GDPR

SC TALEROS SRL (Harghita,Sat Lăzarea Nr 721.), as data controller (hereinafter: “Data Controller” or “Dor’seque.com”), recognizes the content of the present Privacy and Data Protection Policy (hereinafter referred to as “Privacy Policy” or “Policy”) as binding on itself. It undertakes to ensure that all data management related to its activities comply with the regulations set out below and the applicable national and EU legislation. Please read carefully the following summary of how our website works. You may trust that data management is transparent and fair, and that we will do everything we can to manage your data carefully and responsibly.

Dor’seque.com reserves the right to amend its Privacy Policy.

Dor’seque.com treats personal data confidentially and takes all technical and organizational measures to guarantee data security.

1. Type of personal data, purpose, legal basis and duration of data management

Dor’seque.com describes its data management principles below. Its basic data management principles are in line with the applicable legislation on data protection, and in particular with the following:

  • Directive 93/13/EEC on Unfair Terms in Consumer Contracts;
  • Directive 2008/48/EC on Consumer Credit Agreements;
  • Directive 2005/29/EC on Unfair Commercial Practices;
  • Directive 2011/83/EU on Consumer Rights;
  • Directive 2013/34/EU on Annual Financial Statements;
  • Directive 2000/31/EC on Electronic Commerce (eCommerce Directive);
  • European Electronic Communications Code (EECC) (Directive (EU) 2018/1972);
  • Regulation (EU) 2016/679 (GDPR) and Directive (EU) 2016/680;
  • Directive 2006/123/EC on Services in the Internal Market (Services Directive);
  • Directive 2006/114/EC on Misleading and Comparative Advertising;
  • Directive (EU) 2016/343 on the Strengthening of Certain Aspects of the Presumption of Innocence and the Right to be Present at the Trial;
  • Directive 97/67/EC on Common Rules for the Development of the Internal Market of Community Postal Services (Postal Services Directive);
  • Directive 1999/44/EC on Consumer Sales and Guarantees (now part of the Consumer Rights Directive 2011/83/EU);
  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679);

2. General Rules and Concepts

Personal data: Personal data is any information relating to an identified or identifiable natural person (data subject). A natural person can be identified directly or indirectly, in particular by an identifier – for example name, number, location data, online identifier – or one or more of the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity. can be identified based on a factor.

Data processor: the natural or legal person, public authority, agency or any other body who processes personal data on behalf of the data controller.

Limitations of the data processor:

  • cannot make a substantive decision regarding data management,
  • may process the personal data obtained only in accordance with the provisions of the data controller,
  • may not process data for your own purposes, furthermore
  • must store personal data in accordance with the regulations of the data controller.

Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.

3. Scope of personal data management

We collect and use your personal data only to the extent that is necessary for the operation of the website and the provision of our content and services. We collect and use your personal data exclusively in accordance with the legal bases and principles defined in the GDPR regulation.

The security of your personal data is extremely important to us. Therefore, we have implemented specific technical and organizational measures in order to protect the data we manage, thus preventing their loss or their misuse by third parties.

Our employees performing data management tasks are subject to mandatory confidentiality rules. The security of your personal data is also guaranteed by the fact that they are transmitted encrypted; for example, we use SSL (Secure Sockets Layer) to communicate with your browser. A lock symbol will appear in your browser to let you know when the SSL connection is established.

– the secure connection between the server(s) of Dor’seque.com and the user’s computer or browser guarantees that the password entered during the login and the personal data entered during the order cannot be extracted by a third party in the communication

– due to the security settings of the browsers, if any element of Dor’seque.com (images, scripts, external scripts) wants to be loaded online via a non-secure connection, the browsers will not load it (however, the user can override this)

In order to ensure that your data is always protected, we regularly review the technical security measures and, if necessary, modify them according to new technological requirements. These principles also apply to companies that manage and use data on our behalf and according to our instructions.

4. Storage period of personal data and the practice of deletion

We process and store personal data only as long as they are necessary for the purpose of data management, or as long as we are required to do so by law or other provisions. As soon as the purpose ceases or is fulfilled, your personal data will be deleted or its access restricted. Limited access means that the data will be deleted as soon as the retention periods specified in the legislation, articles of incorporation or contracts allow this, unless there is otherwise a reason based on which we can assume that the deletion would endanger your legitimate interest and provided that the deletion does not require a disproportionately heavy resource expenditure due to the unique conditions of storage.

In the following, we are to explain the specific processes during which your personal data is processed. In doing so, we also explain the legal basis, purpose and duration of the processing of personal data.

Logging of the www.Dor’seque.com server (log files)

When visiting the website www.Dor’seque.com, the web server automatically logs the user’s activity, that is, during each visit to our website, certain data is automatically collected for technical reasons.


Purpose of data management: operation of the website. With this data, we can ensure the functionality of the website and we can use them to properly present the content of same. We also use this data to optimize our website and ensure the security of our IT systems. As a general rule, we use this technical data only to the extent that it is necessary for the purpose described above, and in addition, in the event of a hacker attack, this data helps to identify the source of the attack and even helps to clarify a police report.


Legal basis for data management: the data controller has a legitimate interest in ensuring that its website functions properly and in a user-friendly manner. [Article 6 (1) GDPR (f)].

Type of personal data handled: access to the website (date, time and frequency), how the website has been reached (sending page, hyperlink, etc.), the amount of data sent, settings and version number of the browser you use, also the operating system in use, as well as the internet service provider, furthermore the scope of interest, demographic data, location data, identifiers, etc. – of the IP address assigned to your computer when you connect to the internet.

You may find information regarding the data collected by Google here: https://policies.google.com/privacy?hl=hu
 

The IP address is a series of numbers that your internet service provider assigns to your computer for the purpose of connecting to the internet and with which the computers and mobile devices of users accessing the internet can be clearly identified. IP addresses can even be used to locate the visitor using a given computer geographically. The address of the pages visited, as well as the date and time data are not suitable for identifying the data subject by themselves, but when combined with other data (e.g. provided during registration) they are suitable for drawing conclusions regarding the user.

Duration of data management: The period of the respective visitor session.

Data processors:

Name:  Google LLC
Seat:  1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America
Data processing task:  contribution to the full utilization of the website’s capacity by creating user statistics (optimization, development, etc.)

Dor’seque.com does not connect the data generated during the statistical analysis of the log files with other information and does not attempt to identify the user.
 
The date, time and frequency data are not in themselves suitable for identifying the data subject, however, when combined with other data (e.g. provided during registration), they are suitable for drawing conclusions about the user.

The independent measurement and auditing of the visitor and other web analytics data of the website www.Dor’seque.com is also supported by an external service provider. The data controllers provide detailed information on the management of measurement data at the following addresses:

Name:Google Analytics
Privacy Policy:  https://policies.google.com/?hl=hu
Name:Search Console
Privacy Policy:  https://searchconsolehelper.com/terms/privacy/
Name:Facebook Pixel
Privacy Policy:  https://www.facebook.com/policy.php  

In order to track users and display personalized recommendations, the code of the following service providers has been embedded into the code of the website: 

5. Cookies, web analytics services and social media

Dor’seque.com is therefore committed to providing you with the highest possible level of service. Our goal is to maintain your trust in us. Accordingly, we would like to provide clear information on how we use and store the cookies of our www.Dor’seque.com website.

Cookies are small text, image or software files that we place and store on your computer, smartphone or other device used to access the Internet when browsing websites. Cookies are extremely useful tools that allow a website to recognize you and to log the times when you visit a particular site. In addition, they allow you to establish a secure connection with the website, and they also increase the user experience by improving your experience with the website, ensuring the connection and/or adapting the content of a particular page to your interests.

The purpose of data management: to identify users, distinguish them from one another, identify the users’ current sessions, store the data provided during each session, prevent data loss, identify and track users, display personalized offers using the data recorded during website visits.

Legal basis for data management: the data controller has a legitimate interest in identifying users and preventing abuses [GDPR Article 6 (1) para. point f)]

Type of personal data handled:

The information stored by cookies on your computer for a specified period of time may refer to the following:

  • websites you visited with your computer using cookies;
  • ads you clicked on;
  • type of browser you are using;
  • your IP address; and
  • information provided by you for the given website (repeated information can be avoided by using cookies).

Cookies, web analytics services and social media plug-ins are subject to a separate Cookie Policy.

6. Contact

When you contact us by phone, e-mail or via the contact form, we store the data you provide.

Purpose of data management: We store your data in order to be able to contact you again when you provide your answer. In addition, we log the contact so that in case of future disputes, it is possible to prove the reality of the circumstances in accordance with the facts. 

Legal basis for data management: Processing of the data subject’ personal data for one or more specific purposes upon consent based on Article 6 (1) point a) of the GDPR.

The range of personal data handled: name, e-mail address, date of request, and other personal data specified in the message, and your voice in case of a call.

Duration of data management: A maximum of 5 years after contact.

7. Newsletter

The Contractor provides the User with the opportunity to inform the User of the most favorable periodical offers or of newly available course modules corresponding to his special field of interest through automatic newsletter messages.

The purpose of data management: Newsletter delivery

Place of data management: Server provider

Legal basis for data management: Processing of the data subject’ personal data for one or more specific purposes upon consent based on Article 6 (1) point a) of the GDPR.

Type of personal data handled: Email address of the User

Duration of data management:  Date of unsubscribing from the newsletter or termination of the User account.

Technical partner of our newsletter service:

Name:MailerLite  
Link to their GDPR Policy:    https://www.mailerlite.com/legal/privacy-policy

8. Transmission of personal data to third parties

When transmitting your personal data, we always provide the highest possible level of security, therefore we only transmit your data to service providers and partners with contractual obligations that have been carefully selected in advance.

We only transfer data to organizations that are established in the European Economic Area and thus are subject to strict EU data protection legislation or to organizations that are subject to equivalent security regulations.

Please feel free to get in touch with us to know more about our contracted third parties, like payment processors, shipping companies or possible marketing partners at the email address info@dorseque.com or by phone at +40 752 937 665 so we can assure you of safe handling and other actions.

9. Data transfer to other third parties in order to fulfill a legal obligation and on the basis of legitimate interest (GDPR Article 6(1)(b) and (f))

In order to operate and optimize the website, as well as to fulfill contracts, various service providers are commissioned to perform certain tasks on our behalf, e.g. provision of central IT services, hosting of our website. We forward the information collected for each purpose to these service providers (e.g. name, address).

Some of these companies act on our behalf in order to manage and fulfill orders and thus can only use the data provided according to our instructions. In this case, we are legally responsible for ensuring that the companies we commission take appropriate data security precautions. Therefore, we agree on specific data security measures with these companies and regularly check these measures.

10. Data transfer to other third parties in order to fulfill a legal obligation and on the basis of legitimate interest (GDPR Article 6(1)(c) and (f))

Finally, we may transfer your personal data to third parties or public administration bodies in accordance with applicable data protection legislation, if we are legally required to do so (e.g. based on an order from an administrative authority or court) or if we are entitled to do so (e.g. because it is necessary to investigate a crime or to prove and enforce our rights and interests).

11. Rights of natural persons concerned

You have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information

You may use the following contacts at no cost, except for the costs that your service provider may charge for forwarding the message:

For your own security, we reserve the right to request additional information to verify your identity when responding to an inquiry. If identification is not possible, we also reserve the right to refuse to respond to the request.

12. Your rights

 

a) Right for information

You have the right to request information from us regarding the personal data stored about you.

b) Right for rectification

You are entitled to request the immediate correction and/or addition of personal data stored about you. If you have asserted your right to rectification, erasure or restriction of data processing, we will notify all recipients of your personal data explaining how we have corrected or deleted the data or that there is now a restriction on the processing of the data, unless this is impossible or requires a disproportionate effort.

c) The right to restrict data processing

You have the right to request the limitation of the processing of your personal data if you dispute the accuracy of the data stored about you, if the data processing is illegal and we no longer need the data, but you do not want us to delete the data and you need them to present, assert or enforce legal claims or to defend against them or if you objected to data processing.

d) Right for deletion

You have the right to request the deletion of your personal data stored by us, unless the preservation of the data is necessary for the free expression of opinion, freedom of information, compliance with legal obligations, public interest, presenting or defending against legal claims or exercising rights.

e) Right for data portability

You have the right to request a copy of your data provided to us and to request that we send it to you or a third party in a segmented, widely used and machine-readable form. If you request the data be sent directly to another data controller, we will only do so if this is technically possible. 

f) Right to protest

If we process your personal data on the basis of a legitimate interest in accordance with Article 6 (1) point f) of the GDPR, you have the right to object to data processing at any time in accordance with Article 21 of the GDPR.

g) Right to withdraw consent

You have the right to withdraw your consent to the collection of data at any time with effect for the future. This does not affect the data collected until withdrawal. We hope you understand that it may take some time to process the withdrawal of consent for technical reasons and that you may still receive messages from us during this time.

h) The right to submit a complaint to a regulatory authority

If the handling of your personal data violates data protection legislation, or if your data protection rights have been violated in any other way, please proceed as follows: 

Complaint to the data controller or data protection officer: We ask that you contact the data controller in the first place with a complaint related to data management.

i.) Right for court procedure:

In the event of a violation of rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.

The fastest, easiest and most convenient way to exercise the right to rectification and deletion is to log in to your account and directly edit or delete the data stored there. We only restrict access to that data, but do not delete the data, if we are obliged to store the data based on legal or contractual obligations, in order to prevent the data from being used for other purposes.

13. Data security

The security of your personal data is extremely important to us. Therefore, we protect your data stored by us with technical and organizational measures to effectively prevent their loss and manipulation by third parties.

Dor’seque.com and its data processors implement appropriate technical and organizational measures, taking into account the state of technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons in order to guarantee a level of data security appropriate to the degree of risk.

Dor’seque.com selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:


 a) accessible to those authorized to do so (availability);
 b) its authenticity and authentication are ensured (authenticity of data management);
 c) its immutability can be verified (data integrity);
 d) be protected against unauthorized access (data confidentiality).

Dor’seque.com takes appropriate measures to protect the data, especially against unauthorized access, change, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

Dor’seque.com, in order to protect the data files managed electronically in its various registers, ensures with a suitable technical solution that the stored data cannot be directly linked and assigned to the data subject, unless permitted by law. Dor’seque.com takes care of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks arising in connection with data management, in view of the current state of technology.

During its data management activity Dor’seque.com aims to preserve
 
 a) confidentiality: protect the information so that only those who are authorized to do so can access it;
 b) integrity: protects the accuracy and completeness of the information and the method of processing;
 c) availability: ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

The IT system and network of Dor’seque.com and its partners involved with data management are both protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.

We inform users that electronic messages transmitted on the Internet, regardless of the protocol (email, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. In order to protect against such threats, the data controller takes all necessary precautions. Monitors systems to capture any security discrepancies and provide evidence for any security incidents. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used.

Dor’seque.com, as a data controller, keeps records of possible data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy same.

14. Amendments to the Privacy and Data Protection Policy

In order to ensure that our Privacy and Data Protection Policy complies with the legal requirements in force at all times, we reserve the right to amend it if necessary. This also applies to cases where the above Policy needs to be amended to introduce new or modified products or services.

Download here.


25 August, 2024.