Privacy Policy

Ensuring the right to personal data protection is a fundamental commitment of our company, and we will make every effort necessary to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as with any other applicable legal provision in Romanian territory.

This document describes how we collect, use, transfer, and protect your personal data when you interact with us in connection with our products and services, including through our website or mobile applications.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in how we process your personal data or any changes in legal requirements. In the event of any such changes, we will display the modified version of the Privacy Policy on our website, therefore, please check its content periodically.

Who we are and how to contact us

Expert Laser Center is the commercial name of SC EXPERT LASER CENTER SRL, a legal entity of Romanian nationality, with its registered office in Bucharest, Str. Prof. Grigore Cobălcescu 10 E, with order number in the Trade Register J40/17397/2019, unique tax registration code 42041901 (hereinafter referred to as “Expert Laser ”Center“ or “we"). In the sense of data protection legislation, we are the controller when we process your personal data.

We are always open to hearing your thoughts and providing any additional information you may require regarding the processing of your data. If you wish, you can contact the Data Protection Officer at the following email address contact@expertlaser.ro With the mention: attention Data Protection Officer.

What categories of personal data do we process

We collect your personal data directly from you, so you have control over the type of information you provide us. For example, we receive information from you in the following ways:

When you contact us by sending a message from our website, you provide us with: your email address, first name, and last name.

We may also collect and further process certain information about your behavior during your visit to our website to personalize your online experience and provide you with data tailored to your profile. We invite you to learn more details in this regard by consulting the section on processing purposes below.

On our website, we can store and collect information in cookies and similar technologies, according to the Cookie Policy.

We do not collect or otherwise process sensitive data, included by the General Data Protection Regulation in special categories of personal data. We also do not wish to collect or process data from minors under the age of 16.

What are the purposes and grounds for processing your data

We will use your personal data for the following purposes:

1. To provide services for your benefit.

This general purpose may include, as applicable, the following:

  • Processing requests, including intake, validation, and invoicing;
  • Resolving cancellations or issues of any kind related to a request, or the requested goods or services;
  • Reimbursement of the value of services in accordance with legal provisions;
  • Providing support services, including answering your questions about our services.

The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between us and you. Furthermore, certain processing activities subsumed under these purposes are required by applicable legislation, including tax and accounting legislation.

To improve our services

We are continually striving to provide you with the best experience interacting with our website. To this end, we may collect and use certain information related to your user behavior, invite you to complete satisfaction surveys after the completion of services, or conduct market research and studies, directly or with the help of partners.

We base these activities on our legitimate interest in conducting business, always taking care that your fundamental rights and freedoms are not affected.

3. For marketing

We want to keep you updated on the best offers for products/services that interest you. To this end, we can send you any type of message (such as: email, SMS, mobile push, web push, etc.) containing general information, information about products and/or services similar or complementary to those you have purchased or requested, information about offers or promotions, information regarding services you have shown interest in purchasing, as well as other commercial communications such as market research and opinion surveys, and we can display personalized recommendations. To provide you with information of interest, we may use certain data about your purchasing behavior (e.g., services viewed/purchased) to create a profile for you. We always ensure that these processing activities are carried out in compliance with your rights and freedoms and that decisions based on them do not have legal effects on you and do not affect you similarly to a significant extent.

In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time, by:

  • Accessing the unsubscribe link displayed in messages you receive from us; or by
  • Contact the company using the contact details described above.

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you for our legitimate interest, we take care and all necessary measures so that your fundamental rights and freedoms are not affected. However, you can request us at any time, through the means described above, to stop processing your personal data for marketing purposes, and we will comply with your request.

4. To defend our legitimate interests

There may be situations where we use or disclose information to protect our rights and business interests. These may include:

  • Website and platform user protection measures against cyberattacks;
  • Measures for the prevention and detection of fraud attempts, including the transmission of information to the competent public authorities.;
  • Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in actively defending our business, with the understanding that we ensure all measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

We also, in certain cases, base our processing on legal provisions such as the obligation to ensure the security of goods and assets provided for by the applicable legislation in this matter.

How long do we keep personal data

As a general rule, we will store your personal data for a period of five years.
You can request the deletion of certain information or the closure of your account at any time, and we will comply with these requests, subject to the retention of certain information, including after account closure, in situations where applicable law or our legitimate interests require it.

To whom do we transmit your personal data

Depending on the case, we may transmit or grant access to certain personal data of yours to the following categories of recipients:

  • courier service providers;
  • payment/banking service providers;
  • IT service providers;
  • other companies with which we can develop joint tendering programs for our goods and services on the market.

In the event that we have a legal obligation, or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by private legal entities is carried out in accordance with the legal provisions on data protection and information confidentiality, based on contracts concluded with them.

To which countries do we transfer your personal data?

Currently, we store and process your personal data within Romania. However, we may transfer certain of your personal data to entities located within the European Union or outside the EU, including in countries for which the European Commission has not recognized an adequate level of personal data protection.

We will always take steps to ensure that any international transfer of personal data is handled carefully with the aim of protecting your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where applicable, by other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for personal data transferred from within the EU to the United States of America.

You can contact us at any time using the contact details shown above to learn more about the countries to which we transfer your data, as well as the safeguards we have put in place regarding these transfers.

How do we protect personal data security

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, in accordance with industry standards.

Personal data transmission is done using state-of-the-art encryption algorithms, and we store it on secure servers, ensuring data redundancy.

Despite the measures taken to protect your personal data, we must draw your attention to the fact that the transmission of information over the Internet, in general, or via other public networks, is not completely secure, and there is a risk that data may be seen and used by unauthorized third parties. Consequently, we cannot be held responsible for such vulnerabilities in systems that are not under our control.

What rights do you have

The General Data Protection Regulation recognizes a number of rights concerning your personal data. You can request access to your data, correction of any errors in our files, and/or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to take legal action. Where applicable, you may also benefit from the right to request the erasure of your personal data, the right to restrict the processing of your data, and the right to data portability.

More information about each of these rights can be obtained by consulting the table presented below.

To exercise your rights, you can contact us using the contact details set out above. Please note the following when you wish to exercise these rights:

Identity. We take the privacy of all records containing personal data seriously. For this reason, please submit your requests regarding such records using the email address associated with your account. Otherwise, we reserve the right to verify your identity by requesting additional information intended to confirm your identity.

Fees. We will not charge a fee to exercise any of your rights regarding your personal data, unless your request for access to information is unfounded, repetitive, or excessive, in which case we will charge a reasonable amount under such circumstances. We will inform you of any fees applied before processing your request.

Response time. We aim to respond to all valid requests within a maximum of one month, unless it is particularly complex or if you have made multiple requests, in which case we will respond within a maximum of two months. We will notify you if we need more than one month. We may ask if you can tell us exactly what you want to receive or what specifically concerns you. This will help us act faster and shorten the response time to your request.

Third-party rights. We do not have to comply with a request if it would negatively affect the rights and freedoms of other persons concerned.

Rights affectedDescription
Access

Can you ask us:

  • to confirm whether we process your personal data;
  • to provide you with a copy of this data;
  • to provide you with further information about your personal data, such as the data we hold, what we use it for, to whom we disclose it, if we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you through this notice.
CorrectionYou may ask us to rectify or complete your inaccurate or incomplete personal data. We may attempt to verify the accuracy of the data before rectifying it.
Delete Data

You can ask us to delete your personal data, but only if:

  • these are no longer necessary for the purposes for which they were collected; or
  • you have withdrawn your consent (if data processing was based on consent);
    sau
  • exercise a legal right to object; or
  • these were processed illegally; or
  • A legal obligation returns to us in this regard.

We are not obligated to comply with your request to delete your personal data if the processing of your personal data is necessary:

  • to comply with a legal obligation; or
  • for the establishment, exercise, or defense of a right in court.

There are certain other circumstances in which we are not obligated to comply with your data deletion request, although these two are the most likely circumstances in which we might refuse this request.

Restriction of data processing

You can ask us to restrict the processing of personal data, but only if:

  • their accuracy is contested (see rectification section), to allow us to verify their accuracy; or
  • processing is illegal, but you don't want the data deleted; or
  • these are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise, or defend a legal claim; or
  • You have exercised your right to object, and verification of whether our rights prevail is underway.

We may continue to use your personal data following a request for restriction, in the event that:

  • we have your consent; or
  • to ascertain, exercise or protect a right in court; or
  • to protect our rights or the rights of another natural or legal person.
Data portability

You can ask us to provide your personal data in a structured, commonly used, and machine-readable format, or ask for it to be „ported” directly to another data controller, but in each case only if:

  • processing is based on your consent or on the conclusion or performance of a contract with you; and
  • processing is done by automatic means.
OppositionYou may object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.
You can also object at any time to the processing of your data for direct marketing purposes (including profiling), without giving any reason, in which case we will cease this processing as soon as possible.
Automated decision-making

You can request not to be subject to a decision based solely on automated processing, but only when that decision:

  • produce legal effects with respect to you; or
  • affects you in another similar and significant way.

This right does not apply in cases where the decision reached as a result of automated decision-making:

  • is necessary to conclude or carry out a contract with you;
  • is authorized by law and there are adequate safeguards for your rights and freedoms;
    sau
  • is based on your explicit consent.
ComplaintsYou have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:
National Supervisory Authority for Personal Data Processing
G-ral. Gheorghe Magheru Blvd. no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Email anspdcp@dataprotection.ro
Without prejudice to your right to contact the supervisory authority at any time, please contact us beforehand, and we assure you that we will make every effort to resolve any issue amicably.