PERSONAL DATA PROCESSING POLICY

PERSONAL DATA PROCESSING POLICY

This Policy aims to outline how the personal data of data subjects are processed by BLACK TECH GROUP SRL.

Additionally, through this Policy, we inform data subjects about their rights in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as GDPR) and the national legislation on the protection and security of personal data, referred to as GDPR Legislation.

Processing is understood to mean any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

WHO ARE WE?

BLACK TECH GROUP SRL is a personal data controller, headquartered in Romania, Voluntari, at Sos. Bucuresti Nord Nr.10, GLOBAL CITY BUSINESS PARK, Building O21, 5th Floor, Ilfov County, registered with the Trade Register Office under no. J23/831/2020, with the Unique Registration Code RO38781286, phone number +40 748 855 888, email address [office@geekmall.ro]. In this document, BLACK TECH GROUP SRL will be referred to as "Black Tech" or the "Controller."

In accordance with the applicable GDPR Legislation, Black Tech is obliged to manage the personal data provided to it safely and only for the specified purposes. Black Tech processes personal data under legitimate conditions, implementing appropriate technical and organizational measures to ensure the integrity and confidentiality of data in accordance with the provisions of the GDPR Legislation.

For any questions, complaints, or communications related to personal data, please contact us using the contact details provided above.

WHAT PERSONAL DATA DO WE PROCESS?

In principle, any information that identifies or can identify, directly or indirectly, a natural person is personal data.

Black Tech processes the following categories of personal data:

1. a) Identification information: name, surname, delivery address;
2. b) Contact information: phone number, email address;
3. c) Other information necessary for providing Black Tech products/ conducting contractual/ business relationships: represented legal entity, billing and/or delivery address (street, number, postal code, city, county), purchased/ ordered/ returned products (including serial number), relationship history, order details (including credit notes for canceled or pending orders), coupons/ promotional codes, IP, account creation date, and browsing history, messages exchanged with Black Tech, payment methods, IBAN bank account;
4. d) Data from communications, complaints, requests made in writing or verbally by you or third parties, through Black Tech's website, Black Tech's social media accounts, phone, fax, email: e.g., name and surname, address, email, phone, other data provided in communications/ complaints/ requests/ discussions;
5. e) Data regarding the device used to access Black Tech's website: device type and unique identifier (IP), operating system used, preferred device language;
6. f) Data regarding the use and operation of Black Tech's website: e.g., date and duration of access/ viewing, browser type used and its settings, pages viewed, third-party websites or services used previously, [------------];
7. g) Cookies and similar technologies (e.g., pixels): details on these, how they work, and how to deactivate them can be found in the Cookies Policy.

 

Black Tech reserves the right to request other data necessary for fulfilling the duties of relevant offices within its organizational structure, strictly in accordance with applicable legal provisions.

WHO ARE THE DATA SUBJECTS?

In the context of this Policy, the term data subjects refers to visitors of the www.geekmall.ro website and Black Tech's social media accounts (e.g., Facebook, Instagram, LinkedIn, Twitter, etc.), whether or not they have created a customer account on the site, as well as individuals whose data is provided to Black Tech by others. Data subjects may provide personal data both in their own name and as representatives of legal entities.

Black Tech collects personal data either directly from the data subject or indirectly from third parties. For example, we collect personal data directly from you when: you contact us by email or phone, you provide your data to create a Black Tech customer account, through a business card or social network (e.g., LinkedIn). We collect your personal data indirectly through other data subjects, the legal entities you represent/ contact person/ authorized person, private or public operators, including state authorities and courts, and from public sources/ documents, as applicable.

If a data subject provides Black Tech with personal data about other persons, they are obliged to inform those persons about the processing of personal data.

If you choose to communicate with us via social networks, please note that the data controllers who manage these platforms also process the content of messages transmitted through these means, according to their own personal data processing/ privacy policies, which we invite you to review carefully.

FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA AND WHAT ARE THE LEGAL BASES FOR PROCESSING?

To benefit from Black Tech products and services or to access certain functionalities or services of the Black Tech website, it is necessary to provide certain personal data to be able to provide the service or to offer access to the respective functionality. Please note that if you decide not to provide the mandatory information, your request may not be completed, and you may not benefit from certain Black Tech services or website functionalities.

In the case of commercial communications (e.g., email, SMS, web push, etc.)/ marketing activities (e.g., promotional campaigns, new product launches, special offers, retargeting, etc.), we will process personal data only if you have given explicit consent for this purpose.

Each legal basis on which we process personal data is established in accordance with the purpose for which these data are processed.

The purposes and legal bases for processing personal data are as follows:

No. Processing Purpose    Legal Basis  Additional Notes

1. Creating and managing a customer account on the Black Tech website Article 6(1)(b) of GDPR   Personal data is processed to take steps at your request to conclude the sales contract for the Controller's products according to Black Tech's terms and conditions of sale.
2. Concluding and executing the sales contract for Black Tech products Article 6(1)(b) of GDPR   Personal data is processed, for example, to deliver the product, provide and benefit from the warranty offered by the contract, handle any returns, etc., according to the concluded contract.

III.  Commercial communications, marketing activities   Article 6(1)(a) of GDPR   Personal data is processed exclusively based on given consent, regardless of the means by which this consent was expressed: physically or online.

1. Fulfillment of a legal obligation incumbent on Black Tech Article 6(1)(c) of GDPR   Personal data is processed, for example, to prepare and keep accounting records, fulfill tax obligations, provide data to competent authorities, etc., considering applicable legislation (e.g., Law No. 82/1991 on accounting, the Tax Code, the Civil/ Criminal Procedure Code, etc.).
2. Resolution of requests, complaints received by Black Tech Article 6(1)(b) or (f) of GDPR Personal data is processed, for example, to deliver the product, provide and benefit from the warranty offered by the contract, handle any returns, etc., according to the concluded contract, or to contact the data subject for details regarding their request, as applicable.
3. Analyzing website usage to improve our services and the data subject's experience on the Black Tech website Article 6(1)(a) of GDPR       Personal data is processed, for example, to understand how you navigate the Black Tech website and to optimize its usage. Thus, we will retain and evaluate information about your recent visits to our site and how you navigate between different sections of our site for analysis purposes to understand how people use our site so we can make it more intuitive.

HOW LONG DO WE PROCESS PERSONAL DATA?

Personal data is processed for a limited period, as necessary for Black Tech's activities, related to the purpose of the processing and applicable legal provisions. For example, to fulfill obligations regarding archiving, we will process personal data for a maximum period of 10 (ten) years from the end of the financial year during which the accounting documents containing those personal data were prepared.

If the processing is carried out for commercial communications/ marketing activities, personal data is stored for the duration of the marketing consent, plus a period of 3 (three) years – the general prescription term – from the withdrawal of consent. If you withdraw your consent, personal data will no longer be processed for this purpose from the moment of consent withdrawal.

After the retention periods expire, we will delete personal data.

WHO DO WE SHARE PERSONAL DATA WITH?

Personal data is intended for use by Black Tech, as the data controller, and is communicated to the following recipients, if applicable:

1. a) Central and local institutions/ authorities to fulfill Black Tech's legal obligations (e.g., ANAF, bailiffs, public registers, police, prosecutor's office, etc.);
2. b) Courts to file actions, defenses, and representation in court;
3. c) Collaborators/ service providers used by Black Tech in its activity, including but not limited to areas such as: IT, accounting, audit, courier, legal services, service and warranty, payment processor, sending newsletters/ commercial communications, etc.

Disclosure of data to third parties is carried out in accordance with legal provisions for the aforementioned categories of recipients, who have taken appropriate protection measures, in accordance with legal provisions, to ensure they comply with personal data protection obligations.

Personal data may also be transferred (e.g., accessed, consulted, etc.) to other entities to initiate and conclude other contracts/ business relationships.

Black Tech may transfer personal data to countries outside the European Union or the European Economic Area (so-called third countries) recognized by the European Commission as having an adequate level of personal data protection, or, if not, only if an adequate level of personal data protection equivalent to that of the European Union is contractually guaranteed by the beneficiaries located in the third country (e.g., by signing standard contractual clauses provided by the European Commission). Additional information can be requested in writing at the email address dpo@geekmall.ro.

Currently, Black Tech transfers personal data (email address, name, and surname) to MailChimp (The Rocket Science Group LLC), an email service provider based in the United States, certified as having an adequate level of personal data protection for transfers from the European Union to organizations in the United States under the EU-US Privacy Shield, as approved by European Commission Decision No. 2016/1250 regarding the adequacy of the protection offered by the EU-US Privacy Shield.

For storing buyers' email addresses, Compari (Online Comparison Shopping Kft.1074 Budapest, Rákóczi út 70-72, VAT No: HU24868291, Trade Register No: 01-09-186759) has the status of a data processor for sending evaluation questionnaires within the Trusted Store Program. After making a purchase here, Compari will receive the buyer's email address. The reason for data transmission: requesting and displaying buyer feedback. The transmitted email address is managed and stored by Online Comparison Kft under a written contract and following the necessary data protection conditions.

WHAT ARE THE RIGHTS OF THE DATA SUBJECT AND HOW CAN THEY BE EXERCISED?

According to applicable legal provisions (Articles 12-22 of GDPR), the data subject has the following rights:

1. a) Right of access: the right to obtain confirmation as to whether or not personal data is being processed by Black Tech, and if so, to access the data and certain information, including by providing a copy of the processed personal data;
2. b) Right to rectification: the right to obtain the rectification of inaccurate personal data and the completion of incomplete data;
3. c) Right to erasure (the "right to be forgotten"), which can be exercised in situations expressly regulated by law (e.g., if consent is withdrawn or if it is found that the processing of personal data was not lawful);
4. d) Right to restriction of processing, which can be exercised in situations expressly regulated by GDPR (e.g., if the accuracy of personal data is contested during the period necessary to clarify the situation, or if the processing is illegal, and data erasure is not desired, only restriction of processing);
5. e) Right to data portability, under which the data subject can receive their personal data processed by Black Tech through automated means, in the execution of a contract or based on the data subject's consent, in a structured format, that can be automatically read, or can request that the personal data be transmitted to another data controller;
6. f) Right to object, under which the data subject can object at any time, for reasons related to their particular situation, to processing based on Black Tech's legitimate interest (including profiling) or carried out in the exercise of a public interest or authorization with which the Controller is invested;
7. g) Right to request and obtain the withdrawal, cancellation, or reassessment of any decision taken regarding you that produces legal effects and is based solely on automated processing; we note that, at present, Black Tech does not process data based on an automated individual decision-making process;
8. h) Right to withdraw consent for the processing of personal data based on this legal ground, at any time, without affecting the lawfulness of processing carried out based on consent before its withdrawal;
9. i) Right to address the National Supervisory Authority for Personal Data Processing or a competent court; if you believe that the rights you benefit from as a data subject have been violated, you can always address a complaint or notification to the National Supervisory Authority for Personal Data Processing, headquartered at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, email: plangere@dataprotection.ro, www.dataprotection.ro. You can also file a legal action in front of the competent courts.

To exercise your rights, please contact us at the following contact details: dpo@geekmall.ro. Black Tech will respond to your request within one month of receiving it, according to GDPR, a period that can be extended by two months when necessary, considering the complexity and number of requests pending resolution within Black Tech. Black Tech will inform you accordingly.