We consider the protection of your personal data as a fundamental commitment at www.onino.eu, therefore we will allocate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as any other legislation applicable in Romania.
Since one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer, and protect your personal data when you interact with us regarding our products and services, including through our website www.onino.eu or by telephone.
We reserve the right to periodically update and modify this Privacy Policy to reflect any changes to the way we process your personal data or any changes to legal requirements. In the event of any such changes, we will display on our website the modified version of the Privacy Policy, which is why we encourage you to periodically check the content of this Privacy Policy.
1. Who are we and how can you contact us?
www.onino.eu is the trade name of SC BABYSAFE INTERNATIONAL SRL, a legal entity of Romanian nationality, headquartered in Cluj-Napoca, registered in the Trade Register under No. J12/57/2015, unique fiscal registration code RO 33957978. In terms of data protection legislation, we are the data controller when we process your personal data.
As we are always open to hearing your opinions, as well as providing you with any additional information you may need regarding the processing of your data, we encourage you to contact us regarding data protection at the email address hello@onino.eu or at the telephone numbers displayed on our website.
2. What categories of personal data do we process?
In general, we collect your personal data directly from you, so you have control over the type of information you provide us. For example, we receive information from you in the following ways:
- When you create an account, you provide us with: delivery address; email address, first and last name; phone number.
- When you place an order, you provide information such as: the desired product, first and last name, delivery address, billing details, payment method, phone number, etc.
- We may also collect and subsequently process certain information regarding your behavior during your visit to our website, in order to personalize your online experience and provide you with offers tailored to your profile.
We invite you to learn more about this by consulting the section regarding the purposes of processing below.
- On our website, we may store and collect information in cookies and similar technologies, according to our Cookie Policy.
- We do not collect or otherwise process sensitive data included in the General Data Protection Regulation under special categories of personal data.
- We also do not intend to collect or process data from minors under the age of 16.
3. What are the purposes and legal bases for processing?
We will use your personal data for the following purposes:
- To provide the services of www.onino.eu for your benefit. This general purpose may include, as applicable:
- a) Creating and managing your account within the www.onino.eu platform.
- b) Processing orders, including taking, validating, shipping, and billing them.
- c) Addressing cancellations or problems of any nature related to an order, the goods, or services purchased.
- d) Returning products according to legal provisions.
- e) Refunding the value of products according to legal provisions.
- f) Providing support services, including responding to your inquiries about your orders or the goods and services of www.onino.eu.
- For improving our services
- We constantly strive to offer you the best online shopping experience. For this purpose, we may collect and use certain information related to your buyer behavior, we may invite you to complete satisfaction surveys following the completion of an order, or we may conduct, directly or with the help of partners, market research and studies.
- We base these activities on our legitimate interest to conduct business activities, always ensuring that your fundamental rights and freedoms are not affected.
- For marketing purposes
- We want to keep you updated on the best offers for the products/services that interest you.
- In this regard, we can send you any type of message (such as: email/phone/newsletter/etc.), containing general and thematic information, information on products similar or complementary to those you have purchased, information on offers or promotions, information about products added in the "Account/My Basket" section, or products you have shown interest in purchasing, as well as other commercial communications such as market research and opinion surveys, and we can display personalized recommendations on the website.
- To provide you with information of interest to you, we may use certain data about your buyer behavior (e.g., products viewed/purchased) to create a profile.
- We always ensure that these processes are carried out with respect to your rights and freedoms and that the decisions made based on them do not have legal effects on you and do not similarly affect you in a significant way. In most cases, we base our marketing communications on your prior consent.
- You can change your mind and withdraw your consent at any time by:
- Accessing the unsubscribe link displayed in the messages you receive from us;
- Contacting www.onino.eu using the contact details described above.
- In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our commercial activities.
- In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected.
- However, you can request at any time, by the means described above, that we stop processing your personal data for marketing purposes, and we will comply with your request.
- For the defense of our legitimate interests
- There may be situations where we will use or transmit information to protect our rights and business activities. These may include:
- Protective measures for the website and users of the platform www.onino.eu against cyber-attacks.
- Measures to prevent and detect attempts at fraud, including transmitting information to competent public authorities;
- Measures for managing various other risks.
- The general basis for these types of processing is our legitimate interest in protecting our business operations, ensuring that all measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
- In certain cases, our processing is also based on legal provisions such as the obligation to secure the safeguarding of goods and values as stipulated by the applicable legislation in this matter.
4. How long do we keep your personal data?
- As a general rule, we will store your personal data as long as you have an account on the www.onino.eu platform.
- You can request at any time the deletion of certain information or the closure of your account, and we will comply with these requests, subject to retaining certain information even after the account closure, where applicable legislation or our legitimate interests require it.
5. To whom do we transmit your personal data?
- Depending on the case, we may transmit or provide access to certain personal data of yours to the following categories of recipients:
- partners of SC BABYSAFE INTERNATIONAL SRL;
- order preparation service providers;
- courier service providers;
- other companies with which we can develop joint marketing programs for our goods and services.
- If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities. We ensure that access to your data by third-party private legal entities is carried out in accordance with legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
6. In which countries do we transfer your personal data?
- Currently, we store and process your personal data within the territory of Romania.
- Transfers to service providers and other third parties are always protected by contractual commitments and, where applicable, by other guarantees such as standard contractual clauses issued by the European Commission or certification schemes like the Privacy Shield for the protection of personal data transferred from inside the EU to the United States.
- You can contact us at any time using the contact details provided above to learn more about these transfers.
7. How do we protect the security of your personal data?
- We commit to ensuring the security of your personal data by implementing appropriate technical and organizational measures, according to industry standards.
- The transmission of your personal data is stored on secured servers, ensuring data redundancy.
- Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, posing a risk that the data may be seen and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities of systems that are not under our control.
8. What rights do you have?
- The General Data Protection Regulation recognizes a range of rights regarding your personal data. You can request access to your data, correct any errors in our files and/or you can object to the processing of your personal data.
- Additionally, you have the right to complain to the competent supervisory authority or to seek judicial remedy. Depending on the case, you might also have the right to request the deletion of your personal data, the right to restrict the processing of your data, and the right to data portability.
- More information about each of these rights can be obtained by consulting the table presented below.
- To exercise your rights, you can contact us using the contact details provided above. Please consider the following if you wish to exercise these rights:
- Identity. We take the confidentiality of all records containing personal data seriously. For this reason, please send us your requests regarding such records using the email address associated with your www.onino.eu account. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.
- Fees. We will not charge a fee to exercise any right regarding your personal data, except if your request for access to information is unfounded, repetitive, or excessive, in which case we may charge a reasonable fee in such circumstances. We will inform you of any fees before resolving your request.
- Response Time. We aim to respond to any valid requests within 60 days, unless it is particularly complicated or you have made multiple requests, in which case we will respond within a maximum of three months. We may ask if you can specify exactly what you want to receive or what is concerning you. This will help us act faster and shorten the response time to your request.
9. Third Party Rights
- Access. You may ask us to:
- Confirm whether we are processing your personal data;
- Provide you with a copy of these data;
- Offer other information about your personal data, such as the data we hold, what we use them for, whom we disclose them to, whether we transfer them abroad, and how we protect them, how long we keep them, what rights you have, how you can make a complaint, where we obtained your data, to the extent the information has not already been provided in this notification.
- Data Deletion.
- You may request us to delete your personal data, but only if:
- They are no longer necessary for the purposes for which they were collected;
- You have withdrawn your consent (if data processing is based on consent);
- You exercise a legal right to object;
- They have been unlawfully processed;
- There is a legal obligation to do so.
- We are not required to comply with your request to delete your personal data if the processing of your personal data is necessary:
- to comply with a legal obligation;
- for the establishment, exercise, or defense of legal claims.
- There are other circumstances where we are not obligated to comply with your request to delete data, although these two are the most likely circumstances in which we could refuse this request.
- Please consider, before exercising this right, to download from your www.onino.eu account and save all documents related to orders made from www.onino.eu, regardless of whether the billing was made to you or to another individual or legal entity (such as invoices).
- If you do not take this step before exercising your right of deletion, you will lose all these documents, and www.onino.eu will be unable to provide them afterwards, as the process of deleting data, including the www.onino.eu account and all related data and documents, is irreversible.
- Restriction of Data Processing
- You may request us to restrict the processing of your personal data, but only if:
- their accuracy is contested (see the rectification section), to allow us to verify their accuracy;
- the processing is unlawful, but you do not want the data to be erased;
- the data are no longer necessary for the purposes for which they were collected, but you need them for the establishment, exercise, or defense of legal claims;
- you have exercised your right to object, and the verification whether our rights override yours is pending.
- We may continue to use your personal data following a request for restriction, if:
- we have your consent;
- to establish, exercise, or defend legal claims;
- to protect the rights of www.onino.eu or another natural or legal person.
- Objection
- You may object at any time, for reasons related to your particular situation, to the processing of your personal data based on our legitimate interest, if you believe that your fundamental rights and freedoms override this interest.
- Additionally, you may object at any time to the processing of your data for direct marketing purposes (including profiling), without providing any reason, in which case we will cease this processing as soon as possible.
- Complaints
- You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data.
- In Romania, the contact details of the data protection supervisory authority are as follows:
- National Supervisory Authority for Personal Data Processing: G-ral. Gheorghe Magheru Blvd. No. 28-30, Sector 1, postal code 010336, Bucharest, Romania, Phone: +40.318.059.211 or +40.318.059.212; Email: anspdcp@dataprotection.ro
Without affecting your right to contact the supervisory authority at any time, please contact us first, and we promise that we will make all necessary efforts to resolve any issue amicably.
We remind you that you can contact us at any time regarding data protection by sending your request through any of the following means: