SC Caramel Web SRL (Caramel Web LLC), with its headquarters in Romania, Mureș County, Târgu Mureș, Str. 22 Decembrie, No. 43, having RO VAT ID 45299116 (for Romanian companies) and EUROPEAN VAT ID RO45445084, registered with the Chamber of Commerce under number J26-1929-2021, hereinafter referred to as ‘Caramel Web,’ the owner and administrator of https://caramelweb.com/, respects the privacy and security of the processing of personal data for each person who visits and uses the services offered by this website and undertakes to protect their data and personal information. This document refers to the website https://caramelweb.com/, hereinafter referred to as ‘the website’.
Regulation 2016/679 on the protection of personal data with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable from May 25, 2018. This Regulation expressly repeals Directive 95/46/CE, thus replacing the provisions of Law no. 677/2001.
The regulation is directly applicable in all EU states, protecting the rights of all individual persons located on the territory of the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data concerning legal entities and, in particular, enterprises with legal personality, including the name and type of legal entity and the contact details of the legal entity.
Personal data is defined as any information regarding an identified or identifiable individual person (“data subject”). An identifiable individual person is a person who can be identified, directly or indirectly, in particular by reference to an identification element such as a name, identification number, location data, online identifier, or one specific to his physical, physiological, genetic, psychological, economic, cultural, or social identity.
The processing of personal data involves any operation or set of operations on data or sets of personal data, whether or not using automated means, including collection, registration, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasure, or destruction.
Personal data that may be collected by this website
Overview
In order for the processing of personal data to be legal, the GDPR stipulates that it must be based on a legitimate reason, such as executing or concluding a contract, fulfilling a legal obligation, or on the basis of valid consent previously expressed by the “data subject”. In this case, the operator is required to prove that the individual has given their consent.
The granting of consent must be achieved through an unequivocal statement or action that constitutes a freely given, specific, informed, and unambiguous indication of the data subject’s agreement, which may be provided by ticking an acceptance box.
Contact Form or Registrations
If you send us questions or register through the forms available on the site, we will collect the data entered on the form, including the contact data you provide, to respond to your questions or requests.
Contact by Email, Phone, Social Media, or Fax
If you contact us by email, phone, social media, or fax, your request, including all personal data you provide, will be stored and processed for the purpose of resolving your request.
Registration on the Website (if the Platform Allows This)
If the platform allows registration on this site, the data entered by you will be used and processed for the purpose of using the respective service or functionality for which you have registered. You must provide the mandatory data requested at registration in full; otherwise, the registration will be rejected.
Caramelweb.com does not knowingly collect or process data concerning minors and does not target services towards minors.
Part of the data collected on this site is used for:
We will retain and process the data you provide until:
The provision of data for any of the above purposes is necessary to use the services and/or to conclude a contract between you and https://caramelweb.com/. Refusing to provide the data will result in the inability to establish contractual relations between the client and https://caramelweb.com/.
Hosting
Personal data registered on this website are stored on the servers of ROMARG SRL. The processing of the data provided and stored complies with the legal provisions of the EU GDPR, specifically Article 6, Paragraph 1, Letters A, B, and F.
Regardless of the purpose for which personal data is processed, we ensure the principles of legality, fairness, and transparency are respected. Furthermore, we ensure that the personal data processed are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
For more information on the processing of personal data by ROMARG SRL, please visit ROMARG’s privacy policy section.
In compliance with Article 28 of the EU GDPR, we select external service providers who offer sufficient guarantees to implement appropriate technical and organizational measures. This ensures that the processing meets the requirements set out in the regulation.
This site uses SSL (Secure Socket Layer) encryption for security reasons and to protect the transmission of confidential information.
Any mandatory legal provisions, especially those relating to mandatory data retention periods, remain unaffected by the above.
The processing of personal data is carried out in accordance with the provisions of the European Union General Data Protection Regulation (EU GDPR).
This site uses cookies. They do not harm your devices and do not contain viruses, serving instead to facilitate a more efficient and secure use of the site. Cookies are small text files stored on your device by the browser you are using.
Your browser can be configured to automatically accept cookies under certain conditions, to always reject them, or to delete them automatically when you close the browser. Disabling cookies may limit the functionality of this website.
Other cookies, such as those used to analyze your browsing behavior on this site, are also stored and will be treated separately.
The server of this site automatically collects and stores information that your browser transmits to us in log files. This information can include:
This site uses cookies. They do not harm your devices and do not contain viruses. Their role is to contribute to an easier, more efficient, and safer use of the site. Cookies are small text files that are stored on your device by the browser you use.
The website may temporarily or permanently use the following applications, plugins, or software for advertising/analysis purposes and to ensure the proper functioning of the website:
YouTube, operated by Google: If you visit a page on our website with an integrated YouTube plugin, a connection to YouTube’s servers will be established. Consequently, the YouTube server will be informed about which pages you have visited, and it will place specific cookies to gather information about our website’s visitors. For more information on how YouTube handles user data, please refer to YouTube’s Data Privacy Policy at https://policies.google.com/privacy?hl=en.
Google Fonts: This site uses web fonts provided by Google to ensure the consistent use of fonts. When you access a page on this website, your browser loads the necessary web fonts via a connection to Google’s servers for correct text and font display. For more information on how Google Web Fonts handles user data, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.
Google reCAPTCHA: The purpose of reCAPTCHA is to determine whether data entered on our site (e.g., information entered in a contact form) is provided by a human or an automated program. reCAPTCHA analyzes the behavior of website visitors based on various parameters, starting automatically when the visitor enters the website. These analyses, which evaluate data such as IP address, duration of visit, and user-initiated cursor movements, run entirely in the background. Visitors are not notified of these analyses. For more information, visit Google’s Data Privacy Statement at https://policies.google.com/privacy.
Google Analytics: This is a web traffic analysis service provided by Google, which uses cookies to allow analysis of website usage. The information generated by the cookie about your use of the website is usually transferred to and stored on a Google server in the USA. For more details, please see Google’s Data Privacy Statement at https://support.google.com/analytics/answer/6004245.
Google Ads and Google Conversion Tracking: This online advertising program by Google Inc. uses conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is placed. These cookies expire according to the duration set by Google and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google can recognize that the user clicked on the ad and proceeded to that page.
Facebook Pixel: This tool allows for the analysis of visitor activity from Facebook to measure conversion rates. It enables tracking of page visitor activities post-ad click, aiding in the evaluation and optimization of Facebook ads. The collected data is anonymous for site operators, but Facebook processes it, potentially linking it to a user’s profile for its own advertising purposes. For more details on data usage and privacy, visit Facebook’s Data Policy at https://www.facebook.com/about/privacy/. Users can opt out of “Custom Audiences” in the ad settings at https://www.facebook.com/ads/preferences/ or, if not a Facebook user, through the Interactive Digital Advertising Alliance at https://www.youronlinechoices.com/uk/your-ad-choices.
Cookies from the aforementioned tools are stored and used in accordance with Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its services and advertising.
Personal data transmission to the USA and other non-EEA countries relies on the European Commission’s Standard Contractual Clauses (SCC). For more information on SCCs, please visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
For additional information and data protection regulations, refer to Google’s data privacy policies at https://policies.google.com/technologies/ads?hl=en. Information on Google’s cookie retention period can be found at https://support.google.com/analytics#topic=1008008
E-commerce
We process personal data as necessary to conclude or modify a contractual relationship with our company or the company managing this website, in accordance with Article 6(1)(b) of the GDPR. Therefore, we process (collect, record, organize, store, alter, retrieve, etc.) personal data from the moment of accessing this website, solely to facilitate access to our products or services and/or to process payments. Customer data will be deleted after a period of 3 years (personal data processed for executing contractual obligations) or 10 years (in compliance with the provisions of Accounting Law No. 82/1991).
Online Payments
During the purchase process for products sold through this website (if applicable), your bank details are secure! The companies we collaborate with to process online payments utilize secure encryption methods, transmitting data through high-security connections to financial institutions. Therefore, the data provided for payment purposes are not transmitted to third parties and are not stored in our databases.
Depending on the payment processor used, when you purchase a product from our site, you will have the opportunity to review the Privacy Policy of that processor during checkout, before entering any personal or banking data on the platform.
The transfer of personal data by the online payment processor will occur only when necessary for providing services or to fulfill certain obligations of the processor as an online payment service provider, in order to complete the payment transaction. The legal basis for data processing is stipulated in Article 6(1)(a), Article 6(1)(b), and Article 6(1)(f) of the EU GDPR.
Your rights regarding personal data and the means to exercise them include: the right to be informed, the right of access, the right to rectification, the right to erasure (‘the right to be forgotten’), the right to restrict processing, the right to data portability, the right to object, the right to lodge a complaint with a supervisory authority, the right to seek judicial remedy, and the right to withdraw consent at any time.
According to the GDPR Regulation, the operator or the person authorized by the operator should keep records of the processing activities under their responsibility for a reasonable period. Thus, these records will include all the following information:
The obligation detailed above does not apply to an enterprise or organization with fewer than 250 employees, unless the processing it conducts is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.
For any information or clarifications regarding the operation of this website, please contact us.
Technical and Organizational Measures
Taking into account the state of the technology, the context and purposes of processing, as well as the risks to the rights and freedoms of individuals, the operator implements appropriate technical and organizational measures. These measures ensure that, by default, only the personal data necessary for each specific processing purpose are processed.
Notification to the Supervisory Authority in the Event of a Personal Data Security Breach
In accordance with Article 33(1) of the GDPR, if there is a breach of personal data security, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where feasible, within 72 hours from becoming aware of it.
Informing the Individual About the Personal Data Security Breach
As per Article 34 of the GDPR, if the personal data breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform the affected individuals without undue delay about the breach. This notification will be given except in situations outlined in the article, where such communication is not required.
Other
https://caramelweb.com/ maintains an online presence on various networks, social platforms, and applications to communicate with customers and potential customers, providing information about our products and services. When visiting any of these networks, sites, or applications, the terms and conditions of data processing of those applications’ operators apply. We also process data that is communicated to us through these applications and social networks. Our website may include social media features, such as Facebook, Twitter, and Google Share buttons. The privacy practices of these features are governed by the privacy policies of the companies that provide them.
Additionally, our website may contain links to external websites. We do not control and are not responsible for the content or privacy practices of these other sites. Our Privacy Policy does not apply to these external websites, as they operate under their own privacy policies.
Conclusion
This policy on the processing of personal data is established in accordance with the provisions of Romanian Regulation no. 679/2016 concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, as well as other applicable national legal provisions.
We reserve the right to amend or update this policy at any time. Therefore, we recommend regularly reviewing the policy to stay informed about how we process personal data.
For more details on this GDPR Policy, or to exercise any of the rights mentioned herein, please send a written notification to the contact details provided here.
This document remains valid for an indefinite period.
Updated: 2024.04.15