1. Introduction
IMPKONSEPT S.R.L. with headquarters in Valea Adânca Village, Miroslava Commune, St Morarilor, No.21, attic, room 1, Iasi County, registered with the Trade Register under no. J22 /1881 /20.06.2017, CUI 3779389, hereinafter referred to as WOODENECO, sells and distributes on the Romanian territory light fixtures made of wood.
This information note refers to the personal data processing activities carried out by the company IMPKONSEPT S.R.L.
The information note regarding the processing of personal data applies to all the processing of personal data that we carry out, as well as to all interactions with our website hosted in the field of www.woodeneco.com.
2. The name of the data controller and the owner of the website
S.C. IMPKONSEPT S.R.L. is a personal data operator and the owner of the www.woodeneco.com
3. Our activity
We, at IMPKONSEPT S.R.L. known as WOODENECO, make every effort to offer our customers a wide range of light fixtures made of wood.
In addition to our products and in order to develop existing relationships with our customers or future relationships, we support and contribute to a better understanding of the legal framework and we make continuous efforts to inform you about the new products to be launched by our company. In this regard, we produce and carry out promotional campaigns, information through newsletters and other informative materials to all persons in our database, which were collected either as a result of purchasing WOODENECO products or by subscribing to newsletter on the www.woodeneco.com website.
4. The personal data we process
The collection of your personal data is strictly limited to what is necessary to provide you with the highest quality experience regarding our products and the use of our website.
The personal data we process may include:
a. basic data for invoicing and delivery of products purchased from the www.woodeneco.com website such as name, surname, CNP(Social Security Number), full address, postal code, for individuals and for legal entities we collect the identification data of the company;
b. bank account and other financial information that allow us to carry out the contractual relationship of any kind, when it exists;
5. How we collect personal data
We collect only the data that you voluntarily provide us(electronically), as well as the information available on public sources:
Through our website; when placing an order, creating an account, filling the contact forms/ordering or subscribing to the newsletter.
When contacting us through e-mail, if you express you interest in selling or purchasing out products.
6. Legal grounds and purposes of processing
Because you are entitled to know the purpose for which we process your personal data, we will inform you before processing your personal data for another purpose other than the one for which you have entrusted us with your personal data.
The reasons why we collect your information and data are:
To inform you about the new products sold
In order to be able to send you the products ordered through our website
For issuing tax invoices related to the purchase of products sold by our company through the website www.woodeneco.com
To notify you of discounts, discounts, promotional packages or profile events at which Our team will be present.
7. Storage time
The data collected after placing an order on the www.woodeneco.com site and necessary for the issuance of fiscal invoices, are kept in the accounting archive for a period of at least 10 years from the date of issue. (this is how the tax code law provides.)
If at any time you decide that you no longer want to benefit from the Information Service (Newsletter or Member Account) and you withdraw your consent, we will respect your decision and we will no longer process your personal data for this purpose.
8. Third parties
As a rule, we do not disclose or transfer your personal data to third parties.
For the processing of personal data, we can use empowered persons, for example, providers of IT solutions necessary for business administration, including financial accounting solutions, contact management solution providers or conference organizers. With all the proxies we will conclude personal data processing conventions with appropriate clauses to ensure that the authorized persons assume obligations to process personal data (including their deletion) in full compliance with the applicable laws and which provide an adequate level of protection of your personal data.
9. Security of personal data
Personal data is secured against threats and we ensure that they are protected by security measures and appropriate IT infrastructure. Moreover, we have implemented internal measures that allow us to discover, notify and document breaches of personal data security in the shortest possible time.
Access to the www.woodeneco.com website is made through secure HTTPS connection, and card payments made on our website are also made through a secure connection through the EUPLATESC payment processor.
If we discover a breach of the security of your personal data that poses a risk to your rights and freedoms, we will notify the National Supervisory Authority regarding the Processing of Personal Data.
10. Security measures according to GDPR in the MxHost web hosting infrastructure – where the website www.woodeneco.com
MxHost shared hosting and VPS servers are currently hosted in the GTS Telecom Cluj-Napoca data center; data center is ANCOM certified and is at tier III level according to Uptime Institute. The internet network is protected by the advanced solution of DDOS Protect ARBOR with local protection capacity up to 20 Gbps.
At the level of access to servers, it is allowed only to authorized persons in the company. the access to the racks is based on the card and the entire location is under video surveillance 24/7.
Servers have installed protection systems against external attacks, CSF firewall is installed that limits access only to certain ports in the server, blocks the source IP when repeated authentications fail and keeps track of root logins in the server.
Another protection used is Mod_Security - firewall for open-source web applications (WAF) , it is designed to offer a range of capabilities for filtering requests and response to the Hypertext Transfer Protocol along with other security features on several different platforms, including Apache:
HTTP Server, [1] [2] Microsoft IIS and NGINX [3]
Security monitoring and access control
Full HTTP traffic
Assessment Security
Assessment Passive security
Assessment Simple request or Regular expression-based filtering
Validation of URL encoding
Prevention of byte attacks
Identification of server identity
Load memory limits
At the server level we also use the CPanel control panel, through which users can manage their entire hosting account. The control panel is configured to make daily security updates if they are made available by the developer.
The servers are configured at the kernel level with the KernelCare module which every two hours check if there have appeared security patches at the kernel level and apply them without restart.
The backup systems used by our company use a private network separate from the Internet network. The network is accessible only through VPN, and backup archives are kept on different servers than the production server. At the moment we use R1Soft to back up together with a rsync system. The data on the backup servers are kept on servers to which only certain authorized persons in our company have access.
11. Your rights regarding the processing of personal data
You have the following rights regarding the processing of your personal data:
1. Right of access to personal data.
2. The right to obtain the rectification of inaccurate personal data.
3. The right to obtain the restriction of the processing of personal data. This right is available to you when:
you dispute the accuracy of your personal data that we process;
the processing of personal data is illegal, we do not need your personal data for the purpose of processing, but you request their storage for the establishment, exercise or defense of a right in court,
you oppose the processing of your personal data, for the period of time we verify the existence of our legitimate interest in the processing of your data.
If you have any questions about the processing of your personal data or if you wish to address us any request, as well as to exercise any of your rights regarding the processing of personal data, please contact us at:
– e-mail address: orders@woodeneco.com
– phone: +40749.417.736
– headquarters: Valea Adânca village, Miroslava commune, jud. Iasi, Str Morarilor, Nr.21.
We will analyze each request and we will communicate the actions taken in this regard in the shortest possible time, but not later than one month from the moment of registering your request. If we need more information from you or we have difficulties in solving your request, we will inform you without delay that we need additional time to properly analyze your request. If you believe that we have not solved all your requests or you are unhappy with the answer, you can file a complaint with the National Supervisory Authority for Personal Data Processing. You can also address the courts.
12. Changes to the Information
Note If we decide to modify this information note, we will publish a new version here, which will replace it.
Thank you for entrusting us with your personal data and for giving us the necessary time to read our information note on the processing of personal data. Please do not hesitate to contact us if you have any other questions about your personal data and how we process them.
Published on 10.05.2020 by S.C. IMPKONSEPT S.R.L.