0

Data privacy and security

Information notice 

According to the legislation in force on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Kitchen Shop SRL ("KitchenShop") has the obligation to manage the personal data you provide to us, safely and only for the specified purposes. 

Document amendments 

This information on the processing of personal data is regularly updated.

Any new amendment will be displayed on our website www.kitchenshop.eu.

Date of the latest update: May 2018.

How to contact us

Your opinion is important to us. If you have any questions about the processing of personal data, you can send us your written request by email to dpo@kitchenshop.eu or by mail services to the following address: Bld. Lacul Tei, no. 1-3, ISPE building, 5th floor, postal code 020371, district no. 2, Bucharest, Romania, submitting your request to the attention of data protection officer.

The kitchenshop.eu website uses security measures against the loss, alteration or misuse of information that is under the control of the kitchenshop.eu. Kitchenshop.eu will make every effort and take all necessary measures against the loss of information caused by "bugs" or errors of the software with which the kitchenshop.eu site is designed and hosted.

Kitchenshop.eu may contain links to other websites and is not responsible for the privacy policy practiced by them. We recommend that you consult in advance the legal terms and other information regarding the collection of personal data. The methods set out below apply only to the information collected on website of kitchenshop.eu.

In case of online payment by card, the data is processed through authorized payment processors. Kitchenshop.eu does not store any information about your card.

By filling in your personal data in the account creation and/or Order form on kitchenshop.eu, you agree that your personal data to be included in the database of KITCHEN SHOP SRL and processed within the limits of the law. All these personal data will be processed unlimited territorially and/or temporally by KITCHEN SHOP SRL, their affiliates and collaborators for the development and/or performing by them of activities such as, but not limited to: meeting the contractual obligations, commercial activities regarding promoting of products and services, marketing activities, advertising, media, administrative activities, development activities, market research activities, statistics, tracking and monitoring of sales and consumer behavior.

Following any given consent regarding the processing of your data, you have the right at any time to revert to the previously expressed consent and change your options.

Purpose of data collection

We collect and process your personal data with the following purposes:

  • Meeting the contractual obligations: processing of user orders or requests, invoicing, debt recovery, settlement of requests and complaints, prevention/detection of frauds, record of benefits of KitchenShop site users/customers and information related to their cumulation/consumption;
  • Marketing (including direct marketing) consisting in providing commercial communications on special offers, products and services provided by Kitchen Shop, by any means of communication, except for automatic calling that does not require the intervention of a human operator;
  • storing and processing information that helps KITCHENSHOP to improve the relation with users/subscribers/buyers;
  • processing of these personal data and information by KITCHENSHOP in order to carry out market studies and statistics;
  • monitoring the sales and consumer behavior;
  • evaluation of products and services provided; 

Kitchenshop.eu notifies users/customers about current offers by periodic electronic information (using the e-mail address) and may occasionally send greeting cards, gift coupons or other special messages. Kitchenshop.eu does not agree and does not promote SPAM.

KITCHEN SHOP SRL provides your personal data to other companies with which it is in partnership relations, but only based on a confidentiality agreement from them, by which it guarantees that this data is kept safe and that the processing of this personal information is carried out by complying with the legislation in force. Companies-partners of Kitchen Shop can be: providers of marketing services, courier, payment / banking services, telemarketing or other services, other companies with which we can develop joint programs for providing our products and services on the market, insurers.

Your personal data may also be provided to the Prosecutor's Office, the Police, the Courts of Law and other competent bodies of the state, complying with and within the limits of the legal provisions and as a result of expressly written requests.

Through the Site, users may provide KITCHENSHOP with information regarding personal data (such as name, address, e-mail address, phone numbers), the way in which the products and/or services published on the Site are used or intend to be used, but may also include other information closely related to the use of the requested services and/or products.

KITCHENSHOP certifies that it will comply with the rights conferred by law on the protection of individuals with regard to the processing of personal data and the free movement of such data.

The rights provided by law are guaranteed to you.

The right to information

You can request information about your personal data at any time, by using any of the contact ways specified on our website.

The right of access to personal data

You have the right to request for a copy of the personal data that KitchenShop holds about you. To make this request, please use the address dpo@kitchenshop.eu. Alternatively, you can contact the Customer Service team to be properly guided.

The right to rectification of personal data

You have the right to retify the data held in connection with you. If the data we hold about you needs to be updated or if you consider that they might be inaccurate, you can log in to kitchenshop.eu site and you can correct these data or you can write to us at dpo@kitchenshop.eu.

The right to restrict the use of your personal data 

If you believe that the data we hold about you are incorrect or if you believe that we should not process your data, under certain conditions, you have the right to request that our company restrict the processing.

The right to data portability

You have the right to request that our company transfer the data you have submitted to us, directly to you, under certain conditions. 

The right to object to the use of personal data

You have the right to object to KitchenShop's processing of your personal data, under certain conditions. This right of objection may be excluded for certain processing provided by law (eg: processing carried out by financial and tax, police, justice, social security services).

The right to data erasure

KitchenShop only aims to process and store your personal data for as long as it is necessary. You have the right to request that our company erase your personal data, under certain conditions. If we have legal grounds for processing your personal data, your personal data will be further processed.

If you would like to exercise any of your rights, this will be carried out based on a written request (email at dpo@kitchenshop.eu/ via postal services).

TRANSACTION SAFETY

The company is aware of the importance of observing all the necessary legal procedures, related to the security of personal data, as well as electronic transactions, and has taken all the necessary measures in this regard, by the most modern and performant methods, in order to provide the highest possible degree of safety. All information related to the personal data of users/subscribers is treated as confidential data. The company has adopted procedures that protect the confidential data that users/subscribers provide through the website or in any other way (by phone, for example). These procedures protect the data of users/subscribers against any unauthorized access or disclosure, theft or non-compliant use, change or destruction, also helping in certifying that the data is accurate and is used correctly.

Firewall

The access to the Company's systems (servers) is controlled by a firewall, which allows the use of certain services by users/subscribers, while prohibiting the access to the Company's systems and databases and confidential information. 

Transaction confidentiality 

As mentioned above, the observance of confidentiality is implied. All the information transmitted by the user/subscriber is confidential, the Company taking all the necessary measures so that they are used only to the extent that this is considered necessary in the context of the services provided. Only authorized employees have access to information on transactions and only when this is absolutely necessary.

Secure payment solutions

The products/services on this website are marketed by means of the online payment solutions provided by Stripe. In order to eliminate the risk that your data will come into possession and be misused by third parties:

• Stripe guarantees the security of information systems.
• The information regarding the bank card data (card number, expiration date, etc.) will not be transferred or stored on KITCHENSHOP servers or Stripe servers.
• In the case of the 3D Secure system for payment via Visa or MasterCard cards, the data related to your card are entered directly into the Visa or MasterCard systems, and if your card was issued by a bank certified in the 3D Secure system, the transaction authorization is made only after your authentication in this system - entering a secret code/password known only by you, similar to the PIN code for transactions from ATM.

Any attempt to access the personal data of another user or to modify the content of the site or to affect the performance of the server on which the site is running, will be considered an attempt to defraud the site and will initiate the criminal investigation against the person or persons who made this attempt.   

DATA SECURITY POLICY

By accessing the site and using the services provided, only in cases where it is necessary to obtain a "username" you agree to provide true, accurate and complete data about yourself as requested in the registration form as a user.

If the information is not true or is inaccurate or incomplete, KITCHENSHOP is entitled to the right to suspend or terminate your account without any prior notice. Site users have the possibility to view and modify personal data if changes have occurred, at any time.

KITCHENSHOP complies with the minimum security requirements for the processing of personal data, namely:

a) User identification and authentication 

User means any person acting under the authority of KitchenShop, of the authorized person or of the representative, with a recognized right of access to personal databases. Users, in order to gain access to a personal database, have to identify themselves. Identification can be performed by several methods, such as: entering the identification code from the keyboard (a string of characters), using a bar code card, using a smart card or a magnetic card. Each user has his or her own identification code. More users must never have the same identification code. Identification codes (or user accounts) not used for a longer period of time should be deactivated and destroyed after a prior internal control of KitchenShop. The period after which the codes must be deactivated and destroyed is established by the operator. Every user account is accompanied by a way of authentication. Authentication can be done by entering a password or by biometric means: fingerprint, voice record, retinal angiography, etc. Passwords are strings of characters. The longer the string, the harder the password is to find out. When entering passwords, they do not have to be clearly displayed on the screen. Passwords have to be changed periodically depending on the security policies of the entity (operator or authorized person). Periodic change of passwords is made only by users authorized by the operator. Every user who receives an identification code and a means of authentication has to keep the confidentiality of them and to be liable for them to KitchenShop. Each entity will set its own procedure for the administration and management of user accounts. Operators authorize certain users to revoke or suspend an identification and authentication code, if their user has resigned or has been dismissed, has concluded his contract, has been transferred to another position and the new tasks do not require access to personal data, has misused the codes received or if he will be absent for a long period set by the entity. The users' access to the personal databases made manually will be made based on a list approved by the entity's management.

b) Type of access

Users shall access only the personal data necessary for carrying out their duties. For this purpose, operators have to set the types of access by functionality (such as: management, input, processing, saving, etc.) and by actions applied to personal data (such as: writing, reading, deleting), as well as the procedures regarding these types of access. Programmers of personal data processing systems will not have access to personal data. KitchenShop will allow programmers access to personal data after they have been transformed into anonymous data. The department that provides technical support can have access to personal data to solve exceptional cases. Anonymous data will be used for activity of training the users or for making presentations.  Employees who deliver the training courses will use personal data during their own training. KitchenShop will set strict ways to destroy personal data. Authorization for this processing of personal data has to be limited to a few users.

c) Data collection

Data collection is carried out by direct input by the person concerned, by filling in the forms available on the company's website. Any change of the personal data can be made only by authorized users appointed by KitchenShop.

KitchenShop will take measures for the information system to record who made the change, the date and time of the change. For a better data management, KitchenShop will take measures for the information system to keep the data that were deleted or modified.

d) Making backup copies

KitchenShop will set the time interval at which backup copies of personal databases will be carried out, as well as of the programs used for the automated processing. Users who make these backup copies will be appointed by the operator, in a limited number. KitchenShop will take measures for the access to backup copies to be monitored.

e) Computers and access terminals

Computers and other access terminals will be installed in rooms with restricted access. If these conditions can not be provided, the computers will be installed in rooms that can be locked or measures will be taken that access to computers to be made by means of keys or magnetic cards. If personal data appear on the screen, on which a given period is not acted upon, set by the operator, the work session must be automatically closed. The length of this period is determined according to the operations to be performed. The access terminals used in relation to the public, on which personal data appear, will be positioned so that they can not be seen by the public and after a short period, set by the operator, in which no action is taken upon them, they must be hidden. 

f) Files of access 

KitchenShop has the obligation to take measures that any access to the personal database to be recorded in an access file (called "log" for automatic processing) or in a register for manual processing of personal data, set by the operator. The information recorded in the access file or in the register will be: - the identification code (the user's name for the manual personal databases); - the name of the accessed file (sheet); - the number of records made; - the type of access, - the code of the performed operation or the program used; - date of access (year, month, day); - time (hour, minute, second). For automatic processing, this information will be stored in a general access file or in separate files for each user. Any attempt of unauthorized access will also be recorded. KitchenShop is obliged to keep the access files for at least 2 years, in order to be used as evidence in case of investigations. If the investigations are prolonged, these files will be kept for as long as it is considered necessary. The access files have to make it possible for the operator or the authorized person to identify the persons who have accessed personal data without a specific reason, in order to apply sanctions or notify the competent bodies.

g) Telecommunication systems

KitchenShop has the obligation to periodically check the authentications and access types in order to detect some malfunctions in the use of telecommunication systems. The operators have the obligation to design the telecommunication system so that personal data can not be intercepted or transmitted from anywhere. If the telecommunication system cannot be secured in this way, KitchenShop has the obligation to impose the use of the encryption method for the transmission of personal data. Only the strictly necessary personal data will be transmitted by means of telecommunication systems.

h) Staff training

During the training courses of the users, KitchenShop has the obligation to inform them about the provisions of the laws in force for the protection of individuals with regard to the processing of personal data and the free movement of such data, the minimum security requirements of the processing of personal data, as well as the risks involved in the processing of personal data, depending on the specifics of the user's activity. Users who have access to personal data will be trained by the operator on their confidentiality and will be warned by messages that will appear on screens during activity. Users have the obligation to close their work session when they leave the workplace.

i) Use of computers

In order to maintain the security of personal data processing (especially against computer viruses) KitchenShop will take measures such as:
- prohibiting the users to use software programs that come from external or questionable sources; 
- informing the users about the danger regarding the computer viruses;
- implementation of automatic systems for devirusing and security of information systems;
- disabling, as far as possible, the "Print screen" key, when personal data are displayed on the screen, thus forbidding their printing.

j) Data printing

Printing of personal data will be carried out only by users authorized by the company for this activity. KitchenShop uses specific internal procedures regarding the use and destruction of these materials, and depending on the importance of the personal data processed, it will take additional security measures.