fbpx
Skip to content

Last Updated: Tuesday, 3 September, 2024

00. Overview & Content of This Privacy Policy

Your privacy matters to us.
We at SHOYA Sustainable Business Communication SRL (“SHOYA”, “orSHOYA” “we”, “us”, “our”) respect your privacy. This privacy notice explains the data we collect when you visit our Website, orshoya.com (our “Website”), and how we use and share such information. This policy also explains how you can exercise your privacy rights and choices, particularly concerning the collection and use of data for online marketing activities.

The handling of personal information, including an individual’s name, physical address, email address, or phone number, must consistently comply with the General Data Protection Regulation (GDPR) and the unique data protection laws of each jurisdiction. As Data Controller (see definition below), we have implemented numerous technical and organizational measures to ensure complete protection of personal data processed through this website. However, in principle, Internet-based data transmissions may have security gaps, so absolute protection may not be guaranteed.

Note that third-party services may be offered through the Website or otherwise in connection with SHOYA, and these are subject to the terms and conditions and privacy policy of such third party.

If you have any questions or concerns about how we use your personal information, please use the form at the bottom of this privacy policy to contact us.

01. Data Controller

The Operator/Data Controller within the meaning of the General Data Protection Regulation (GDPR), as well as other data protection laws applicable in the Member States of the European Union and other provisions relating to data protection, has the following contact details: orshoya.com – is the trade name of SHOYA Sustainable Business Communication SRL, a legal entity of Romanian nationality, with registered office in Oradea, Str. SFÂNTUL APOSTOL ANDREI, Nr. 79, Bl PC82, Apartment 1, County of Bihor, with an order number in the Trade Register J05/754/2019, unique tax registration code RO 40686146.

We are always open to your views and can provide you with any additional information you may need regarding the processing of your data. We encourage you to contact us at shoya@shoya.rocks.

02. Definitions

This data protection statement is based on the terms used by the European legislator to adopt the General Data Protection Regulation (GDPR). Our statement should be readable and easy to understand for the general public, our customers, and our business partners. To ensure this, we would first like to explain the terminology used.

In this data protection statement, we use the following terms:

02.01. Personal Data

Personal data is any information relating to an identifiable physical person (“data subject”). An identifiable physical person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, genetic, mental, economic, cultural or social characteristics of that natural person. Thus, different pieces of information, which are collected together, can lead to identifying a particular person and constitute personal data.

02.02. Data Subject

The data subject is any identified or identifiable physical person whose personal data are processed by the Data Controller.

02.03. Data Processing

Processing, transformation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

02.04. Restriction of processing

Restriction of processing is the marking of stored personal data to limit their processing in the future.

02.05. Profiling

Profiling means any automated processing of personal data consisting of using personal data to evaluate certain personal aspects relating to a physical person, in particular, to analyze or predict aspects of the individual’s personal preferences, interests, reliability, behavior, location, or movements.

02.06. Pseudonymization

Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that personal data are not attributed to an identified or identifiable physical person.

02.07. Responsible Data Controller for Processing

The Data Controller responsible for the processing is the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its appointment may be provided for by European Union or Member State law.

02.08. Data Processor

The Data Processor is a physical or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.

02.09. Recipient

The recipient is a physical or legal person, public authority, agency, or other entity to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry following European Union or Member States’ law are not considered recipients; the processing of such data by those public authorities must follow the applicable data protection rules in line with the purposes of the processing.

02.10. Third Party

A third party is a physical or legal person, public authority, agency, or entity other than the data subject, collector, processor, and persons who, under the direct authority of the collector or processor, are authorized to process personal data.

Consent of the data subject is any specific, informed, and unambiguous indication of the data subject’s wishes whereby the data subject, by a statement or by a clear affirmative action, consents to the processing of personal data concerning him, her, or they.

03. Cookies and Similar Technologies

We use cookies and similar technologies (collectively “tools”) provided by us or third parties.

These small files are sent from the server to the user’s browser and stored for later access. Most browsers allow users to refuse cookies or to be notified before a cookie is accepted. Cookies enable us to track user trends, preferences, and patterns to improve our understanding of our user base and thus improve the quality of our service. However, it is possible to visit our site without the use of cookies.

03.01. Essential Tools

We use tools necessary for the website’s operation based on our legitimate interest in enabling you to use our website more conveniently and individually and make use of it as time-saving as possible. In some instances, these tools may also be necessary for the performance of a contract or to carry out pre-contractual measures. In these cases, access to and storage of information in the terminal device is necessary and is carried out in the European Union based on the implementation laws of the ePrivacy Directive of the EU member states.

03.02. Non-Essential Tools

We use all other tools, especially those for marketing purposes, based on your consent. In these cases, access to and storage of information in the end device is subject to consent. It takes place in the European Union based on the implementation laws of the ePrivacy Directive of the EU member states.

03.02.01. Facebook Social Plugins

This Website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identified by one of the Facebook logos or the amendment “Facebook social plugin”. The list and the look of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

If you access a page on our Website that includes such a social plugin, your browser will set up a direct connection to the Facebook servers. Facebook transfers the social plugin’s content directly to your browser, which will then integrate it into the Website. Therefore, we have no influence on the extent of the data that Facebook collects via its social plugins, and thus, can only inform you based on our state of knowledge: Through the integration of the plugin, Facebook obtains the information that you have accessed the respective page on our Website, even if you are not a registered user of Facebook or are not logged into Facebook. This information, as well as your browser’s IP address, is transferred to Facebook’s server in the United States and is being stored there. According to Facebook, only anonymized IP addresses are stored from non-registered users in Germany.

If you are logged in to Facebook, Facebook can allocate the visit to our Website to your Facebook account. Facebook receives such information irrespective of whether you interact with the social plugins or not. If you do interact with the social plugins, e.g., by using the “Like-it-Button” or by posting a commentary, your browser will transfer such information directly to Facebook, where it is being stored. Such information will also be published on Facebook and be displayed to your Facebook friends. For information on the purpose and extent of data collection, the further processing and use of such data by Facebook, as well as your rights in this regard and your setting options for the protection of your privacy, please refer to Facebook’s privacy policy: http://www.facebook.com/about/privacy If you are a Facebook member and do not want Facebook to collect data on you via our Website and to combine such data with your Facebook membership data, you need to log off from Facebook before accessing our Website. Furthermore, you may also block social plugins by downloading and installing add-ons for your browser, such as the Facebook blocker: http://webgraph.com/resources/facebookblocker/.

03.02.02. Google AdWords

We, as Google AdWords customers, also use Google Conversion Tracking, a web analytics service provided by Google, Inc. (“Google”). Google AdWords places a cookie (“Conversion Cookie”) in your browser if you have accessed our Website via a Google ad. These cookies are valid for 30 days. If you access some of our sites and the cookie is still valid, we and Google can recognize that somebody has clicked on the ad and thereafter was transferred to our Website. Every AdWords customer uses a different cookie, so it is impossible to track cookies via the AdWords customers’ websites. The information obtained via the Conversion Cookie is used in order to assemble conversion reports for AdWords customers. The AdWords customers receive the number of users that have clicked on their ad and have been transferred to a site that includes the Conversion Tracking Tag but they do not receive any information that would allow them to identify the user. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this Website.

03.02.03. Google Analytics

In order to optimize this Website, we use Google Analytics, a web analytics service provided by Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America (“Google”). Google Analytics uses Cookies to help us analyze how you use this Website. The information generated by the Cookie about your use of our website will be transmitted to and stored by Google on servers in the United States.

On our behalf, Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. The (anonymized) IP address that was transmitted by your browser will not be combined by Google with any other data of Google. You may object to the use of cookies by selecting the appropriate settings on your browser, however please note that if you do so you may not be able to use the full functionality of this Website. You may also prevent the collection of the data that was generated by the cookie, and that is related to the use of the Website (including your IP address) as well as its processing by Google by downloading and installing a browser plugin that is available under the following link: 
http://tools.google.com/dlpage/gaoptout?hl=de. Additional information thereto is available at http://tools.google.com/dlpage/gaoptouthl=de and https://www.google.com/analytics/learn/privacy.html (general information to Google Analytics and privacy).

03.02.04. LinkedIn Plugins

This Website uses plugins that are provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”), which can be identified by the LinkedIn logo of the “Share”-Button. If you access a page on our website that includes this plugin, your browser will set up a direct connection to LinkedIn’s servers. Therefore, LinkedIn receives the information you and your IP address accessed on this website. If you click on the LinkedIn “Share” button while you are logged into your LinkedIn account, you can link the content of this Website to your LinkedIn profile, enabling LinkedIn to allocate the visit to our Website to your LinkedIn account. As the Website operator, we do not know the content of the data transferred to LinkedIn or how LinkedIn uses such data. For information on the purpose and extent of data collection, the further processing and use of such data by LinkedIn, as well as your rights in this regard, and your settings options for the protection of your privacy, please refer to LinkedIn’s privacy policy: http://www.linkedin.com/legal/privacy-policy.

03.02.05. Twitter Plugins

This Website uses social plugins that are provided by Twitter Inc.,1355 Market St, Suite 900, San Francisco, CA 94103, USA, and can be identified by the Twitter logo or e.g. the words “Tweet” or “Twitter”. The plugins enable the user, among other things, to share an article or a page of this Website on Twitter. If you access a website that includes this plugin, your browser will set up a direct connection to Twitter’s servers. Twitter transfers the plugin’s content directly to your browser, which will then integrate it into the Website. Therefore, we do not influence the extent or content of the data that Twitter collects via its plugin, and thus, we can only inform you based on our state of knowledge. According to our knowledge, log information such as the user’s IP address, the URL of the referring Website, etc, is transmitted to Twitter. Additional information is available in Twitter’s privacy policy: http://twitter.com/privacy.

03.02.06. YouTube

Our website uses plugins from YouTube, which Google operates. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Further information about handling user data can be found in YouTube’s data protection declaration under https://www.google.de/intl/de/policies/privacy.

03.02.07 Brevo

Our website uses plugins from Brevo, which Sendinblue SAS operates. The data controller for the processing of the personal data is Brevo, a simplified joint stock company with a share capital of 387,722 Euros, registered with the Paris Trade and Companies Register under number 498 019 298 and whose registered office is located at 106 Boulevard Haussmann, 75008 Paris, France. Additional information is available in Brevo’s privacy policy: https://www.brevo.com/legal/privacypolicy/

04. Collection of Data and Information

Our website collects a range of general data and information when a data subject or automated system requests the website. This general data and information is stored in server log files.

Collected data may be:

  • browser types and versions used, the operating system used by the access system, the website from which an access system reaches our website (so-called referrers), the date and time of access to the website, the Internet Protocol address (IP address), the Internet service provider of the access system,
  • the First Name/ Last Name, home address, e-mail address, telephone number, city.
  • Detailed user information, including name, date of birth, gender, identity card number,
  • Participation history, including information about the services requested, the information you provide about your preferences your participation preferences and those of your companions, information about your purchases of services, communications you make with us or direct to us through letters, emails, chat services, calls, and social networking, your location, including the real-time geographic location of your computer or device via GPS and your address.
  • IP, along with Wi-Fi hotspot and gsm locations if you use location-based features and enable Location Services settings on your device and computer, and any other similar data and information that may be used in the event of attacks on our information technology systems.

We may also process your personal data in one or more of the following cases:

  • To comply with a legal obligation (for example, accounting requirements);
  • You have given us your consent to use your personal data (for example, for commercial purposes);
  • To protect your vital interests or those of another person (for example, in a medical emergency);
  • Part of our legitimate interests in operating our business (for example, for administrative purposes).

When we use this general data and information, we do not draw any conclusions about the data subject. Instead, this information is necessary to (1) accurately deliver our website content, (2) optimize our website content as well as our website advertising, (3) ensure the long-term viability of our information technology systems, and (4) provide law enforcement authorities with the information necessary to prosecute a cyber-attack. Therefore, we statistically analyze anonymously collected data and information to increase our enterprise’s data and data security and ensure an optimal level of protection for the personal data we process. Anonymized server log file data is stored separately from all personal data provided by a data subject.

We never store data such as: the payment card data of the Customer/ User/ Buyer, which are accessible only to the institution authorizing the Transaction or another entity authorized to provide storage services card identification data, about which entity the Customer/ User/ Buyer will be informed, before data entry.

04.01. Using the Website and Interacting with Its Content

If you leave a comment on our site, you may opt to save your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed if you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

04.02. Comments

When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string, to help with spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

04.03. Visitor Comments

An automated spam detection service may check visitors’ comments.

04.04. Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

04.05. Embedded content from other websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

04.06. Requesting Password Reset

If you request a password reset, your IP address will be included in the reset email.

05. Your Rights

05.01. Right of Confirmation

Each data subject has the right granted by the European legislator to obtain from the controller a confirmation as to whether or not personal data relating to him or her are being processed. If a data subject wishes to make use of this right of confirmation, he, she or they may, at any time, contact any employee of the controller.

05.02. Right of Access

Every data subject has the right granted by the European legislator to obtain from the controller free of charge information about his or her personal data stored at any time and a copy of that information. In addition, European Directives and Regulations grant data subjects access to the following information:

  • the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations, where possible, the intended period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
  • the existence of the right to request the rectification or erasure of personal data from the controller or to restrict the processing of personal data relating to the data subject or to object to such processing, the existence of the right to lodge a complaint to a supervisory authority, where personal data are not collected from the data subject, any available information as to its source, the existence of automated decision making referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information as to the logic involved, as well as the sig as well as the expected consequences of such processing for the data subject.

In addition, the data subject has the right to obtain information about the transfer of personal data to a third country or to an international organization. In this case, the data subject has the right to be informed of the appropriate safeguards for the transfer.

If a data subject wishes to avail himself or herself of this right of access, he, she or they may at any time contact any employee of the controller.

05.03. Right to Rectification

Every data subject has the right granted by the European legislator to obtain from the controller, without undue delay, the rectification of inaccurate personal data relating to him or her. Taking into account the purposes of the processing, the data subject shall have the right to complete incomplete personal data, including by providing an additional statement.
If a data subject wishes to exercise this right to rectification, he, she or they may at any time contact any employee of the controller.

05.04. Right to Erasure

Each data subject has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller is obliged to erase personal data without undue delay if one of the following grounds applies as long as the processing is not necessary:

  • Personal data is no longer necessary for the purposes for which it was collected or otherwise processed. The data subject shall withdraw the consent on which the processing is based in accordance with Article 6(1)(a) of the GDPR or point (a) of Article 9(2)(a) of the GDPR and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no compelling legitimate grounds for the processing, or the data subject is subject to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data has been processed unlawfully. Personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
  • Personal data was collected in connection with the provision of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data stored by us, he, she or they may, at any time, contact any employee of the controller. An employee must immediately ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged in accordance with Article 17(1) to the erasure of personal data, the controller shall, taking into account the available technology and the costs of implementation, take reasonable steps, including technical measures, the controllers processing the personal data that the data subject has requested the erasure by such controllers of any linking, copying or replication of such personal data, to the extent that the processing is unnecessary. An employee will arrange the necessary measures in individual cases.

05.05. Right to Restrict Processing

Each data subject has the right granted by the European legislator to obtain from the controller the restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period allowing the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the processing.
  • The data subject has objected to the processing in accordance with Article 21(1) of the GDPR pending verification of whether the legitimate reasons of the controller overlap with those of the data subject.
  • If one of the aforementioned conditions is met and the data subject wishes to request the restriction of the processing of stored personal data, he, she or they may contact any employee of the controller at any time. The employee will arrange the processing restriction.

05.06. Right to Data Portability

Each data subject has the right, granted by the European legislator, to receive the personal data provided to a controller in a structured, commonly used, and legible format. They have the right to transmit these data to another controller without being prevented by the controller to whom the personal data have been provided, as long as the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In addition, in exercising his or her right to data portability under Article 20(1) of the GDPR, the data subject has the right to transfer personal data directly from one controller to another if this is technically feasible and where not doing so adversely affects the rights and freedoms of others.
To assert the right to data portability, the data subject may contact any employee at any time.

05.07. Right to Object

Every data subject shall have the right granted by the European legislator, at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him, her or they which is based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

We will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If we process personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing. This applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, we will no longer process personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him, her or they for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may contact any employee. In addition, the data subject is free in the context of the use of information society services and, without prejudice to Directive 2002/58/EC, to use his/her right to object by automated means through the use of technical specifications.

05.08. Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him, her or they or significantly affects him or her as long as the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and a data controller or (2) is not authorized by Union or Member State law to which the controller is subject and which also provides for appropriate measures to be taken to protect the data subject’s rights and freedoms and legitimate interests or (3) is not based on the explicit consent of the data subject.

Where the decision (1) is necessary for the conclusion or performance of a contract between the data subject and a data controller or (2) is based on the data subject’s explicit consent, we will implement appropriate measures to protect the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention by the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise his or her rights concerning automated individual decision making, he or she may, at any time, contact any employee.

05.09. Right to Withdraw Data Protection Consent

Each data subject has the right granted by the European legislator to withdraw his/her consent to the processing of his/her personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may, at any time, contact any employee.

Legal basis for processing
Art. 6 (1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when the processing operations are necessary for the supply of goods or the provision of any other service, the processing is on the basis of Article 6 (1) lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example, in the case of surveys related to our services. Our company is subject to a legal obligation whereby it is necessary to process personal data, such as the fulfillment of tax obligations. The processing is carried out on the basis of Art. 6 (1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor has been injured in our company, and the name, age, health insurance data, or other vital information should be passed on to a doctor, hospital, or other third party. The processing will then be based on Art. 6 (1) lit. d GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the legal grounds mentioned above if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party unless those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data. Such processing operations are specifically allowed because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is the customer of the controller (Recital 47 of sentence 2 GDPR).

06. Deletion and Blocking Routine of Personal Data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or to the extent granted by the European or other legislator in the laws or regulations to which the controller is subject.

  • If the purpose of storage is not applicable or if a storage period provided for by the European or other competent legislator expires, personal data shall normally be blocked or erased in accordance with legal requirements.
  • Legitimate interests pursued by the controller or a third party
  • Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to conduct our business for the well-being of all our employees and shareholders.

07. Period for Which Personal Data Will Be Stored

SHOYA Sustainable Business Communication SRL may keep the processed data for different periods of time, deemed reasonable, in accordance with the purposes indicated above. We retain your data only for the period necessary to fulfill the purpose for which we hold the data, to meet your needs, or to fulfill our obligations imposed by law.

In order to know how long your data may be kept, we use the following criteria:

  • When you purchase services, we retain your personal data for the duration of our contractual relationship;
  • When you participate in a promotional offer, we retain your personal data for the duration of the promotional offer;
    If you contact us with a query, we retain your personal data for the duration necessary to process your query, but not more than 5 years after the last correspondence sent;
  • In case you create an account, we keep your personal data until you request us to delete it or after a period of inactivity (no active interaction with our brands) defined in accordance with local regulations and guidelines. In this regard, we note that the data processed for this purpose will be deleted 5 years after the last interaction with the account user (such as logging into your account);
  • If you have provided your consent for marketing, we retain your personal data until you unsubscribe or request deletion or after a period of inactivity (no active interaction with our brands), which is defined in accordance with local regulations and guidelines. In this regard, we note that data stored in our databases for the purpose of direct marketing communications is deleted from the records of these databases 5 years after the last interaction with you;
  • Where cookies are stored on your computer, we retain them for as long as necessary for them to fulfill their purposes (e.g., for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidelines. In this respect, we note that the data processed through cookies used to provide online behavioral advertising, to personalize our services to you, and to enable the distribution of our content on social media sites (distribution buttons intended for display on the site), will be kept for a maximum of 5 years after their collection, based on your consent.

08. Security of Processing

SHOYA Sustainable Business Communication SRL has adopted technical and organizational data processing measures, updated in accordance with GDPR requirements, in order to protect your personal data against any unauthorized access, improper use or unauthorized transmission, unauthorized alteration, destruction, or accidental loss. All employees and collaborators of SHOYA Sustainable Business Communication SRL, as well as any third parties acting for and on behalf of SHOYA Sustainable Business Communication SRL, are bound by the confidentiality of your information and the GDPR requirements as set forth in this Policy.

We may disclose your information to trusted third parties for the purposes set out in this Privacy Policy. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data in accordance with Irish and EU data protection law.

Our website may, at times, contain links to other websites whose data processing policies may differ from those of our website.
Please be aware and refer to the personal data protection policies of those other sites, cannot assume responsibility for the information collected by these third parties.” such as facebook instagram etc.

We declare that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on contractual partner). Failure to provide personal data would have the consequence that the contract could not be concluded with the data subject. Before the provision of personal data by the data subject, the data subject should contact any employee.

09. Registration on Our Website

The data subject has the possibility to register/request information/request an offer on the operator’s website by indicating personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for registration. Personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may request transfer to one or more processors who also use personal data for an internal purpose attributable to the controller.

By registering on the controller’s website, the address assigned IP by the Internet Service Provider (ISP) and used by the data subject’s date and time of registration are also stored. The storage of these data takes place against the background that this is the only way to prevent misuse of our services and, if necessary, to make it possible to investigate offenses committed as far as the storage of this data is necessary to secure the operator. These data are not passed on to third parties unless there is a legal obligation to pass on the data or if the transfer serves the purpose of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer content or services provided by the data subject, which can only be offered to registered users due to the nature of the matter concerned. Registrants shall be free to change the personal data specified during registration at any time or to remove them completely from the controller’s data stock.
The data controller must provide each data subject at any time upon request with information on the personal data stored in relation to the data subject. In addition, the data controller must correct or erase the personal data at the request or indication of the data subject, insofar as there is no legal obligation to store. The entire staff of the controller shall be available to the data subject as contact persons for this purpose.

10. Possibility to Contact Through Our Website.

Our website contains information that allows quick electronic contact with our company, as well as direct communication with us via our contact page. If a data subject contacts the controller by e-mail or via a contact form, the personal data submitted by the data subject are automatically stored. Such personal data voluntarily submitted by a data subject to the data controller are stored for the purpose of processing or contacting the data subject.

If you consider that our personal information processing activities do not comply with applicable data protection legislation, a complaint may be lodged with:
National Supervisory Authority for Personal Data Processing:

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania
www.dataprotection.ro

Contact Us

If you have any questions about this Privacy Policy or if you wish to exercise your rights, don’t hesitate to get in touch with us.

You agree to receive email communication from us by submitting this form.

Go back to the Home Page.