Privacy Policy
Introduction FOODHUB SALES SRL (hereinafter referred to as “QURATER” or “we” or “the company” or “the operator”), the owner of the website myqurater.com, aligns itself with Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) and places the utmost importance and interest in safeguarding the privacy and confidentiality of the information entrusted to us through the use of this website. Our commitment to strictly comply with the General Data Protection Regulation began with the appointment of a Data Protection Officer at the National Authority for the Supervision of Personal Data Processing, General Registry Number: 5479, dated 25/03/2021.
One of the fundamental principles of this Regulation is transparency, and through this General Privacy Policy, we aim to inform you about how we collect, use, and protect your personal data.
We reserve the right to update, revise, and periodically modify this General Privacy Policy. In case of any changes, we will display the updated and revised version on our website.
Regulation Terms: • Operator – the entity – in this case, the operator or any other legal person, public authority, agency, or non-governmental organization that processes or determines the purposes and means of processing personal data; • Personal Data – means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity; • Data Subject – any natural person whose personal data may be or is processed by the operator.
Purpose of the General Privacy Policy: When a data subject enters into any kind of relationship with us, they entrust us with their personal information.
The purpose of this General Privacy Policy is to explain to data subjects what data we process, why we process it, and how we continue to use it – in our capacity as the operator. We take confidentiality seriously and never transmit or sell the personal data of our customers, lists, or email addresses. Being fully aware that personal information belongs to each individual, we make every effort to store it securely and process it with care. We do not provide information to third parties without first informing the data subjects, except where, according to the law, notification to the data subject is prohibited. This information is important, and we hope it is read carefully.
This General Privacy Policy does not cover the applications and websites of other third parties that individuals may access by clicking on links on our website. This is beyond our control. We encourage reviewing the privacy policy of any website and/or application before providing personal data.
This General Privacy Policy also covers the recruitment and selection process for job applicants.
FOODHUB SALES SRL informs job applicants about the personal data that will be collected, the purpose for which it is collected, and how it will be used, in close connection with the existence of a specific recruitment privacy policy.
According to the law, the individual who benefits from our services or is in any kind of relationship with us is a “data subject,” meaning an identified or identifiable natural person.
To be fully transparent about data processing and to allow data subjects to easily exercise their rights at any time, we have implemented measures to facilitate communication between us, the data controller, and the data subject.
If you have not yet reached the age of 16, you will need the consent of your parents or guardian before providing us with any personal information for registration or other online activities. If you are unsure about the information you see on this site, please ask your parents or guardian for assistance.
Any processing of personal data of minors will be carried out only in accordance with the law.
FOODHUB SALES SRL ’s Commitment: The protection of the personal information of data subjects is very important to us.
Therefore, we are committed to respecting the new Regulation (EU) 2016/679, applicable national legislation, and the following principles:
- Legality, fairness, and transparency: We process personal data legally and fairly. We are always transparent about the information we use, and data subjects are appropriately informed.
- Control belongs to the data subject: Within the limits of the law, we provide data subjects with the ability to review, modify, delete the personal data they have shared with us, and exercise their other rights.
- Data integrity and purpose limitation: We use data only for the purposes described at the time of collection or for purposes compatible with the original ones. In all cases, our purposes comply with the law. We take reasonable measures to ensure that personal data is accurate, complete, and up-to-date.
- Security: We have implemented reasonable security and encryption measures to protect information to the best of our ability. However, it should be noted that no website, application, or internet connection is completely secure.
About QURATER : FOODHUB SALES SRL , a Romanian legal entity with its registered office in Bucharest, Sector 1, Vointei Street, No. 21B, registered with the Trade Registry under number J40/11641/2021, having the unique registration code 44546528.
In terms of data protection legislation, we are the CONTROLLER when processing your personal data. To ensure the safe processing of personal data of data subjects, we have made every effort to implement reasonable measures to protect their personal information.
Because we are always interested in hearing your opinions and providing you with any additional information you may need regarding the processing of your data, we would like to inform you that you can contact us at the email address: contact@myqurater.com or directly through a request registered at our reception or sent by mail or courier to our address below.
Rights of the Data Subject under the new Regulation:
- The right to withdraw consent where processing is based on consent;
- The right to be informed about data processing;
- The right of access to data;
- The right to rectify inaccurate or incomplete data;
- The right to erasure (“the right to be forgotten”);
- The right to restrict processing;
- The right to data portability to another controller;
- The right to object to data processing;
- The right not to be subject to a decision based solely on automated processing, including profiling;
- The right to seek justice;
- The right to lodge a complaint with the Supervisory Authority.
Right to Information: • This allows data subjects to know, from the moment of collection (or within one month of acquiring the data in the case of data collected indirectly from the data subject), how those data will be used, to whom they will be disclosed or transferred, what rights the individuals have regarding the processed data, etc.
Right of Access to Data: • Article 15 of the GDPR allows data subjects to obtain from the controller confirmation as to whether or not personal data concerning them are being processed and, if so, access to that data and other useful information (Article 15 of the GDPR contains a list of such useful information, including the purposes of processing, categories of data processed, recipients, etc.). • As a result of the right of access, the data subject will receive personalized information (see the content of the information as presented in a subsequent section), explaining what data is being processed, for what purpose, on what legal basis, the retention period of that data, to whom it may be transferred, and for what purpose, mentioning the rights of the data subject concerning that data, including the right to lodge a complaint with the Supervisory Authority if the data subject is not satisfied with the way this response is drafted, etc. • In addition to this information about the processed data, the data subject has the right to obtain a copy of the data in question. In the case of the information mentioned above, categories of data (e.g., email address, name, etc.) are discussed, while in the case of a copy of the data, the actual data will be provided.
Right to Erasure of Data: • Article 17 of the GDPR allows data subjects to obtain the erasure of personal data concerning them from the controller without undue delay. The first thing an operator should do when receiving such an access request is to check whether it falls under one of the exceptions provided by Article 17(3) of the GDPR, which allows or obliges them to retain the data, even in the event of a deletion request, namely:
Right to Erasure (Deletion) does not apply if processing is necessary:
(a) for the exercise of the right to freedom of expression and information; (b) for compliance with a legal obligation that requires processing under Union law or the national law applicable to the data controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; (c) for reasons of public interest in the field of public health, in accordance with Article 9(2)(h) and (i) – preventive medicine or occupational medicine, public interest in the area of public health, and Article 9(3) – processing under the obligation of professional secrecy; (d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (e) for the establishment, exercise, or defense of legal claims.
Right to Rectification of Data:
According to Article 16 of the GDPR, the data subject has the right to obtain from the data controller, without undue delay, the rectification or completion of inaccurate personal data concerning them.
Right to Data Restriction:
Article 18 of the GDPR defines the right to data restriction as a temporary right. In certain situations, such as when the data controller decides to delete certain data (no longer needing the personal data for processing purposes) and the data subject opposes deletion, stating that they need the data for the establishment, exercise, or defense of legal claims, the data controller will halt the processing of data for a specified period.
When the restriction on processing is lifted, the data controller must inform the data subject that the restriction has been lifted.
Right to Data Portability:
Article 20 of the GDPR states that the data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided. In other words, personal data must be provided to the data subject in a structured format, allowing them to decide whether to download it or transmit it to another data controller.
This right applies only when data is processed based on a contract or the data subject’s consent, and (cumulatively) when processing is carried out by automated means.
The right to data portability does not apply to derived or inferred data, typically referred to as conclusions drawn by data controllers (usually based on profiling operations) regarding data subjects.
Right to Object:
Article 21 of the GDPR states that the data subject has the right to object to the processing of their personal data, for example, when their personal data is processed for direct marketing purposes. It is important that when there are processing activities that could give rise to this right for the data subject, information should include the existence of this right.
Right Not to be Subject to Automated Decision-Making:
Automated decision-making occurs when personal aspects are evaluated to make predictions about an individual, even if no decision is taken. Exclusive automated decision-making occurs when decisions are made about an individual using technological means without any human involvement; these decisions can even be made without creating profiles.
Data protection law states that you have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. A decision produces legal effects when it has an impact on your legal rights (such as the right to vote). Additionally, processing may significantly affect you if it influences your circumstances, behavior, or choices.
Decisions based on algorithms cannot use special categories of data unless you have given your consent or the processing is allowed by EU law or national law.
Right of Access:
The right of access means that you have the right to obtain confirmation from us as to whether or not your personal data is being processed and, if so, to be provided with access to this data and information on how it is being processed.
Right to Data Portability:
The right to data portability means that you can receive your personal data and transfer it to another data controller without obstacles from the data controller to whom you provided the data. This right applies when data is processed based on a contract or your consent and when processing is done by automated means.
Right to Object:
The right to object allows you to object to the processing of your personal data, especially when it is processed for direct marketing purposes. It’s essential to be informed of this right when processing activities that could trigger it are taking place.
Right Not to be Subject to Automated Decision-Making:
Automated profiling involves evaluating your personal characteristics to make predictions about you, even without making a specific decision. Fully automated decision-making occurs when decisions are made about you using technology without any human involvement. Data protection law allows you not to be subject to decisions based solely on automated processes if those decisions have legal consequences for you or significantly affect you. Special categories of data, like your health data, can’t be used in automated decision-making without your consent or when permitted by EU or national law.
Right of Access to Data:
The right of access means you can request confirmation if your personal data is being processed, and if so, you can obtain access to your data and information about how it’s being processed.
Right to Data Portability: The right to data portability refers to your ability to receive your personal data in a structured, machine-readable format and the right for this data to be transmitted directly to another data controller.
Right to Object: The right to object pertains to your right to object to the processing of your personal data when it serves a public interest or a legitimate interest of ours.
Right to Rectification: The right to rectification involves the correction, without undue delay, of inaccurate personal data.
Right to Erasure/Right to be Forgotten: The right to erasure, also known as the right to be forgotten, means that you have the right to have your collected data deleted without undue delay in any of the following situations: when the data is no longer necessary for the purposes for which it was collected, you withdraw your consent, and there is no other legal basis for processing; you object to the processing; the data was collected unlawfully; the data must be deleted to comply with a legal obligation; the data was collected in the context of providing information society services.
Right to Restriction of Processing: The right to restriction of processing can be exercised when the accuracy of data is contested for a certain period sufficient for data verification; when processing is unlawful but you do not want data to be deleted, only restricted; in cases where the data subject no longer needs personal data for processing but requests it for the establishment, exercise, or defense of legal claims; when you have objected to processing during the period when it is verified whether legitimate grounds of the controller override your rights.
Contact Information: Andrei IANCU contact@myqurater.com, myqurater.com.
Categories of Personal Data, Purposes, and Legal Bases for Processing: FOODHUB SALES SRL will process your personal data depending on the context of interactions and relationships you have with us, either by phone or through the myqurater.com website.
Special categories of personal data, as defined by Article 9 of the GDPR, are those revealing:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Membership in trade unions
- Genetic data
- Biometric data for the purpose of uniquely identifying a natural person
- Data concerning health
- Data concerning a person’s sex life or sexual orientation
These special categories of data are excluded from processing by ROMANIAN PERSONAL DEVELOPMENT & AWARNESS STUDIES CENTER. According to the GDPR (Article 6(1)), processing is lawful only if at least one of the following conditions applies:
(a) the data subject has given consent to the processing of their personal data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract; (c) processing is necessary for compliance with a legal obligation to which the controller is subject; (d) processing is necessary to protect the vital interests of the data subject or of another natural person; (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
An operator must have one of these legal bases for its data processing activities. For most operators (excluding public entities and other highly specific entities), the four key legal bases to remember are:
- Consent of the data subject
- Performance of a contract / steps taken prior to entering into a contract
- Compliance with a legal obligation of the controller
- Legitimate interests pursued by the controller or a third party
We process names, birthdates, billing information, email addresses, and phone numbers as outlined in the contract between us, for the following purposes:
- Execution of the training contract between us, including activities performed in your interest under the contract.
- Fulfillment of tax obligations related to the service.
- Communication of your orders.
- Notification of your order/subscription status.
- Drafting documents on your behalf based on the granted power of attorney.
- Fulfillment of legal obligations related to adult education service providers.
- Cases where you have contacted us through the website or created an account on the site.
Except where otherwise specified, data is stored for up to 10 years, unless extended by the records of adult education service providers, as required by law. This data is processed because you (the data subject) have given your consent for the processing of your personal data for one or more specific purposes, processing is necessary for the performance of a contract to which you are a party or for taking steps at your request prior to entering into a contract, or processing is necessary for compliance with a legal obligation to which the controller is subject.
We process your phone number, email address, Facebook account, and other information as specified in point 2 (unless you provided them), for the following purposes:
- Communication with you.
- Creation and management of your account within the fishtodoor platform.
- Processing of orders, including order receipt, validation, dispatch, and invoicing.
- Resolution of order cancellations or any issues related to orders, goods, or services purchased.
- Returns of products in accordance with legal provisions.
- Refund of product values according to legal provisions.
- Improvement of our services or communication of new offers or information about our website, policies, data, or decisions.
Except where otherwise specified, data is stored for up to 10 years, unless extended by the records of adult education service providers, as required by law. This data is processed because you (the data subject) have given your consent for the processing of your personal data for one or more specific purposes, processing is necessary for the performance of a contract to which you are a party or for taking steps at your request prior to entering into a contract, or processing is necessary for compliance with a legal obligation to which the controller is subject.
We process the data included in your requests and notifications to us, as well as the data of third parties mentioned in the documents you provide, for the following purposes:
- Meeting your legitimate interest in benefiting from ordered/paid services or products.
- Public interest in the sale of products.
Except where otherwise specified, data is stored for up to 10 years, unless extended by the records of adult education service providers, as required by law.
We do not use personal data for automated processing or profiling. We never make automated decisions about you. We use technical means to store data securely. We do not process data for secondary purposes incompatible with the purposes for which it was collected.
This General Privacy Policy pertains to the personal data of customers, suppliers, other contacting persons visiting us and our representatives, potential collaborators, and applies to data collected through our myqurater.com website, as well as all other personal data collected through emails and contact forms.
Visitors and users of the myqurater.com website may have the following categories of data processed:
- In the case of requesting additional information, contact, and/or complaints: name, surname, email address, phone number.
- In the case of placing an order or subscribing: name, surname, birthdate, address, email address, phone number, billing information.
- In the case of correspondence via email, the name, email address, and any other data that you provide in your messages.
Cookies and Similar Technologies: When you visit the myqurater.com website, we may collect certain information automatically from your device, such as cookies. Cookies are small text files that store information about your interactions with websites. We use cookies to enhance your online experience and improve the quality of our website.
Your Rights: You have certain rights regarding your personal data under the GDPR. These rights include:
- The right to access your personal data.
- The right to rectify your personal data if it is inaccurate or incomplete.
- The right to erase your personal data under certain circumstances.
- The right to restrict the processing of your personal data under certain circumstances.
- The right to object to the processing of your personal data under certain circumstances.
- The right to data portability, which allows you to obtain and reuse your personal data for your own purposes across different services.
- The right to withdraw your consent to the processing of your personal data at any time.
You can exercise these rights by contacting us using the contact information provided in this privacy policy.
Data Security: We take data security seriously and have implemented measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. However, please note that no method of data transmission or storage is completely secure, and we cannot guarantee the security of your data.
Changes to this Privacy Policy: We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes to this privacy policy will be posted on our website, and the date of the latest revision will be indicated at the top of the policy.
Contact Information: If you have any questions or concerns about this privacy policy or our data practices, please contact us using the following information:
Andrei IANCU
Email: contact@myqurater.com
Website: myqurater.com