PRIVACY POLICY
www.sammills.com
- General Provisions
- Details about our company
- Processed data. Purpose, duration and basis of processing
- Processed sensitive data. Purpose, duration and basis of processing
- Mechanisms and use of automated decision-making systems
- Disclosure and further use of your data.
- How we collect data
- Information security
- Transfer of your data outside the European Economic Area
- Your personal data rights
- The principles underlying our data protection policy:
- Updates to our Privacy Policy
1. General provisions
1.1 Confidentiality of personal data is one of the main concerns of SAM MILLS INTERNATIONAL SA (hereinafter "the Company"). As such, we aim to ensure the highest standards of confidentiality, integrity and transparency with regard to the personal data we process in our business.
1.2 Since in the course of our business it is necessary to process a range of personal data specifically related to the specifics of our business, we wish to provide assurances that the processing will take place in compliance with the principles of transparency and security of personal data. This privacy policy is intended to help you understand what data we collect, why we collect it and what we do with it.
1.3 Our data protection policy and practices focus on the proper and lawful processing, sharing and storage of personal information while ensuring confidentiality, integrity and availability.
1.4 All users have free access to the www.sammills.com website subject to compliance with this privacy policy. Our website complies with the General Data Protection Regulation - GDPR (Regulation (EU) 2016/679).
2. Details about our company
2.1 SAM MILLS INTERNATIONAL SA, with registered office in Botiz village, 151 Mioritei St, Satu Mare County, registered at the Trade Register Office under no. J30/746/2022, tax identification code RO46440697, legally represented by Mihai Gavris, with contact details: office@sammills.com, +4 0261 806 031 (hereinafter referred to as "SAM MILLS" or "the Company").
2.2 The Company acts as the controller of the personal data collected through the website www.sammills.com ("the Site").
2.3 The Operator is obliged to manage the personal data that users of the www.sammills.com website provide securely and only for the specified purposes.
3. Processed data. Purpose, duration and basis of processing
Time of processing |
Data processed |
Purpose of processing |
Retention period |
Basis of processing |
Where it is stored |
3.1 Accessing the website | 3.1.1 Web server log | Ensuring IT network security | 6 months | compliance with legal obligations - Article 6(1)(c) of Regulation 679/2016 | Hosting website server |
3.1.2 cookies* | |||||
3.2 Contact via email | 3.2.1 Email and any other identifying data contained therein | To answer the questions and messages we receive and to keep track of correspondence. | Only for as long as they are needed and for no more than one year, as long as it is not contentious | processing is necessary for the performance of a contract or to take steps to enter a contract at your request (Article 6(1)(b)) | electronically, on the server |
3.3 Contact via telephone | 3.3.1 Telephone number, first name, surname + data provided in conversation | To answer the questions and messages we receive and to keep track of correspondence.
Calls are not recorded |
Only for as long as they are needed and for no more than one year, as long as it is not contentious | processing is necessary for the performance of a contract or to take steps to enter a contract at your request (Article 6(1)(b)) | In the telephone operator's system |
3.4 Contact via social media channels | 3.4.1 Profile page ID, profile name | To answer the questions and messages we receive and to keep track of correspondence. | Facebook/Instagram provides detailed information on the scope, nature, purpose and further processing of your data on its websites. Here you will also find additional information about your rights and your choice of settings to protect your privacy. Data protection guidelines at Facebook: www.facebook.com/about/privacy, and at Instagram: https://help.instagram.com/519522125107875 | Art. 6 (1) (a) the data subject has given their consent to the processing of their personal data for one or more specific purposes | Hosting website server |
3.5 Creating an account | 3.5.1 Surname, name, e-mail, phone number | The general purpose is the creation and administration of the account within the SAM MILLS platform.
This information is processed so that the User has easy and fast access to the order process and to enable the Company to contact the Customer. The account creation process requires a password to access the account. However, placing an order is not conditional on the creation of an account. |
Vom stoca aceste date atata timp cât aveți un cont pe site-ul www.sammills.com.
You may at any time request that we delete certain information or close your account and we will comply with such requests, subject to the retention of certain information, including after account closure, where required by applicable law or our legitimate interests. Please note that in the absence of a request to delete such data, it will be deleted no later than 2 years after the last use of the account. |
a)your consent (Article 6(1)(a) of the General Data Protection Regulation).
Your provision of this data for the creation of the Profile is construed as an unequivocal, free, informed and unambiguous act/manifestation of will by which you agree to your personal data being processed under the terms of this Policy. b) the processing is necessary for the purposes of legitimate interests pursued by the controller or a third party (Art. 6 (a) lit. f) |
electronically, on the server |
3.6. Completing an order, invoicing and delivering the order | 3.6.1 Surname, first name, telephone, e-mail, address: town (city, village, municipality), street, number, block, apartment, county. | This information is necessary to deliver the ordered products to the Customer.
This information will also be entered on the tax invoice issued by the Company. |
The data will be processed to fulfil the intended purpose.
You may request us to delete certain information at any time and we will comply with such requests, subject to the retention of certain information, including after account closure, where required by applicable law or our legitimate interests. We specify that to the extent that there is no request to delete these data, they will be deleted within 2 years at most from the last order or from the last login to the account. |
processing is necessary for the performance of a contract or to take steps to enter a contract at your request (Article 6(1)(b)) | electronically, on the server |
3.7. Return | 3.7.1. The return form requires the following data: name, surname, e-mail, order ID.
3.7.2. The following data is requested in the return confirmation e-mail: pick-up address, IBAN code, Bank name, Beneficiary's name and surname |
This information is collected in order to ensure the Customer's right to withdraw from a contract and to respect consumer rights.
The company collects this data in order to carry out returns/cancellations of orders, to refund the amounts paid for returned products and is transmitted to the online payment authorization partner. Card details are not accessible nor stored by the Company, but only by the transaction authorization entity. |
The data will be processed to fulfil the intended purpose.
You may request us to delete certain information at any time and we will comply with such requests, subject to the retention of certain information, including after account closure, where required by applicable law or our legitimate interests. We specify that to the extent that there is no request to delete these data, they will be deleted within 2 years at most from the last order or from the last login to the account. |
processing is necessary for the performance of a contract or to take steps to enter a contract at your request (Article 6(1)(b)) | electronically, on the server |
*3.1.2 for more information about cookies please see our cookie policy.
3.9 Criteria for setting retention periods
Data will be stored for the minimum period necessary to fulfil the purpose, taking into account the following:
- The purpose and use of your information both now and in the future (for example, whether it is necessary for us to continue to store that information in order to continue to fulfil our obligations under a contract with you or to contact you in the future);
- whether we have a legal obligation to continue processing your information (such as any record-keeping obligations imposed by relevant law or regulation);
- whether we have any basis to continue processing your information (such as your consent);
- the levels of risk, cost and liability involved in continuing to hold the information.
3.10 If we receive information about you by mistake
If we receive information about you from a third party in error and/or we do not have a lawful basis for processing this information, we will delete your information.
3.11 Information received about you for the purpose of reporting abuse
We may monitor potential disputes between Users where there is a legal obligation to do so or where a User reports abuse. In case of reporting abuse, the User assumes and understands that part of the reported conversation and implicitly of the information and data communicated will be verified by the Company.
3.12 Sending messages for marketing purposes
We want to keep you informed about the best offers for the products/services you are interested in. To this end, we can send you any type of message (such as: e-mail/SMS/telephone/webpush/etc. ) containing general and thematic information, information on products similar or complementary to those you have purchased, information on offers or promotions, information on products added to the "My basket" or "Wishlist" section or you have shown interest in purchasing, as well as other commercial communications such as market research and opinion polls, and we may display personalised recommendations on the website.
In order to provide you with information of interest to you, we may use certain data about your shopping behaviour (e.g. products viewed/added to wishlist/purchased) to create a profile for you. We always ensure that these processing operations are carried out with respect for your rights and freedoms and that decisions taken on the basis of these operations do not have legal effects on you and do not affect you.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:
- Changing your customer account settings;
- Accessing the unsubscribe link displayed within messages you receive from us;
- Contacting the Company using the contact details.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you for a legitimate interest of ours, we take care and take all necessary steps to ensure that your fundamental rights and freedoms are not affected. However, you can always ask us, by the means described above, to stop processing your personal data for marketing purposes and we will comply with your request.
4. Sensitive data processed. Purpose, duration and basis of processing
The www.sammills.com website does not collect sensitive data.
5. Mechanisms and use of automated decision-making systems
5.1 We use automated decision-making mechanisms on our website. We do not consider that this has a legal effect on you or affects you in any similar way.
We always aim to provide you with the best online shopping experience. To do this, we may collect and use certain information in relation to your shopping behaviour, invite you to complete satisfaction questionnaires following the completion of an order, or conduct, directly or with partners, market research and surveys.
We base these activities on our legitimate interest in conducting business, always taking care that your fundamental rights and freedoms are not affected.
5.2 You have the right to object to our use of automated decision making and profiling mechanisms described in this section. You may do so by opting out of cookies and similar technologies in accordance with the method described in the relevant section of this privacy policy. If you do not want us to process your real IP address (usually the IP address assigned by your Internet Service Provider) when you visit our site, you can use a virtual private network (VPN) or a free service.
5.3 You can find out more about the use of cookies and similar technologies (including the legal basis for their use) and how to opt out of them in the Cookie Policy available on the Site.
6. Further disclosure and use of your data.
This section sets out the circumstances in which we will disclose your data to third parties and any additional purposes for which we use your data.
6.1 Disclosure of your data to service providers
6.1.1 Disclosure and use of your information for legal reasons
I. Reporting possible criminal acts or threats to public safety to a competent authority.
If we suspect that criminal or potential criminal conduct has occurred, we will need, in certain circumstances, to contact a competent authority, such as the police. This could be the case, for example, if we suspect fraud or cybercrime has been committed or if we receive threats or malicious communications to us or to third parties.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation), i.e. for the prevention of crime or suspected criminal activity (such as fraud).
II. In connection with a legal or potentially legal dispute or proceeding
We may need to use your information if we are involved in a dispute with you or a third party, for example, either to settle the dispute or as part of mediation, arbitration or a court judgement or similar process.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: the settlement of disputes or potential disputes.
III. For continued compliance with laws, regulations and other legal requirements
We will use and process your information to comply with legal obligations to which we are subject. For example, we may be required to disclose your information pursuant to a court order or subpoena if we receive one.
Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: legal obligations to disclose information, established for us by domestic or international law (e.g. in the form of an international agreement that Romania has signed).
Legal basis for processing: legitimate interest (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: where legal obligations are part of the laws of another country and have not been incorporated into the legal framework of Romania, we have a legitimate interest to comply with these obligations.
IV. Disclosure of data to our service providers and sponsors to operate and improve our services
We use third parties to help us operate and improve our services. These third parties are either companies within the same group of companies as SAM MILLS or help us with various tasks, including hosting and data maintenance (Woocommerce, Cookie Notice, All in One Seo, Wp Super Cache,) audience analysis (Google Analytics), marketing and advertising services (Google AdWords and Facebook Ads), payment processing (Netopia) - to be completed/modified as applicable to the site, courier service providers, banking/payment service providers and security operations.
We follow a strict vetting process before engaging any service provider or working with any partner. All our service providers and partners must accept strict confidentiality obligations. They will only have access to your data to the extent reasonably necessary to perform certain tasks on our behalf.
7. How we collect data
7.1 We collect your personal data directly from you, for example, when you send us an email or subscribe to our newsletter, by expressing your consent. Unsubscribing from the newsletter is done by pressing the button in the email.
7.2 We also collect your personal data automatically. When you use our services on the Company's website, we collect information through cookies and by logging your activity. For more information on the use of cookies, please see our cookie policy.
8. Information security
8.1 We take appropriate technical and organisational measures to secure your information and protect it against unauthorised or unlawful use and accidental loss or destruction, including:
- Sharing and providing access to your data to the minimum extent necessary, subject to confidentiality restrictions, where appropriate and anonymously, wherever possible;
- use of secure servers to store information;
- verifying the identity of any person requesting access to information before granting them access to information;
- using the Secure Sockets Layer (SSL) standard to encrypt any information you submit to us through any forms on our website;
- transfer your data only through a closed system or encrypted data transfers.
8.2 Sending information to us by e-mail
Transmission of information over the internet is not entirely secure and if you send information to us over the internet (by email or otherwise), you do so entirely at your own risk.
We cannot be liable for any expenses, loss of profits, damage to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
9. Transfer of your data outside the European Economic Area ("EEA")
9.1 Your data will not be transferred to countries outside the EEA.
10. Your rights over personal data
10.1 Personal Data Protection Officer
We have appointed a personal data protection officer whom you may contact in connection with any matter relating to the processing of your data, as well as to exercise your rights under applicable legal provisions, in particular if you have any questions or concerns about the way we process your personal data. The e-mail address where you can contact the Data Protection Officer is: contact@sammills.com
10.2 Subject to certain restrictions, you have the following rights in relation to your data which you may exercise by sending a written request or email to contact@sammills.com
- The right of access - the right to obtain from us, upon request and free of charge, confirmation as to whether or not data relating to you is being processed by the company and the right of access to such data, unless such requests are repetitive or made in bad faith;
- The right to information - the right to be informed of the identity of the controller, the purpose for which the data is being processed, the recipients or categories of recipients of the data, the existence of the rights provided for in the GDPR and the conditions under which they can be exercised
- The right to rectification - you can ask for inaccurate personal data to be rectified.
- Dreptul la stergerea datelor (“dreptul de a fi uitat”)– puteți obtine ștergerea datelor, in cazul în care prelucrarea acestora nu a fost legală sau în alte cazuri prevăzute de lege;
- The right to restriction of processing - you can request restriction of processing if you contest the accuracy of the data, and in other cases provided for by law;
- The right to object - the right to object at any time, on justified and legitimate grounds related to the data being processed, unless otherwise provided for by law;
- The right to data portability - you can receive, under certain conditions, the personal data you have provided to us in a machine-readable format, or you can request that the data be transferred to another controller.
- The right to lodge a complaint - you can lodge a complaint about the way your personal data is processed with the National Supervisory Authority for Personal Data Processing or you can apply to the courts.
- The right not to be subject to automated decisions or further profiling related to automated decisions - the right to request and obtain the withdrawal, annulment or review of any decision which produces legal effects, taken solely on the basis of the processing of personal data, carried out by automated means, intended to evaluate certain personality aspects, such as professional competence, credibility, conduct or other such aspects;
10.3 You may also lodge a complaint about the processing of your data with the National Authority for Personal Data Processing and Supervision (28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania, www.dataprotection.ro, anspdcp@dataprotection.ro).
10.4 If you wish to exercise your rights mentioned above, please contact the person responsible for the protection of personal data using the following contact details:
● E-mail: contact@sammills.com
● Address: village Botiz, 151 Mioritei st., Satu Mare county
10.4 Verifying your identity when requesting access to your information.
If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.
These measures are designed to protect your information and reduce the risk of identity fraud, identity theft or general unauthorised access to your information.
10.5 How do we verify your identity?
10.5.1 Where we have adequate information about you in our database, we will attempt to verify your identity using this information.
10.5.2 If it is not possible to identify you on the basis of this information, or if we do not have sufficient information about you, we may request copies or certificates of documents to verify your identity before we can give you access to your data.
10.5.3 We will be able to confirm the exact information we need to verify your identity in the specific circumstances given if and when you make such a request.
10.6 Your right to object to data processing for certain purposes
You have the following rights in relation to your data which you can exercise by sending an email to contact@sammills.com.
- to object to the use or processing of information by us to perform a task in the public interest or in our legitimate interest, including analysing or predicting your behaviour on the basis of your information.
- to object to the use or processing of your data for direct marketing purposes (including any profiling we engage in connection with such direct marketing) by clicking the unsubscribe button.
10.7 For more information on how you can object to the use of data collected through cookies and similar technologies, please see our Cookie Policy.
11. The principles underlying our data protection policy:
a) The processing of personal data will be done in a lawful, fair and transparent manner;
b) Personal data will only be collected for specified, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes;
c) The collection of personal data will be adequate, relevant and limited to the information necessary for the purpose of the processing;
d) Personal data will be accurate and, where necessary, kept up to date;
e) Every reasonable step will be taken to ensure that inaccurate data is deleted or corrected without delay;
f) Personal data will be kept in a form which permits identification of the data subject and for no longer than the period during which the personal data are processed;
g) All personal data will be kept confidential and stored in a manner that ensures the necessary security;
h) Personal data will not be distributed to third parties unless necessary for the purpose of providing services as agreed;
i) Data subjects have the right to request access to, rectification and erasure of personal data, to object to or restrict data processing as well as the right to data portability.
12. Updates to our Privacy Policy
12.1 We update and modify our privacy policy periodically.
12.2 Minor changes to our Privacy Policy
In case we bring minor changes to our privacy policy, we will update the Privacy policy with a new effective date mentioned at the beginning of the document. Processing your information will be governed by the practices established in the new version of the Privacy policy starting with its effective date.
12.3 Major changes to our privacy policy or the purposes for which we process your information.
If we make major changes to our privacy policy or intend to use your data for a new purpose or for a purpose different from the purposes for which we originally collected it, we will notify you by email (if possible) or by posting a notice on our website.
We will provide you with information about the change in question and the purpose and any other relevant information before we use your information for the new purpose.
Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purpose for which we originally collected it.
This policy was last updated on 21.11.2023