We consider ensuring the right to the protection of personal data as a fundamental commitment NORDEX, therefore we will dedicate all the necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 ("General Data Protection Regulation" or "GDPR") , as well as with any other legislation applicable on the territory of Romania. As one of the essential principles of this legal framework is transparency, we have prepared this document through which we want to inform you about how we collect, use, transfer and protect your personal data when you interact with us in connection with our products and services, including through our website or through the applications available on your mobile phone.
Who we are and how you can contact us
NORDEX is the trade name of NORDEX SRL., a legal person of Romanian nationality, having its registered office at:
Str. Vasile Lucaciu, nr. 163,
Baia Mare, Maramures, Romania
(hereinafter referred to as "NORDEX" or "we"). For the purposes of data protection legislation, we are a controller when we process your personal data.
As we are always open to finding out your opinions, as well as to providing you with any additional information you may need regarding the processing of your data, we encourage you to contact the Data Protection Officer NORDEX at the e-mail address office@NORDEX.ro .
What categories of personal data we process
In general, we collect your personal data. personal information directly from you, so you have control over the type of information you provide to us. By way of example, we receive information from you. thus:
When you create a NORDEX account, you send us: e-mail address, first and last name;
Within your page NORDEX you can add additional information, such as: photo, gender, nickname, mobile phone number, landline number, date of birth, level of education, delivery addresses, alternative e-mail address, bank card details, etc.;
When you place an order, you provide us with information such as: the desired product, name and surname, delivery address, billing details, payment method, phone number, bank card details, etc.
We can offer you the possibility to register in the NORDEX platform and through your Facebook or Google account. If you opt for one of these variants, you will be directed to a page operated by Facebook Inc/ Google LLC, where they will inform you of the transfer of your personal data. to NORDEX. You can review the privacy policies of Facebook and Google respectively, using the following links:
We may also collect and subsequently process certain information about your behavior while visiting our website or using the smartphone app in order to personalize your online experience and provide you with offers tailored to your profile. We invite you to find out more details in this regard by consulting the section on the purposes of the processing below.
We do not collect or otherwise process sensitive data, included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data of minors who have not reached the age of 16.
What are the purposes and grounds of the processing
We will use your personal data. personal data for the following purposes:
- For the provision of NORDEX services for your benefit .
This general aim may include, where appropriate, the following:
a) Creating and managing the account within the NORDEX platforms;
b) Processing of orders, including their collection, validation, dispatch and billing;
c) Solving cancellations or problems of any kind related to an order, to the purchased goods or services;
d) Return of the products according to the legal provisions;
e) Reimbursement of the value of the products according to the legal provisions;
f) Granting financing;
g) Provide support services, including providing answers to your questions about your orders or the goods and services NORDEX or partners in the NORDEX Marketplace.
Processing of your personal data for these purposes it is in most cases necessary for the conclusion and performance of a contract between NORDEX and you. Also, certain processing subsumed for these purposes is required by the applicable law, including tax and accounting legislation.
- To improve our services
We always want to offer you the best online buying experience. For this purpose, we may collect and use certain information in connection with your conduct. By Purchasing, we may invite you to complete satisfaction questionnaires following the completion of an order or we may conduct, directly or with the help of partners, studies and market research.
We base these activities on our legitimate interest in conducting business activities, always taking care that your rights and freedoms are not exceeded. fundamentals not to be affected.
- For marketers
We want to keep you up to date on the best offers for the products / services you are interested in. In this regard, we can send you any type of message (such as: e-mail/SMS/telefonic/mobile push/webpush/etc.) containing general and thematic information, information on products similar to or complementary to those you have purchased, information on offers or promotions, information on products added to the "Account / My Cart" section or the "Account / Favorites" section or you have shown interest in purchasing them, as well as other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the website and smartphone app. In order to provide you with information of interest to you, we may use certain data regarding your behavior. by the buyer (e.g. products viewed/added to wishlist/purchased) to create a profile for you. We always ensure that these processing is carried out in compliance with your rights and freedoms. and that decisions made on the basis thereof have no legal effect on you. and it does not affect you similarly to a significant extent.
In most cases, we base our marketing communications on your consent. Advance. You can change your mind and withdraw your consent at any time by:
– Changing the settings in the client account in the "My subscriptions" section;
– Accessing the unsubscribe link displayed in the messages you receive from us; or by
– Contacting NORDEX using the contact details described above.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business activity. In any situation where we use information about you. for a legitimate interest of ours, we take care and take all necessary measures so that your rights and freedoms are not exceeded. fundamentals not to be affected. However, you can ask us at any time, by the means described above, to stop processing your personal data. personal for marketing purposes, and we will comply with your request.
- For the defence of our legitimate interests
There may be situations where we will use or transmit information to protect our rights and business activity. These may include:
– Measures to protect the website and users of the NORDEX platform from cyber-attacks:
– Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
– Measures to manage various other risks.
The general basis of these types of processing is our legitimate interest in defending our business activity, it being understood that we ensure that all the measures we take guarantee a balance between our interests and your rights and freedoms. Fundamental.
Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the security of goods and values provided by the applicable legislation in this field.
How long do we keep your personal data? personal data
As a general rule, we will store your personal data. personal how long you have an account in the NORDEX platform . You can ask us at any time to delete certain information or close your account and we will comply with such requests, subject to the retention of certain information including after the closure of the account, in situations where applicable law or our legitimate interests require it.
To whom we transmit your personal data personal data
As the case may be, we may transmit or provide access to certain of your personal data. the following categories of consignees:
– companies within the same group of companies as NORDEX;
– courier service providers;
– payment/banking service providers;
– marketing / telemarketing service providers;
– providers of market research services;
– insurance companies,
– IT service providers;
– other companies with which we can develop joint programs for the market bidding of our goods and services.
If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We make sure that access to your personal data is available to you. by third parties, legal entities of private law are carried out in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
To which countries we transfer your personal data
We currently store and process your personal data. personal character on the territory of Romania.
However, we may transfer certain of your personal data. personally to entities located in the European Union or outside the Union, including in countries to which the European Commission has not recognised an adequate level of protection of personal data.
We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where applicable, other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data transferred from within the EU to the United States of America.
How we protect the security of your personal data personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
Transmission of your personal data personal data is made using state-of-the-art encryption algorithms and we store them on secure servers, while ensuring data redundancy.
Any payment information is encrypted using HTTPS technology with TSL 1.2 encryption.
Despite the measures taken to protect your personal data. Personally, we draw your attention to the fact that the transmission of information over the Internet in general, or through other public networks, is not completely secure, there is a risk that the data will be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.
What rights do you have
The General Data Protection Regulation recognizes a number of your rights in relation to your personal data. personal. You can request access to your data, correct any mistakes in our files and/or object to the processing of your personal data. personal. You can also exercise your right to complain to the competent supervisory authority or to appeal to the courts. Where applicable, you may also have the right to request the erasure of your personal data. personal, the right to restrict the processing of your personal data. and the right to data portability.
In order to exercise your rights, you can contact us using the contact details set out above. Please note the following if you wish to exercise these rights:
Identity. We take seriously the confidentiality of all records containing personal data. For this reason, please send us your requests. regarding such records using the e-mail address related to the NORDEX account. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.
Fees. We will not charge you for exercising any rights in respect of your personal data, unless your request for access to the information is unfounded, i.e. repetitive or excessive, in which case we will charge a reasonable amount in such circumstances.
Duration of response. We intend to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we are going to respond within a maximum of two months. We will let you know if we will need more than a month. We may ask you if you can tell us exactly what you want to receive or what you are worried about. This will help us to act faster and shorten the response time to your request.
- We remind you that you can contact at any time the data protection officer NORDEX by sending your request through any of the following ways:
– by e-mail at the address: email@example.com or
– by post or courier at the headquarters with the mention in the attention of the Data Protection Officer NORDEX.
The GDPR regulation in Romanian can be consulted in full here