Identity and contact data of the operator
All personal data processing activities performed through the website (the „Website”) are performed by the company The Training Boutique SRL, with headquarters in Ostratu Village, Corbeanca Commune, 30D Hipodromului Street, Ilfov County, Romania, registered with the Trade Registry under no. J23/1727/2006, unique identification number 14823562 (the“Operator”). The representative of the Operator is Oliver Perkins, Director.

Contact data for any personal data protection related requirement
Any complaints or requests related to the protection of personal data can be sent to the e-mail address [] or through mail at the address [Ostratu Village, Corbeanca Commune, 30D Hipodromului Street, Ilfov County, Romania] in the attention of the data protection representative.

The purpose of data processing
The information that the Operator collects with respect to the Website’s users mainly consist of:

the electronic identification details of the website users along with any information provided by cookies and beacons as per our Cookie Policy [link to cookie policy] (IP address, browser type, time of browsing, browsed pages, any other information as per the Cookie Policy, etc.);
the identification details and contact data of actual and potential clients (including name, address, e-mail address, telephone number, etc.);
payment data, including those of debit cards (if applicable – includes credit card no. expiration date, CVV, name on credit card, withdrawn amount);
information on any purchased products and unsubmitted orders, usage of the Website and Website browsing habits;
information on any other submitted claims, requests or questions (including name, address, e-mail address, telephone number, query text etc.).
The purposes for which personal data is collected include:

the remote conclusion of a contract (letters b) and c) above);
the delivery of products (letter b) above);
answering any support, return or warranty request (letters b), c), and e) above);
direct marketing (letter b) above);
statistics related to the user activity performed within the Website (letters a) and d) above);
accounting and reporting (letters b), c) d), and e) above).
The Operator processes personal data based on the following legal grounds:

the preparation of execution and actual execution or conclusion of the contract with potential clients – letters (i), (ii) and (iii) above;
the legitimate commercial interests of the Operator, for example, preventing and preventing frauds improving services and products; the Operator shall evaluate its commercial interests depending on the case, in order to ensure that they do not prevail over the rights of the data subject – letter (v) above;
compliance with an imperative legal requirement, including, for example, accounting and legal requirements, which are subject to a strict internal policy (such as retention periods) – letter (vi) above;
the consent that data subjects give when the Operator – letter (iv) above.
Personal data recipients or recipient categories
Customers (members and guests) can pay by bank card via NETOPIA mobilpay. Bank card details (shopping value, card number, card name, expiration date, CVV code) and customer identification data (extracted from the Website) are processed – name, surname, phone, e-mail address, code the customer assigned by the merchant.

The purpose of processing is to make online payments through the NETOPIA mobilpay payment processor.

The legal basis is the execution of the contract in accordance with Article 6 (1) (b) of the GDPR.

The Operator’s customers are hereby informed that at the time of payment they will navigate to NETOPIA mobilpay’s website. The terms and conditions under which NETOPIA mobilpay processes payments are available here:

Personal data recipients or recipient categories
The Operator may transfer the personal data belonging to data subjects towards partners and collaborators only for performing its commercial activity. Third parties and processors that can receive personal data include:

delivery services;
the manufacturers, importers and suppliers of the products and services distributed by the Operator;
payment operators (e.g. Netopia Mobipay);
accounting firms, legal services suppliers;
e-mail marketing agencies and mass e-mail services (e.g. MailChimp);
website traffic monitoring services (e.g. Google Analytics);
other subcontractors.
The Operator will make sure that it concludes contracts with third parties that ensure an appropriate level of personal data protection.

The operator will not transfer personal data to a third country. As an exception, certain data on direct marketing or Website trafic may be transferred to third-country processors offering an equivalent level of protection or to the United States of America (EU-US Privacy Shield companies only).

If the Operator proceeds through a reorganization procedure (including merger, division, dissolution or liquidation) or sale to another organization, it will communicate the person’s information to the successor organization. Also, the Operator may transfer the data to a third person if an imperative requirement of the law so requires.

The personal data storage period
The Operator shall store the information belonging to data subjects for as long as required by the applicable legal provisions. If there is no applicable regulation, or if the mandatory legal term has passed, the Operator shall store the data only for as long as necessary, depending on the purpose they were collected for.

The data collected for direct marketing purposes shall be processed until the exercise of the withdrawal right.

The rights of the data subject
The data subject shall have the right to request the Operator, in relation to the personal data regarding the data subject, to grant the data subject access to them, to rectify or delete them, or to restrict their processing, or the right to oppose the processing, in compliance with the applicable regulations. The Operator shall ensure the right to data portability.

When the processing is based on the consent of the data subject, the data subject shall have the right of withdrawing their consent at any moment, without affecting the legality of the processing performed based on the consent given before the respective withdrawal.

The data subject has the right of filling a complaint at the competent National Supervisory Authority for Personal Data Processing or at any other competent authority, in case the data subject considers that the data subject’s data processing related rights have been breached.

Mandatory supply of personal data
The supply of certain personal identification data, such as name, e-mail address, physical address and telephone number, as well as the data corresponding to payment instruments or requested by payment processors are essential for concluding a remote contract and for the delivery of products.

Modifications of the document
The present information on personal data processing is periodically updated; every time the Operator makes a change it shall be updated on the Website.

Date of the last updated: November 2018