Find out all the details about how we store and manage your personal data in our Privacy Policy.
Grepfrut SRL processes the following personal data:
'Processing' means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The controller shall comply with the principles of personal data protection (hereinafter referred to as ‘Principles’) set out in the GDPR to ensure that all data is:
User registration and order placement. We will process the personal data collected through the registration form on our website through which you create an account or place an order for better and easier administration. We also collect your data so that we can: register an order, process orders, pick up, deliver, and invoice them, cancel orders, and resolve complaints or other issues related to the order. This processing is necessary for the conclusion and performance of the contract.
Improvement and development of services: Analyzing how you use our services helps us to understand you better and shows us what we can improve. For example: we analyze your purchase history to provide you with information or advice on how you can best use our services, we analyze the results of our marketing activities to measure their effectiveness and the relevance of our campaigns. This processing is based on our legitimate interest in conducting commercial activities.
Compliance with legal obligations. Personal data may be processed for the purpose of complying with legal obligations. We use your payment information for accounting, billing, and auditing purposes and to detect and/or prevent any fraudulent activity, if applicable. Processing is necessary for compliance with a legal obligation.
For marketing purposes. We want to keep you informed about the best offers for products that interest you. To this end, we may send you any type of message (such as email/SMS/telephone/web push/etc.) containing general and thematic information, information about our products, similar or complementary to those you have purchased, information about offers or promotions, information about products added to the 'My Account/My Cart' section or that you have entered in the order form and for which you have shown an interest in purchasing. In order to provide you with information that is of interest to you, we may use certain data about your purchasing behavior (e.g., products viewed/added to your wish list/purchased) to create a profile for you. In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by sending an email to the contact address. Processing is based on the consent you have given.
To defend our interests. In certain cases, we may use or disclose information to protect our rights and business, such as: measures to protect our website and users from cyber attacks, measures to prevent and detect fraud attempts, including the disclosure of information to the relevant public authorities, or measures to manage various other risks.The general basis for these types of processing is our legitimate interest in protecting our business.
To achieve the above purposes, we use service providers, i.e. persons authorized under Art. 28 of the GDPR, such as our hosting, platform, and maintenance service providers, for sending emails and text messages, telephone contact, external collaborators, all of whom may be located in Romania or outside Romania or the European Union/European Economic Area.
We ensure, for example, through contractual provisions, that these service providers process personal data in accordance with European data protection legislation in order to guarantee a high level of data protection (e.g., standard contractual clauses, the existence of binding corporate rules, etc.). even if personal data is transferred to a country where a different level of data protection is normally applied and for which no adequacy decision has been made by the EU Commission.
For more information about the appropriate protection of international data transfers or copies thereof, please contact our data protection officer by email at: [email protected].
We store your personal data for as long as you have an account on our website and for as long as processing is necessary, as well as until you request us to delete it. We will comply with these requests, subject to the retention of certain information even after the account is closed, in cases where applicable law or our legitimate interests require it.
When we no longer need your personal data, we will delete or destroy it securely. We will also consider whether and how we can minimize the amount of personal data we use over time and whether we can ensure the anonymity of your personal data so that it is no longer associated with you or identifies you, in which case we may use that information without further notice to you.
You can contact the company to exercise your rights under Regulation No. 2016/679 at the following contact details:
Grepfrut SRL , CUI 48350280, with registered office in Iași, str. Vasile Pogor nr. 6, mansardă, camera 8, jud. Iași, email [email protected]
To obtain official interpretations regarding the exercise of your rights under the legislation on the protection of personal data or to express your dissatisfaction with the manner in which we process personal data, you may contact the National Supervisory Authority for Personal Data Processing at the following contact details: (i) by post or courier to the address in Bucharest, 28-30 General Gheorghe Magheru Boulevard, Sector 1, postal code 010336, (ii) by email to: [email protected], (iii) by fax to 0318.059.602 or (iv) by telephone at 0318.059.211.
In accordance with the GDPR. These rights are as follows:
We have adopted technical and organizational measures for data processing, updated in accordance with the requirements of the GDPR, in order to protect your personal data against any unauthorized access, improper use or transmission, unauthorized modification, destruction or accidental loss. All our employees and collaborators, as well as any third parties acting on our behalf, are required to respect the confidentiality of your information and the requirements of the GDPR, in accordance with the provisions of this Policy.
We ensure that our contractual partners who have access to the personal data we process are subject to contractual obligations in accordance with legal provisions and that we verify their compliance with the obligations they have undertaken. They will process personal data on our behalf and only in accordance with the instructions received from us and only in compliance with the security and confidentiality requirements within the limits imposed.
Some of the personal data processed through our website may be transferred to third parties and you expressly consent to this, as well as in situations where there is a legal obligation for the controller to do so.
Our website may at times contain links to other websites whose data processing policies may differ from ours.
Please also consider and consult the personal data protection policies of the other websites, as we cannot assume responsibility for them.
Subscribe to the newsletter and instantly receive 2 extra stories in your account for more special moments with your child, plus tips for their personal development.