top of page

GDPR compliance policy

 

effective date: January 2024

​

Saranti is committed to protecting your personal data and respecting your privacy. This GDPR Compliance Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

 

1. introduction

  • purpose: this policy outlines our practices regarding the collection, use, and disclosure of personal data we receive from users of our website and customers

  • scope: this policy applies to all personal data processed by Saranti, including data collected through our website, sales, marketing activities, and customer interactions

 

2. data controller

Saranti Creative Forces SRL

[Email Address]

+40750404619

 

3. types of data collected

  • personal data:

â—¦ contact information: name, email address, phone number, mailing address

â—¦ payment information: credit/debit card details, billing address (processed by third-party payment processors)

â—¦ account information: username, password

â—¦ order information: purchase history, order details

â—¦ marketing preferences: subscription preferences, consent to receive marketing materials

  • usage data:  

â—¦ technical data: IP address, browser type, operating system, device information

â—¦ usage patterns: pages visited, time spent on site, interaction with content

  • cookies: we use cookies to enhance user experience, analyse site traffic, and personalise content; please refer to our Cookie Policy for more details

 

4. legal basis for processing

we process personal data based on one

or more of the following legal grounds:

  • contractual necessity: to fulfill our contractual obligations, such as processing orders and providing customer support

  • legitimate interests: to improve our services, prevent fraud, and enhance user experience

  • consent: for sending marketing communications and newsletters (consent can be withdrawn at any time)

  • legal compliance: to comply with legal obligations, such as tax regulations and data protection laws

 

5. how we use your data

  • service provision: to process orders, handle payments, and provide customer support

  • communication: to send order confirmations, updates, and respond to inquiries

  • marketing: to send newsletters, promotions, and information about new products or services (with your consent)

  • site optimization: to analyse usage patterns and improve website functionality

  • legal compliance: to meet legal and regulatory requirements

 

6. data sharing and disclosure

  • third-party service providers: we share personal data with trusted third-party service providers who assist us in providing services (e.g., payment processors, shipping companies)

  • legal obligations: we may disclose personal data to comply with legal obligations or respond to lawful requests by public authorities

  • business transfers: in the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction

 

7. data security

  • security measures: we implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction

  • data encryption: personal data is encrypted during transmission and at rest where applicable

  • access controls: access to personal data is restricted to authorised personnel only

 

8. data retention

  • retention period: we retain personal data only as long as necessary for the purposes outlined in this policy or as required by law

  • deletion: personal data that is no longer needed is securely deleted or anonymised

 

9. your data protection rights

under GDPR, you have the following rights regarding your personal data:

  • access: you have the right to request a copy of your personal data we hold

  • rectification: you can request corrections to inaccurate or incomplete data

  • erasure: you have the right to request the deletion of your personal data under certain conditions - check them here

  • restriction: you can request that we restrict the processing of your data under specific circumstances

  • portability: you have the right to receive your data in a structured, commonly used, and machine-readable format

  • objection: you can object to the processing of your data based on legitimate interests or for direct marketing purposes

  • withdraw consent: you can withdraw your consent for data processing at any time

 

to exercise these rights, please contact us at [Email Address]

 

10. children's privacy

Our website and services are not directed towards children under the age of 16. We do not knowingly collect personal data from children without verifiable parental consent. If we become aware that we have inadvertently collected personal data from a child, we will delete such information promptly.

 

11. international data transfers

Personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). We ensure that such transfers are conducted in compliance with GDPR, using appropriate safeguards such as standard contractual clauses.

 

12. updates to this policy

We may update this policy periodically to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and indicating the effective date.

 

​

should you have any questions or concerns about this policy or our data practices, drop us a line anytime!

thank you for reaching out!

bottom of page