Privacy policy

The Romanian Standards Association, headquartered in Bucharest, Str. Mendeleev 21-25, Sector 1, Nr. Reg. Com .: 27609057, Registration Code: RO11134288 (“ASRO”), the online store operator www.magazin.asro.ro, and www.asro.ro, www.standardizarea.ro, www.ziuastandardizarii.ro, www.standardizare.wordpress.com, declares that all personal data (hereinafter referred to as “data”) are considered to be strictly confidential and are dealt with in accordance with the laws in force in the field of personal data protection.

The security of your personal data is a priority for us.
As a consequence, we pay the greatest attention to personal data and their protection. Under this privacy policy, we want to inform you about what personal data we collect about you and how we will continue to use it.

 
  1. Personal data and their processing

1.1        Categories of personal data

ASRO collects different information depending on which services you choose to use.

For the processing purposes mentioned in Section 1.2 below, we process your personal data provided on our site –  hereinafter referred to as “Personal Data”, as follows:

  • Surname, first name, date of birth, mobile / fixed phone number, e-mail address, home address, bank account, (hereinafter referred to as “Personal Data”);
  • Order number placed, customer ID, type of ordered products, payment information, transaction details (hereinafter referred to as “Ordering data”);
  • The content of the submitted comment and its subject matter, the contents of the attached documents and transmitted to ASRO (hereinafter referred to as “Communication Data”);
  • Information on how to use your user account and site, such as the date and time you visited the websites,
  • including the public IP address, public device ID, and similar data about you (hereafter referred to as “Monitoring data”).

ASRO will collect your personal data in the following ways: directly from you (provided by site, email, social networking or other means of communication), traffic reports registered by the servers hosting the site, social networks as well as through cookies.


1.2    Purpose of processing personal data:

We process your Personal Data to the extent permitted or required by applicable law for the following purposes:

  • for the provision of goods and services offered by ASRO, including the specific actions of this activity, including the best use of the Site and the obtaining of statistical information for the improvement of ASRO services (hereinafter referred to as ” the operation of the Site “);
  • for the safe management of the ASRO’s computer system and for the purpose of avoiding criminal activities (hereinafter referred to as “Security and Fraud Prevention Purposes”);
  • to allow customers to create an account on our site, place orders online and buy products from the online ASRO store.  We use the information you provide us to manage the account created on our site. You can manage your account, make shopping easier and manage your personal settings (hereafter referred to as “Online Store Goals”);
  • in order to allow customers to provide suggestions and referrals regarding the services provided by ASRO (hereinafter referred to as “Customer’s Suggestions and Referrals Goals”);
  • to allow the contracting and management of the contracting of potential ASRO partners (hereinafter referred to as “Partner Purposes”);
  • for participation in the ASRO Technical Committees to include input into standards. (hereinafter referred to as “Employee Goals”)to enable marketing activities (hereinafter referred to as “marketing purposes”);

These activities may include:

Use your personal data to send you news about our products and services when you buy a product from the online store or set up a user account. You can unsubscribe from these marketing communications at any time, quickly and easily. Just click on the “Unsubscribe” link included in each newsletter.

When you participate in other promotional activities, you may be asked to provide us with relevant information that will be used to manage these promotions.

ASRO will use personal data as provided by you for the purposes stated in this Privacy Policy.

1.3       The Basis of Processing Your Personal Data

Generally, processing of personal data is necessary for the purpose of carrying out activity specific to the purposes of processing.

You are required to provide your personal data on a mandatory basis, except in limited circumstances in which we will disclose that certain information is optional.

If you do not provide us with the required data to be provided, the process may be delayed or even impossible.

In order to be able to process your personal data, ASRO relies on various legal bases as follows:

  • Consent: We can rely on your agreement to use your personal information for certain direct marketing purposes, consent being the legal basis for the collection, processing and use of your personal data as permitted by applicable law. You can withdraw your consent at any time by contacting us at the addresses at the end of this Privacy Policy.
  • Execution of a contract or for the conclusion of a contract:  The processing is necessary for the performance of the contract to which the data subject is a party or to make the necessary steps to conclude the contract between you and ASRO (for example, in the case of the ASRO collaborators, the contract of collaboration, in the case of the clients being the contract of sale – purchase, with suppliers being the supply contract). For example, if you use ASRO services to make an online order, we will use your personal information to fulfill our obligation to complete and manage that order in accordance with the contract we have with you. Also, processing your personal data may be necessary to take steps before concluding a possible contract, as you are a potential partner and would like to contact us for a possible commercial collaboration;
  • Legitimate Interests: We may use the information for the legitimate interests of ASRO, such as providing the best site content, emails and newsletters to improve and promote our products and services, as well as website content, and for legal, administrative, and fraud detection purposes.
  • Legal basis: To comply with rules, legal regulations, or to enforce law and cooperation with competent authorities (including, but not limited to, tax and judicial authorities).

PERSONAL DATA

THE PURPOSES OF PROCESSING   PERSONAL DATA CATEGORIES   THE THEME OF PROCESSING  
Goals related to the provision of services and the operation of the site   Personal data Communication data Execution of a contract ·         Under a legal obligation; or·         Based on legitimate interest  

Security and fraud prevention goals
Personal data   Order data   Monitoring data ·         Under a legal obligation; or·         Based on legitimate interest.  

Goals related to the online store
  Personal data   Order data   Communication data Execution of a contract ·         Under a legal obligation; or·         Based on legitimate interest  

Aims related to customer suggestions and referrals
Personal data   Order data   Communication data Execution of a contract Under a legal obligation;

Supplier Goals
  Personal data   Communication data Execution of a contract ·         Under a legal obligation; or·         Based on legitimate interest  

Partner goals
  Personal data   Communication data In order to carry out the necessary steps to conclude a contract or Based on legitimate interest.
Marketing goals Personal data   Order data On the basis of consent; Based on legitimate interest.
Goals related to collaborators   Personal data On the basis of consent;  


1.4 Transferring personal data to third parties


Your personal information will be passed on to third parties or otherwise only if it is necessary to fulfill the sales contract on the basis of a legitimate interest or if you have previously expressed your consent as follows:

  1. credit card companies, payment service providers for payments and banks, based on your order, in order to execute the sales contract
  2. courier companies for the purpose of delivering your goods or services and resolving complaints, including termination of the contract
  3. other service providers, third parties involved in data processing;
  4. third parties, such as prosecutors and tribunals, for the purpose of recovering or concluding any contract with you;
  5. public authorities (for example, police)


If a third party uses the data in the context of his / her legitimate interest, the ASRO assumes no responsibility.

Third-party service providers have signed confidentiality clauses and are not allowed to use your personal data for purposes other than those outlined in this Privacy Policy.

2. Retention times

Personal data processed for the purposes herein will only be retained for as long as it is necessary for the duration of your account and subsequently during a transitional period (for example, to receive a response to your request, to deliver the goods, issue invoices ) or for any other longer period in which ASRO is legally obliged to archive personal data.


If a legal action is initiated, personal data may be retained until the end of the action, including any recourse period, and then deleted or archived in accordance with the applicable law.

In principle, we will keep your personal data for as long as required or permitted by applicable law. Later, we will remove/delete your personal data from our systems and records and/or take steps to anonymize them, so that you can no longer be identified based on them.

In all cases, personal data in the contracts, communications and other documents identified may be subject to statutory retention requirements, which in principle require retention for up to 10 years.

Any other Personal Data will, in principle, be deleted within 6 months of deletion of your user account or collection through the site, except for the order data that may be kept for up to 3 years at the time of the transaction or, as the case may be, for a period necessary to meet legal obligations (including if we are bound by a court order) or if it is necessary for security reasons, prevention of fraud, litigation or abuse.

3. Security procedures

Under European data protection law, we use reasonable procedures to prevent unauthorized access and inappropriate use of personal data.

We use appropriate systems and procedures to protect and secure the personal data you transmit to us.

We also use security procedures and technical and physical restrictions on accessing and using personal data on our servers. Only authorized personnel can access your personal information while working.

4. Cookies

ASRO’s Internet pages use cookies. Cookies are text files stored on your computer system via a browser. Most websites and Internet services use cookies. Many cookies contain an identifier, a so-called session cookie. This is a unique identifier of a cookie.

It consists of a character string through which Internet pages and servers can be assigned to a particular internet browser in which the business card was stored.

This allows the websites and servers visited to distinguish the person’s browser from other browsers that contain different cookies. A particular browser can be recognized and identified by using the unique cookie ID.

Using cookies, ASRO has the ability to provide users of web sites with more user-friendly services, which would not be possible without using them.

Through cookies, information and offers on the website can be optimized in the user’s interest.

As mentioned earlier, cookies allow us to recognize the users of our sites. The user who uses cookies no longer has to enter their access data every time they visit the site, as this is taken over by the site, and the cookie is stored in the user’s computer system.

Another example is the shopping cart cookie file in the online store. The online store retains the items that the customer placed in the shopping cart through the cookie.

The target person may at any time prevent the installation of cookies through our website through a proper setting of the Internet browser used, thus permanently prohibiting the installation of cookies. Furthermore, cookies already installed can be deleted at any time via the browser or other program.

If the person concerned disables cookies from the browser, it may not be possible to fully use all the features of our website.

For more details, please see our cookie policy here.

5. Newsletter

The ASRO Newsletter contains so-called tracking pixels. The tracking pixel is a thumbnail graphic embedded in emails sent in HTML format to allow the registry file to record and analyze.

This allows for statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, ASRO can see if and when an email was opened by a target person and which links in the email were accessed by the targeted person.

These personal data will not be passed on to third parties. Persons concerned have the right to revoke at any time the statement of consent issued by email confirmation. After revocation, this personal data will be deleted by the operator

The Romanian Standardization Association automatically considers withdrawing from receiving the newsletter as a revocation of consent. The newsletter is sent via the “MailChimp”, a newsletters platform operated by the US supplier known as Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA.

E-mail addresses of newsletter recipients, as well as other data described within this information, are stored on US MailChimp servers. MailChimp uses this information to send and analyze news bulletins on our behalf.

Moreover, according to MailChimp, these data can be used to optimize or improve their own services, e.g. technical optimization of newsletter dispatch and presentation, or for economic purposes, to determine from which countries the recipients are coming.

However, MailChimp does not use the data of the recipients of the ASRO newsletter to contact them personally or to forward information to third parties.

 We trust the reliability of MailChimp, IT and data security. MailChimp is certified under the US-EU Privacy Shield agreement and must therefore comply with EU data protection requirements. Moreover, we have concluded a “Data-Processing-Agreement” with MailChimp.

In this agreement, MailChimp is committed to protecting our data, processing data only in accordance with our privacy laws and not transmitting it to third parties. You can see the MailChimp data protection policy here.

6. Social Networks

On the ASRO website, we’ve integrated components of certain social networks, such as Facebook, Google+, YouTube, LinkedIn, Twitter.

If the person concerned does not want the information to be transmitted to social networks, then it can prevent this from disconnecting from the accounts it holds before accessing our site.

The Data Protection Guide published by Facebook is available here:

Additional information and Google’s and YouTube’s data protection provisions can be obtained by visiting this page:


The applicable LinkedIn Privacy Policy is available here

The applicable Twitter provisions on data protection can be accessed here

7. Google Analytics

On the ASRO websites, the Google Analytics component (with an anonymous feature) is integrated. Google Analytics is a Web Analytics service (analysis on the Internet). Web analytics means collecting, accumulating and analyzing data about the visitor behavior of web sites.

The web analytics service collects, among other things, data about the website from which someone is coming (called referent), which pages were visited, or how often and how long a particular page was viewed. Web analytics analyzes are mainly used to optimize a website and perform cost-benefit analysis of Internet advertising.

The Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, United States.

For web analytics through Google Analytics, the operator uses the “_gat. _anonymizeIp “. Through this application, the IP address of the target person’s Internet connection is abridged by Google and anonymized when our site is accessed from a Member State of the European Union.

The goal of Google Analytics is to analyze traffic on ASRO sites. Google uses, inter alia, the data and information gathered and to evaluate the use of the sites and to provide online reports showing the activities performed on our sites and to provide us with other services related to the use of the site.

Google Analytics places a cookie. The definition of cookies is given in Section 4. By placing the cookie, Google can analyze the use of the site.

Every time we visit one of the pages of our sites where the Google Analytics component has been integrated, the target person’s browser automatically sends data through the Google Analytics component for online advertising and Google commissioning.

Throughout this technical process, Google obtains personal information, such as the target’s IP address, which Google needs, amongst others, to understand the origin of visitors and clicks, and then determine commissions.

The cookie is used to store personal information, such as the time of access, the place where access was made, and the frequency of our site’s visit by the target person.

At each visit of our Internet site, personal data, including the IP address used by the data subject for Internet access, will be forwarded to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer to third parties this personal data collected through the technical procedure.

 As stated above, the person concerned may prevent the installation of cookies through our site at any time by properly modifying the browser, thus refusing to install the cookies.

At the same time, this change to the Internet browser used would prevent Google Analytics from installing a cookie on the target person’s system. Additionally, cookies already used by Google Analytics can be deleted at any time via a web browser or other programs.

In addition, the data subject has the ability to oppose the collection of data generated by Google Analytics on the basis of the use of this website, as well as the processing of such data by Google, which may prevent them from doing so.

Google considers the installation of browser extensions an objection. If the targeting system is later deleted, formatted, or is installed recently, then the target person must reinstall the browser extensions to disable Google Analytics.

If the browser extension has been uninstalled by the target person or any other person in whose jurisdiction it falls, or if it has been disabled, reinstalling or re-enabling navigator extensions can be performed.

Additional information and applicable Google data protection provisions can be obtained by accessing this link.

8. Your rights

If you have expressed your consent to certain personal data processing activities, you may withdraw this consent at any time with future effects.

Such withdrawal will not affect the legality of the Processing prior to the withdrawal of the consent. Under the conditions laid down by the applicable EU Regulation 679/2016 (GDPR), you have the following rights:

Right of access: You have the right to be notified on request if your personal data is processed, and if so, you have the right to request access to them.

The information includes, among other things, the purposes of the processing, the categories of personal data affected and the recipients or categories of recipients to whom the personal data have been disclosed or disclosed to you.

You have the right to obtain a copy of the processed personal data. For additional copies, we can charge you a reasonable fee based on administrative costs.

Right to rectification: You have the right to obtain from us the rectification of your incorrect personal data. Depending on the purposes of the processing, you are entitled to fill in incomplete personal data, including by means of an additional statement.

Right of wiping (“the right to be forgotten”): You have the right to ask us to delete your personal information.

Right to Restriction: You have the right to request the restriction of the processing of your personal data. In this case, the data will be marked and can only be processed for certain purposes.

Right to Data Portability: You have the right to receive your personal data that you have provided to us in a structured, common and machine readable form, and you may transmit these data to another entity without objections from our side.

Right to object: You have the right to object, at any time, to your personal data processing, for your personal data, and may be required to stop processing your personal data.

If you exercise your right to object, we will no longer process your personal data for that purpose. Exercising this right does not entail any cost.

This right may be invalidated in particular if the processing of your personal data is necessary for the formalities relating to the conclusion of a contract or the performance of a contract already concluded.

The aforementioned rights shall be exercised by a written, dated and signed application submitted to the Romanian Standardization Association at the postal address: Str. Mendeleev 21-25, Sector 1, Bucharest – to the attention of the Data Protection Officer – or to the email address dpo@asro.ro.

In the request, you can show if you want the information to be sent to a specific address, which may be e-mail, or a mailing service to ensure that the handover is done only personally.

Please note that prior to any such request, we reserve the right to verify your identity to ensure that the request comes from you.

ASRO will communicate the requested information within 30 days of receipt of the request, in compliance with your request for communication.

Please note that the above rights may be limited under applicable national data protection law.

Where the data subjects directly or through their representative exercise the above-mentioned rights, manifestly unfounded, unjustified or excessive, in particular because of their repetitive nature, the ASRO may:

  • or to charge a reasonable fee, taking into account administrative costs for the provision of information or communication or for taking the measures required;
  • or refuse to comply with the request.


ASRO, as data controller, remains the central contact point for the exercise of these rights.

You also have the right to file a complaint with the National Supervisory Authority for Personal Data Processing.

Please ask any questions to ASRO at dpo@asro.ro or at postal address Str. Mendeleev no.21-25, Sector 1, Bucharest – to the attention of the Data Protection Officer.

9. How do we process children’s personal data?

The services provided by ASRO’s sites are not intended for minors.

10. Validity

This Privacy Policy is effective from May 24, 2018.