Order ONLINE!

Privacy Policy

GENERAL

SC ARNIZA SRL hereinafter referred to as ARNIZA, as owner, administrator of kingpizza.ro, respects the privacy and security of the processing of personal data of each person who visits and or uses the services offered by this website and undertakes to protect their personal data and information. This document concerns the kingpizza.ro website hereinafter referred to as the “website”.

Regulation 2016/679 on the protection of personal data with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, herein – GDPR, Regulation or GDPR) was adopted by the European Parliament and the Council of the European Union on 27 April 2016, its provisions being directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law no. 677/2001.

The Regulation is directly applicable in all EU Member States, protecting the rights of all natural persons in the European Union. From a substantive point of view, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, to undertakings having legal personality, including the name and type of legal person and the contact details of the legal person.

Personal data are defined as any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

COLLECTION OF PERSONAL DATA
Personal data collected by this website

The operator of this website collects, stores and processes the following personal data of/about you:

Name, first name
Home and/or residence address
Contact details (such as email, telephone, fax)
IP
Bank account, transaction data related to purchased products (if applicable)

OBTAINING CONSENT

General
For the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject’s prior valid consent. In this case, the controller is under an obligation to be able to demonstrate that the data subject has consented to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions laid down in the GDPR.

Consent must be given by an unequivocal statement or action which constitutes a freely expressed, specific, informed and clear expression of the data subject’s consent to the processing of that person’s personal data. Where the data subject’s consent is given in the context of a statement, in electronic or written form, which also relates to other matters, the request for consent must be presented in a form that clearly distinguishes it from the other matters and may even be made by ticking an opt-in box.

Contact form

If you send us questions via the contact form, we will collect the data you enter in the form, including the contact details you provide, in order to respond to your questions and others subsequently. We do not transmit this information without your permission. Therefore, we will only process any data you enter in the contact form with your consent. [in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time, an informal email to this effect is sufficient. Data processed prior to receiving your request may be processed lawfully. We will keep the data you provide on the contact form until:

  • you request deletion of the data;
  • you revoke your consent to their storage or if
  • the purpose for its storage is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contact by email, phone or fax

If you contact us by email, telephone or fax, your request, including any personal data you provide, will be stored and processed for the purpose of dealing with your request, based on your consent.

Therefore, we will process any data you provide under the following legal provisions in the GDPR respectively:

  • only with your consent – in accordance with the provisions of Article 6 para. 1 lit. a) GDPR
  • for the performance of a contract or at the pre-contractual stage – in accordance with the provisions of Art. 6 para. 1 lit. b) GDPR
  • in order to fulfil the purpose and legitimate interest pursued by us, namely that of efficiently processing the requests sent by you – in accordance with the provisions of Article 6 para. 1 lit. f) GDPR.

We will keep the data you provide in this way until:

  • request deletion of data;
  • you revoke consent to their storage or if
  • the purpose for its storage is no longer valid, in all cases except for mandatory data retention periods.

Site registration (if applicable)

If our platform allows registration on this site, the data you enter will be used and processed for the purpose of using the respective service or function for which you have registered. The mandatory data requested at registration must be provided by you in full, otherwise the registration operation will be rejected.

In order to inform you about important changes, such as those within the scope of our website or technical changes, we will use the e-mail address you specified at the time of registration.

The processing of personal data, provided in the registration procedure, is done only with your consent and in compliance with the provisions of Article 6 para. 1 lit. a) GDPR. You may revoke your consent at any time, an informal e-mail to this effect being sufficient. We will continue to store the data collected during registration for as long as you remain registered on this website, but the mandatory storage periods remain valid and will be respected.

Cookies 

This site uses cookies. They do not harm your devices and do not contain viruses, but are intended to help make the site easier, more efficient and safer to use. They are small text files that are saved on your device and are saved by the browser you are using.

Many of the cookies used are called “session cookies”, which are automatically deleted after visiting this site. Others remain in the memory of your computer until you delete them, making it possible to recognise your browser on a subsequent visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be set to automatically accept cookies under certain conditions or to always reject cookies or automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you want to use (such as shopping cart if applicable) are stored in accordance with the provisions of Article 6 (1) (f) of the GDPR, according to which processing is lawful only if and to the extent that it is necessary for the legitimate interests pursued by the controller or a third party. Therefore, this website has a legitimate interest in storing certain cookies in order to ensure an optimization without technical or performance errors. Other cookies (such as, for example, those used to analyse your browsing behaviour) are also stored and will be dealt with separately in this document.

Server log files

This site’s server automatically collects and stores information that your browser automatically sends to us via log files. These can be:

  • Browser type and version
  • Sistemul de operare folosit
  • URL of the page that originally generated the request to display the current page or object (Referrer URL)
  • Host name of the accessing computer
  • Server access time data
  • IP address

The legal basis for processing such data is Article 6(6). 1 lit. b) GDPR, which allows the processing of data when it is necessary for the performance of a contract to which the data subject is a party or in order to take steps, at the request of the data subject, prior to entering into a contract.

THE PURPOSE OF PROCESSING THE COLLECTED DATA

Some of the data collected on this site is used to:

  • To provide the services we offer for your benefit (e.g. to solve problems of any kind related to our products and services, to provide support services, for billing, etc.).
  • Optimal operation and optimization of this site (statistical and analytical) – We always want to give you the best experience on our site, which is why we may collect and use certain information about your satisfaction with your use of this site, invite you to fill out suggestion questionnaires or the like.
  • Online advertising and promotion activities. You can ask us at any time, by the means described in this document, to stop processing your personal data for marketing purposes and we will comply with your request as soon as possible.
  • Regular user information – We want to keep you up to date with our offers. To this end, we may send you any type of message containing general and thematic information, information on offers or promotions, as well as other commercial communications such as market research and surveys. For such communications, we rely on your prior consent. You can change your mind and withdraw your consent at any time.
  • To defend our legitimate interests. There may be situations where we will use or transmit information to protect our rights and business. These may include: measures to protect our website and the user of our website from cyber-attacks; measures to prevent and detect fraud attempts, including the transmission of information to the relevant public authorities; measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based both on the consent of the data subject and for reasons of proper performance of contracts or the legitimate interests of the controller (unless the interests or fundamental rights and freedoms of the data subject require the protection of personal data, in particular where the data subject is a child).

USER RIGHTS

Your rights regarding personal data and the means to exercise them are: Right of information, Right of access, Right to rectification, Right to erasure of data, Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated processing, Right to lodge a complaint and to apply to the courts, Right to withdraw consent.

  • Right to information – you can request information on the processing activities of your personal data, on the identity of the controller and its representative or on the recipients of your data;
  • Right of access – you can obtain confirmation from the controller whether or not personal data relating to you are being processed and, if so, access to that data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations ; where possible, the period for which the personal data are expected to be stored or, if this is not possible, the criteria used to determine this period ; the right to request the controller to rectify or erase the personal data or to restrict the processing of the personal data or the right to object to the processing, etc.
  • Right to rectification – you can rectify inaccurate personal data or complete it;
  • Right to erasure of data – you can have your data erased if the processing was not lawful or in other cases provided for by law;
  • Right to restrict processing – you can request restriction of processing if you contest the accuracy of the data, as well as in other cases provided for by law;
  • The right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a machine-readable format or you can request that the data be transferred to another controller.
  • Right to object – you can object in particular to data processing based on the legitimate interest of the controller;
  • The right not to be subject to a decision based solely on automated data processing – you can ask for and obtain human intervention with regard to such processing or express your own views on such processing;
  • Right to lodge a complaint and to apply to the courts – you can lodge a complaint about the way your personal data is processed with the National Supervisory Authority for Personal Data Processing and/or apply to the courts to have your rights respected.
  • Right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time. Withdrawal of consent will only be effective for the future, the processing carried out prior to withdrawal will remain valid.

OBLIGATIONS OF THE DATA CONTROLLER

Hosting

Personal data recorded on this website is stored on ROMARG SRL servers, in partnership with CARAMEL WEB SRL as host of this website. The processing of data provided and stored complies with the following legal provisions:

  • art. 6 para. 1 lit. a) GDPR – data processing by ROMARG SRL is carried out on the basis of your consent, obtained after a correct and complete information;
  • art. 6 para. 1 lit. b) GDPR – data processing by ROMARG SRL takes place for the purpose of fulfilling the contractual obligations undertaken;
  • art. 6 para. 1 lit. f) GDPR – data processing by ROMARG SRL is carried out for the purposes of the legitimate interests pursued by the controller.

Regardless of the purpose for which the processing of personal data takes place, the principles of lawfulness, fairness and transparency are respected, as well as that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

For more information on the processing of personal data by ROMARG SRL, visit https://www.romarg.ro/politica-de-confidentialitate.html

We have a contract/agreement/contract (including the possibility to include and agree to the clauses in the website Terms and Conditions) with ROMARG SRL to ensure the processing of personal data in accordance with the relevant legal regulations. We comply with our obligations under Article 28 of the GDPR by choosing an external service provider that provides sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing complies with the requirements set out in the regulation and ensures the protection of your rights.

Data encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you by the lock window (“lock icon”) that appears in your browser bar and by the display of your browser address from http:// to https://. Once this type of encryption is activated, the data transmitted or transferred will not be visible to third parties.

According to the GDPR, if a personal data breach is likely to result in a high risk to your rights and freedoms, the operator of this website will, without undue delay, inform you of the breach, unless the additional provisions of the same Regulation (Article 34(3)) become applicable.

Data Protection Officer

As the GDPR provisions on the obligation to appoint a Data Protection Officer (Art. 37 para. 1 – according to which the controller and the processor shall appoint a Data Protection Officer whenever:

  1. processing is carried out by a public authority or body, with the exception of courts acting in their judicial capacity;
  2. the main activities of the controller or processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, necessitate regular and systematic monitoring of data subjects on a large scale; or
  3. the main activities of the controller or processor consist of large-scale processing of special categories of data pursuant to Article 9 or of personal data relating to criminal convictions and offences referred to in Article 10)

for any information or clarification on the operation of this website, please contact us on the following details:

  • Name: Veress Arnold
  • E-mail: king[at]kingpizza.ro
  • Tel: 0773798865
  • Mailing address: Voinicenilor 81

Records of processing activities

According to the GDPR Regulation, the controller or processor should keep, for a reasonable period of time, records of the processing activities under its responsibility. Thus, these records will include all of the following information:

  • name and contact details of the operator
  • the purposes of processing;
  • description of the categories of data subjects and categories of personal data;
  • the categories of recipients to whom personal data have been or will be disclosed;
  • if applicable/possible:
    • expected deadlines for the deletion of different categories of data
    • a general description of the technical and organisational security measures
    • transfers of personal data

The obligation detailed above does not apply to an undertaking or organisation with fewer than 250 employees, unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Technical and organisational measures

Taking into account the state of the art, the context and purposes of the processing and the risks to the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.

Notification of the supervisory authority in the event of a personal data breach

According to Article 33 para. 1 of the GDPR, if a personal data breach occurs, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, if possible, within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

Informing the data subject about the personal data breach

With reference to Article 34 of the GDPR, if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject without undue delay of the breach, unless:

  • appropriate technical and organisational safeguards have been implemented and applied to personal data affected by personal data breaches, in particular measures ensuring that personal data are rendered unintelligible to anyone not authorised to access them, such as encryption;
  • subsequent measures have been taken ensuring that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialise;
  • would require a disproportionate effort. In this case, public information or a similar measure is carried out instead, whereby the persons concerned are informed in an equally effective way.

PLUGINS AND APPLICATIONS USED

Youtube

Our website may use plugins of the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you visit a page on our website where a YouTube plug-in has been integrated, a connection to the YouTube servers will be created. Accordingly, the YouTube server will be notified, which pages have been visited by you.

In addition, YouTube will also be able to set different cookies, which will allow us to obtain information about visitors to our site. Among other things, this information will be used to generate video statistics in order to improve usability and prevent fraud attempts.

If you are logged in to your YouTube account while visiting our site, you allow YouTube to host your navigation patterns directly in your personal profile. You have the option to prevent this by logging out of your YouTube account.

Our use of YouTube is based on our interest in presenting online content to you in an engaging way. According to Art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.

In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate. Therefore, transmission of personal data to the US and other countries outside the European Economic Area (EEA) should be based on the European Commission’s Standard Contractual Clauses (SCC).

For more information about how YouTube handles user data, see the YouTube Data Privacy Policy at: https://policies.google.com/privacy?hl=en.

Google Fonts

This site uses Web Fonts provided by Google to ensure consistent use of text fonts on this site.

When you access a page on this website, your browser will, as a result of establishing a connection with Google’s servers, load the web fonts required to display text and fonts correctly. Thus, the use of Google Web Fonts is based on Art. 6 para. 1 lit. f) GDPR, there being a legitimate interest in the uniform presentation of the font on this website. If there is an expressed consent to this (e.g. consent to cookie archiving), the data will be processed exclusively on the basis of Art. 6 para. 1 lit. a) GDPR.

For more information about how Google Web Fonts handles user data, see Google’s Privacy Policy available at https://policies.google.com/privacy?hl=en.

Google reCaptcha

This website may use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”). The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether data entered on our website (for example, information entered in a contact form) is provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of site visitors based on a variety of parameters. This analysis is triggered automatically as soon as the site visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g. IP address, time the site visitor has spent on the site or user-initiated cursor movements). The data tracked during these analyses is sent to Google. reCAPTCHA analytics run entirely in the background. Site visitors are not warned that an analysis is in progress. The data is processed on the basis of Art. 6 para. 1 lit. f) GDPR. The website operators have a legitimate interest, to protect the operator’s web content against misuse by automated industrial espionage systems and against SPAM.

In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate. The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Google reCatpcha uses Standard Contractual Clauses as adequate data protection safeguards in line with the level of protection guaranteed by the GDPR. For more information, see Google’s Data Privacy Statement at the following links: https://policies.google.com/privacy and https://policies.google.com/terms?hl=en

Advertising and Analysis

Google Analytics 

This website may use features of the web analytics service Google Analytics (and or Google Analytics Remarketing, in combination with Google AdWords and Google DoubleClick, features that enable the linking of generated advertising target groups). The provider of these services is Google Inc., based in the United States of America, 1600 Amphitheatre Parkway, Mountain View, CA 94043.

Google Analytics uses so-called cookies. Cookies are text files that are stored on your computer and allow an analysis of your use of the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States, where it is stored.

The storage of Google Analytics cookies and the use of this analysis tool is based on Art. 6 para. 1 lit. f) GDPR. The operator of this website has a legitimate interest in analysing user patterns in order to optimise both the services offered online and the operator’s advertising activities.

In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.

The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

The transmission of data to the United States of America is based on the European Commission’s Standard Contractual Clauses (SCC).

You have the option to create permanent objections to remarketing/targeting on all devices by disabling personalised advertising in your account. Google. To do so, follow this link: https://www.google.com/settings/ads/onweb/.

For more information and relevant data protection regulations, see Google’s Data Privacy Policies at: https://policies.google.com/technologies/ads?hl=en.

IP anonymisation

IP anonymisation can be enabled on this site. As a result, the IP address will be abbreviated by Google in the Member States of the European Union or in other states that have ratified the European Economic Area Convention before being transmitted to the United States. The full IP will be forwarded to one of Google’s servers in the United States and will only be abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activity for website operators and providing other services to website operators in connection with website activity. The IP address transmitted together with Google Analytics from your browser will not be merged with other data held by Google.

Archiving period

Data on the level of users or incidents stored by Google related to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising IDs) will be anonymised or deleted after 14 months. For details, click on the following link: https://support.google.com/analytics/?hl=en#topic=3544906

Google Ads and Google Conversion Tracking

This site may use Google Ads. This is an online program of Google Inc – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America (“Google”).

With Google Ads, we use a tool called “conversion tracking”. If you click on an ad served by Google, a cookie will be placed for conversion tracking purposes. Cookies are tiny text files that the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this site and the cookie has not yet expired, Google will be able to recognize that the user has clicked on an ad and has been linked to this page.

Another cookie is allocated to each Google Ads user. These cookies cannot be tracked through Ads client websites. The information obtained from conversion cookies is used to generate conversion statistics for Ads clients who have opted to use conversion tracking. Users receive the total number of users who clicked on their ads and were connected to a page equipped with a conversion tracking tag. However, they do not receive any information that allows them to personally identify these users. If you do not wish to be involved, you have the option to object to this use by easily disabling Google’s conversion tracking cookie through your web browser under your user settings. If you do so, you will not be included in the Conversion Tracking statistics.

The storage of “Conversion” cookies and the use of this tracking tool is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in analysing user patterns for the purpose of optimising the operator’s web offers and advertising.

In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.

The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

The transmission of data to the United States of America is based on the European Commission’s Standard Contractual Clauses (SCC).

For more detailed information about Google Ads and Google Conversion Tracking, see Google’s Data Privacy Policy at: https://policies.google.com/privacy?hl=en.

You can configure your browser to notify you at any time when cookies are placed and you can allow cookies only in certain cases or disallow cookies in certain cases or for all situations and you can also enable automatic deletion of cookies after closing your browser. If you disable cookies, the functions of this website may be limited or become inoperable.

Facebook Pixel

To measure conversion rates, our site may use Facebook Pixel, an integration that allows for analysis of site visitor activity coming from Facebook. Company operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This tool allows you to track page visitors after they have logged into the provider’s website after clicking on a Facebook ad. This makes it possible to analyse the effectiveness of Facebook ads for statistical and market research purposes and to optimise future advertising campaigns.

For the operators of this site, the data collected is anonymous. We are not in a position to draw any conclusions about the identity of users. However, Facebook archives the information and processes it so that it is possible to log in to the profile and Facebook is able to use the data for its own promotional purposes in accordance with the Facebook Data Use Policy. This allows Facebook to display ads both on Facebook pages and outside Facebook. The operators of this site have no control over the use of this data.

The use of Facebook Pixel is based on Art. 6 para. 1 lit. f) GDPR. The site operator has a legitimate interest in effective advertising campaigns that include social media.

In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.

The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Transmission of data to the United States is based on the European Commission’s Standard Contractual Clauses (SCC). In Facebook’s data privacy policies, you will find additional information about protecting your privacy at: https://www.facebook.com/about/privacy/.

You also have the option to disable the “Custom Audiences” marketing feature in the Ad Settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must first log in to Facebook.

If you do not have a Facebook account, you can disable user-based advertising through Facebook on the Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/ro/optiunile-mele.

Online shop

E-commerce 

We process personal data only to the extent necessary to enter into or modify a contractual relationship with our company/the company managing this website, in compliance with the provisions of Article 6 para. 1 lit. b) of the GDPR. Thus, we process (collect, record, structure, store, modify, extract, etc.) personal data from the time of access to this website only for the purpose of facilitating access to our products or services or/and to collect payment for them.

Our customers’ data will be deleted after a period of 3 years (personal data processed for the purpose of fulfilling contractual obligations) or 10 years (in compliance with the provisions of the Accounting Law no. 82/1991).

Online payments

During the purchase process of products sold through this website (if applicable), your bank details are safe!

The companies we work with to process online payments use secure encryption methods, with data being transmitted over highly secure connections to financial institutions. This means that the data you provide to make payments is not passed on to third parties and is not stored in databases.

Depending on the payment processor we use when you purchase a product from our website, you may wish to review the Privacy Policy of that processor at check-out, and before entering any personal or banking information on the platform.

With regard to the transfer of personal data by the online payment processor, this will only be carried out when necessary for the provision of services or for the fulfilment of certain obligations incumbent on that processor as an online payment service provider in order to carry out payments. The legal basis for processing data is, in Art. 6 para. 1 lit. a) GDPR, and Art. 6 para. 1 lit. b) and f) GDPR.

Provisions related to minors

kingpizza.ro does not knowingly or intentionally collect data about minors and does not provide services to minors.

Other

kingpizza.ro maintains an online presence on networks, social platforms and or apps to communicate with customers and potential customers to inform them about the products and services offered. When visiting any of these networks, sites or apps, the processing terms and conditions of the respective app operator apply. We also process data communicated to us on these applications and social networks. Our website may include Social Media functionality such as Facebook, Twitter and Google Share buttons, etc… These functionalities fall under the Privacy Policy of the companies providing them.

The website may also contain links to other external websites. We do not control and are not responsible for the content or practices of other sites. This Privacy Policy does not apply to those websites, they are under the control of their own Privacy Policies.

Conclusion

This policy on the processing of personal data is generated in accordance with the provisions of Regulation No 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy on a regular basis for accurate and up-to-date information regarding the processing of personal data.

For further details regarding this GDPR Policy, as well as to exercise any of the above rights, written notice may be sent to the contact details above.

This document is valid for an indefinite period.

Updated on: 2023-06-26