At Ravtech Digital Design SA (holder of the Glimtek brand and trademark, hereinafter referred to as Glimtek)) we value your privacy and are committed to protecting your personal data. This Data Privacy Section outlines how we collect, use, store, and share your information, as well as your rights concerning your personal data. We adhere to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection laws to ensure your data is handled with the utmost care and responsibility.
www.glimtekboutique.com
Glimtek provides high-end self-service machines for seamless promotion and sales in high-traffic areas. To deliver our services effectively, we need to collect and process personal data. This privacy notice explains what information we collect, why we collect it, and how we use it. By using our services, you acknowledge that you have read and understood this policy.
Under the General Data Protection Regulation (GDPR), the processing of personal data must be lawful and based on one or more specific legal bases. At Glimtek, we ensure that any personal data we collect and process is done so in accordance with these legal requirements. The following outlines the legal bases upon which we rely for processing your personal data:
We may process your personal data when you have provided clear and explicit consent for us to do so for a specific purpose. For instance, if you opt to receive marketing communications or participate in promotional activities, we will process your data based on your consent.
How We Obtain Consent: We will ask for your consent before processing your personal data for marketing purposes. Consent must be freely given, specific, informed, and unambiguous. We will provide you with clear information about what your consent entails, and you will have the option to withdraw your consent at any time.
Right to Withdraw Consent: You have the right to withdraw your consent at any time. If you choose to withdraw your consent, we will stop processing your data for the purposes for which you initially provided it, provided there are no other legal grounds for processing your data.
We may process your personal data when it is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract. For example, when you create an account with us, make a purchase, or request services, we need to process your data to perform our obligations under the agreement.
Examples of Contractual Processing: This includes processing your payment information, managing your account, delivering services, and responding to inquiries related to your account or transactions.
Implications of Non-Compliance: If you choose not to provide the necessary personal data for contractual purposes, we may not be able to provide our services to you or fulfill our obligations under the contract.
We may process your personal data when it is necessary for compliance with a legal obligation to which Glimtek is subject. This can include various legal requirements, such as those imposed by tax regulations or obligations to respond to lawful requests from public authorities.
Examples of Legal Obligations: This includes retaining transaction records for tax purposes, responding to law enforcement inquiries, or fulfilling other regulatory requirements.
Data Retention Requirements: Personal data processed under legal obligations will be retained for the duration required by law, after which it will be securely deleted or anonymized.
We may process your personal data when it is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests. Our legitimate interests include:
In the course of our activities, we may occasionally process special categories of personal data, as defined by Article 9 of the GDPR. This includes sensitive information such as health data, racial or ethnic origin, or biometric data.
Explicit Consent Required: In such cases, we will only process these special categories of personal data if you have provided explicit consent for a specific purpose or if we are required to do so by law.
Enhanced Protection: We take additional measures to protect special categories of personal data, ensuring that any processing is compliant with GDPR provisions and that the data is only accessible to authorized personnel.
We do not knowingly collect personal data from individuals under the age of 16 without obtaining verifiable consent from a parent or guardian. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information.
Parental Consent: If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us so we can take appropriate action.
We use your personal data for various purposes, including:
Service Delivery: To operate our self-service machines, process transactions, manage your account, and provide customer support.
Personalization: To customize your experience and improve our services based on your preferences and feedback.
Marketing: To communicate with you about promotions, new products, and updates, with your consent.
Analytics: To analyze usage patterns, improve our services, and understand customer behavior.
Security: To protect our systems, prevent fraud, and ensure the integrity of our services.
We do not sell your personal data to third parties. However, we may share your information in the following circumstances:
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. The retention period may vary based on the type of data:
At Glimtek, we take the security of your personal data seriously. Given our business model, which involves high-end self-service machines and digital advertising, we implement a range of technical and organizational measures designed to protect your data from unauthorized access, loss, or misuse. This chapter outlines the security measures we have put in place to safeguard your personal information.
We conduct regular risk assessments to identify potential vulnerabilities in our data processing systems and practices. These assessments help us understand the specific risks associated with our operations, allowing us to implement tailored security measures. Our risk management strategies include:
Access to personal data is restricted to authorized personnel who require it to perform their job functions. We implement the following access control measures:
To protect personal data both at rest and in transit, we utilize encryption technologies:
We implement robust network security measures to protect our systems and data from external threats:
Glimtek is committed to maintaining security throughout the software development lifecycle (SDLC). We adopt secure coding practices and conduct security testing to identify vulnerabilities before deployment:
We follow the principles of data minimization and retention, ensuring that we only collect and process personal data necessary for specific purposes:
In the event of a data breach or security incident, we have established a comprehensive incident response plan that outlines our procedures for addressing and mitigating the impact of such incidents:
We believe that a well-informed workforce is essential for maintaining data security. Therefore, we provide ongoing training and awareness programs to our employees:
When we engage third-party service providers, we ensure they adhere to our data security standards. This includes:
Data security is an ongoing process. We continuously review and update our security measures to adapt to evolving threats and regulatory requirements. This includes:
You have several rights under the GDPR regarding your personal data, including:
At Glimtek, we recognize that in today's globalized economy, the transfer of personal data across borders is a common practice. As a provider of high-end self-service machines and digital advertising services, we may need to transfer personal data to countries outside the European Economic Area (EEA) for various purposes, including collaboration with partners, service providers, and other third parties. This chapter outlines our approach to international data transfers, ensuring compliance with GDPR and protecting your personal data.
The GDPR establishes strict rules governing the transfer of personal data to countries outside the EEA, known as third countries. These rules aim to ensure that individuals' data rights and protections are maintained, regardless of where their data is processed. At Glimtek, we comply with these regulations by ensuring that any transfer of personal data meets the following conditions:
International data transfers at Glimtek may occur in various contexts, including:
When transferring personal data internationally, Glimtek implements the following measures to ensure data protection:
Regular Audits: We periodically review our international data transfers to ensure ongoing compliance with GDPR and effectiveness of the safeguards in place. This includes assessing the data protection practices of our third-party partners.
As an individual whose personal data may be transferred internationally, you retain certain rights under GDPR, including:
In certain situations, we may need to transfer personal data quickly due to unforeseen circumstances, such as legal requirements or urgent operational needs. In such cases, we will act in compliance with GDPR while taking necessary precautions to protect your data:
As data protection regulations and international relations evolve, Glimtek will periodically review and update our international data transfer policies to ensure continued compliance with GDPR and the protection of your personal data. Any significant changes will be communicated to you through updates on our website or direct notifications.
As Glimtek continues to explore partnerships and investment opportunities, we prioritize the privacy of our prospective investors. This section details the data handling principles specific to investor data and complements our broader data privacy commitments.
The collection and processing of investor data support Glimtek's goals in evaluating and establishing business relationships. Investor data is processed based on:
Contractual Necessity: Certain data is required to proceed with preliminary assessments or formalize partnerships.
Legitimate Interest: Processing may be necessary for due diligence, assessing alignment with Glimtek’s investment objectives, and risk management. Our commitment to transparency ensures this processing does not infringe upon investor rights.
Investor data is retained only as long as required for evaluation, potential partnership formalization, or compliance with applicable laws. Glimtek applies enhanced security measures to safeguard investor information, including:
Restricted Access: Access to investor data is limited to authorized personnel involved in the investment process.
Data Minimization: Only data strictly necessary for each stage of evaluation or partnership is collected and retained.
Secure Disposal: If a partnership does not materialize, data is deleted or anonymized in line with our retention policy, typically within one year.
Investors retain specific rights regarding their personal data under applicable data protection laws. These include:
We may update this Data Privacy Policy from time to time to reflect changes in our practices or applicable law. Any updates will be posted on our website with an updated effective date. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data.
If you have any questions or concerns about this Data Privacy Section, our data practices, or your rights under data protection laws, please contact us at:
Ravtech Digital Design SA
E-mail Address: office@glimtekboutique.com
If you wish to exercise your rights as a data subject or make a complaint regarding the processing of your personal data, you can also use the contact information provided above.
The data controller responsible for the processing of your personal data as described in this Privacy Policy is:
ANSPDCP – “Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal”
Mun. Bucharest, Sector 1, B-dul G-ral. Gheorghe Magheru nr. 28-30;
Telefon: 0.318.059.211/0.318.059.212;
Fax: 0.318.059.602;
E-mail: anspdcp@dataprotection.ro;
Web page: www.dataprotection.ro.
București, Romania.
+40 724 054 505
office@glimtekboutique.com
© Ravtech Digital Design SA
Website by TheKeyAdv.ro