Privacy Policy

The data controller, S.C. DailyDriven United S.R.L., processes personal data only for specific and justified purposes related to its activities through the online store secretcards.ro. This privacy policy applies to personal data processing activities carried out on our website.

This privacy policy has been prepared to provide you with information about our personal data processing practices, in accordance with EU Regulation 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").

We will process the personal data we collect in the context of:

This Privacy Policy may be modified in accordance with legislative updates or changes in the operation of our website. If modifications require consent, we will request your agreement.

• Orders placed in the online store secretcards.ro
• Account creation and website access
• Communications we have with customers

We process several categories of personal data depending on the purpose of processing and the contractual relationship we have with you.

Categories of data we process:

• Identification data: name, surname, delivery address, billing address
• Contact data: email address, phone number
• Financial data: bank details for online payments (processed by the payment provider)
• Technical data: IP address, browser type, operating system, browsing data

We process personal data in accordance with EU Regulation 679/2016, based on the following legal grounds:

• Performance of a contract or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR)
• Compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR)
• Legitimate interests pursued by the controller (Art. 6(1)(f) GDPR)
• Consent of the data subject (Art. 6(1)(a) GDPR)
• Protection of the vital interests of the data subject or of another natural person (Art. 6(1)(d) GDPR)

Where the processing of data is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

We collect personal data directly from you in various circumstances:

Situations in which we collect data:

• When you place an order on our website
• When you create a user account
• When you contact us for questions or support

Providing personal data is mandatory for the performance of the contract between us (order processing, product delivery).

The data required to complete an order is marked as mandatory in the order form. Without this data, we will not be able to process your order.

Certain data is optional, and you may choose not to provide it without affecting the basic contractual relationship.

Refusal to provide mandatory personal data may result in our inability to provide our services or complete orders.

We will not be able to process orders without the necessary data for delivery and invoicing.

We process personal data for the following purposes:

• Processing and delivery of orders placed on the website
• Issuing invoices and accounting documents in accordance with applicable legislation
• Communicating with customers regarding order status and other relevant information
• Managing user accounts
• Improving services and user experience on the website
• Compliance with legal obligations (accounting, taxation)

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you.

We may use anonymized data for statistical analyses to improve our services.

We retain personal data for as long as necessary to fulfill the purposes for which they were collected, including to comply with legal obligations.

Data associated with your account will be retained as long as the account is active or as necessary to provide you with services.

Tax and accounting documents are retained in accordance with applicable legislation (generally 10 years).

We may disclose your personal data to third parties in certain circumstances necessary for providing our services:

Partners and service providers: courier companies for product delivery, payment processors for online transactions, IT and hosting service providers.

Public authorities: when the law requires us to do so or to defend our legal rights.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure.

These measures include: SSL encryption for data transmission, restricted access to data based on the need-to-know principle, data backup and recovery procedures, staff training on data protection.

As a data subject, you have the following rights under GDPR:

• Right of access - You may request confirmation that your data is being processed and obtain a copy of it.
• Right to rectification - You may request correction of inaccurate data or completion of incomplete data.
• Right to erasure - You may request deletion of your data in certain circumstances provided by law.
• Right to restriction of processing - You may request restriction of data processing under certain conditions.
• Right to data portability - You may receive your data in a structured, commonly used, and machine-readable format.
• Right to object - You may object to data processing in certain situations, including direct marketing.
• Right not to be subject to automated decision-making - You have the right not to be subject to a decision based solely on automated processing.

To exercise your rights, you may contact us at the email address: [email protected].

We will respond to your request within 30 days of receipt. In complex cases, this period may be extended by an additional 60 days, with prior notification.

Exercising your rights is free of charge. However, in the case of manifestly unfounded or excessive requests, we may charge a reasonable fee or refuse to comply with the request.

If you believe that the processing of your personal data violates GDPR provisions, you have the right to lodge a complaint with the competent supervisory authority: