustworthiness and lawfulness to process this data.
Some of your personal data is passed on to and may be processed by suppliers with whom we have a contractual relationship to provide our services to you (for the purposes mentioned below only), as follows:
1. Accounting and legal services (name, surname, postal address, billing address);
2. Newsletter services (Mailerlite): e-mail address;
3. Online statistics services (Google Analytics): actions on the website, duration of a visit, pages visited, region/city where the device from which you access the website is located, purchases, IP).
In these services, no personal data, such as first and last name, is collected; the applications only store and process actions. The operator owns the website www.iuliaivan.com, which has an associated Google Analytics account. You can opt out of the retention of this data by installing the Google Analytics Opt-out Browser Add-on.
The data collected and processed will be stored on the territory of Romania and will not be disclosed/transmitted to third parties (with the exceptions mentioned above). For such situations, we have ensured that our partners also comply with the GDPR conditions by signing additional deeds to the ongoing contracts.
We also inform you that in the event of a legal obligation, your data may be disclosed to a public authority.
Data storage period
We limit the storage period of your personal data to what is necessary for our processing purposes. We delete personal data at your request, except for data the processing of which is required by a legal provision, which we delete within the period provided for by that provision.
As a general rule, SC Beyond Business S.R.L. will store your personal data for as long as you have an account on www.cristinaotel.ro, but no longer than 3 years.
The personal data collected for receiving Newsletter and Free Resource messages will be stored until the moment you decide to stop receiving such messages and click the Unsubscribe button, but not longer than 3 years.
Personal data collected in order to correspond with you online will be stored until you request their deletion, but no longer than 6 months.
The data that will appear in the Testimonials on the website will be processed until you exercise your right of erasure provided for by the legislation in force, but for no longer than 3 years.
As regards the data necessary for the preparation of accounting documents, this data will be stored for a period established by the applicable accounting legislation.
If any of the personal data you have provided us with changes, please inform us as soon as possible in order to update it.
What are your rights under GDPR
The General Data Protection Regulation gives you a number of rights in relation to your personal data:
I. The data subject’s right of access
The data subject has the right to obtain from the controller a confirmation as to whether or not personal data relating to him or her is being processed and, if so, access to that data and to the following information:
(a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or are to be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the period for which the personal data are expected to be stored or, if this is not possible, the criteria used to determine this period;
(e) the existence of the right to request the controller to rectify or erase the personal data or to restrict the processing of personal data relating to the data subject or to object to the processing;
(f) the right to lodge a complaint before a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision making, including profiling as referred to in Article 22(1) and (4), and, at least in those cases, relevant information on the logic involved and on the significance and expected consequences of such processing for the data subject.
II. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Having regard to the purposes for which the data have been processed, the data subject shall have the right to obtain the completion of personal data which are incomplete, including by providing an additional statement.
III. Right to erasure (‘right to be forgotten’)
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller is obliged to erase personal data without undue delay if one of the following grounds applies:
(a) the personal data are no longer necessary for the purposes for which they were collected or processed;
(b) the data subject withdraws his or her consent on the basis of which the processing is taking place in accordance with Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no legitimate grounds for the processing which override the objection or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been processed unlawfully; (e) the personal data must be erased in order to comply with a legal obligation incumbent on the controller under Union or national law to which the controller is subject;
(f) Personal data were collected in connection with the provision of information society services referred to in Article 8(1).
IV. Right to restriction of processing
The data subject has the right to obtain from the controller the restriction of processing where one of the following applies:
(a) The data subject contests the accuracy of the data, for a period enabling the controller to verify the accuracy of the data;
(b) The processing is unlawful and the data subject opposes the erasure of the personal data, requesting instead the restriction of their use;
(c) the controller no longer needs the personal data for the purposes of the processing but the data subject requests them for the establishment, exercise or defense of legal claims; or
(d) the data subject has objected to the processing in accordance with Article 21(1), for the period of time during which it is ascertained whether the legitimate rights of the controller override the data subject’s legitimate rights.
V. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used and machine-readable format and shall have the right to have these data transmitted to another controller, without hindrance from the controller to whom the personal data were provided, if:
V. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used and machine-readable format and shall have the right to have those data transmitted to another controller without hindrance by the controller to whom the personal data were provided, if:
VI. Right to object
The data subject shall have the right to object at any time on grounds relating to his or her particular situation to the processing pursuant to Article 6(1)(e) or (f) of personal data relating to him or her, including the creation of profiles on the basis of those provisions. The controller shall no longer process the personal data, unless the controller demonstrates compelling legitimate grounds justifying the processing which override the interests, rights and freedoms of the data subject, or the establishment, exercise or defense of legal claims.
We also inform you that you can lodge a complaint with the National Supervisory Authority for Personal Data Processing.
If you wish to exercise your rights, you can do so by sending a written, signed and dated request to the e-mail address contact@iuliaivan.com. Your request should contain a detailed description of the right you wish to exercise, and a reply will be communicated to you at the email address from which you sent the complaint.
The rights listed above are not absolute, there are exceptions, and therefore each request received will be analyzed to decide whether or not it is well-founded. To the extent that your request is well-founded, we will facilitate the exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your right to lodge a complaint with the Supervisory Authority and to go to court.
We will try to respond to your request within 30 days. However, the deadline may be extended depending on the complexity of the request, the large number of requests received or the inability to identify you within a reasonable time.
In order for us to respond to your requests to exercise your rights, we may need additional information to be able to confirm your identity. If, despite our best efforts, we are unable to identify you, and you do not provide us with additional information, we are under no obligation to fulfill your request.
You will not be charged a fee for exercising your rights. However, you may have to pay a reasonable fee if your request is unfounded, excessive or repetitive. Alternatively, we may refuse to grant your request in these circumstances.
How we protect your personal data
We ensure the security of your personal data by implementing appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure or destruction, unauthorized processing, accidental or unlawful loss.
We constantly review our internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from unauthorized access or other possible threats to their security.
We ensure that the personal data we process is limited to only that which is necessary, appropriate and relevant for the stated purposes.
At the same time, we try to restrict access to the personal data we process as much as possible to the minimum necessary: collaborators and others who need to access this data in order to process it and carry out a service. We note that our partners and collaborators are subject to strict confidentiality obligations (either by contract or by law).
We use technologies to ensure the security of our customers, always trying to implement optimal solutions for data protection. We also make regular data back-ups (automatically every 7 days) in order to be able to recover data in case of a possible incident and we have regular audit procedures in place regarding the security of the equipment used. However, please note that no website, no application and no internet connection is completely secure.
Although we are constantly striving to ensure the security of the data you entrust to us, security incidents/breaches may occur. In these cases, we have procedures in place for reporting and notifying security incidents and we take all necessary steps to mitigate the risks, remedy the security breach, recover the data and return the situation to normal as soon as possible.
Access to the database is based on username and password, which are changed periodically. Access to the database is also recorded in an access file (access log), which makes it possible to identify the persons who have accessed personal data.
Personal data is stored physically and/or electronically, depending on how it was collected, and our servers are password and firewall-protected.
As the transmission of information over the internet is not always secure, we cannot guarantee the security of data transmitted over the internet. We also inform you that you are solely responsible for maintaining the confidentiality of the password and other means of authentication that you use to access the Site.