PRIVACY POLICY

Information on personal data processing (art. 13 Reg. EU 2016/679, GDPR)

INTRODUCTION

 Shoppers Romania has always paid specific attention to the protection of personal data of its users. For this reason, the following information (produced in compliance with the so called GDPR, that is the Regulation (EU) 2016/679, hereinafter “Regulation” or “GDPR”) allows to inform in a clear and transparent manner about the modality of the processing of personal data of the users who consult the website and make use of the services available on Shoppers.ro (“Website”), providing a list of the measures taken in order to protect the rights of the subjects. It does not apply instead to other websites or online services that might be found through links on the Website.

INDEX

1. Which data do we process?
2. For how long do we store the data?
3. Why do we process the data?
4. On which legal basis do we process the data?
5. Who is the data controller and how is it possible to contact him/her?
6. Who are the data recipients?
7. What are the rights of the data subject?

PRIVACY POLICY

1. WHICH DATA DO WE PROCESS?

• Navigation Data

During the course of their regular practice, computer systems and software procedures in charge of the functioning of this website acquire some personal data whose transmission is implicit in the navigation.

This information could however allow the identification of the users through the elaboration and association of data owned by third parties, even though it is not collected with the purpose to be crossed with the data of identified subjects.

Among this information are included:

• IP addresses or domain names of the computers used by the users who connect to the website and the URL addresses of the requested resources;
• The time of the request’s submission;
• The method used to submit the request to the server;
• The dimension of the output file obtained;
• The numerical code that indicates the state of the answer provided by the server;
• The parameters relative to the operating system and the platform used by the users.

These data are used with the only purpose to obtain anonymous statistical information about the use of the website, to control its correct functioning and they will be deleted immediately after the processing.

In case of cybercrimes against the website, the collected data might be used to ascertain possible criminal liabilities: except for this possibility, data relative to web contacts do not last for more than seven days.

• Data voluntarily communicated by the user – Quote requests

The user interested in the services offered by Shoppers.ro can request a quote in a discretionary, explicit and voluntary way, by using the contact form on www.Shoppers.ro email address and the message s/he wants to submit: this way s/he agrees to the subsequent data acquisition and the receiving of possible answer messages from Shoppers Romania

• Data voluntarily communicated by the user – applications regarding job available positions  at  Shoppers Romania – “Work with us” service

Each interested subject will be able to voluntarily provide her/his personal data to Shoppers Romania, in order to submit her/his application for the available job positions at the Company, by filling in the specific form on the website at the page “Work with us” and therefore authorizing it to process the personal data provided for the aforementioned purposes.

Consent: the data provision is mandatory only in order to submit the application for an available job position at the Company; therefore, the submission of the curriculum vitae is subject to the will of the single candidate and the possible refusal will determine the impossibility to access to the service, with no further consequences.

The consent to data processing is not mandatory, according to art.9, comma 2, letter b) of GDPR, when the processing concerns data contained in the spontaneously sent curricula for the purposes of a possible establishment of an employment/collaboration relationship. Likewise, the consent is not necessary, in compliance with art. 26, comma 3, letter b-bis) of the Legislative Decree n. 196/2003 (so called Privacy Code), for the possible sensitive data spontaneously provided by the candidate. At the potential job interview, a specific consent for data processing will be obtained from the subject who will be summoned.

Purposes: personal, identification and curricular data, as well as the possible sensitive ones directly provided by the subject, are treated and used to pursue the request of the interested subject and, precisely, to proceed in verifying the premises for hiring and/or the beginning of a collaboration.

Type of data: the collection will only concern common personal data; therefore, the candidate will not be required to indicate the data qualified as “special” by art. 9 of Reg. EU 2016/679 or concerning health. It is explicitly excluded the hypothesis in which the aforementioned data need to be known in order to establish the employment relationship, with specific reference to the possibility that the subject belongs to sheltered groups and to the potential pre-hiring medical examinations.

Data erasure: to request the erasure of the data submitted by the user through the specific form, it is enough for the candidate to submit a request to the Controller at the contact details below specified. The erasure might be run automatically, therefore the candidate could receive further communications whose dispatch has been planned prior to the receiving of the erasure request, anyway for a no longer than 72 hours period.

2. FOR HOW LONG DO WE STORE THE DATA?

The erasure of navigation data (par. 1.1) immediately takes place after their processing because they are used with the only purpose to obtain anonymous statistical information about the use of the website and to control its correct functioning.

The storage of the data communicated by the user (par. 1.2 and 1.3) occurs for the period necessary to the completion of the request and in compliance with the law in force.

As for the storage of data relative to cookies and other tracing systems, please refer to the dedicated section

3. WHY DO WE PROCESS THE DATA?

 Shoppers Romania processes the users’ data in full compliance with their privacy in order to make the Website usable and safe (regarding the Navigation data) or to satisfy or give feedback to the requests sent by the subjects involved (regarding the Data voluntarily communicated by the user in paragraphs 1.2 and 1.3)

4. ON WHICH LEGAL BASIS DO WE PROCESS THE DATA?

Depending on the type of processing, the legal basis used is

1. For Navigation data, the legitimate interest of the Controller;
2. For Data communicated by the user, the provision of the services requested by the subject involved.

5. WHO IS THE DATA CONTROLLER AND HOW IS IT POSSIBLE TO CONTACT HIM/HER?

The data controller is Shoppers.ro, with registered office in Bucharest, Romania email address: office@shoppers.ro

6. WHO ARE THE DATA RECIPIENTS?

The data processing will be done by the staff or subjects specifically authorized by Shoppers.ro, on the basis of specific instructions provided according to the purposes and the modalities of the processing itself.

Shoppers.ro will also be able to take advantage of Data processors in reference to the data collected following the Website consultation, whose list can be requested through the contacts in the previous point 5

7. WHAT ARE THE RIGHTS OF THE DATA SUBJECT?

Shoppers.ro guarantees to each subject the possibility to exert at any moment the rights provided by GDPR in relation to the effectuated treatments. Specifically, each subject has the right:

• To access to the personal data to verify the possible processing and, if so, to entirely access to them and also to obtain a copy of them (art. 15 GDPR);
• To rectify the personal data in case they are inaccurate or to obtain an integration when incomplete (art. 16 GDPR);
• To erase the personal data (right to be forgotten) in the cases dictated in art. 17 GDPR;
• To restrict the data processing in the cases dictated in art. 18 GDPR;
• To obtain the portability of the data processed by the Controller, that is to request them and receive them in a structured, commonly used and machine-readable format and to ask for the transmission, when technically feasible, to another controller without hindrance (art. 20 GDPR);

The exertion of these rights can be exerted by the subject through a communication directly sent to Shoppers.ro (whose delivery addresses are indicated in paragraph 5 of the present section –The users who believe that the processing done by Shoppers.ro is not in compliance with the provisions of the Regulation have the right to lodge a complaint to the Garante (supervisory authority, as in art. 77 of the Regulation) or to the Judicial Authority in charge (as in art. 79 of the Regulation).