MULTIPLEC GOLD S.R.L. guarantees the security and confidentiality of the data hosted and transmitted through its computer system. This information may be used by MULTIPLEC GOLD S.R.L. to send the user order confirmations, various special offers, promotions, etc. only with the consent of the person concerned.

The provision of personal data to MULTIPLEC GOLD S.R.L. does not imply any obligation on the part of the users, and they may refuse to provide such data under any circumstances and may request free of charge their deletion from the database

MULTIPLEC GOLD S.R.L., owner of the online platform, does not intervene directly or indirectly on the databases where information about clients is stored.

In order to make possible the invoicing, dispatch and delivery of orders placed, the user must agree that MULTIPLEC GOLD S.R.L. may collect and process the data entered, according to the requirements of Law no. 679/2016 (GDPR).

Translated with DeepL.com (free version)

In accordance with the requirements of Law no. 679/2016 (GDPR) for the protection of individuals with regard to the processing of personal data and the protection of privacy in the electronic communications sector, MULTIPLEC GOLD S.R.L. has the obligation to manage in safe conditions and only for the specified purposes, the personal data provided.

In this respect, MULTIPLEC GOLD S.R.L. has developed a series of technical and organizational measures to prevent the risks that may arise in the processing of personal data.

The processing of personal data within the organization is conditioned by a series of technical and organizational measures in order to secure them.

These measures are designed to protect information within the organization against security incidents.

At organizational level, the following security measures have been taken to reduce risks:

Technical measures:

SSL certificate – is intended to secure the exchange of information over the Internet. It encrypts information before it is sent over the Internet. Encrypted information can only be decrypted by the server to which it is addressed. This guarantees that information sent to a website/online platform will not be stolen, intercepted, processed.

Bank card information, passwords and in general any information that is intended to remain private is secured by this certificate.

  • The SSL certificate of the online platform MULTIPLEC GOLD S.R.L. is also used to secure e-mail correspondence, so that the personal data of the customers to circulate in a secure environment and regulated by a series of security measures that ensure the confidentiality of information.
  • Automatic back-up – set at a time interval to guarantee the information and so that all customers can be sure that the information and preferences they have provided do not disappear and are not destroyed, lost or incorrect in the event of a server failure.
  • Anti – spam and antivirus filters that prevent the infiltration of malicious content or viruses that may process data in an unauthorized way or that may transmit them to other entities or persons who have not obtained the consent of the data subject.
  • Protect the client profile content by introducing a more complex password generation rule. The client is asked, when creating an account, for a password meeting a higher complexity criterion (alphanumeric + special characters);
  • Securing modules and scripts that communicate within the platform. Constantly check the functioning of the elements involved in client-server, server-client interaction.
  • Verification and optimization of the modules in order to keep them up-to-date in order to prevent vulnerabilities.This measure prevents the identification of vulnerabilities at global level in the platforms used, 0-day type vulnerabilities that can intercept the exchange of data and implicitly personal data in the interactions of the customer with the platform or of the process owner with the customer and the platform.
  • Classification of access types by the process manager – administration groups, possibility to add or remove certain rights on a user with full access – customization of access as needed.
  • Password protection of the device on which the process owner performs data processing to prevent unauthorized intervention.
  • Firewall – software program and hardware component installed in the server location of the company that offers hosting of the online platform, are designed to protect the server and network equipment against computer attacks, unauthorized intrusion attempts, installation of malicious software applications that may endanger the personal data of platform users. The firewall blocks access by unauthorized persons to information stored on the equipment connected to the Internet.
  • Access to the data processing systems where personal data is processed is possible only after the authorized person has been successfully identified and authenticated (e.g. with username and password or chip/PIN card), using the most advanced security measures. In case of lack of authorization, access is denied.
  • All access attempts, both successful and unsuccessful, are logged (user ID, computer, IP address used) and archived in a format according to the audit rules for 3 months. In order to detect misuse, the server performs repeated, random checks;
  • Access is blocked after repeated incorrect login attempts.
  • Constant checking for vulnerabilities in the platform that could allow the extraction of personal information and data. The hosting has security measures and solutions that scan recurrently the processed files and the data flow circulating inside the platform;
  • Combating the risks of security breaches by taking technical and organizational precautions by securing the platform and constantly updating it with stable versions.
  • Password securing the equipment that has direct access to the order table and to the customer’s delivery/invoicing data to prevent unauthorized access and therefore unauthorized processing by unauthorized persons.

Organizational measures:

  • Destruction of documents that are no longer needed (notes, erroneous invoices, etc.) using a document shredder at the disposal of the process manager;
  • Eliminating the risk generated by the human factor by prohibiting the processing of information outside the secure platform with the exception of the preparation of the transport notes in the courier company’s platform, which is also a secure environment;
  • Adopt security measures without differentiating between types of customers (new / existing / potential);
  • Adopting an internal policy for checking processes and processing when delivering the product or taking information about an order or possible offer;
  • Avoiding differentiation between customers through mechanisms that may profile the person concerned positively or negatively. For this reason, we do not ask for personal data such as sexual orientation, sexual interests, gender, religion, membership of movements or groups, etc. Customers are free to order and choose what they want. Through this measure, we consider that we respect the integrity of the person and avoid any trace of analysis/profiling based on these criteria.
  • Updating the Privacy Policy and Terms and Conditions MULTIPLEC GOLD S.R.L.
  • Informing customers about the delivery, return and order processing procedure;
  • Training the process owner on the risks of processing personal data outside the online platform.
  • Train the process manager on the need to notify in case of a major security incident.
  • Training of the process manager on how to handle situations that may occur when processing data within the platform (errors, user errors).
  • Training the process owner on the use of the information they process and awareness of the nature of personal information;
  • Prohibiting data processing outside the platform by managing orders directly in the user interface of the platform, making it unnecessary to process data in other insecure and vulnerable environments.
  • The process owner is regularly trained on:
  • Data protection principles, including technical and organizational measures
  • The requirement to maintain data secrecy and confidentiality with respect to the organization’s secrets and trade secrets, including transactions;
  • Correct, careful use of data, data media and other documents;
  • Telecoms secret;
  • Other specific confidentiality obligations where necessary;

From a processing point of view, within MULTIPLEC GOLD S.R.L., personal data are processed only for the purposes for which the consent of the data subjects has been obtained, including for parallel purposes and for the conclusion of a contract or the delivery of a product to the customer, requested by the customer.

Given that this organization conducts its business mostly online, the processing of customer personal data is transmitted online through the applications and platform on which orders and requests for quotation are requested. The data collected is minimized and is directly related to the purpose for which consent has been obtained and is necessary to contact the customer in case of a quotation request or to deliver and make available the ordered product/service as required or return it.

MULTIPLEC GOLD S.R.L. legal entity registered at the Trade Register (J03/2120/2020, CUI 25918560) is a direct operator. The purpose of processing personal data is the provision of products and services through the online platform as well as the parallel purposes of this activity: return of products, processing of information necessary for delivery, improving the user experience by retaining certain settings or preferences, after obtaining consent, price changes, characteristics of products/services, changes in stock, promotions, billing.

The categories of persons targeted are: current / potential customers or website visitors.

The ways data subjects are informed about their rights are:

  • Privacy Policy ;
  • Terms and conditions of use of the online platform/shop;
  • On the website in a dedicated section;
  • By email following registration in the platform, as well as in case the customer requests additional information, requests for quotation;
  • In the contact form on the website (please attach the document);

The exercise of the rights provided for by Law 679 / 2016 (GDPR) is entirely incumbent on the controller who has the legal obligation to designate a person responsible for processing personal data within the organization. This person will develop a set of technical and organizational measures to secure the data processing and has the obligation to inform the controller about the nature of the processing processes, types of information and how, these processes are carried out within the organization. The controller has the responsibility and obligation to ensure that these measures are implemented, that there is no risk of security breaches or information leaks as well as compliance with the legislation in force regarding data processing and the rights of data subjects.

The following personal data are processed through the online platform:

  • name and surname
  • email
  • phone/ Fax
  • address

MULTIPLEC GOLD S.R.L. does not process special categories of data.

MULTIPLEC GOLD S.R.L. does not transfer data abroad or to third parties

The processing of personal data is unrelated to other record systems. The actual activity of the company is to take orders initiated by customers through the online platform, to store and process them in order to invoice, ship and deliver the ordered products.

The information entered by the customer on the platform is processed and stored strictly in accordance with the purposes for which the customer’s consent has been given:

  • Invoicing;
  • Delivery;
  • Withdrawal from a concluded contract (withdrawal can be made in accordance with the law, taking into account the conditions under which this contract was initially concluded and the legal provisions initially agreed);

The purpose of data collection is to bill orders, send correspondence and fulfill orders. If you refuse to provide the data, your order cannot be placed on this site and processed as required, and it is impossible to fulfill the purpose.

According to Law no. 679/2016 (GDPR), the user benefits from the right of access, the right to be forgotten, the right to porta portability of information and personal data, the right to intervene on the data, the right not to be subject to an individual decision and the right to appeal to the courts. He also has the right to object to the processing of personal data and may request deletion of data. To exercise these rights, the user can send a written, dated and signed request to office@efstore.ro. Also, if any of the user data is incorrect, we ask that this be brought to our attention so that we can make the necessary corrections.

Shopping Basket
Cart
Checkout - 0,00 lei
  • 0
  • 1
Scroll to Top