-
Introduction
The purpose of this Privacy Policy is to inform about the data we process, why we process it and what we do with it. We take your privacy seriously and on no occasion do we sell lists or email addresses. We are aware that your personal information belongs to you, so we make every effort to store it securely and process it carefully.
This information note concerns the personal data processing activities performed by the company SALCUTA S.R.L.
The information note regarding the processing of personal data applies to all personal data processing that we carry out, as well as to all interactions with our website hosted on the domain www.salcutawine.md.
-
The name of the data operator and the owner of the website
SC SALCUTA S.R.L is a personal data operator and owner of the website www.salcutawine.md
-
Our activity
We, at SALCUTA S.R.L known as SĂLCUȚA WINE, being among the first pioneers of the Moldovan wine industry, we make every effort to be an example of a winery, which takes into account the importance of the environment, the involvement of locals and sustainable practices in all activities.
In addition to our products and in order to develop existing relationships with our customers and future relationships, we support and contribute to a better understanding of the legal framework and make continuous efforts to inform you about new products to be launched by the company. Ultimately , we produce and carry out promotion campaigns, information through newsletters and other informative materials to all persons in our database, which were collected either as a result of visits to the website or after subscribing to the newsletter on website www.salcutawine.md.
-
The personal data we process
The collection of your personal data is strictly limited to what is necessary to provide you with the highest quality experience regarding our products and the use of our website.
The personal data we process may include:
a. basic data such as name, email, telephone, etc .;
b. bank account and other financial information that allow us to carry out the contractual relationship of any kind, when it exists;
-
How we collect personal data
We collect only those personal data that you provide to us voluntarily (electronically), as well as information available from public sources:
- through our website, namely: filling in contact forms or subscribing to the newsletter.
- when you contact us by e-mail, if you express your interest in the marketing, distribution purchase of our products
-
Legal grounds and purposes of processing
Because you are entitled to know the purpose for which we process your personal data, we will inform you before processing your personal data for any purpose other than that for which you have entrusted us with your personal data.
The reasons why we collect your information and data are:
– To inform you about new products marketed when appropriate
– For issuing invoices related to the purchase of products sold by our company
– To notify you about discounts, promotional packages or specific events in which our team will be present.
-
Storage time
The data collected after placing an order on the website www.salcutawine.md and necessary for issuing invoices, are kept in the accounting archive for a period of at least 10 years from the date of issuance. (This is provided by the law of the fiscal code.)
If at any time you decide that you no longer wish to benefit from the Information Service (Newsletter or Member Account) and you withdraw your consent, we will respect your decision and we will no longer process your personal data for this purpose.
-
Third parties
As a rule, we do not disclose or transfer your personal data to third parties.
For the processing of personal data we may use authorized persons, for example, IT solution providers necessary for business administration, including financial accounting solutions, contact management solution providers or conference organizers. With all the proxies we will conclude personal data processing agreements with appropriate clauses to ensure that the proxies assume obligations to process personal data (including their deletion) in full compliance with applicable laws and provide an adequate level of your personal data protection.
-
Security of personal data
Personal data is secured against threats and we ensure that it is protected by security measures and the appropriate IT infrastructure. Moreover, we have implemented internal measures that allow us to discover, notify and document breaches of personal data security in the shortest possible time.
The access to the website www.salcutawine.md is made through a secure HTTPS connection.
If we discover a breach of the security of your personal data that poses a risk to your rights, we will notify the National Supervisory Authority on the Processing of Personal Data. You will be informed of the breach of the security of your personal data if it leads to a high risk regarding your rights and freedoms.
-
Security measures according to GDPR in the MxHost web hosting infrastructure – where the website www.salcutawine.md is currently hosted
MxHost shared hosting and VPS servers are located in the GTS Telecom Cluj-Napoca data center; The data center is ANCOM certified and is tier III according to the Uptime Institute. The internet network is protected by the advanced DDOS Protect ARBOR solution with local protection capacity up to 20 Gbps.
At the server access level, it is only allowed to authorized persons in the company. Access to racks is based on the card and the entire location is video surveillance 24/7.
The servers have installed protection systems against external attacks, being installed CSF firewall that limits access only to certain ports on the server, blocks the source IP when failing repeated authentications and keeps track of root logins on the server.
Another protection used is Mod_Security – firewall for open-source web applications (WAF), it is designed to provide a range of capabilities to filter requests and response to the Hypertext Transfer Protocol along with other security features on multiple platforms various, including Apache
HTTP Server, [1] [2] Microsoft IIS and NGINX [3]:
Security monitoring and access control
Full HTTP traffic flow
Security assessment
Passive security assessment
Simple request or Filtering based on regular expressions
Validate URL encoding
Prevention of byte attacks
Identifying the server identity
Load memory limits
At the server level we also use the CPanel control panel, through which users can manage their entire hosting account. The control panel is configured to make daily security updates if they are provided by the developer.
The servers are configured at the kernel level with the KernelCare module which every two hours checks for security patches at the kernel level and applies them without restart.
The backup systems used by our company use a private network separate from the internet. The network is accessible only through VPN, and the backup archives are kept on different servers than the production server.
We are currently using R1Soft for backup with an rsync system. The data on the backup servers are kept on servers to which only certain authorized persons in our company have access.
-
Your rights regarding the processing of personal data
You have the following rights regarding the processing of your personal data:
- The right of access to personal data.
- The right to obtain the rectification of inaccurate personal data.
- The right to obtain the restriction of the processing of personal data. This right is available to you when:
– challenge the accuracy of your personal data that we process;
– the processing of personal data is illegal,
– we do not need your personal data for the purpose of processing, but you request their retention for the establishment, exercise or defense of a right in court
– you object to the processing of your personal data, for the period of time we verify the existence of our legitimate interest in the processing of your data.
If you have any questions regarding the processing of your personal data or if you wish to send us any request, as well as to exercise any of your rights regarding the processing of personal data, please contact us at:
– e-mail address: office@salcutawine.com
– telephone: +373 (22) 245252
– headquarters: Str. Alexei Sciusev 53, MD-2012, Chisinau, Republic of Moldova
We will analyze each request and communicate to you the actions taken in this regard as soon as possible, but not later than one month from the time of registration of your request. If we need more information from you or have difficulty resolving your request, we will notify you without delay that we need additional time to properly review your request. If you consider that we have not solved all your requests or you are dissatisfied with our answers, you can file a complaint to the National Authority for the Supervision of Personal Data Processing. You can also go to court.
-
Changes to the Information Note
If we decide to change this information note, we will publish an updated version here.
Thank you for entrusting us with your personal data and for giving us the necessary time to read our information note regarding the processing of personal data. Please do not hesitate to contact us if you have any other questions regarding your personal data and how we process them.
Published on 12.02.2020 by Sălcuța Wine.