Privacy Policy

We consider it important to protect your privacy and to be transparent about how we use your personal data. This statement is to inform you about the type of information collected from customers and how we use this information. This applies to the websites owned by SATOA SRL, namely: www.atosaofficial.ro SATOA SRL processes and stores personal data in the EU and is able to demonstrate at any time compliance with the laws of the European Union as well as with the principles set out in this document. All websites owned by SATOA SRL comply with the General Data Protection Regulation (“GDPR”), (Regulation (EU) 2016/679), which is a binding piece of legislation. This privacy statement is the responsibility of SATOA SRL, which has overall responsibility for ensuring compliance. The Data Protection Officer (DPO) is responsible for implementing our privacy policy, which is intrinsically linked to the privacy statement. The DPO ensures day-to-day compliance and is involved in all matters relating to the protection of personal data. SATOA SRL will determine the purposes and methods of processing the data entered and collected online, being considered the data controller.

1. Data protection principles

• The collection of personal data will be carried out only for specified, explicit and legitimate purposes. Data will not be processed for third parties in a way that is incompatible with those purposes;
• Personal data will be accurate and, where necessary, kept up to date;
• The processing of personal data will be carried out in a lawful, fair and transparent manner;
• All personal data will be kept confidential and stored in a manner that provides the necessary security;
• Personal data will not be disclosed to third parties unless this is necessary for the purpose of providing services in accordance with the agreements;
• Data subjects have the right to request access to their personal data, its rectification and deletion, to object to or restrict the processing of data, as well as the right to data portability.

2. Personal data

• Personal data means any information that can be related to an identified or identifiable natural person (the data subject).
• Personal data includes all types of direct or indirect information (that is, used in connection with other data) referring to the data subject, such as name, date of birth, addresses, email addresses, phone numbers, etc.

3. Collection of personal data

The data we collect may include the following:

• Name and contact details (We collect your first and last name, email address, postal address, phone number and other similar contact details)
• We collect passwords, password hints and similar security information used for authentication and account access.
• We collect data about your device and about how you and your device interact with our products.
• We collect data about the features you use, the items you purchase and the web pages you visit.
• We collect data about the device and network you use to connect to our products. This includes data about the operating systems and software applications installed on your device, including product keys. It also includes the IP address, regional settings and language settings.

4. Purpose of collecting personal data

• informing customers/buyers about the status of their Account, including validation, dispatch and invoicing of orders, resolving cancellations or issues of any kind related to an order, goods and/or services purchased;
• sending newsletters and/or periodic alerts, using electronic mail (email, SMS), only if the data subject has explicitly expressed their consent.
• market research, tracking and monitoring of sales and customer/buyer behavior.

SATOA SRL may also provide the buyer’s personal data to other companies with which it has partnership relations, but only on the basis of a confidentiality commitment from them and only for the purposes mentioned in point 16.3., by which they guarantee that this data is kept secure and that the provision of this personal information is carried out in accordance with applicable legislation, as follows: courier service providers, marketing service providers, payment/banking service providers, telemarketing or other services provided by companies with which we may develop joint programs for offering our goods and services on the market, insurers.

• These activities have no legal effect or other similarly significant effect on users. The sole consequence of using this profiling is that users receive discounts and personalized marketing offers. The user may opt out of profiling or receiving commercial communications, without any effect other than no longer receiving these discounts or personalized marketing offers.
• For the purpose of processing, monitoring activities (profiling) and interaction with the site, Retargeting.biz must automatically collect and store the following personal data: email, phone number, first name, last name, gender, date of birth, city, county, IP address (including possible location), browser, order ID, discount code, discount value, transport cost, total order value, individual prices of ordered products, product variations, products, device, OS, IP location, timestamps related to page visits, page visits, category visits, brand visits, click on image, mouse over cart, mouse over price, scroll up, scroll down, add to cart, remove from cart, select variation, add to wishlist, comment, Facebook Like, visited help page.
• The categories of data subjects are visitors, registered users or customers of the site, as applicable, depending on the chosen service. Visitor data will be stored for 2 months, and data of registered users or customers for 3 years.
• To provide its services, Retargeting.biz uses third-party processors (sub-contractors) from the EEA and the USA (only for push notifications), and the transfer of personal data is made on the basis of the EU-US Privacy Shield; the data is retained/stored for the duration of the contract between the two parties.
• Cookies: this site must use first-party cookies and will grant Retargeting.biz access to this information. This cookie is placed by this site and therefore can be used only in connection with this site. Consequently, a link between internal monitoring of this site’s users and monitoring on other sites is not technically possible through this cookie.
• To unsubscribe from communications sent by Retargeting.biz, send an email to –CLIENTEMAIL-.

The buyer’s personal information may also be provided to the Prosecutor’s Office, the Police, courts of law and other competent state authorities, based on and within the limits of the legal provisions and as a result of expressly formulated requests.

5. Use of personal data

• we will use personal data only for the purpose for which it was collected and will store the data only as long as necessary for the above-mentioned purpose.
• we will keep customer information for the period during which their account is active, for any of the purposes mentioned above (point 4).
• we will keep recordings of telephone conversations for a maximum period of 6 months.
• access to personal data is strictly limited to SATOA SRL staff, associates who hold the necessary authorization and have a clearly defined need to use the data.

If users do not want their personal data to be disclosed to these companies, they are asked to contact the DPO at the email address info@atosaro.com

6. Security of processing

We will process data securely, and we will apply and maintain appropriate technical measures to protect personal data against accidental or unlawful destruction or loss, alteration, disclosure or unauthorized access, especially when processing involves the transmission of data over a network, as well as against any other form of unlawful processing. Questions related to the security of personal data can be sent to the DPO at the email address info@atosaro.com.

7. Access and rectification or deletion of personal data

• customers have the right to request at any time access to, rectification, portability, deletion or restriction of the processing of collected data.
• to keep personal data up to date, we recommend that users inform us of any change or discrepancy.

To view or modify personal data or to obtain information related to personal data (if, at the request of a third party, we have stored or processed any of your personal data), please contact the DPO at the email address: info@atosaro.com. Signed and dated request.

8. Marketing emails

SATOA SRL has the right to send marketing emails to customers with their consent. This specific form of consent must be given freely, in an informed, specific and precise manner. These requirements are fulfilled when customers have opted to receive marketing emails (have actively agreed), by ticking the section “I want to receive FashionUp offers, as well as the latest trends in fashion, style and beauty, by email, mail or text”, displayed when registering a new account, subscribing to newsletters as well as in the personal account. *By text we mean SMS-type communications sent to the mobile phone or push notifications that appear in the Chrome or Firefox browser. Customers will always have the right to object, on request and free of charge, to the processing of personal data for direct marketing purposes, without having to provide specific justifications. Customers can do this by clicking on the “Unsubscribe” link that appears in the marketing emails they receive or can send a message to info@atosaro.com. Once the customer has expressed their objection, that customer’s personal data will no longer be processed for direct marketing. *Marketing emails contain information we consider of interest to the customer, promotions and last-minute offers related to our products and services.

9. Complaints

• customers have the right to lodge a complaint related to the processing of their personal data. All questions and complaints will be handled by the DPO in a timely manner and in accordance with internal procedures.

Complaints can be sent to the DPO at info@atosaro.com

• in the unlikely event that customers have suffered damage as a result of the infringement of their rights under the personal data protection policy and SATOA SRL has not handled the complaint appropriately, customers have the option of submitting a complaint to the supervisory authority (ANSPDCP).

10. Changes to this policy

This policy may be updated from time to time, for example following changes in relevant legislation or changes in the corporate structure within SATOA SRL. If changes are made to this material, customers will be notified by email or via the website before the changes come into effect. We encourage customers to check this page periodically in order to stay informed about the latest developments regarding our privacy practices. BY READING THIS DOCUMENT, YOU ACKNOWLEDGE THAT YOU HAVE BEEN INFORMED THAT YOU ARE GUARANTEED THE RIGHTS PROVIDED BY LAW, NAMELY THE RIGHT TO INFORMATION, THE RIGHT OF ACCESS TO DATA, THE RIGHT TO INTERVENTION, THE RIGHT TO OBJECT, THE RIGHT NOT TO BE SUBJECT TO AN INDIVIDUAL DECISION, THE RIGHT TO ADDRESS THE COURTS IN CASE OF VIOLATION OF THE RIGHTS GUARANTEED BY LAW 677/2001 ON THE PROTECTION OF PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND THE FREE MOVEMENT OF SUCH DATA.