Informing customers about the return delivery procedure and order processing!
Securing documents containing personal data. This measure represents a secure location where these documents are stored and archived according to the current legal, fiscal, to prevent unauthorized processing and stored according to the company's internal protocols.
- Training the person in charge of the process regarding the risks of processing personal data outside the online platform.
Training the person responsible for the process regarding the need to notify in case of a major security incident. Training the person responsible for the process regarding the management of situations that may arise when processing data within the platform (errors, usage errors).
- Training the person in charge of the process regarding the use of the information they process and awareness of the nature of personal information.
Prohibition of processing data outside the platform by managing orders directly in the user interface of the platform, not being necessary to process data in other unsecured and vulnerable environments.
- The person in charge of the process is regularly trained on:
data protection principles, including technical and organizational measures
the requirement to maintain data secrecy and confidentiality regarding organizational secrets and trade secrets, including the transactions carried out
correct, careful use of data, data media and other documents.
- The secret of telecommunications
Specific obligations regarding confidentiality, where necessary, the purpose of data collection is to invoice orders, to send correspondence and to honor orders. Your refusal to provide us with the data necessary to conclude an online contract, determines the impossibility of placing your order on this site and processing it.
According to Law no. 679/2016 (GDPR), the user benefits from the right of access, the right to be forgotten, the right to carry the information and personal data, the right to intervene on the data, the right not to be subject to an individual decision and the right to addressed the justice.
At the same time, he has the right to object to the processing of personal data and can request the deletion of data at the contact phone numbers on the website or at the email addresses specified in the terms and conditions section. To exercise these rights, the user can send a written, dated and signed request to the e-mail address email@example.com. (prior grievances or complaints will be litigated through ANPC).
Access to the fixaix.ro Store (government law).
- This is the right of the data subject to obtain from the data operator, upon request, certain information regarding the processing of his personal data, as detailed in Chapter III Section 2 of the GDPR. SUPERVISORY AUTHORITY/MAIN AUTHORITY Supervisory authorities are national authorities for data protection, empowered to implement the RGPD in its own member state.
- The "one-stop shop" concept: if an enterprise is established in several member states, it will have a "main authority", determined by the place of its "headquarters" in the EU. A supervisory authority that is not a main authority may also have a regulatory role, for example if the processing has an impact on data subjects in the country where that supervisory authority is the national authority.
Special categories of data: often known as "sensitive data". The RGPD has expanded the definition to include both biometric data and genetic data.
- ECPD (EDPB) European Data Protection Committee will replace the Article 29 Working Group, and its functions will include ensuring the coherent application of the RGPD, advising the European Commission, issuing guidelines, codes of practice and recommendations, accreditation of certification bodies and issuance of opinions regarding the draft decisions of the supervisory authorities.
Security requirements: set of rules adopted by Order of the People's Advocate in order to ensure the security/confidentiality and integrity of DCP, covering the following aspects: user identification and authentication, type of access, data collection, execution of backup copies, computers and access terminals , access files, telecommunications systems, staff training, computer use and data printing. Each entity has the obligation to approve its own security system, taking into account these minimum security requirements for DCP processing, and depending on the importance of this processed data, it will impose additional security measures.
- Privacy by design means that any actions of a company that involve the processing of personal data must be done based on care for the protection of personal information. This includes internal projects, product development, software development, IT systems and more. In fact, it means that the IT department or any other department that processes personal information must ensure that any new project has a data protection system throughout its creation and implementation. From May, adding functionalities for data protection at the end of a long development process is no longer legal.
Privacy by default means that once a product or service has been publicly launched, the strictest data protection settings have already been implemented by default.
- This without the user having to perform any operation or purchase an additional functionality.
Process, this is broadly defined to cover any operation or set of operations that is performed on personal data or sets of personal data, regardless of whether this is done by automated means or not. Examples of processes include the collection, recording, organization, storage, use and destruction of personal data.
- Data processor entity that processes data on behalf of the data operator. Technical pseudonyms for the processing of personal data so that they can no longer be attributed to a specific person without the use of additional information that must be kept separately and that must be subject to technical and organizational measures to ensure non-attribution.
GDPR General Data Protection Regulation was finally adopted as Regulation (EU) 2016/679 on April 27, 2016.
RPD (DPO) A person responsible for data protection - whose designation is mandatory according to the RGPD when: (i) the processing is carried out by a public authority; or (ii) the "core activities" of a data controller/processor:
(a) impose "regular and systematic monitoring of the targeted persons on a large scale" or;
(b) consist in the processing of special categories of data or data regarding criminal convictions "on a large scale".
- EEA (EEA) The European Economic Area includes all 28 EU member states, Iceland, Lichtenstein and Norway. Does not include Switzerland.
Data subject: represents the person whose personal data is processed. The transfer of personal data to countries outside the EEA or to international organizations, which are subject to the restrictions detailed in Chapter V of the RGPD. As with the Data Protection Directive, data does not have to be physically transported to be transferred.