Privacy Policy

Last revised: 24 May 2018

As a provider of remote services and products, PRETLINE CREATIVE POINT SRL, with VAT number 42542830, headquartered at str. Fabricii, no. 47, Bucharest, processes personal data responsibly, for legitimate purposes, in compliance with the principles mentioned below and in accordance with the provisions of the General Data Protection Regulation (EU) no. 679/2016, hereinafter referred to as GDPR.

1. Safety and security of data transfers and storage

We use the latest encryption technologies for data transfers through digital channels in our relationship with visitors, clients, and our external service providers. Thus, during data transfer, they can only be accessed by parties legitimately involved in the transfer.

The storage of personal data, both in digital and physical format, will be done only on secure media accessible only to authorised persons, depending on the purpose of processing.

2. Transfer of data to third parties

The transfer of data to external service providers will be done in compliance with GDPR obligations, securely, responsibly, and limited according to the purpose and legal basis of processing.

In the case of data transfers to the United States of America, an important selection criterion for our partners is compliance with the 'EU-US Privacy Shield', a set of practices and obligations considered compatible with GDPR, designed by the US Department of Commerce together with the European Commission.

In the section "Useful linksyou can find links to the privacy policies of external service providers to whom a limited portion of your data may be transferred, anonymised or not, depending on the purpose.

3. Data integrity verification

To the extent that this is technically possible, we verify the accuracy of the information transmitted through double confirmation or mathematical verification algorithms. For example, when subscribing to the newsletter service, we will request double confirmation via a response or button received by email.

4. Purposes of data processing

4.1 Communication with customers interested in our services/products

Customers interested in our services or products can choose their preferred method of communication for initiating a contract. The data transmitted to us will primarily be processed by external telecommunications/IT service providers, such as telephone service providers, email providers, data centre or web hosting providers.

The processing of this data is carried out based on the provisions of Article 6 paragraph 1 letter f) of the GDPR, our legitimate interest resulting from the purposes stated above.

4.2 Contract execution

Among the company's activities are the provision of remote services and the remote sale of goods. In order to carry out these activities, we process the data necessary for the initiation, conclusion, execution, and termination of contracts, such as:

• first name, surname;
• billing address and delivery address;
• billing and payment details;
• email address;
• phone number;
• date of birth;
• name of the requested products/services;
• other information provided by the client;

Some of this data will be transmitted to external service providers involved in the execution of the contract, for example:

• if you have opted for online payment, upon completing the order we will send your data to the online payment processor;
• in the case of goods delivery, we will forward your data to the chosen courier service provider;
• if you choose to subscribe to our free newsletter service, your email address and name may be processed on an external provider's email marketing platform, strictly for the purpose of sending emails;

To ensure a simple ordering process, we offer long-term storage of your data in a password-secured account. If you opt for an account in our online store, you will be able to use the login data (username/email address and password) to order the desired products/services using the data from a previous order. Additionally, you will benefit from various additional facilities, such as notifications regarding forgotten orders, notifications about promotions/campaigns targeting products you are interested in, or the possibility to save a list of favourite products.

Data storage will be done within the limits of legal terms, including those regarding accounting and product warranty. After the contract is concluded, data processing will only be carried out in the event of an inspection ordered by state authorities or if the client has requested it.

The processing of these data is carried out based on the provisions of Article 6 paragraph 1 letter b) of the GDPR, with the data being provided for the purpose of executing a contract.

4.3 Ensuring the functionality and security of the online store

When accessing our online store, your device may automatically transmit data to our server, such as:

• the IP address of the internet connection – it can be private or public depending on the network to which the device used to access the store is connected;
• the date and time of access;
• the address of the accessed page or file;
• ```json
• [
• "the page address or the application identifier that linked the user to our page;",
• "the name and version of the application used to access the web page;",

"the name and version of the operating system;",

"geolocation information, if you have voluntarily activated this function on your device;",

"These data are processed on our servers for 10 days to ensure data security and integrity, to prevent fraud, and to detect potential errors.",

"Geolocation data can be used, for example, to help you find the address of the nearest store, without being stored on our servers. If we offer you the possibility to obtain directions from an external service provider, such as a map provider, and you request directions, the geolocation data will be transmitted to the respective provider and processed according to their own policies.",

"The processing of these data is based on the provisions of Article 6 paragraph 1 letter f) of the GDPR, our legitimate interest arising from the purposes stated above.",

"4.4 Analysis of visits and advertisement personalisation",

• "The data automatically transmitted by your device listed above, such as the addresses of visited pages or the date and time of access, can be processed for up to 36 months, to generate statistics on visits and sales as well as to personalise advertisements.",
• "In this regard, the data may be transmitted to external service providers, such as:"

]

```traffic analysis service providers, for the purpose of analysing visit sources and demand for certain products/services – e.g. Google Analytics;advertising providers, for the purpose of personalising ads in the environments where these providers display the advertisement – e.g. Facebook;

If you have voluntarily created an account on one of our external providers' advertising networks, they will process the data in accordance with the contract concluded between you and the respective network and may associate the data with your account within that network, to display personalised ads to you.

If you are not logged into our external providers' networks, as applicable, the data will either not be transmitted or will be transmitted in anonymised form. For more information on how your data is processed by these networks and how you can control this, please refer to their privacy policies. In the '

Useful links

' section we provide links to these, as well as some guides on controlling how this data is processed.

The processing of this data is done based on the provisions of Article 6 paragraph 1 letter f) of the GDPR, our legitimate interest arising from the purposes stated above.

5. Your rights

We pay special attention to the security of your personal data and are available for any information or requests regarding their processing.

You can exercise the following rights by submitting a request via email, phone or through automated means, if available:

5.1 Right to information

In accordance with Article 15(1) GDPR, we provide you with information free of charge, upon request, regarding the processing of your personal data.

5.2 Right to rectification, erasure and restriction of processing

We offer you the possibility to rectify, complete and erase personal data using an intuitive interface, in accordance with the provisions of Articles 16 and 17 GDPR.

You can also request the restriction of processing, in accordance with the provisions of Article 18 GDPR.

5.3 Right to data portability

In accordance with the provisions of Article 20 GDPR, you can request a free copy of your data processed by automated means, as well as the transmission of the copy to another processor. The transfer will be made in a structured, commonly used, machine-readable format.5.4 Right to objectUnder the conditions of Article 21 GDPR, you can object, particularly in the case of processing for marketing purposes but also in other cases, if you invoke overriding interests.

If you wish to unsubscribe from our newsletter service, you have several options: you can send us an email with the text 'unsubscribe', you can reply to one of the newsletters with the text 'unsubscribe', you can click on the unsubscribe button included at the end of each email, or you can unsubscribe online using your customer account. Unsubscribing also involves the deletion of personal data provided at subscription, if they are no longer necessary for fulfilling other contractual obligations.

You have several options to prevent your data from being processed by our advertising providers. In principle, the data will be anonymised before transmission if, at the time of accessing our pages, you do not use the services of our advertising providers and are not logged into them. However, there are also additional measures you can take to limit or block the transmission of this data. In this regard, we recommend that you read the guides on limiting ad personalisation and the information page about 'cookies', which you can find in the '

Useful links

'.

6. Contact details

• The Data Protection Officer can be contacted using the details on the contact page, addressed to the Data Protection Officer, or by email at dpo@ataellier.ro.
• If you have concerns about how we process your personal data, we will try to provide you with a solution as soon as possible, amicably. However, if you believe that we are not respecting your rights, you can file a complaint with the competent supervisory authority.
• 7. Useful links

Legal and useful information

• General Data Protection Regulation (EU) No. 679/2016)
• What cookies are, how we use them and how you can control them
• Contact information
• Privacy policies of service providers
• Netopia SRL (payment processing)
• FAN Courier Express SRL (courier services)
• Net Design SRL (web hosting, email services)

MailChimp (newsletters)

• Google (email services, personalised advertising)Google Analytics (statistics and analysis)Facebook (advertising)Management of ad personalisation and data processing by external service providers
• Google advertising settings
• (
• link 1