Processing of personal data

What categories of personal data we process

We generally collect your personal data directly from you, so you have control over the type of information you give us. By way of example, we receive information from you as follows:

When you create a smarrt.ro account, you send us: your e-mail address, name and surname;

Within your personal page ( My Account ) on the smarrt.ro platform you can add additional information, such as: mobile phone number, landline phone number, delivery addresses, alternative e-mail address, etc.

When you place an order, you provide us with information such as: desired product, name and surname, delivery address, billing details, payment method, phone number.

We may also collect and further process certain information about your behavior while visiting our website in order to personalize your online experience and provide you with offers tailored to your profile. We invite you to learn more details in this regard by consulting the section regarding the purposes of processing below.

On our website we may store and collect information in cookies and similar technologies, according to the Cookie Policy.

We do not collect or otherwise process sensitive data, included by the General Data Protection Regulation in special categories of personal data. We also do not wish to collect or process data of minors under the age of 16.

What are the purposes and grounds of the processing

We will use your personal data for the following purposes:

1. For the provision of smarrt.ro services for your benefit.

This general purpose may include, as appropriate, the following:

a) Account creation and administration within the smarrt.ro platform;

b) Order processing, including their receipt, validation, dispatch and invoicing;

c) Solving cancellations or problems of any nature related to an order, goods or services purchased;

d) Returning the products according to the legal provisions;

e) Reimbursement of the counter value of the products according to the legal provisions;

h) Providing support services, including providing answers to your questions regarding your orders or smarr.ro goods and services

The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between SMARRT.RO and you. Also, certain processing subsumed for these purposes is required by applicable legislation, including tax and accounting legislation.

2. To improve our services

We base these activities on our legitimate interest in carrying out commercial activities, always taking care that your fundamental rights and freedoms are not affected.

3. For marketing

We want to keep you informed about the best offers for the products/services that interest you. In this sense, we can send you, for smarrt.ro or on behalf of any company of the smarrt.ro Group, any type of message (such as: e-mail/SMS/telephone/mobile push/webpush/etc.) containing information general and thematic, information about products similar to or complementary to those you have purchased, information about offers or promotions, information about products added to the "My Account/Basket" section or the "Account/Favorites" section or you have shown interest in purchasing them, as well as other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the website. In order to provide you with information of interest to you, we may use certain data regarding your purchasing behavior (eg products viewed / wishlisted / purchased) to create a profile for you. We always ensure that this processing is carried out with respect for your rights and freedoms and that the decisions made on the basis of them do not have legal effects on you and do not similarly affect you to a significant extent.

In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:

– Changing the settings in the customer account in the "Newsletter" section;

– Accessing the unsubscribe link displayed in the messages you receive from us; or through

– Contacting smarrt.ro using the email address office.smarrt@gmail.com

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, by the means described above, to stop processing your personal data for marketing purposes, and we will comply with your request.

4. To defend our legitimate interests

There may be situations where we will use or share information to protect our rights and business. These may include:

– Protection measures for the website and users of the smarrt.ro platform against cyber attacks:

– Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;

– Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in defending our commercial activity, it being understood that we ensure that all measures we take ensure a balance between our interests and your fundamental rights and freedoms.

Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the protection of goods and valuables provided by the applicable legislation in this matter

How long we keep your personal data

As a general rule, we will store your personal data for as long as you have an account on the platform. You may request that we delete certain information or close your account at any time, and we will comply with such requests, subject to the retention of certain information including after account closure, where applicable law or our legitimate interests require it.

To whom we transmit your personal data

As appropriate, we may transmit or provide access to certain of your personal data to the following categories of recipients:

– companies within the same group of companies as smarrt.ro;

– courier service providers;

– payment/banking service providers;

- IT / web development service providers (Shopify / Stripe)

If we are under a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties under private law is carried out in accordance with the legal provisions on data protection and information confidentiality, based on contracts concluded with them.

To which countries we transfer your personal data

As a general rule, your personal data is stored and processed within the European Union and the European Economic Area (EEA). 

In the event that your personal data will be transferred outside the European Union or the EEA, the transfer will be carried out (a) pursuant to a decisions of the European Commission by which it decides that the third country concerned provides an adequate level of protection, (b) on the basis of binding corporate rules, or (c) on the basis of standard contractual clauses adopted by the European Commission. Additionally, in the event that we identify that one of these measures is not sufficient to provide an adequate level of protection, on a case-by-case basis, we will adopt additional technical and/or organizational security measures in accordance with the recommendations of the European Commission . 

You can contact us at any time using the contact details set out above to find out more about the countries to which we transfer your data and the safeguards we have put in place in relation to those transfers. 

How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.

The transmission of your personal data is done using state-of-the-art encryption algorithms and we store them on secure servers, ensuring data redundancy at the same time.

To make payments we use the services of the payment processor Shopify payments / Stripe. Any payment information is encrypted, using HTTPS technology with TSL 1.2 encryption.

Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet in general or through other public networks is not completely secure, there is a risk that the data will be seen and used by third parties unauthorized parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.

What rights do you have?

The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You can request access to your data, correct any mistakes in our files and/or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or go to court. If applicable, you may also benefit from the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.

More information about each of these rights can be obtained by consulting the table below.

In order to exercise your rights, you can contact us using the contact details set out above. Please note the following points if you wish to exercise these rights:

Identity. We take the privacy of all records containing personal data seriously. For this reason, please send us your requests regarding such records using the e-mail address related to the smarrt.ro account. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity

Fees. We will not charge a fee to exercise any right in relation to your personal data, unless your request for access to the information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before we settle your claim.

Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask if you can tell us exactly what you want to receive or what you are concerned about. This will help us act faster and shorten the response time to your request.

Third Party Rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.