Privacy policy

The privacy of your personal data is very important to us and we are committed to protecting it.

This policy provides you with information on the identity and contact details of the controller, explains what we will do with your personal information in the context of your use of our website honeycolonia.com, and your rights in this regard under Regulation (EU) 2016/679.

Overview

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or GDPR) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable as of May 25, 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law No. 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons within the European Union. In material terms, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, legal businesses, including the name and type of legal person and the contact details of the legal person.

Personal data is defined as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Identity of the operator

In view of Article 4(7) of the Regulation, which defines „controller” as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, the controller processing personal data through this website is SC EVICOM HONEY SRL, with registered office at Str Carol I, nr 55, village Valea Uleiului, commune Valea Iasului, jud. Arges, Romania, registered at the Trade Register Office J3/1023/2018, having CUI RO39371144, with contact details office@honeycolonia.com, telephone +40 726 990 999.

Collection of personal data

What personal data is collected

The operator of this website collects, stores and processes the following personal data about you:

  • Surname, first name
  • Home and/or residence address
  • Contact details (such as e-mail, telephone)
  • IP

Getting Consent

Overview

In order for the processing of personal data to be lawful, the GDPR provides that it must be carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the data subject’s valid prior consent. In the latter case, the controller is under an obligation to be able to demonstrate that the data subject has consented to the processing. Consent expressed under Directive 95/46/EC remains valid if it fulfills the conditions laid down in the GDPR.

Consent must be given by an unequivocal statement or action which constitutes a freely given, specific, specific, informed and unambiguous indication of the data subject’s agreement to the processing of his/her personal data. Where the data subject’s consent is given in the context of a statement, electronically or in writing, which also relates to other matters, the request for consent should be presented in a form which clearly distinguishes it from the other matters and may even be done by ticking a box. In order for the processing of personal data to be lawful, the GDPR provides that it must be carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the data subject’s valid prior consent. In the latter case, the controller is under an obligation to be able to demonstrate that the data subject has consented to the processing. Consent expressed under Directive 95/46/EC remains valid if it fulfills the conditions laid down in the GDPR.

Cookies

Cookies are used on this website. They do not harm your computer and do not contain viruses, but are intended to help make the site easier, more efficient and safer to use. Cookies are small text files that are stored on your computer and are saved by the browser you are using.

Many of the cookies used are called „session cookies”, which are automatically deleted after your visit to this site. Others remain in your computer’s memory until you delete them, making it possible to recognize your browser on a subsequent visit.

You can set your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject cookies or automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions that you want to use (such as the shopping cart) are stored in accordance with the provisions of Article 6(1)(f) of the GDPR, according to which processing is lawful only if and to the extent that it is necessary for the purposes of the legitimate interests pursued by the controller or a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies in order to ensure technical error-free optimization. Other cookies (such as, for example, those used to analyze your browsing behavior) are also stored and will be dealt with separately in this document.

Consent Management Platform

This website uses a consent management platform – Cookieyes – and we are therefore empowered to obtain, manage and document your consent as a user.

The collection of your consent is done lawfully, in compliance with all legal requirements (contained in the GDPR, the European Court of Justice case law guidelines, the IAB Europe Transparency and Consent Framework), through the platform reaching the optimization of the consent given at the time of browsing this website.

The consent management platform – Cookieyes – complies with the European provisions in this field, the processing of personal data of visitors and users being carried out only to the extent necessary for the functionality and optimization of the site content. The legal basis for the processing of users’ personal data is the specific, informed and freely expressed consent of the users, obtained in accordance with art. 6 para. 1 lit. a) of the Regulation. For more details, you can access the Privacy Policy available here https://www.cookieyes.com/privacy-policy/

Server log files

The provider of this website automatically collects and stores information that your browser automatically transmits to us via log files. These are:

  • Browser type and version
  • Operating system used
  • The URL of the page that initially generated the request to display the current page or object (Referrer URL)
  • Host name of the accessing computer
  • Time server access data
  • IP address

The legal basis for processing such data is Art. 6 para. 1 lit. b) GDPR, which allows the processing of data where it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to the conclusion of a contract.

Contact form

If you submit questions to us via the contact form, we will collect the data entered in the form, including the contact details you provide, in order to answer your questions and any subsequent questions. We do not transmit this information without your permission. We will therefore process any data you enter in the contact form only with your consent. [You can revoke your consent at any time, an informal email to this effect will suffice. Data processed before we receive your request may be processed lawfully. We will keep the data you provide on the contact form until:

  • request data erasure;
  • withdraw your consent to their storage or if
  • the purpose for storing it is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contact by e-mail or phone

If you contact us by e-mail or telephone, your request, including any personal data you provide, will be stored and processed by us for the purpose of dealing with your request, based on your consent.

We will therefore process any data you provide under the following legal provisions within the GDPR, respectively:

  • only with your consent – in accordance with Art. 6 para. 1 lit. a) GDPR
  • for the performance of a contract or at the pre-contractual stage – in accordance with the provisions of Art. 6 para. 1 lit. b) GDPR
  • in order to fulfill the purpose and legitimate interest pursued by us, namely the efficient processing of the requests sent by you – in accordance with the provisions of Art. 6 para. 1 lit. f) GDPR.

We will keep the data you provide in this way until:

  • request data erasure;
  • withdraw your consent to their storage or if
  • the purpose for its storage is no longer valid in all cases except for mandatory data retention periods.

Register on the website

You can register on this website to access additional features and services offered by our company. In this respect, the data entered by you will be used and processed for the purpose of using the respective service or functions for which you have registered. The mandatory data requested at registration must be provided by you in full, otherwise the registration operation will be rejected.

In order to inform you about important changes, such as changes in the scope of our website or technical changes, we will use the e-mail address you specified when registering.

The processing of personal data, provided in the registration procedure, is done only with your consent and in compliance with the provisions of Art. 1 lit. a) GDPR. You can revoke your consent at any time, an informal e-mail to this effect is sufficient. We will continue to store the data collected during registration for as long as you remain registered on this website, but the mandatory storage periods remain valid and will be observed.

Comments section

By accessing the Comments section, certain personal data (such as, but not limited to, email address, username, IP address) will be processed and stored, some of which is necessary in order to prevent illegal actions or libelous content.

There is also the possibility to sign up/subscribe to this site in order to receive comments via the email provided, so:

  • Your email address may be verified by a confirmation email;
  • You can unsubscribe at any time by clicking on the unsubscribe link in the emails, and the data you provide will be deleted immediately, except for data provided as a result of accessing other sections (e.g. when signing up for the newsletter) which will remain stored;

Purpose of processing the data collected

Some of the data collected on this website is used to:

  • The provision of the services we offer for your benefit (e.g. resolving problems of any nature relating to our products and services, providing support services, etc.).
  • Optimal functioning and optimization of this site (statistically and analytically) – We always want to give you the best experience on our site, which is why we may collect and use certain information about your satisfaction while browsing this site, invite you to fill in suggestion questionnaires or the like.
  • Online advertising and promotional activities. You can ask us at any time, by the means described in this document, to stop the processing of your personal data for marketing purposes, and we will comply with your request as soon as possible.
  • Regular user information – We want to keep you informed about our offers. To this end, we may send you any type of message containing general and thematic information, information about offers or promotions, as well as other commercial communications such as market research and opinion polls. For communications of this type, we rely on your prior consent. You can change your mind and withdraw your consent at any time.
  • In defense of our legitimate interests. There may be situations where we will use or disclose information to protect our rights and business. These may include: measures to protect our website and the user of our website from cyber-attacks; measures to prevent and detect fraud attempts, including the transmission of information to the relevant public authorities; measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based both on the consent of the data subject and on the grounds of the proper performance of contracts or the legitimate interests of the controller (unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, in particular when the data subject is a child).

User rights

Your personal data rights and the means of exercising them are: Right to information, Right of access, Right to rectification, Right to erasure, Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated data processing, Right to lodge a complaint and to apply to the courts, Right to withdraw consent.

  • Right of information – you can request information about the processing activities of your personal data, about the identity of the controller and its representative or about the recipients of your data;
  • Right of access – you may obtain from the controller a confirmation as to whether or not personal data relating to you are being processed and, if so, access to those data and to the following information : the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or are to be disclosed, in particular recipients in third countries or international organizations ; where possible, the period for which the personal data are expected to be stored or, if this is not possible, the criteria used to determine this period ; the right to request the controller to rectify or erase the personal data or to restrict the processing of personal data or to object to the processing, etc.
  • Right of rectification – you can rectify inaccurate personal data or complete it;
  • The right to erasure – you can have your data erased if the processing was not lawful or in other cases provided by law;
  • Right to restriction of processing – you can request restriction of processing if you contest the accuracy of the data, as well as in other cases provided by law;
  • The right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a machine-readable format or you can request that the data be transferred to another controller
  • Right to object – you can object, in particular, to data processing based on the legitimate interest of the controller;
  • The right not to be subject to a decision based solely on automated data processing – you can ask for and obtain human intervention in such processing or express your own views on such processing;
  • Right to lodge a complaint and to apply to the courts – you can lodge a complaint about the way your personal data is processed with the National Supervisory Authority for Personal Data Processing and/or you can apply to the courts to enforce your rights;
  • Right to withdraw consent – in cases where processing is based on your consent, you can withdraw your consent at any time. The withdrawal of consent will only have effect for the future, with processing carried out prior to the withdrawal remaining valid.

Obligations of the data controller

Hosting

Personal data recorded on this website is stored on Hostinger servers. The processing of data provided and stored complies with the following legal provisions:

  • Art. 6 para. 1 lit. a) GDPR – data processing by Hostinger is carried out on the basis of your consent, obtained after correct and complete information;
  • Art. 6 para.
    1 lit.
    b) GDPR – the data processing by Hostinger takes place for the purpose of fulfilling the contractual obligations undertaken;
  • Art. 6 para. 1 lit. f) GDPR – data processing by Hostinger is carried out for the purposes of the legitimate interests pursued by the controller

Whatever the purpose for which personal data are processed, the principles of lawfulness, fairness and transparency are respected, as well as the principle that personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

For more information on the processing of personal data by Hostinger, please visit https://www.hostinger.ro/politica-de-cookies

We have a contract/agreement/legal agreement (including the possibility of including and agreeing to the clauses in the Terms and Conditions of the website) with Hostinger to ensure the processing of personal data in accordance with the relevant legal regulations. We comply with our obligations under Article 28 of the GDPR by choosing an external service provider that provides sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing complies with the requirements set out in the Regulation and ensures the protection of your rights.

Data encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you by the „lock icon” that appears in the browser bar and by changing the browser address from http:// to https://. Once this type of encryption is activated, the data transmitted or transferred will not be visible to third parties.

According to the GDPR, if the personal data breach is likely to create a high risk for your rights and freedoms, the operator of this website will inform you, without undue delay, about this breach, unless the complementary provisions of the same Regulation become applicable (Art. 34 paragraph 3).

Data Protection Officer

Not being applicable GDPR provisions (art. 37 para. 1 – according to which the controller and processor shall appoint a data protection officer whenever:

  1. the processing is carried out by a public authority or public body with the exception of courts acting in their judicial function;
  2. the main activities of the controller or processor consist of processing operations which by their nature, their scope and/or their purposes require regular and systematic monitoring of data subjects on a large scale; or
  3. the main activities of the controller or processor consist of the large-scale processing of special categories of data pursuant to Article 9 or of personal data relating to criminal convictions and offences referred to in Article 10)

In view of the obligation to appoint a Data Protection Officer, for any information or clarifications regarding the functioning of this website, please contact us at the following contact details:

  • E-mail: office@honeycolonia.com
  • Phone: +40 726 990 999
  • Str. Tarnita nr 14F, Curtea de Arges, jud. Arges, Romania

Records of processing activities

According to the GDPR Regulation, the controller or processor should keep, for a reasonable period of time, records of the processing activities under its responsibility. These records will thus include all of the following information:

  • name and contact details of the operator
  • the purposes of the processing;
  • description of the categories of data subjects and categories of personal data;
  • the categories of recipients to whom personal data have been or will be disclosed;
  • if applicable/possible:
    • transfers of personal data
    • the expected time limits for deletion of different categories of data
    • a general description of technical and organizational security measures

The obligation detailed above shall not apply to an enterprise or organization with fewer than 250 employees, unless the processing they carry out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Appropriate technical and organizational measures

Having regard to the state of the art, the context and purposes of the processing and the risks to the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed.

Notification of personal data breaches to the supervisory authority

According to Art. 33 para. 1 of the GDPR, in the event of a personal data breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where possible, no later than 72 hours after becoming aware of it, unless it is unlikely to create a risk to the rights and freedoms of natural persons.

Informing the data subject about the personal data breach

Having regard to the provisions of Article 34 of the GDPR, where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject without undue delay of the breach, except in situations where:

  • appropriate technical and organizational safeguards have been implemented and applied to personal data affected by the personal data breach, in particular measures to ensure that personal data are rendered unintelligible to any person not authorized to access them, such as encryption;
  • follow-up measures have been taken to ensure that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialize;
  • would require a disproportionate effort. In this situation, public information shall be provided instead, or a similar measure shall be taken whereby the persons concerned are informed in an equally effective manner.

Social Media

Facebook plugins (Like Share Button)

This service uses social plugins („plugins”) managed by the facebook.com social network. Plugins can be identified by a Facebook logo (a white „f” on a blue plate or a „thumbs up” sign) or are labeled by adding the phrase „Facebook Social Plugin”. The list and layout of Facebook plugins can be seen here: https://developers.facebook.com/docs/plugins/. As long as you use the Like extension, you will like the Facebook page of our website without having to leave it. To the extent that you use the Share extension, you will share our website or specific content from it on your personal Facebook page without having to leave the site.

Through the plugin, Facebook receives the information you access on our website. If you are logged in and logged in to Facebook at the same time, Facebook can attribute the actions performed on the page to your account and, by default, to you personally. When you interact with the plugins, e.g. by clicking the Like button or sharing certain content on the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a member of Facebook, there is still a possibility that the social network may obtain and store your IP address.

By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Facebook. We do not have control over the nature and purpose of this transferred data and its further processing. Regarding the purpose and extent of data collection, further processing and use of the data by Facebook, as well as the permissions and privacy settings.

If you do not want Facebook to associate your visit to this site with your Facebook account information, you can opt-out.

Instagram Plugin

This service utilizes social plugins („plugins”) managed by the Instagram social network, features provided by Instagram Inc. headquartered at 1601 Willow Road, Menlo Park, CA 94025, USA. Plugins can be identified by an Instagram logo or are labeled by adding the phrase „Instagram Social Plugin”.

Through the plugin, Instagram is informed about the actions you take on our page. If you are logged in and logged into your personal account on the social network at the same time, it can attribute the actions performed on the page to your Instagram account and, by default, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not a member of Instagram, there is still a possibility that it obtains and stores your IP address.

By clicking on one of these buttons, you consent to the use of this plugin and therefore to the transfer of personal data to Instagram. We have no control over the nature and purpose of this transferred data and its further processing. Regarding the purpose and scope of data collection, further processing and use of data by Instagram, as well as the permissions and settings to protect user privacy, you can refer to Instagram’s privacy policies at: https://help.instagram.com/155833707900388.

If you are a member of Instagram and don’t want Instagram to collect your data through the plugin and link it to data already stored on Instagram, you need to log out of the social network before visiting this site.

Twitter plugin

This service uses social plugins („plugins”) managed by the twitter.com social network. Plugins can be identified by a Twitter logo.

Through the plugin, Twitter receives the information you access on our page. If you are logged in and logged in to the social network at the same time, Twitter may attribute the actions performed on the page to your Twitter account and, by default, to you personally. When you interact with plugins, the corresponding information is transferred directly from your browser to Twitter and stored. Even if you are not a member of Twitter, there is still a possibility that Twitter obtains and stores your IP address.

By clicking on one of the plugin buttons, you consent to their use and therefore to the transfer of personal data to Twitter. We do not have control over the nature and purpose of this transferred data and its further processing. Regarding the scope and extent of data collection, further processing and use of data by Twitter, as well as the permissions and settings to protect users’ privacy, you can consult Twitter’s privacy policies at: https://twitter.com/en/privacy.

If you are a member of Twitter and do not want Twitter to collect your data through the plugin and link it to data already stored on Twitter, you must log out of the social network before visiting the site.

Newsletter

In order to receive a newsletter, a valid e-mail address is required, along with specific information identifying the owner of that address. Your consent is also required to send the newsletter and we therefore inform you that any other personal data will only be collected and stored with your consent. The data thus collected is processed solely for the purpose of sending the newsletter and will not be passed on to third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Art. 6 para. 1 lit. a GDPR.

Plugins and Tools

Youtube

Our website uses plugins of the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, Cherry Ave 901, San Bruno, CA 94066, USA.

If you visit a page on our website where a YouTube plug-in has been integrated, a connection will be created with the YouTube servers. As a result, the YouTube server will be notified which of the pages you have visited

In addition, YouTube will also be able to set different cookies, which can be used to obtain information about visitors to our website. Among other things, this information will be used to generate video statistics in order to improve the user-friendliness of the site and to prevent fraud attempts.

If you are logged in to your YouTube account while visiting our website, you allow YouTube to directly host your browsing patterns in your personal profile. You have the option to prevent this by logging out of your YouTube account.

Our use of YouTube is based on our interest in presenting online content to you in an engaging manner. According to Art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.

In light of its judgment of July 16, 2020 (Case C-311/18 – Data Protection Commissioner / Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection afforded by the EU-US Privacy Shield is not adequate. Therefore, the transmission of personal data to the US and other countries outside the European Economic Area (EEA) should be based on the European Commission’s Standard Contractual Clauses (SCC).

For more information about how YouTube handles user data, see YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en.

Google Web Fonts

This site uses Web Fonts provided by Google to ensure consistent use of fonts on this site.

When you access a page on this website, your browser will, as a result of establishing a connection with Google’s servers, load the web fonts necessary to display the text and fonts correctly. Thus,

The use of Google Web Fonts is based on Art. 6 para.
1 lit.
f) GDPR and there is a legitimate interest in the uniform presentation of fonts on this website.
If there is an expressed consent to this effect (e.g. consent to cookie archiving), the data will be processed solely on the basis of Art. 6 para.
1 lit.
a) GDPR.

For more information about how Google Web Fonts handles user data, see the Privacy Policy available at: https://policies.google.com/privacy?hl=en.

E-Commerce and Payment Methods

Online payments

iPay – Banca Transilvania

iPay BT is constantly working to achieve customer goals through fast and easy 3D secure payments.

To the extent that you are a user of the services provided by iPay BT, iPay BT will process your data as follows:

  • as the processor of the merchant to whom you make a payment using the iPay services, pursuant to the contract between you and that merchant, for the purpose of facilitating (processing) payments made by you to that merchant;
  • as operator, under iPay’s legal obligations for the purposes of anti-fraud monitoring and filtering.

There are certain processing purposes for which iPay is required by applicable regulations to obtain your consent. The consent thus provided can be withdrawn at any time and iPay will take your preferences into account. The purposes for which iPay is most likely to ask for your consent are the following: direct marketing, advertising through the intermediation/promotion of the most suitable products and services of iPay, iPay’s affiliated entities or iPay’s partners, as applicable (including the transfer of certain categories of data to the aforementioned entities – to the extent necessary), and the sending by iPay of commercial communications for this purpose.

iPay BT processes the following categories of personal data:

  • Identification data, consisting of name, surname, telephone number, e-mail address, delivery address, customer code assigned by the merchant to whom you make a payment using iPay services;
  • Data of a financial nature, consisting of the amount paid, card number, name on the card, expiry date, CVV code, unique transaction identification code and any other data relating to the payment methods used, to the extent necessary to carry out iPay’s business for the purposes described below;
  • Data on fraudulent/potentially fraudulent activity, consisting of data on charges and convictions related to offenses such as fraud, money laundering and terrorist financing;
  • Data derived from the aforementioned categories, consisting of data on the history of activity of use of iPay services, information resulting from non-compliances reported by any person.

Refusal to provide the personal data requested from you by iPay may make it impossible for iPay to provide the iPay services and/or fulfill iPay’s other processing purposes.

For more details, go to: https://btepos.ro/politica-de-confidentialitate.

Conclusion

This policy on the processing of personal data is generated in accordance with the provisions of Regulation No. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as with other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy regularly for accurate and up-to-date information regarding the processing of personal data.

For further details regarding this GDPR Policy, as well as for exercising any of the above rights, written notification may be sent to the contact details indicated above.