privacy policy

Thank you for your interest in our company for our products and/or services.
The protection and confidentiality of personal data is a very important topic for us. When you enter into a relationship of any kind with us, you entrust us with your information. This information presented in this document (hereinafter referred to as the "Privacy Policy" or the "Document") is important.
We recommend that you read them carefully. The purpose of this Privacy Policy is to explain to you what data we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can exercise these rights. In collecting this information, we are acting as an Operator and are required by law to provide this information to you.
Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not provide information to third parties without informing you as required by law. We do not make exclusively automated decisions with a significant impact on you.
By visiting our website www.afo.ro , purchasing our products, services or interacting with us by any means and/or through any communication channel (e-mail, telephone, social networks, etc.), you agree to this Privacy Policy. If you do not agree with what is described in this Privacy Policy, please do not use the services of the Company FLORAL PACKING GROUP SRL, being a data operator within the meaning of the General Regulation Regarding the Protection of Personal Data (GDPR).

1.1. "GDPR" , "RGPD" or "Regulation" means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1.2. "Operator " or "We" means the company FLORAL PACKING GROUP SRL, with registered office located in Str. Nordului no. 2 Bacau City, Jud. Bacau, registered at the Trade Registry Office under no. J04/486/2015 having Unique Identification Code – 34494944.
1.3. "Data subject " means any identified or identifiable natural person whose data is processed by us as an operator, such as customers, potential customers or site visitors.
1.4. "Processing" means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extract, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy;
1.5. "Consent" means any manifestation of the data subject's free, specific, informed and unambiguous will by which he accepts, through a statement or an unequivocal action, that the personal data concerning him be processed by the Operator ;
1.6. "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.
The other terms used in this document have the meaning conferred by the GDPR and the other applicable legal provisions.

This Privacy Policy does not cover the applications and websites of other third parties that you may reach by accessing links on our website. This is beyond our control. We encourage you to review the Privacy Policy on any site and/or application before providing any personal data.

FLORAL PACKIN SocietyG GROUP SRL, with registered office located in Str. Nordului no. 2 Bacau City, Jud. Bacau, registered at the Trade Registry Office under no. J04/486/2015 with Unique Identification Code - 34494944 is responsible for processing your personal data that we collect directly from you or from other sources.
According to the legislation, our company is a personal data operator. In order for your data to be processed safely, we have made every effort to implement reasonable and appropriate technical and organizational measures to protect your personal data.

According to the legislation, you, the natural person beneficiary of our services/products, the representative or contact person of a company that is our client or potential client, the website visitor or the person in a relationship of any kind with us, are a "data subject" means an identified or identifiable natural person. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of rights.

The protection of your personal information is very important to us. That is why we are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016, also known as GDPR, and the following principles:
✓ Legality, fairness and transparency
We process your data legally and fairly. We are always transparent about the information we use and you are properly informed.
✓ You are in control
To the extent permitted by law, we provide you with the ability to review, amend, delete the personal data you have shared with us, and exercise your other rights.
✓ Data integrity and purpose limitation
We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.
✓ Security
We have implemented reasonable personal data security measures in order to protect your personal information as best as possible. However, keep in mind that no website, app, or internet connection is completely secure.

We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately, so please always read this Privacy Policy.

When you browse our website, send us an email request or contact us for any other purpose and through any other communication channel, you may provide us with the following personal data, which we collect directly from you, or from other sources, as we explain in the table below.

We collect most information directly from you (for example, by completing a form on the website). Most of the information is as described above, but there may be situations where we collect data from third parties (ie partners, platforms).
In addition to the information indicated above, we may also collect the following information, depending on the circumstances:

• How you interact with our website(s) (for example, information about how and when you access our website or what device you use to access the website). For more information in this regard, we invite you to also read our Policy on the use of cookie modules.
• Content of messages sent via messaging systems and e-mail.

In addition to the purposes listed in the table in the previous section, we also process personal data for the following purposes:

• To respond to your questions and requests and provide you with customer support service;
• For marketing purposes, but only where we have your prior consent

or where there is a legal exception to obtaining consent;

• To provide and improve the services we offer;
• To diagnose or fix technical problems;
• To defend against cyber attacks;
• To comply with legislation, such as compliance with tax legislation which

requires us to keep accounting documents for a period of 10 years;

• In the unlikely event of litigation, to establish or claim a right in court.

OTHER INFORMATION ABOUT LEGAL BASIS

(a) Legitimate Interest. In the situation where we use legitimate interest, we perform a legitimate interest analysis (balancing test) through which we can balance our interest and your interests. In the situation where our interests prevail, we will use legitimate interest. In the situation where your interests prevail, we will not use the legitimate interest, and to the extent that we fail to identify another correct legal basis, we will not carry out that processing activity.
(b) Consent. Please note that obtaining consent is not mandatory and we will only obtain your consent where we have failed to use another legal basis. We currently only use consent for email marketing.
(c) Vital Interest. In the unlikely event of a medical emergency or other exceptional event processing may be necessary to protect the vital interests of you or another natural person.

We store your personal data only for the period necessary to fulfill the purposes, but no longer than 5 years after the termination of the contract or the last interaction with us.
After the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data to be used for scientific, historical or statistical research purposes.
Note thatin certain expressly regulated situations, we store data for the period required by law.

We may disclose your data, subject to applicable law, to business partners or other third parties. We always make reasonable efforts to ensure that these third parties have adequate protection and security measures in place. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate under the law.
We may also pass the data on to other parties with your consent or according to your instructions, such as where you exercise a portability request.
We will also be able to provide your personal information to the prosecutor's office, the police, the courts and other competent bodies of the state, based on and within the limits of the legal provisions and as a result of expressly formulated requests.
The transfer of personal data to a third country can only take place if the country to which the transfer is intended ensures an adequate level of protection.
The transfer of data to a state whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of the data subjects. These guarantees will be established by us through contracts concluded with the suppliers/service providers to which your personal data will be transferred.
Whenever we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguards:

• we will transfer your personal data to countries where it has been demonstrated by the European Commission to provide an adequate level of security for personal data.
• when we use certain service providers, we may use certain model contracts provided and approved by the European Commission that give personal data the same protection as it has in Europe.

We understand how important the security of personal data is and take the necessary measures to protect our customers and other persons whose data we process from unauthorized access to personal data, as well as from the unauthorized modification, disclosure or destruction of data that we process in the current business .
We have implemented the following technical and organizational security measures for personal data:
a) Dedicated policies. We adopt and constantly review internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from possible unauthorized access or other possible threats to their security. These policies are subject to constant review to ensure that we comply with legal requirements and that the systems are working properly.
b) Data minimization. We ensure that your personal data that we process is limited to only what is necessary, appropriate and relevant for the purposes stated in this Policy.
c) Restricting access to data. We try to restrict as much as possible access to the personal data we process to the minimum necessary: employees, collaborators and other people who need to access this data in order to process it and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (either by contract or by law).
d) Specific technical measures. We use technologies to ensure the security of our customers, always trying to implement the most optimal solutions for data protection. We also make periodic data back-ups to be able to recover them in the event of an incident, and we have implemented periodic audit procedures regarding the security of the equipment used. However, no website, app, or internet connection is completely secure and untouchable.
e) Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or timeliness of your data to be sure that it reflects reality.
f) Staff training. We constantly train and test our employees and collaborators on legislation and best practices in the field of personal data processing.
g) Anonymization of data. Where we can, we try to anonymize/pseudo-anonymize personal data as much as possiblewhich we process, so that we can no longer identify the persons to whom they refer.
However, although we make constant efforts to ensure the security of the data you entrust to us, we may also experience less fortunate events and have security incidents/breaches. In these cases, we will strictly follow the security incident reporting and notification procedure and will take all necessary measures to restore the situation to normal as soon as possible.

To the extent that we have obtained your prior consent or you are already a customer of the Company, we may use direct marketing technologies using the information collected about you. We currently send commercial messages by e-mail (e-mail marketing) to people who have given consent to this in advance.

Your rights under the GDPR Regulation are as follows:
(a) The right to be informed about the processing of your data.
(b) Right of access to data. You have the right to obtain from us a confirmation that personal data concerning you is being processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of GDPR;
(c) The right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you;
(d) The right to erasure ("the right to be forgotten"). In the situations provided for in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data;
e) The right to restrict processing. In the cases provided for in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing;
f) The right to transfer the data we hold about you to another operator ("the right to portability"). The right to transfer the data we hold about you to another operator ("the right to portability");
g) The right to object to data processing. In the cases provided for in art. 21 of the GDPR, you have the right to object to data processing;
h) The right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles with legal or similar significant effects on you;
i) The right to go to court to defend your rights and interests;
j) The right to make a complaint to a Supervisory Authority.

Please note that:
(1) You can withdraw your consent to direct marketing at any time by following the unsubscribe instructions in each email.
(2) The rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed in order to decide whether it is justified or not. To the extent that the request is justified, we will facilitate the exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to file a complaint with the Supervisory Authority and to go to court.
(3) We will try to respond to the request within one month. However, the deadline can be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a useful period.
(4) If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with the request.

If you have any questions or concerns regarding the processing of your information or wish to exercise your legal rights or have any other concern regarding the confidentiality of the data you provide us, you can contact us at the company address or email: contact@ambalajeflorionline. EN

Last update: 07.02.2023