Privacy policy
SUN MUZE S.R.L., guarantees the security and confidentiality of the data hosted and transmitted through its computer system. This information may be used by SUN MUZE S.R.L., to send the user order confirmation, various special offers, promotions, etc. only on the basis of the consent of the data subject.
The provision of personal data to SUN MUZE S.R.L., does not imply obligations on the part of users, and they may refuse to provide such data in any circumstances and may request their deletion from the database free of charge. In order to delete the information provided by the users from the database, it is enough to be contacted and to be requested this by phone, or by e-mail, and we will provide the user with a form through which he can exercise his rights. by the legislation in force, regarding the processing of personal data.
SUN MUZE S.R.L. ,, owner of the platform, does not intervene directly or indirectly on the databases where customer information is stored. These are processed automatically only in the following processes:
• Password reset
• Can be requested only by the user;
• Account activation link / password change directly by e-mail;
• Updating / modifying / deleting information and / or user account
• Has the possibility to delete the account, to modify and update the information;
• Has full access to updating the information necessary to take possession of the delivered products;
• Has the possibility to express his consent to be informed about the stock update, the alert for completing the order from the shopping cart, new offers, stock and price changes, etc .;
We use the personal data collected, for the following purposes:
1. Invoicing of products / services ordered by the user;
2. Their delivery;
3. Making the online payment (if applicable);
4. Request for offer or contact request;
In order to make it possible to invoice, send and deliver the placed orders, the user must agree that SUN MUZE S.R.L., to collect and process your registered data, according to the requirements of Law no. 679/2016 (GDPR).
According to the requirements of Law no. 679/2016 (GDPR) for the protection of individuals with regard to the processing of personal data, and the protection of privacy in the electronic communications sector, SUN MUZE SRL, has the obligation to manage safely and only for specified purposes, personal data that we are provided.
In this sense, SUN MUZE S.R.L., has developed a series of technical and organizational measures to prevent the risks that may occur in the processing of personal data.
The processing of personal data within the organization is conditioned by a series of technical and organizational measures in order to secure them.
These measures are intended to protect information at the organization’s level against security incidents.
From the processing point of view, within SUN MUZE SRL, personal data are processed only for the purposes for which the consent of the data subjects was obtained, including for parallel purposes and for concluding a contract or delivering a product to the customer, requested by him. .
Given that this organization operates mostly in the online environment, the processing of personal data of customers are transmitted online through applications and the platform on which orders and requests for quotation are requested. The data collected are minimized and are directly related to the purpose for which consent was obtained and are necessary to contact the customer in case of a request for offer or to deliver and make available the ordered product according to its requirements or return.
SUN MUZE S.R.L., the legal person registered at the Trade Register (no. J03 / 2733/2019, CUI RO41907563) is a direct operator, not authorized and has no designated entities. The purpose of processing personal data is to provide products through the online store and the parallel purposes of this activity: returning products, processing information necessary for delivery, improving the user experience by retaining certain settings or preferences, after obtaining his consent, price changes, product features, stock changes, promotions, invoicing.
The categories of targeted persons are: clients / potential clients, visitors or registered members of the site / platform.
The ways in which data subjects are informed about their rights are:
– Privacy policy ;
– Terms and conditions of using the online platform / store (the document will be attached)
– On the web page in a dedicated section (the document will be attached);
– By email following the registration in the platform, as well as in case the client requests additional information, requests for offer;
– In the contact form on the website (the document will be attached);
The exercise of the rights provided by law 679/2016 (GDPR) belongs entirely to the operator who has the legal obligation to designate a person responsible for processing personal data within the organization. This person will develop a set of technical and organizational measures to secure data processing and has the obligation to inform the operator about the nature of processing, types of information and how these processes take place within the organization. The operator has the responsibility and obligation to ensure that these measures are implemented, that there is no risk of security breaches or information leaks and compliance with applicable law regarding data processing and the rights of data subjects.
The following personal data are processed through the online platform:
- name and surname
- physical characteristics – measures of clothes, shoes, accessories
- banking data in case of payments through the secure debit / credit card platform provided in a unified, centralized and secure way to the provider of this solution (Netopia Mobile Pay).
- Phone / Fax
- Address
SUN MUZE S.R.L. does not process special data categories.
SUN MUZE S.R.L. does not transfer data abroad or to third parties
The processing of personal data is not related to other evidence systems. The actual activity of the company is to take over the orders initiated by customers through the online platform (online store), to store and process them in order to invoice, ship and supply the ordered products.
The processing of the information entered by the client in the platform are processed and stored strictly in accordance with the purposes for which his consent was offered:
• Billing;
• Delivery;
• Return processing (according to the legal procedure);
• Automatic return, if the package is not received by the customer;
Retention of data in the user’s account for an improved experience (the client’s personal account is secured by him by logging in using the e-mail address and password chosen by him).
At the organizational level, the following security measures have been taken to reduce the risks
Technical measures
• SSL certificate – has the role of securing the exchange of information via the Internet. It encrypts the information before it circulates through the Internet. Encrypted information can only be decrypted by the server to which it is addressed. This guarantees that the information sent to a website / online platform will not be stolen, intercepted, processed.
Information about bank cards, passwords and in general any information that you want to remain private is secured by this certificate. The SSL certificate of the online platform SUN MUZE S.R.L. it is also used to secure e-mail correspondence, in such a way that the personal data of customers to circulate in a secure environment and regulated by a series of security measures that ensure the confidentiality of information.
• Automatic backup – set at a time interval to guarantee the information and for all clients to be sure that the information and preferences provided by them do not disappear and are not destroyed, lost or incorrect in case of a server error.
• Anti-spam and antivirus filters that prevent the infiltration of malicious content or viruses that may process data unauthorized or that may transmit it to other entities or persons who have not obtained the consent of the data subject.
• Protecting the content of the client profile by introducing a more complex password generation rule. The client is required, when creating the account, a password that meets a higher complexity criterion (alphanumeric + special characters);
• Securing the modules and scripts that communicate inside the platform. The operation of the elements involved in the client-server, server-client interaction is constantly checked.
• Verification and optimization of modules in order to keep them up-to-date to prevent vulnerabilities. This measure prevents the identification of vulnerabilities globally in the platforms used, 0-day vulnerabilities that can intercept data exchange and implicitly personal data in interactions the client with the platform or the process manager with the client and the platform.
• Classification of the types of access by the process manager – administration groups, the possibility to add or delete certain rights on a user with full access – personalization of the access according to the need.
• Password protection of the device from which the process manager performs data processing, in order to prevent unauthorized intervention.
• Firewall – software program and hardware component installed in the location of the company’s servers that offer hosting the online platform, are designed to protect the server and network equipment, against computer attacks, unauthorized intrusion, installation of malicious software applications that may endanger data personal data of platform users. The firewall blocks access by unauthorized persons to information stored on equipment connected to the Internet.
• Access to the data processing systems in which personal data are processed is possible only after the authorized person has been successfully identified and authenticated (eg with username and password or chip / PIN card), using the measures of the best security. In case of lack of authorization, access is denied.
• All access attempts, both successful and rejected, are recorded (user ID, computer, IP address used) and archived in a format according to audit rules for 3 months. In order to detect improper use, the server performs repeated, random checks;
• Access is blocked after repeated incorrect authentication attempts.
• Constant verification of platform vulnerabilities, which could allow the extraction of information and personal data. The hosting has security measures and solutions that repeatedly scan the processed files and the data flow that circulates inside the platform;
• Combating the risks of security breaches by taking precautionary measures from a technical and organizational point of view by securing the platform and constantly updating it with stable versions.
• Securing with password the equipment that has direct access to the order table and to the data for delivery / invoicing of the clients in order to prevent the unauthorized access and implicitly the unauthorized processing by unauthorized persons.
Organizational measures
• Destruction of documents that are no longer needed (previous AWB transport notes, erroneous invoices, etc.) using a document shredder at the disposal of the process manager;
• Elimination of the risk generated by the human factor by prohibiting the processing of information outside the secure platform except for the preparation of transport notes in the platform of the courier company, which is also a secure environment;
• Adopting security measures without differentiating between types of customers (new / existing / potential);
• Adoption of an internal policy for verifying the processes and processing at the time of delivery of the product or taking over the information regarding an order or possible offer;
• Avoiding the differentiation between clients through mechanisms that can positively or negatively profile the data subject. For this reason, we do not request as personal data sexual orientation, sexual interests, sex, religion, membership in movements or groups, etc. Customers are free to order and choose what they want. By this measure, we consider that we respect the integrity of the person and avoid any trace of analysis / profiling based on these criteria.
Updating the privacy policy and the Terms and Conditions of SUN MUZE S.R.L.
• Informing customers about the procedure of delivery, return and processing of orders;
• Securing documents containing personal data. This measure represents a safe location where these documents are stored and archived on a legal, fiscal, current basis to prevent unauthorized processing. These are kept in a double key to which only the company’s representative has access (Mircea Caldararu)
• Training the process manager on the risks of processing personal data outside the online platform.
Training the process manager on the need for notification in case of a major security incident.
• Training the process manager on the management of situations that may occur when processing data within the platform (errors, usage errors).
• Training the process manager on the use of the information they process and awareness of the nature of personal information;
• Prohibition of data processing outside the platform by managing commands directly in the user interface of the platform, not being necessary to process data in other insecure and vulnerable environments.
• The process manager is regularly trained on:
• Data protection principles, including technical and organizational measures
• The requirement to maintain the secrecy of data and confidentiality regarding the secrets of the organization and trade secrets, including transactions;
• Correct, careful use of data, data media and other documents;
• The secret of telecommunications;
• Other specific confidentiality obligations, where necessary;
Purpose of data collection
The purpose of data collection is to invoice orders, to send correspondence and to honor orders. Your refusal to provide the data, determines the impossibility of placing on your site your order and its processing.
According to Law no. 679/2016 (GDPR), users enjoy the right of access, the right to be forgotten, the right to carry personal information and data, the right to intervene on data, the right not to be subject to an individual decision and the right to will address justice. At the same time, they have the right to oppose the processing of personal data concerning you and to request the deletion of data. To exercise these rights, users can address a written request, dated and signed at the e-mail address contact@fixaix.ro. They also have the right to go to court. Also, if some of the data about you are incorrect, please let us know as soon as possible.
SUN MUZE S.R.L. does not transfer data abroad or to third parties