PRIVACY POLICY

The new European Union law on the protection of personal data, GDPR (“General Data Protection Regulation”), entered into force on May 25, 2016 and takes effect on May 25, 2018. This law represents the biggest change in the field of personal data protection in the last 20 years and has objectives that go far beyond the simple protection of private space.

The protection of your personal data is important to us, therefore, we pay particular attention to protecting the privacy of visitors who access the “www.shop.serve.ro” sites, hereinafter referred to both together and separately as the “SITE”, as well as those whose personal data has been provided to us by a third party, or to which we have had access from another source, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”).

Please pay particular attention to reading the following Policy (hereinafter referred to as the “PPD”) to understand how your information (“personal data”) will be treated.

The PPD explains the practices of SERVE CEPTURA SRL (hereinafter referred to as “SERVE”), regarding the application of the provisions of the GDPR, as well as the rights you benefit from regarding the way your information is processed by SERVE.

The processing of personal data carried out by SERVE will always be carried out in accordance with the provisions of the GDPR, as well as with the regulations on the protection of personal data, specific to each country in which SERVE operates.

Through the PPD, SERVE wishes to inform the data subjects about the nature of the personal data we collect and process, as well as about the purposes of the processing. In addition, the data subjects are informed through the PPD and about the rights they benefit from.

WHO ARE WE?

We are SERVE CEPTURA SRL, a company with its registered office in Soseaua Pipera no. 50 A, Sector 2, 020309 Bucharest, with Trade Register number J29/373/1999 and unique registration code RO11792232. Our main field of activity is “Wholesale of beverages”, CAEN code 4634, and our legal representative is the administrator Mihaela Tyrel de Poix.

WHAT IS PERSONAL DATA?

“Personal data” means any information or data that can identify you directly (for example, your name) or indirectly (for example, through pseudonymous data, such as a unique identification number). This means that personal data includes things like your email address, home address, mobile phone, username, profile photos, personal preferences and shopping habits, user-generated content, financial information and information regarding your financial situation. It could also include unique numerical identifiers, such as your computer’s IP address or your mobile device’s MAC address, as well as cookies.

WHAT IS PERSONAL DATA PROCESSING?

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

WHAT ARE YOUR PERSONAL DATA THAT WE PROCESS?

Your personal data that may be processed are the following: name, surname, telephone number, e-mail, delivery address, billing address, date of birth.

PERSONAL DATA OPERATOR

The personal data operator (hereinafter referred to as the “operator”) is SERVE.

DATA PROTECTION OFFICER (DPO)

SERVE as the controller, has appointed Ms. Mădălina Oprea as the Data Protection Officer (hereinafter referred to as the “DPO”), who is responsible for verifying compliance with the GDPR provisions in data processing operations carried out by the controller and for representing the controller in relations with data subjects and the Supervisory Authority.

Data subjects may at any time directly contact the DPO regarding any issues related to this PPD, using the contact details below:

DPO Name: Mădălina Oprea

DPO Email: madalina.oprea@jantea-law.ro

DPO Mailing Address: Bucharest, sector 1, strada Transilvaniei no. 9

PRINCIPLES CONCERNING DATA PROCESSING SERVE

Serve agrees to comply with the principles of personal data protection (hereinafter referred to as the “Principles”) set out in the GDPR, in order to ensure that all data are: Processed fairly, lawfully and transparently; Collected for specified, explicit and legitimate purposes; Adequate, relevant and limited in relation to the purposes for which they are processed; Correct and up-to-date; Kept in a form which does not permit identification of data subjects for longer than is necessary in relation to the purpose of the processing; Processed in accordance with the rights of the data subject, in a manner which ensures adequate security of the processing, so that the data are intact, confidential and available.

GROUNDS AND PURPOSES OF PROCESSING PERSONAL DATA

For the purpose of concluding and performing contracts – According to art. 6 para. 1 lit. b) of the GDPR, personal data may be processed for the purpose of concluding or performing the contract. In order to be able to offer you our products, it is necessary for us to process personal data that belongs to you. For the purpose of fulfilling legal obligations – According to art. 6 para. 1 lit. c) of the GDPR, personal data may be processed for the purpose of fulfilling legal obligations. We request a series of personal data, including, in certain situations, the personal identification number, in order to fulfill our obligations imposed by the tax authorities in connection with invoicing and reporting to the tax authorities. For marketing purposes – According to art. 6 para. 1 lit. a) of the GDPR, personal data may be processed if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Thus, in certain situations, your personal data will be used for the purpose of: i) sending you marketing, informational or commercial messages (offers, promotions, advertising and marketing messages regarding the activity of SERVE and third parties with whom SERVE has relationships of any kind); ii) participation in contests, promotions; iii) sending non-commercial or administrative messages (regarding changes to the SITE, administration, etc.); iv) internal statistics necessary to improve the quality of the services offered and the image of the SITE and to create new characteristic elements, promotions, functionalities and new services; v) ensuring access to restricted access sections of the SITE; vi) market research.

DATA PROCESSING

By providing any personal data through the SERVE SITE, you understand and agree that your data will be processed in accordance with the provisions of SERVE’s PPD. SERVE undertakes not to process the personal data provided for any purpose other than that for which they were transmitted, except in situations where there is your express consent to use them for other purposes. SERVE may also have access to other personal data by establishing a connection with SERVE by you, by processing data communicated following telephone conversations, e-mail conversations, appearing at our headquarters in order to obtain information, etc. By contacting SERVE in any of the ways stipulated above or any other method that involves mediated or direct communication between you and SERVE, you understand and agree that your data will be processed in accordance with the provisions of SERVE’s PPD.

NEWSLETTER

If you have subscribed to the SERVE Newsletter section, your personal data will be used for the sole purpose of sending you marketing, informational or commercial messages (offers, promotions, advertising messages regarding the activity of SERVE and the partners with whom SERVE has relations of any kind) as well as news, campaigns, invitations to various events. Your personal data consisting of name and e-mail address will be shared with the third party: Rocket Science Group LLC, a limited liability company in Georgia, USA which is the owner of the online platform MailChimp. For more information, you can access the privacy policy: https://mailchimp.com/legal/privacy. Your personal data will be deleted immediately when you cancel your subscription to the SERVE Newsletter section. You can unsubscribe at any time via the link attached to the Newsletter you receive or by a written request addressed to SERVE’s Data Protection Officer. SERVE reserves the right to select the persons to whom it will send newsletters and/or alerts as well as the right to remove from its database any Member or Client who has previously expressed their consent to receive newsletters and/or alerts, without any further commitment from SERVE, or any prior notification thereof.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

Personal data processed by SERVE may be disclosed and/or transferred to third parties only if there is your express consent to do so, except in situations where there is a legal/contractual obligation for SERVE to do so. Please note that in certain circumstances we may be obliged to disclose your personal data to partners with whom SERVE collaborates and/or to other third party service providers of SERVE: companies within the same group of companies as SERVE, courier service providers, payment/banking service providers, IT service providers, marketing service providers.

DATA PROCESSING BY THIRD PARTIES, OTHER SITES AND SPONSORS THE SERVE SITE

Serve website may contain, at some point, access links to other sites whose data processing policies may differ from those of SERVE. Please also consider and consult the privacy policies of other sites, as SERVE assumes no responsibility for the information sent or collected by these third parties.

AUTOMATIC DATA PROCESSING. COOKIES

The SERVE SITE uses Cookie identifiers. In this regard, you can consult our Cookie Policy, available on the SITE, and you can exercise your right to disable Cookies, as specified below. In this regard, you can consult our Cookie Policy, available on the site, and you can exercise your right to disable Cookies.

ONLINE BEHAVIOR-BASED ADVERTISING.

Our advertising service provider LiquidM Technology GmbH is responsible for collecting data used for online advertising. For more information, you can access the privacy policy: https://liquidm.com/privacy-policy/.

DATA STORAGE PERIOD

SERVE may retain the processed data for different periods of time, deemed reasonable, in accordance with the purposes indicated above. We retain your data only for the period necessary to achieve the purpose for which we hold the data, to satisfy your needs or to fulfill our obligations imposed by law. To know how long your data can be retained, we use the following criteria: If you create an account, we retain your personal data until you request us to delete it or after a period of inactivity (without active interaction with us). In this regard, we note that the data processed for this purpose will be deleted 5 years after the last interaction with the account user (such as logging into your account); If you have provided your consent for marketing, we retain your personal data until you unsubscribe or request us to delete it or after a period of inactivity. In this regard, we note that data stored in our databases for the purpose of direct marketing communications are deleted from the records of these databases 5 years after the last interaction with you; If you participate in a promotional offer, we keep your personal data for the duration of the promotional offer; If you contact us with a question, we keep your personal data for the duration necessary to process your questions, but no longer than 5 years from the last correspondence sent; If cookies are stored on your computer, we keep them for as long as necessary for them to achieve their purposes (for example, for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidelines.

RIGHTS OF DATA SUBJECTS

In accordance with the GDPR, you have a number of rights with respect to the personal data that SERVE processes: Right of access to data processing – You have the right to access the personal data we hold about you. The first provision of information will be free of charge. If you require further copies of the information already provided, we may charge a reasonable fee taking into account the administrative costs of providing the information. Manifestly unfounded, excessive or repeated requests may not receive a response. Right to rectification of data – You have the right to request that your Data be rectified if it is inaccurate or outdated and/or to have it completed if it is incomplete. If you have an account, it may be easier to correct your own data via the “My Account” function. Right to erasure (“right to be forgotten”) – In some cases, you have the right to obtain the deletion or destruction of your Data. This is not an absolute right, as we may sometimes be forced to keep m Your Data for legal or legitimate reasons. Right to restriction of processing – You have the right to request restriction of processing of your Data. This means that the processing of your Data is limited so that we can store the Data, but not use or process it. This right applies in specific circumstances provided for by the General Data Protection Regulation, namely: – the accuracy of the Data is contested by the data subject (i.e. you), for a period enabling the controller (i.e. SERVE) to verify the accuracy of the Data; – the processing is unlawful and the data subject (i.e. you) opposes the erasure of the Data and requests the restriction of its use; – the controller (i.e. SERVE) no longer needs the Data for the purposes of processing, but they are required by the data subject (i.e. you) for the establishment, exercise or defence of legal claims; – the data subject (i.e. you) has objected to the processing based on legitimate grounds of the controller (in this case SERVE based on the verification whether the legitimate grounds of the controller (SERVE) override those of the data subject (i.e. you). Right to data portability – You have the right to move, copy or transfer the data that interests you from our database to another. This only applies to the data that you have provided, when the processing is based on your consent or on the basis of a contract and is implemented by automated means. Right to object – You can object at any time to the processing of your data when such processing is based on a legitimate interest. Right to withdraw consent at any time – You can withdraw your consent to the processing of your data when such processing is based on consent. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. Right to lodge a complaint with the competent supervisory authority – You have the right to lodge a complaint with the data protection authority of your country of residence or domicile to challenge the data protection practices of SERVE. Right to object to the processing of your data for direct marketing purposes – You can unsubscribe or opt out of our direct marketing communication at any time. It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we send you. Right to object to the processing of your data by us when we carry out actions in the public interest or in our own legitimate interests or those of a third party – You can object at any time to the processing of your data when such processing is based on a legitimate interest. Right to disable Cookies – you have the right to disable cookies. Internet browser settings are usually programmed by default to accept cookies, but you can easily adjust them by changing your browser settings. Many cookies are used to enhance the usability or functionality of websites/apps; therefore, disabling cookies may prevent you from using certain parts of our websites or apps, as detailed in the relevant Cookie table. If you wish to restrict or block all cookies set by our websites/apps (which may prevent you from using certain parts of the site) or any other websites/apps, you can do so through your browser settings. The Help function in your browser will tell you how. For more information, please see the following links: http://www.aboutcookies.org/; You can exercise any of these rights in relation to the personal data that SERVE processes by addressing a simple request to SERVE’s DPO. In such a situation, we may well request proof of your identity.

LEGAL REQUESTS

We access, We retain and provide your information to regulators, law enforcement, or other entities: In response to a legal request, when we believe in good faith that the law requires us to do so. We may also respond to legal requests when we believe in good faith that the response required by the laws of that jurisdiction affects users in that jurisdiction and is consistent with internationally recognized standards. When we believe in good faith that it is necessary to: detect, prevent, and respond to fraud, unauthorized use of any of our materials, violations of the Terms, or our policies or other harmful or illegal activities, to protect us (including our rights, property or materials), you and others, including in the context of investigations or regulatory authorities’ inquiries or to prevent imminent death or bodily harm. For example, where relevant, we provide information to and receive information from third-party partners about the reliability of your account, to prevent fraud, abuse and other harmful activities on and off our materials. The information we receive about you may be accessed and stored for a longer period of time when it is subject to a legal request or obligation, a government investigation, or investigations into possible violations of our terms or policies, or in other cases to prevent harm.

RELATIONS WITH OTHER OPERATORS

Depending on the context, we may find ourselves in a situation of absolute necessity to provide information at a higher level, both globally, internally or externally, to our partners and those with whom we transfer data in compliance with the GDPR, by virtue of ensuring the provision of the most professional services possible. Information controlled by SERVE may be transferred, transmitted or stored and processed in the EU or in countries other than the country in which you reside, for the purposes described in this policy. These data transfers are necessary to be able to provide services at the highest level, as well as to continue to provide you with our materials at the best professional level. We use standard contractual clauses approved by the European Commission and rely on adequacy decisions issued by the European Commission with respect to certain countries, as applicable, with respect to data transfers from the EEA to the United States and to other countries.

SECURITY OF PROCESSING

SERVE has adopted technical and organizational data processing measures, updated in accordance with the requirements of the GDPR, in order to protect your personal data against any actions of unauthorized access, improper use or disclosure, unauthorized modification, destruction or accidental loss. All employees and collaborators of SERVE, as well as any third parties acting in the name and on behalf of SERVE are obliged to respect the confidentiality of your information and the requirements of the GDPR, in accordance with the provisions of the PPD.

DISCLAIMER

The SERVE SITE may contain links to other sites and/or other web pages that are not the property of SERVE. SERVE assumes no responsibility for the content of these sites and, therefore, cannot be held liable for the content, advertising, goods, services, software, information or other materials available on or through these sites. SERVE will not be responsible for the loss of personal data, any negative effects on the personal data of visitors or other moral and/or property damage caused by access to those sites.

UPDATE OF THE PERSONAL DATA PROTECTION AND PROCESSING POLICY

Please note that this Policy may be subject to periodic content changes, by updating the SERVE SITE. Please do not continue to use the SERVE SITE if you do not agree to such changes. We also recommend that you check this page for any updates. The PPD Terms are interpreted in accordance with applicable law.

CONTACT

If you have any questions or concerns about how we treat and use your personal data or wish to exercise any of your rights, please contact us by accessing the contact details of our DPO.