0 Items

Terms and Conditions

Welcome to muzestyle.com!
Please read the terms and conditions carefully before using this site to place an order.

Terms and conditions of use
The www.muzestyle.com website is the property of SUN MUZE SRL, registered in Drumul Taberei 59a – Bucharest Sect 6, J40 / 7606/2019, 41241871. Accessing, visiting, using or buying the products presented on the www.muzestyle.com website implies acceptance of the terms and conditions listed below. The products sold through www.muzestyle.com are new and accompanied by a tax invoice.
SUN MUZE S.R.L. reserves the right to refuse collaboration with customers who show inappropriate behavior and language (aggressive, licentious, etc.) or who have in the order history, refused deliveries.
SUN MUZE S.R.L. reserves the right not to honor the delivery of products whose price is wrong and does not fall within the company’s price range. In this case, the customer will be contacted and will have the option to confirm the order at the correct price or to refuse it. The share capital is 200 RON.
SUN MUZE S.R.L. reserves the right to make changes and updates to these terms and conditions, as well as to the offer, without prior notice and without specifying the reasons; also SUN MUZE S.R.L. reserves the right to correct any omissions or display errors that may occur as a result of typing errors, lack of accuracy or errors in the software, without prior notice. These errors do not oblige SUN MUZE S.R.L. to no action.
• Privacy policy
SUN MUZE S.R.L. guarantees the security and confidentiality of the data hosted and transmitted through its computer system. This information may be used by SUN MUZE S.R.L. to send the user the order confirmation, various special offers, promotions, etc. only on the basis of the consent of the data subject. Providing personal data to SUN MUZE S.R.L. does not imply obligations on the part of users, and they may refuse to provide this data in any circumstances and may request their deletion from the database free of charge. In order to delete the information provided by the users from the database, it is enough to be contacted and to be requested this by phone, or by e-mail, and we will provide the user with a form through which he can exercise his rights. by the legislation in force, regarding the processing of personal data.
SUN MUZE S.R.L., owner of the platform, does not intervene directly or indirectly on the databases where the customer information is stored. These are processed automatically only in the following processes:
• Password reset
• Can be requested only by the user;
• Account activation link / password change directly by e-mail;
• Updating / modifying / deleting information and / or user account
• Has the possibility to delete the account, to modify and update the information;
• Has full access to updating the information necessary to take possession of the delivered products;
• Has the possibility to express his consent to be informed about the stock update, the alert for completing the order from the shopping cart, new offers, stock and price changes, etc .;
We use the personal data collected, for the following purposes:
1. Invoicing of products / services ordered by the user;
2. Their delivery;
3. Making the online payment (if applicable);
4. Request for offer or contact request;
To enable invoicing, shipping and delivery of placed orders, the user must agree that SUN MUZE S.R.L. to collect and process your registered data, according to the requirements of Law no. 679/2016 (GDPR). According to the requirements of Law no. 679/2016 (GDPR) for the protection of individuals with regard to the processing of personal data, and the protection of privacy in the electronic communications sector, SUN MUZE S.R.L. has the obligation to administer in safe conditions and only for the specified purposes, the personal data that are provided to us. In this regard, SUN MUZE S.R.L. has developed a series of technical and organizational measures to prevent the risks that may occur within processing of personal data. The processing of personal data within the organization is conditioned by a series of technical and organizational measures in order to secure them. These measures are intended to protect information at the organization’s level against security incidents. From the point of view of processing, within SUN MUZE S.R.L., personal data are processed only for the purposes for which the consent of the data subjects was obtained, including for parallel purposes and for concluding a contract or delivering a product to the customer, requested by him. Given that this organization operates mostly in the online environment, the processing of personal data of customers are transmitted online through applications and the platform on which orders and requests for quotation are requested. The data collected are minimized and are directly related to the purpose for which consent was obtained and are necessary to contact the customer in case of a request for offer or to deliver and make available the ordered product according to its requirements or return.

SUN MUZE S.R.L. the legal person registered at the Trade Register (no. J40 / 7606/2019, CUI 41241871) is a direct operator, not authorized and has no designated such entities. The purpose of processing personal data is to provide products through the online store and the parallel purposes of this activity: returning products, processing information necessary for delivery, improving the user experience by retaining certain settings or preferences, after obtaining his consent, price changes, product features, stock changes, promotions, invoicing. The categories of targeted persons are: clients / potential clients, visitors or registered members of the site / platform. The ways in which the data subjects are informed about their rights are: – Privacy policy;

– Terms and conditions of using the online platform / store (the document will be attached)

– On the web page in a dedicated section (the document will be attached);

– By email following the registration in the platform, as well as in case the client requests additional information, requests for offer;

– In the contact form on the website (the document will be attached);

The exercise of the rights provided by law 679/2016 (GDPR) belongs entirely to the operator who has the legal obligation to designate a person responsible for processing personal data within the organization. This person will develop a set of technical and organizational measures to secure data processing and has the obligation to inform the operator about the nature of processing, types of information and how these processes take place within the organization. The operator has the responsibility and obligation to ensure that these measures are implemented, that there is no risk of security breaches or information leaks and compliance with applicable law regarding data processing and the rights of data subjects. The following personal data are processed through the online platform:

  • name and surname
  • physical characteristics – jewelry measures
  • bank data in case of payments through the secure platform with debit / credit card provided in a unified, centralized and secure way to the provider of this solution (PAYMOBILE).
  • email
  • Phone / Fax
  • Address

SUN MUZE S.R.L. does not process special data categories. SUN MUZE S.R.L. does not transfer data abroad or to third parties The processing of personal data is not related to other evidence systems. The actual activity of the company is to take over the orders initiated by customers through the online platform (online store), to store and process them in order to invoice, ship and supply the ordered products. The processing of the information entered by the client in the platform are processed and stored strictly in accordance with the purposes for which his consent was offered:

  • Billing;
  • Delivery;
  • Return processing (according to the legal procedure);
  • Automatic return, if the package is not received by the customer;
  • Retention of data in the user’s account for an improved experience (the client’s personal account is secured by him by logging in using the e-mail address and password chosen by him).

At the level of the organization, the following security measures have been taken to reduce the risks:
Technical measures:
• SSL certificate – has the role of securing the exchange of information via the Internet. It encrypts the information before it circulates through the Internet. Encrypted information can only be decrypted by the server to which it is addressed. This guarantees that the information sent to a website / online platform will not be stolen, intercepted, processed.
Information about bank cards, passwords and in general any information that you want to remain private is secured by this certificate. The SSL certificate of the online platform SUN MUZE S.R.L. it is also used to secure e-mail correspondence, in such a way that the personal data of customers to circulate in a secure environment and regulated by a series of security measures that ensure the confidentiality of information.
• Automatic backup – set at a time interval to guarantee the information and for all clients to be sure that the information and preferences provided by them do not disappear and are not destroyed, lost or incorrect in case of a server error.
• Anti-spam and antivirus filters that prevent the infiltration of malicious content or viruses that may process data unauthorized or that may transmit it to other entities or persons who have not obtained the consent of the data subject.
• Protecting the content of the client profile by introducing a more complex password generation rule. The client is required, when creating the account, a password that meets a higher complexity criterion (alphanumeric + special characters);
• Securing the modules and scripts that communicate inside the platform. The operation of the elements involved in the client-server, server-client interaction is constantly checked.
• Verification and optimization of modules in order to keep them up-to-date to prevent vulnerabilities. This measure prevents the identification of vulnerabilities globally in the platforms used, 0-day vulnerabilities that can intercept data exchange and implicitly personal data in interactions the client with the platform or the process manager with the client and the platform.
• Classification of the types of access by the process manager – administration groups, the possibility to add or delete certain rights on a user with full access – personalization of the access according to the need.
• Password protection of the device from which the process manager performs data processing, in order to prevent unauthorized intervention.
• Firewall – software program and hardware component installed in the location of the company’s servers that offer hosting the online platform, are designed to protect the server and network equipment, against computer attacks, unauthorized intrusion, installation of malicious software applications that may endanger data personal data of platform users. The firewall blocks access by unauthorized persons to information stored on equipment connected to the Internet.
• Access to the data processing systems in which personal data are processed is possible only after the authorized person has been successfully identified and authenticated (eg with username and password or chip / PIN card), using the measures of the best security. In case of lack of authorization, access is denied.
• All access attempts, both successful and rejected, are recorded (user ID, computer, IP address used) and archived in a format according to audit rules for 3 months. In order to detect improper use, the server performs repeated, random checks;
• Access is blocked after repeated incorrect authentication attempts.
• Constant verification of platform vulnerabilities, which could allow the extraction of information and personal data. The hosting has security measures and solutions that repeatedly scan the processed files and the data flow that circulates inside the platform;
• Combating the risks of security breaches by taking precautionary measures from a technical and organizational point of view by securing the platform and constantly updating it with stable versions.
• Securing with password the equipment that has direct access to the order table and to the data for delivery / invoicing of the clients in order to prevent the unauthorized access and implicitly the unauthorized processing by unauthorized persons.

Organizational measures:

  • Destruction of documents that are no longer needed (previous AWB transport notes, erroneous invoices, etc.) using a document shredder at the disposal of the process manager;
  • Elimination of the risk generated by the human factor by prohibiting the processing of information outside the secure platform except for the preparation of transport notes in the platform of the courier company, which is also a secure environment;
  • Adopting security measures without differentiating between types of customers (new / existing / potential);
  • Adoption of an internal policy for verifying the processes and processing at the time of delivery of the product or taking over the information regarding an order or possible offer;
  • Avoiding the differentiation between clients through mechanisms that can positively or negatively profile the data subject. For this reason, we do not request as personal data sexual orientation, sexual interests, sex, religion, membership in movements or groups, etc. Customers are free to order and choose what they want. By this measure, we consider that we respect the integrity of the person and avoid any trace of analysis / profiling based on these criteria.
  • Updating the privacy policy and the Terms and Conditions of SUN MUZE S.R.L.
  • Informing customers about the procedure of delivery, return and processing of orders;
  • Securing documents containing personal data. This measure represents a safe location where these documents are stored and archived on a legal, fiscal, current basis to prevent unauthorized processing. These are kept in a double key to which only the company’s representative has access (Mircea Caldararu)
  • Training the process manager on the risks of processing personal data outside the online platform.
  • Training the process manager on the need for notification in case of a major security incident.
  • Training the process manager on the management of situations that may occur when processing data within the platform (errors, usage errors).
  • Training the process manager on the use of the information they process and awareness of the nature of personal information;
  • Prohibition of data processing outside the platform by managing commands directly in the user interface of the platform, not being necessary to process data in other insecure and vulnerable environments.
  • The process manager is regularly trained on:
  • Data protection principles, including technical and organizational measures
  • The requirement to maintain the secrecy of data and confidentiality regarding the secrets of the organization and trade secrets, including transactions;
  • Correct, careful use of data, data media and other documents;
  • The secret of telecommunications;
  • Other specific confidentiality obligations, where necessary;

The purpose of data collection is to invoice orders, to send correspondence and to honor orders. Your refusal to provide the data, determines the impossibility of placing on your site your order and its processing. According to Law no. 679/2016 (GDPR), the user enjoys the right of access, the right to be forgotten, the right to carry personal information and data, the right to intervene on data, the right not to be subject to an individual decision and the right to he addressed justice. At the same time, he has the right to oppose the processing of personal data and may request the deletion of data. To exercise these rights, the user can address a written request, dated and signed at the e-mail address contact@muzestyle.com. Also, if some of the user data is incorrect, please let us know so that we can make the necessary corrections. SUN MUZE S.R.L. does not transfer data abroad or to third parties

  • Copyright

The content of the site www.muzestyle.com is the property of SUN MUZE S.R.L. and is protected under copyright and intellectual property laws. Use without the written consent of SUN MUZE S.R.L. of any elements on the site is punished according to the laws in force. The personal data of the buyers may be transmitted to the law enforcement authorities following a request in accordance with the laws in force, in order to perform any verification of commercial transactions or any other verification justified under the law.

GLOSSARY OF TERMS
ACCESS OF THE TARGET PERSON
• This is the right of the data subject to obtain from the data controller, upon request, certain information regarding the processing of his personal data, as detailed in Chapter III Section 2 of the RGPD.
SUPERVISORY AUTHORITY / PRINCIPAL AUTHORITY
• Supervisors are national data protection authorities empowered to implement the RGPD in their own Member State. The concept of “one-stop shop”: if a company is established in several Member States, it will have a “principal authority”, determined by the place of its “headquarters” in the EU. A supervisory authority that is not a lead authority may also have a regulatory role, for example where processing has an impact on data subjects in the country where that supervisory authority is the national authority.
SPECIAL DATA CATEGORIES
• Often known as “sensitive data”. RGPD has expanded the definition to include both biometric and genetic data.
EDPS (EDPB)
• European Data Protection Board; it will replace the Article 29 Working Party, and its functions will include ensuring the coherence of the implementation of the RGPD, advising the European Commission, issuing guidelines, codes of practice and recommendations, accrediting certification bodies and issuing opinions on draft decisions of the authorities. supervision.
MINIMUM SECURITY REQUIREMENTS
• A set of norms adopted by Order of the People’s Advocate in order to ensure the security / confidentiality and integrity of DCP, which covers the following aspects: user identification and authentication, type of access, data collection, execution of backups, computers and access terminals, files access, telecommunications systems, staff training, computer use and data printing. Each entity has the obligation to approve its own security system, taking into account these minimum security requirements for FAD processing, and depending on the importance of this processed data will impose additional security measures.
DATA PROCESSING CONSENT (OPT-IN)
• The process of collecting personal information, through which the person in question gives his consent, in a deliberate way, for the processing of his personal data.
DATA CONTROLLER
• An organization or company that collects personal data and makes decisions about how it is managed
PERSONAL DATA
• This is any information regarding an identified / identifiable natural person, a “targeted person”. The data subject is a natural person, who can be identified or identifiable directly or indirectly.
DATA PROTECTION DIRECTIVE
• European Directive 95/46 / EC previously governs the processing of personal data in the EU, and will now be replaced by the RGPD.
DOUBLE OPT-IN
• The process by which a person must go through a 2-step mechanism to give consent to the processing of his personal data.
THE RIGHT TO DELETE THE DATA / THE RIGHT TO BE FORGOTTEN
• The existing right to delete the personal data of the data subject, in certain circumstances, has been extended to a new “right of deletion” in the circumstances detailed in Chapter III Section 3 of the RGPD. Viewing the data hosted in another location would represent a transfer in the sense of RGPD.
WORKING GROUP ARTICLE 29
• The Article 29 Working Party (“A29WP”) is composed of representatives of the EU national supervisory authorities, the European Data Protection Supervisor (“EDPS”) and the European Commission. It has been transformed into the “European Data Protection Board” (“EDPS”), with a similar component, but with an independent Secretariat – see the chapter on the “European Data Protection Board”.

ENTERPRISE
• This term is used in a variety of contexts in the RGPD, most often to refer to a legal entity involved in “economic activity”. The term has a special significance in the context of the RGPD provisions regarding financial penalties. Businesses will be subject to penalties calculated as a percentage of their annual worldwide turnover. In this context, the term borrows principles developed in the context of Union competition law.
DATA OPERATOR
• A person or body, alone or jointly, which determines the purposes and means of processing personal data.
PASSIVE OPT-IN
• The process of gathering personal data using a default opt-in. For example, an already selected checkbox, which a user should de-select if he does not want to give his consent for the processing of his personal data.
PIA
• RGPD imposes a new obligation on data controllers and processors to perform a data protection impact assessment (also known as a privacy impact assessment or PIA) before performing any processing that poses a certain risk of confidentiality in by virtue of its nature, purpose or purposes. Chapter IV Section 3 presents a non-exhaustive list of the processing categories that will fall under this provision.
PRIVACY BY DESIGN
• Privacy by design means that any actions of a company that involve the processing of personal data must be done starting from the concern for the protection of personal information. This includes in-house projects, product development, software development, IT systems and more. In fact, it means that the IT department or any other department that processes personal information must ensure that any new project has a data protection system throughout its creation and implementation. Since May, adding data protection features at the end of a long development process is no longer legal.
PRIVACY BY DEFAULT
• Privacy by default means that once a product or service has been publicly released, the strictest data protection settings have already been implemented by default. This without the user having to perform any operation or acquire additional functionality.
TRIAL
• It is broadly defined to cover any operation or set of operations performed on personal data or personal data sets, whether or not this is done by automated means. Examples of processes include the collection, registration, organization, storage, use and destruction of personal data.
DATA PROCESSOR
• An entity that processes data on behalf of the data operator.
aliases
• The technique of processing personal data so that they can no longer be attributed to a certain person without the use of additional information that must be kept separately and that must be subject to technical and organizational measures to ensure non-assignment.
RGPD (RGPD)
• The General Data Protection Regulation was finally adopted as Regulation (EU) 2016/679 on 27 April 2016.
RPD (DPO)
• A person responsible for data protection – whose designation is mandatory according to the RGPD when: (i) the processing is performed by a public authority; or (ii) the “core activities” of a data controller / processor: (a) require “regular and systematic monitoring of large-scale data subjects” or; (b) consist of the processing of special categories of data or data on “large-scale” criminal convictions.
EEA (EEA)
• The European Economic Area comprises all 28 EU Member States, Iceland, Liechtenstein and Norway. Does not include Switzerland.
DATA SUBJECT (DATA SUBJECT)
• The individual or person whose personal data is being processed.
TRANSFER The transfer of personal data to countries outside the EEA or to international organizations, which are subject to the restrictions detailed in Chapter V of the RGPD. As with the Data Protection Directive, data does not have to be physically transported to be transferred.

[]