top of page

Privacy Policy regarding the processing of personal data

We consider ensuring the right to the protection of personal data as a fundamental commitment of CORE, therefore we will dedicate all the necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as with any other legislation applicable in Romania. Since one of the essential principles of this legal framework is transparency, we have prepared this document through which we wish to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services, including through our website or through the applications available on your mobile phone.

 

We reserve the right to update and modify this Privacy Policy periodically, to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of any such changes, we will display the modified version of the Privacy Policy on our website, which is why we ask you to periodically check the content of this Privacy Policy.

 

Who we are and how you can contact us

 

CORE is the trade name of SC CORE FITNESS SRL., a Romanian legal entity, with its registered office in Cluj Napoca, Victor Babes no. 33, Cluj County, with serial number in the Trade Register J12/736/2018, unique tax registration code 38945796 (hereinafter “CORE” or “we”). For the purposes of data protection legislation, we are the controller when we process your personal data.

 

As we are always open to hearing your opinions, as well as providing you with any additional information you may need regarding the processing of your data, we encourage you to contact the CORE Data Protection Officer at the e-mail address contact@corefitness.ro

 

What categories of personal data do we process

 

In general, we collect your personal data directly from you, so that you have control over the type of information you provide to us. For example, we receive information from you as follows:

 

When you create an account on the CORE website or purchase a product/service, you send us: your email address, first and last name; also when you place an order, you provide us with information such as: the desired product, first and last name, delivery address, billing details, payment method, telephone number, bank card details, etc.

 

We may also collect and subsequently process certain information regarding your behavior while visiting our website or using the smartphone application, in order to personalize your online experience and provide you with offers tailored to your profile. We invite you to learn more about this by consulting the section on the purposes of processing below.

 

On our website and smartphone application we may store and collect information in cookies and similar technologies, in accordance with our Cookie Policy.

 

We do not collect or otherwise process sensitive data, which are included in the General Data Protection Regulation as special categories of personal data. We also do not wish to collect or process data from minors under the age of 16.


 

What are the purposes and grounds for processing

 

We will use your personal data for the following purposes:

 

 

  1. To provide CORE services to you.

 

This general purpose may include, as appropriate, the following:

 

a) Processing orders, including taking, validating, shipping and invoicing them;

 

b) Resolving cancellations or problems of any kind relating to an order, the goods or services purchased;

 

c) Returning products in accordance with legal provisions;

 

d) Reimbursing the value of the products in accordance with legal provisions;

 

e) Providing support services, including providing answers to your questions regarding your orders or CORE goods and services.

 

The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between CORE and you. Also, certain processing subsumed under these purposes is required by applicable law, including tax and accounting law.

 

2. To improve our services

 

We always want to offer you the best online shopping experience. To do this, we may collect and use certain information about your shopping behavior, we may invite you to complete satisfaction surveys following the completion of an order, or we may conduct, directly or with the help of partners, market studies and research.

 

We base these activities on our legitimate interest in conducting business, always taking care that your fundamental rights and freedoms are not affected.

 

3. For marketing

 

We want to keep you informed about the best offers for the products/services that interest you. In this regard, we may send you any type of message (such as: e-mail/SMS/telephone/mobile push/webpush/etc.) containing general and thematic information, information on products similar or complementary to those you have purchased, information on offers or promotions, information on products added to the “My Account/Cart” section and other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the website and in the smartphone application. In order to provide you with information of interest to you, we may use certain data regarding your purchasing behavior (e.g. products viewed/added to wishlist/purchased) to create a profile for you. We always ensure that these processing operations are carried out in compliance with your rights and freedoms and that the decisions taken on the basis of them do not have legal effects on you and do not similarly significantly affect you.

 

In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:

 

– Accessing the unsubscribe link displayed within the messages you receive from us; or by

 

– Contacting CORE using the contact details described above.

 

In certain situations, we may base our marketing activities on our legitimate interest to promote and develop our business. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, through the means described above, to stop processing your personal data for marketing purposes, and we will comply with your request.

 

4. To protect our legitimate interests

 

There may be situations in which we will use or transmit information to protect our rights and business. These may include:

 

– Measures to protect the website and users of the CORE platform from cyber attacks:

 

– Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;

 

– Measures to manage various other risks.

 

The general basis for these types of processing is our legitimate interest in defending our business, it being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

 

Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the security of goods and values ​​provided for by the applicable legislation in this matter.


 

How long we keep your personal data

 

As a general rule, we will store your personal data for as long as you have an account on the CORE platform. You may at any time request that we delete certain information or close your account, and we will comply with such requests, subject to the retention of certain information even after the account is closed, where applicable law or our legitimate interests require it.


 

Who we share your personal data with

 

Where applicable, we may share or provide access to certain of your personal data with the following categories of recipients:

 

– companies within the same group of companies as CORE;

 

– CORE partners;

 

– courier service providers;

 

– payment/banking service providers;

 

– marketing/telemarketing service providers;

 

– market research service providers;

 

– insurance companies;

 

– IT service providers;

 

– other companies with whom we may develop joint programs to market our goods and services.

 

If we are legally obliged to do so or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

 

We ensure that access to your data by third parties, legal entities under private law, is carried out in accordance with the legal provisions regarding data protection and confidentiality of information, based on contracts concluded with them.


 

To which countries do we transfer your personal data

 

We currently store and process your personal data in Romania.

 

However, we may transfer some of your personal data to entities located in the European Union or outside the Union, including countries that the European Commission has not recognized as having an adequate level of protection for personal data.

 

We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, by other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data transferred from within the EU to the United States.

 

You can contact us at any time, using the contact details set out above, to find out more information about the countries to which we transfer your data, as well as the safeguards we have put in place regarding these transfers.


 

How we protect the security of your personal data

 

We are committed to ensuring the security of your personal data by implementing appropriate technical and organizational measures, in accordance with industry standards.

 

The transmission of your personal data is done using state-of-the-art encryption algorithms and we store them on secure servers, while ensuring data redundancy.

 

To make payments, we use the services of the payment processor EuPlatesc. Any information regarding payments is encrypted, using HTTPS technology with TSL 1.2 encryption.

 

Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data may be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.


 

What rights do you have

 

The General Data Protection Regulation recognises a number of rights in relation to your personal data. You can request access to your data, the correction of any errors in our files and/or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to seek legal action. Where applicable, you may also benefit from the right to request the erasure of your personal data, the right to restriction of processing of your data and the right to data portability.

 

More information about each of these rights can be obtained by consulting the table below.

 

In order to exercise your rights, you can contact us using the contact details set out above. Please note the following if you wish to exercise these rights:

 

Identity. We take the confidentiality of all records containing personal data seriously. For this reason, please send us your requests for such records using the email address associated with your CORE account. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.

 

Fees. We will not charge you a fee to exercise any right in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable fee in such circumstances. We will inform you of any fees applied before we resolve your request.

 

Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will notify you if we need more than one month. We may ask you to tell us exactly what you want to receive or what concerns you have. This will help us to act more quickly and shorten the time it takes to respond to your request.

 

Rights of third parties. We do not have to comply with a request if it would adversely affect the rights and freedoms of other data subjects.

Rights concerned

Description

Access

You can ask us:

· to confirm whether we are processing your personal data;

· to provide you with a copy of this data;

· to provide you with other information about your personal data, such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you through this notice.

Correction

You can ask us to rectify or complete your inaccurate or incomplete personal data.

We may attempt to verify the accuracy of data before rectifying it.

Data deletion

You can ask us to delete your personal data, but only if:

· they are no longer necessary for the purposes for which they were collected; or

you have withdrawn your consent (if the data processing was based on consent); or

· you exercise a legal right to object; or

· they have been processed illegally; or

· we have a legal obligation in this regard.

We are not obliged to comply with your request to delete your personal data if the processing of your personal data is necessary:

· to comply with a legal obligation; or

· for the establishment, exercise or defense of a right in court.

There are certain other circumstances in which we are not required to comply with your request to delete data, although these two are the most likely circumstances in which we might deny this request.

Please note that, before exercising this right, you should download from your CORE account and save all documents related to orders placed with CORE, regardless of whether the billing was made to you or to another natural or legal person (such as: invoices, warranty certificates). If you do not do this before exercising your right to deletion, you will lose all these documents and CORE will be unable to make them available to you, as the case may be, because the process of deleting data, namely the CORE account, with all its data and documents, is an irreversible process.

Restriction of data processing

You can ask us to restrict the processing of personal data, but only if:

· their accuracy is contested (see rectification section), to allow us to verify their accuracy; or

· the processing is unlawful, but you do not want the data to be erased; or

· they are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court; or

· you have exercised your right to object, and the verification of whether our rights prevail is ongoing.

We may continue to use your personal data following a restriction request if:

we have your consent; or

· to establish, exercise or defend a right in court; or

· to protect the rights of CORE or another natural or legal person.

Data portability

You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can request that it be "ported" directly to another data controller, but in each case only if:

the processing is based on your consent or on the conclusion or performance of a contract with you; and

· processing is done by automatic means.

opposition

You may object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interest, if you consider that your fundamental rights and freedoms override this interest.

You can also object at any time to the processing of your data for direct marketing purposes (including profiling), without giving any reason, in which case we will cease this processing as soon as possible.

Automated decision making

You may request not to be subject to a decision based solely on automated processing, but only when that decision:

· produces legal effects regarding you; or

· affects you in another similar way and to a significant extent.

This right does not apply if the decision reached as a result of automated decision-making:

· it is necessary for us to enter into or perform a contract with you;

· is authorized by law and there are adequate safeguards for your rights and freedoms; or

· is based on your explicit consent.

Complaints

You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows:

National Supervisory Authority for Personal Data Processing

B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212;

Email: anspdcp@dataprotection.ro

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issue amicably.

  • We remind you that you can contact the CORE Data Protection Officer at any time by submitting your request through any of the following methods:

– by e-mail at: contact@corefitness.ro.

bottom of page