English Romanian
English Romanian

GBC Exim SRL, the owner of www.gbc.ro and holder of the European trademark GBC®, called hereinafter GBC, is a personal data operator registered with ANSPDCP under number 11551.  In order to access this website, your express agreement on the Terms and Conditions and on the Confidentiality Policy is required.

GBC, as an author/owner/administrator of the website www.gbc.ro, undertakes to observe the private nature and security of the information provided by you, inclusively of the personal data, irrespective of the mode by which you use or access this website; for such purpose, it developed and implemented this Confidentiality Policy.

GBC reserves the right to change and update at any times the content of www.gbc.ro, as well as the Confidentiality Policy and the General Business Terms and Conditions, without any prior notice.
For this reason, please visit periodically the General Business Terms and Conditions, in order to check the terms and conditions you agreed to comply with.

This confidentiality policy is valid starting from 01.01.2020. The latest date this Confidentiality Policy was revised is publicly mentioned on this page.

In this document, the words in the singular shall include the plural, the words in the plural shall include the singular, the words in the masculine shall include the feminine, and the words in the feminine shall include the masculine.
When this confidentiality policy refers to „we” or „our”, the company GBC EXIM SRL is concerned in all cases.

 

Definitions

» Personal data  any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person;

» Personal data processing – any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

» Storage – keeping on any kind of medium the personal data collected;

» Personal data filing system – any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;

» Controller – any natural or legal person, of private or public law, inclusively public authorities, their territorial agencies and bodies, which determines the purposes and means of the processing of personal data;

» Third party  any natural or legal person, of private or public law, inclusively public authorities, their territorial agencies and bodies, other than the data subject, controller or processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

» Recipient  any natural or legal person, of private or public law, inclusively public authorities, their territorial agencies and bodies, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients;

» Anonymous data  the personal data that, in virtue of their source or specific processing mode, cannot be attributed to an identified or identifiable natural person;

» Anonymized data  data are anonymized when any identification element disappears. If a remaining element may serve, by itself or together with others, for re-identification of a person, then anonymization was not performed, and the relevant data should not be kept. Once the data were fully anonymized, they are no longer protected by the Regulation;

» Pseudonymized data  the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. The association between data and the identifiers should not be possible directly. For the persons that do not have the decryption key, re-identification is difficult to perform. Pseudonymization may be very useful when data operators have to work with the same data subjects, but not all the people (such as employees) have to know the real identity of the data subjects. This pseudonymization technique should be included in advanced data processing systems or in new technologies already since the phase of their development;

» "Business contact" data  the identification data of a legal person which include, among others, name/designation, business address, telephone number or email address, which can be also assigned to an employee/representative of the relevant legal person, who contacts us in such capacity. „Business contact” data do not fall into the category of personal data, not being personal data of a natural person – representative/employee processed for another purpose, but only as data of the legal person, for business purposes in relation to it, respectively, for direct marketing (customized offers) or concentrated marketing. The data of the natural person obtained following the contact as a representative/employee should be psedonymized, if possible. By contacting us, the representative/employee of the legal person agrees on the collection, storage, processing and use of personal data they provide us with;

» Sensitive data  personal data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions and offences;

» Statistic data  data that were obtained following the processing by the controller of personal data, but which cannot be used for identifying a natural person, and are used exclusively for statistic and/or information, promotion purposes.

 

Collecting personal data

GBC may collect personal data from you, but only with your agreement, while certain data only if you provide them voluntarily. By accessing our website and providing us any personal data, you give your consent that all the personal data you provide (last name, first name, telephone number, email address, mail address – for courier deliveries) may be stored, processed and used by us, in the manner and for the purposes described hereinafter, in accordance with the relevant legislation in force.

We collect, process, use and store your personal data and the data about the equipment used by you (inclusively mobile devices) in the following cases: if you buy marketed products, if you use our services, you set up an account, you send us information by means of an online form, you add information/update your account, or if you contact us otherwise.

GBC collects information and processes statistical data about what pages you visit on websites, inclusively the IP address from which you visit the relevant website.
GBC may use on the website cookies or similar technologies, temporarily storing the personal data. Such technologies are used for allowing you an enhanced, faster and safer experience and for customizing the content and publicity, by tracking and directing depending on interests. Such data storage technology is in no way related to any identifying personal data; and the user may, at any time, erase, block or deactivate such data. The use of cookies and similar technologies for the purposes mentioned hereby is based on art. 6 par. (1) letter (f) in GDPR, given we have a legitimate interest in the appropriate operation of the website and in the statistical analysis of the use of our website. You can manage the cookies and cookie preferences from the settings of the browser or of the device used.

 

What categories of personal data we process

Mainly, we collect personal data directly from you, so that you have control over the type of information you provide. We receive such information when you create an account, when you place an order and in other similar situations. Thus, we collect, store, process and use information such as: product wanted, last name and first name, email address, delivery address, billing data, payment method, telephone number, bank card data and other such.
Further, we collect, store, process and use certain information about your behavior while visiting our website, in order to personalize the online experience and to make available tailored offers.
We do not collect, do not store, do not process and do not use sensitive data included by GDPR in special categories of personal data.

 

How and for what purpose we use your personal data

We use your personal data for various business purposes and according to the various legal grounds for processing.
We use your personal data in order to fulfill and perform the contract entered into with you and in order to make available to you our services (art. 6 par. 1 letter b) in GDPR), in order to comply with our legal obligation (art. 6 par. 1 letter c) in GDPR), or in order to protect your vital interests (art. 6 par. 1 letter d) in GDPR). The data processed by us in such context include the data of clients, employees, partners and suppliers, to the extent required for the purposes mentioned in this data confidentiality statement.

Therefore, we use the personal data collected:
(a) in order to enter into and perform the contract concluded;
(b) for online payment, for delivering the orders;
(c) for making you available our services;
(d) for providing access and allowing their use (inclusively for billing purposes).

Besides the operations required for carrying out our activity, we use personal data for developing our business, respectively, for publishing advertisements and other types of content, as well as for assessing and perfecting our services, for maintaining our services in safe and operational conditions and for adapting the content of the website and of the services based on the operations performed, depending on your preferences; for providing the services requested by email or phone; for contacting you, or for remedying the problems arising in relation to your account, for settling disputes, for recovering receivables; for detecting, preventing and investigating frauds, security breaches or other prohibited or unlawful activities.

We use personal data in order to pursue our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms (art. 6 par. 1 letter f) in GDPR). We implemented control mechanisms, in order to coordinate our interests and your rights, for the purpose of improving the services; for personalization, measurement and improvement of publicity; in order to contact you by email; in order to make you available concentrated marketing measures; in order to check our marketing campaigns; in order to monitor and improve information security.

In general, your email address is used for sending you an answer, and your message is kept for future reference, should you decide to contact us again. The email addresses of legal persons, as well as the name, position and other similar data of representatives/employees, provided together with electronic mail addresses, fall into the category of "business contact" data as defined hereby, and GBC shall be able to use them, inclusively to provide them to some third parties, except for the personal data of the natural person (representative/employee), having your consent according to this document.

With your consent (art. 6 par. 1 letter a) in GDPR), we are able to use your personal data for making you available publicity, inclusively for individualization, measurement and analysis, for the purpose of improving and customizing the user’s experience on our website, respectively, publicity tailored to your interests (direct marketing). We use the personal data collected, for using our services, for example: information required for offers, or for publishing an article and/or newsletters.

In order to subscribe to emails containing newsletters or information about our promotions and products, you may tick this option in your Account, or use the subscription forms available on our websites. Unsubscribing is possible at any time.

 

Changing the purpose of data processing

We store, process and use personal data only for the purposes we collected them for, unless we consider reasonably that we should use them for another purpose and that such purpose is consistent with the initial purpose. If your personal data are collected, used, distributed or stored for another purpose than the ones mentioned in this confidentiality policy, you shall be informed in advance about the personal data processing for such new purposes.

 

Transfer of personal data to third parties

GBC may disclose personal data to third parties if this is required by law, or in cases of good faith, when such actions are necessary for:

(a) complying with legal requirements;
(b) protecting and defending the property rights of GBC and of our websites or web applications;
(c) acting in emergencies for protecting the personal safety of employees, users of products or services or of public persons.

GBC may disclose personal data to third party service providers and to partners within financial institutions: for providing us assistance upon delivering our services (inclusively the feedback solution), upon making payments and upon providing personalized publicity.

When we are requested to provide personal data, or we allow others doing so, only those data required for meeting the request shall be disclosed. Insofar as we are to transfer to partners or third party suppliers also personal data, such operation is to be performed exclusively under a contract restricting the use of personal data by the third party and prescribing the latter to implement security measures with regard to such data, at least equivalent to ours. They are especially forbidden to sell, rent or disclose otherwise the personal data disclosed by GBC or accessed, taken over or acquired from GBC.
GBC does not sell, exchange or rent personal data to third parties.

 

Use of statistical data and of anonymous data

GBC may use statistical data or anonymous data arising from the processing in its capacity of operator, for the purpose of drawing up analyses/reports/briefs, for the purpose of publicizing, promoting, offering products and services.

 

Security of collected data

The confidentiality and protection of information collected from you are of paramount importance to us. When we receive the information submitted, we warrant you that we would make all the efforts required for ensuring its security within our systems, according to the security standards prescribed by the Romanian legislation in force.

Access to certain services and information on the website is protected by password. We recommend you not to reveal to anyone this password. GBC shall never request the password to your accounts, either by unsolicited messages or phone calls. We advise you not to reveal this password to any persons requesting it.

The products on this website are marketed online through online payment services. GBC and the online payment service provider warrant the security of its information systems and, implicitly, the security of data entered by you when completing the order.

As regards payments by bank card, through 33D Secure system used by the online payment service provider for payment by Visa or MasterCard, no information about your card shall be transferred or stored, at any time, on our servers or on the servers of our partners, this being entered directly in the Visa or MasterCard systems, as the case may be. Moreover, if your card was issued by a bank that is certified in the 3D Secure system, the transaction shall be authorized only after your authentication in such system – entering a secret code/password known only by you, similar to the PIN code for ATM transactions.

Read “Verified by Visa" and "SecureCode” for full details regarding the 3D Secure system. The personal data shall be collected by using an encrypted SSL connection, using a digital certificate issued by a Verisign company.

We protect personal data by means of appropriate security technical and organizational measures, in order to minimize the risks related to their loss, abusive use, unauthorized access, unauthorized disclosure and alteration. For such purpose, we use firewalls and data encryption, restrictions on physical access to our computer centers and controls for authorization of data access. The servers the website is hosted on are protected against physical access, being installed within precincts that are adequate from a technical and security standpoint. We make all the reasonable efforts, which are commercially justified, in order to protect your personal data collected, we review the new technologies in the area and, when and if necessary, we implement them in view of upgrading our security systems. All the measures implemented are constantly revised and updated when necessary.


External links

Our website may contain links to other websites, beyond the control of GBC, that we believe you will find useful. If you access such links, you will access/visit websites that may have a different confidentiality policy from the Confidentiality Policy of GBC. GBC does not assume any responsibility for the content of such websites or for potential claims against them.

We cannot warrant the integrity, confidentiality or security of your data after they were disclosed to a third party, even if you had access to the relevant third party’s websites through us. For such reason, we recommend you to read carefully the confidentiality policies, as well as the data security policies of your business partners, before performing a transaction and sending your personal data.


Minors

GBC does not sell products and/or services to minors. The online payment service provider may sell or receive consideration for some products/services meant for minors, but bought by an adult. We do not knowingly collect personal data from users that are considered children, according to the relevant national laws.
If you are a minor and you access a website, you may do it only if you are under the supervision of a parent or legal guardian.

 

Change of owner

In the event of a merger or of a takeover by another company, we are able to disseminate information to the relevant company, in accordance with our confidentiality policy. Should such an event occur, we shall request the new entity to comply with this confidentiality policy.


Enforcement of this Confidentiality Policy

Should you have any questions or complaints related to the Confidentiality Policy, to our data protection principles, related to the manner in which we handle the data, or should you require any information about the personal data processed by GBC, which concern you directly, please contact us at the email address info@gbc.ro.

 

Rights of the data subject

In accordance with the provisions of the European Regulation no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), you have the following rights: the right to be informed, the right of access, the right to rectification, the right to object, the right not to be subject to a decision based solely on automated processing, the right to restriction of processing, the right to erasure of data („the right to be forgotten’), and the right to data portability.
For any requests you may have with regard to exercising the rights aforementioned, you may send a notice to the email address info@gbc.ro.
Further, should you consider that your rights, as provided by the Law no. 677/2001, the GDPR Law no. 190/2018 or by the Regulation (UE) 2016/679 of the European Parliament and of the Council, were violated, you have the right to address the relevant authority in personal data protection matters (ANSPDCP – The National Authority for Personal Data Supervision and Protection).


You have the right to know what personal data we store about you (art. 15 in GDPR). Upon request, we will provide a copy of your personal data in a legible form (art. 20 din GDPR).
Should your personal data be inaccurate or incomplete, you have the right to request us to rectify them, respectively, to complete them (art. 16 din GDPR). You have the right to object, at any time, to the processing of your personal data.
Further, you may request us to erase or restrict your personal data; such a right may be limited, for legitimate reasons, in regard to certain data, and may be effective with regard to the access to some of our services (art. 17 and 18 in GDPR).
We shall not request any fee in consideration of your exercising any right with regard to your personal data, unless your request of access to information is ungrounded, recurrent or excessive, respectively, when you file more than one request per year. We shall inform you of any fees charged prior to the resolution of the request.
You may access, check and change your personal data by logging in your account, or by contacting us at info@gbc.ro.
Please update your personal data if changed or inaccurate.


Terms and Conditions of Use

Please access also the General Business Terms and Conditions section, valid also for your access/visit to the website.

 

Legislation

This confidentiality policy is governed by the Romanian legislation. In the event of any dispute, a settlement in an amicable manner should be attempted first, within 30 working days since filing the complaint with GBC offices.
If no agreement may be reached within the term aforementioned, the court of law within the same administrative structure as GBC office shall be considered as having jurisdiction.

 

Copyright

GBC is a trademark in Europe, and is owned by GBC EXIM SRL. GBC retains all its rights regarding the information provided directly, through our website, or posted on this website, regarding copyright, trademarks, as well as any other intellectual property rights. GBC holds the copyright both to any design, text, layout, as well as the intellectual property right to other content-related elements. Using them without the prior agreement of GBC is forbidden, and we reserve the right to act in court for any material and/or moral damages caused, related, inclusively and without limitations, to copyright, property right, intellectual property right, image right, or for any other damages related to our reputation or business and to any products or services we provide.

 

How long we keep your personal data

As a rule, we will store your personal data while you have an account on our websites or you are in a business relationship with GBC. You may request us, at any time, to erase certain information, or to cancel your account, and we will meet such requests, subject to keeping certain information inclusively subsequently to the cancellation of your account, should the relevant legislation or our legitimate interests require it.

We are legally obliged to keep basic information about our clients (inclusively contact data, identity data, financial data and transaction data) for a certain period of time after they cease to be our clients. The keeping period differs, depending on potential legal obligations of keeping the data (for example, subject to tax laws providing that mandatory accounts and supporting documents based on which entries in financial accounts are made should be kept in the archive of legal persons for a period of 10 years, or subject to national antifraud laws that prescribe keeping the personal data for a limited period of time; subject to the duration of product warranty, etc.).

After such period, the personal data shall be erased, and the remaining related information shall be anonymized and used for statistical and in-house review purposes. We reserve the right to anonymize the personal data, so that they cannot be any longer related to you, for research or statistical purposes; in such a case, we may use such information for an unlimited period of time, without notifying you in advance in this respect.

 

Trademarks

GBC is a trademark (®) in Europe of the company GBC EXIM SRL. Any other mark, product or company name/logo used on this website is under the license of the relevant owners.
GBC does not grant the freedom to use any such trademarks in view of prejudicing their owners.

 

Consent to the processing of personal data 

(1) I have read and fully understood the provisions of the Confidentiality Policy of the company GBC EXIM SRL, and
(a) I consent to the collection, storage, processing and use of my personal data, for the purposes mentioned in this document;
(b) by accepting to use the website, I express my agreement on the collection, storage, processing and use of my personal data, so that GBC is able to use the information for the purposes mentioned and for communicating with me in relation to the requests submitted, the processing of orders, forms, offers, as the case may be, etc.
(c) I allow the company GBC EXIM SRL contacting me for:
(i) sending an answer, providing technical and financial solutions, which may involve its own services and/or products or the ones of its collaborators;
(ii) processing and delivering the orders placed;
(iv) sending personalized offers, as the case may be,
(iii) providing the information requested through the consent granted.

 

--------------------------------------------------------------
Last revision: 5 March 2020