Personal Data Protection Policy – updated according to the General Data Protection Regulation (GDPR) developed by the European Union
Starting from May 25, 2018, the General Data Protection Regulation developed by the European Union, known publicly as GDPR, comes into effect. The online store ionna.ro, hereafter referred to as the Site, operated by the company Ionna Plant SRL, hereafter referred to as the Company, fully complies with the GDPR and takes all necessary measures to keep user data safe, as we have always done.
Let’s understand what GDPR refers to:
Data subject (direct or indirect) – a person who can be identified by name, phone number, email address, data collected via mobile apps, IP addresses, or cookie files. The Company’s website is not intended for individuals under the age of 18.
Processing of personal data – any physical or electronic operation performed on personal data or data sets, including collecting, storing, recording, organizing, structuring, modifying, extracting, transferring, deleting, using, consulting, or making such data available.
Data controller – any natural or legal person, public authority, or agency that determines the purposes and means of processing personal data. For ionna.ro, the data controller is Ionna Plant SRL, referred to as the Company.
Data processor – any natural or legal person, public authority, or agency that processes personal data on behalf of the Company.
Pseudonymization or anonymization of data – refers to the processing of personal data so that they can no longer be linked to a specific individual.
Data encryption – refers to technical measures that make personal data incomprehensible to unauthorized individuals.
Data Subject Rights
1. Right to be informed and access data – Users have the right to be informed about the personal data processed by the Company and the purpose of the processing.
2. Right to rectification or erasure (right to be forgotten) – Users may request the correction or complete deletion of personal data processed by the Company.
3. Right to restrict processing – Users may request the Company to restrict or stop transferring their data to third parties. We share data with Fan Courier (for order delivery), our accounting firm (for invoice management), and newsletter platforms (if you subscribed).
4. Right to object to processing – Users may object to their data being processed for direct marketing purposes.
5. Right to data portability – Users may request their data to be transferred to other service providers.
6. Right not to be subject to individual decision-making – To exercise these rights, users can send a written request to ceo@ionna.ro, by mail, courier, or in person at our office: Strada Foltanului 65C, Galați.
Company Obligations under GDPR:
Legal basis for processing personal data – We process data to fulfill online orders, deliver products, send newsletters to subscribers, and improve the shopping experience.
The Company must respond to user requests within 30 days.
Data Security
The site is hosted on ionna.ro servers and secured via SSL certificate.
Personal data we process, how we collect it, and why we need it:
Account creation and order placement – We collect your name, email, delivery address, and phone number. These are shared with the courier (Fan Courier) and the accounting firm for invoicing.
Legal basis: contract fulfillment between the Company and the user.
Legitimate interest: fulfilling orders and complying with tax regulations.
Newsletter subscription – Your email address is added to our subscriber list. We use Retargeting for subscription collection and Newsman for sending newsletters. These platforms may use cookies for tracking email engagement.
Legal basis: our legitimate interest (Article 6(1)(f) of GDPR).
Product reviews – You can post reviews with a name, which will be published on our site and stored in our database.
Legal basis: our legitimate interest (Article 6(1)(f) of GDPR).
Phone calls – If you contact us via phone, we will collect your phone number and any shared information. We do not record calls.
Legal basis: our legitimate interest (Article 6(1)(f) of GDPR).
Contact form – You may leave a message via our site’s contact form. Your email is required for a response.
Legal basis: our legitimate interest (Article 6(1)(f) of GDPR).
Blog comments – You may leave comments with your name and email. Emails are not published but are stored.
Legal basis: our legitimate interest (Article 6(1)(f) of GDPR).
Card payments – If you pay via bank card, payment is processed by Mobilpay. We do not collect card information.
Email or phone communication – These channels are not entirely secure. Any data shared this way is done at your own risk. The Company is not liable for potential damages caused by communication through such channels.
We do not process sensitive personal data or criminal record information.
Information received from third parties
We may receive personal data from service providers.
Disclosure of data to service providers
We share personal data with service providers for operational, legal, and user experience reasons. Data is not shared unnecessarily. You may opt out of data sharing by sending a request to ceo@ionna.ro or by mail/courier/in person to our address.
Data may be shared with:
Fan Courier – for delivery (name, address, phone number).
Accounting firm – for fiscal compliance (invoice data).
Newsman – for newsletter delivery.
Social networks and search engines – as applicable.
Telecom providers – for call-related metadata.
The Company does not sell personal data to third parties.
Data retention period
We retain personal data as long as necessary to fulfill our legal obligations. If data is no longer needed, it will be anonymized. You may request data deletion by contacting us at info@ionna.ro or by mail/courier/in person.
What cookies we use
Cookies store your preferences for a better future experience. You may disable cookies via your browser settings. Disabling cookies may affect site functionality. Most websites use cookies as a standard feature.
Our site uses the following third-party cookies:
Google Analytics – for user behavior analysis.
Google Adwords – for advertising and promotions.
Facebook Pixel – for retargeting and advertising via Facebook.
Hotjar – for analyzing user experience.
If you do not want your data collected via third-party cookies, you can install an adblocker. Disabling cookies may impact site functionality.
