Add products worth 15 EUR to complete your order
Privacy Policy on processing of personal data
Mr. Iron undertakes to observe the right to personal data protection. Thus, we will process your personal details in accordance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”) and the legal provisions in force in Romania.
By means of this policy, we want you to know how we collect, use, transfer and protect your personal data when you interact with us.
This privacy policy can pe periodically updated, in accordance with the relevant legal provisions. It can be accessed on www.mriron.eu website for the latest update.
Pursuant to the data protection law, the undersigned has the quality of operator when it processes the personal data of its customers or partners.
Our customers opinions are very important to us. This is why we are at your disposal for any further information regarding your data at the following e-mail address: contact@mriron.eu or at our registered office address, by specifying: For DPO attention.
A.1) We collect the personal data of the Customers / Buyers / Users directly from them, customers are remaining in full control of the data provided.
A.2) When creating an account, the Customers / Buyers / Users provide us the name (as surname and name, as well as the e-mail address).
A.3) On the account editing page, the Customers / Buyers / Users can enter the delivery address for the ordered products, the phone number, alternative addresses.
A.4) When placing an order, the Customers / Buyers / Users provide us information on the ordered product, the surname and name, the delivery address, the invoicing details, the phone number.
A.5) On our website, the information can be stored and collected in cookies and similar technologies, according to the Cookie Policy.
A.6) The undersigned does not collect or process sensitive data in any other way. All data provided by the customers are used for informational purposes in regard to the products sold or placing of orders.
A.7) The undersigned does not collect or process data belonging to people younger than 16 years old.
B.1) Services:
This purpose includes:
B.1) To create and manage an account;
B.2) To process the orders and to make possible the delivery flow (receiving, individualizing, validating, sending and invoicing them);
B.3) To solve the possible order-related problems (delays, losses, damaged parcels, wrong deliveries);
B.4) To return the purchased products;
B.5) To reimburse the prices of the products;
B.6) To provide support services concerning the content of our products or the order status.
The data processing for such purposes is necessary for the agreement between the undersigned and their customers to be properly executed.
C.1) Communications intended for Customers / Buyers / Users containing the promotions and products of the undersigned.
C.2) The messages sent to the Customers / Buyers / Users can contain general information, product changes as well as other communications directly related to the undersigned’s activity or updating of the products sold by the undersigned.
C.3) For the marketing communications, we will previously ask for the consent of the Customers / Buyers / Users.
C.4) If the Customers / Buyers / Users no longer wish to be informed on these updates, they can send an e-mail to the address: contact@mriron.eu
C.5) In all situations, the undersigned process the data according to its legitimate interest, guaranteeing a balance between our interests and the fundamental rights and freedoms of the Customers / Buyers / Users.
D.1) We will retain the data of the Customers / Buyers / Users throughout the whole period they have an active account on our website.
D.2) Customers / Buyers / Users can request us to delete data, certain information or delete their account at any time. We will comply with the request by removing the data from our system, except for data kept according to the legislation in force for a legitimate interest
D.3) The data deletion is irreversible. Once it was performed, the data disappear from the system and they can be only restored if the Customer / User / Buyer enters them again.
E.1) The data are sent to:
E.1.1) courier service providers for order delivery
E.1.2) payment/banking service providers
E.2) The state authorities if we have the legal obligation to send all these data. However, we constantly ensure that the data of the Customers / Buyers / Users sent to third parties are managed in accordance with the legal provisions aimed at ensuring the confidentiality of information.
E.3) All partners of the undersigned must comply with EU Regulation 2016/679, our collaboration being carried out exclusively with people who have implemented a GDPR policy at organizational level, and a current personal data protection system.
F.1) The personal data are stored and processed within the European Economic Area.
F.2) In regard to the data transferred outside the European Union, the transfer will be processed in the terms provided by the enforceable law.
G.1) We ensure data security according to current standards
G.2) Payment related information is made through the payment processor, in an encrypted system, however, we cannot be responsible for vulnerabilities of systems that are not under our control
G.3) We periodically update the security policies and constantly monitor the data flow in order to detect possible vulnerabilities.
G.4) If an information leakage is detected, we will do all we can do in order to prevent its spreading and to limit its perpetuation.
G.5) The people affected by a possible information leakage will be notified as soon as possible for the damages to be limited.
H.1) Regulation 679/2016 provides some rights for the personal data subjects. Thus, considering the above-mentioned regulations, the Customers / Buyers / Users (data subjects) can request access, deletion, objection to data processing or correction at any time.
H.2) According to the mentioned Regulation, the data subject has the right to bring the case to the Court or before the national competent authority.
H.3) As we acknowledge that personal data are of particular importance, we kindly ask the Customers / Buyers / Users (data subjects) to submit the request related to such data by using exclusively the account address registered on our website. In any other situations, we reserve the right to make further checks on the identity of the applicant.
I.1) All requests related to a right provided by GDPR Regulation are free of charge.
J.1) Our desire is to be as close as possible to the Customers / Buyers / Users of Mr.Iron. Thus, for the personal data-related requests, the maximum response time is one month. In exceptional situations, the period can be extended with the prior notification of the applicants.
K.1) To copy the data
K.2) To confirm the data processing
K.3) Information on the stored data
L.1) The data subject can request the data modification, including the rectification or completion of the inaccurate, incomplete or wrongly communicated personal data.
M.1) The data subject can request the deletion of the personal data.
M.2) If the processing of the personal data of the data subject is necessary in order to comply with a legal obligation or to acknowledge and exercise or defend a right in court, the undersigned reserves the right not to comply with data subject’s request.