User Privacy Notice

We consider ensuring the right to the protection of personal data as a fundamental commitment of our company, therefore we will devote all the necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as with any other legislation applicable on the territory of EU.

As one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services including through our website.

We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. In case of any such change, we will display on our website the modified version of the Privacy Policy, which is why we ask you to periodically check the content of this Privacy Policy.

 

The current version entered into force on 01.06.2023.

 

1.      Data Controller- Who are we?

 

The data controller is SC Star Dapple SRL, (will be referred as “Star Dapple” or “us”) a limited liability company organized and operating in accordance with Romanian legislation, with its registered office in the Municipality of Galati, registered with the Trade Register under no. J17/286/20.02.2023, having the unique registration number 47667524, represented by Iordache Denis– Administrator who can be contacted at e-mail contact@stardapple.com.

The Privacy Policy explains the practices of SC Star Dapple SRL regarding the application of GDPR provisions, as well as the rights you enjoy regarding the way your information is collected, processed, and stored, through the website and the offline interaction with our employees.

If you have any questions about this privacy policy or what it derives from, please contact the data controller.

2.      What personal data do we collect?

 

• Through the contact form on the website we collect:

• Name
• Email address
• Phone
• Your message

 

• When registering for a new account as a seller we collect:

• Full Name
• Username
• Email address
• Phone number
• Store Name
• Address

 

• When registering for a new account as a buyer we collect:

• Name
• Email address
• Billing Address
• Delivery Address
• Phone number

 

• When registering for the newsletter we collect:

• Name
• Email address

 

• When using our chat platform we collect:

• Your messages with the other users and data related to the possible transactions.

       2.6.  On our website we collect:

• Information about your behaviour while visiting our website, to personalize your online experience and provide you with offers adapted to your profile, according to the Cookie Policy.

We do not collect or otherwise process sensitive data, included by the General Data Protection Regulation in special categories of personal data.

Also, we do not want to collect or process data of minors, the site is intended for adults. If you provide us with sensitive data, it will be deleted.

 

3.      What is the purpose of collection and what are the legal grounds?

 

We process your personal data for various purposes and based on several different legal bases that allow this processing.

For example, we process your personal data to provide and improve our Services, to provide you with a personalized user experience on this website, to contact you about your account and our Services, to provide customer service, to provide you with personalized advertising and marketing communications, and to detect, prevent, mitigate and investigate fraudulent or illegal activity.

We also share your information with third parties, including service providers acting on our behalf, for these purposes and in order to fulfil our contract with you under the User Agreement and, if applicable, the Payments Terms of Use.

3.1. Data obtained through the contact form

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: To respond to inquiries and messages we receive and to keep records of correspondence.

 

3.2. Data obtained by registering for an account in order to buy/sell

Legal basis for processing: your consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: You consent to create an account on Star Dapple to use the services we provide. You are aware that data is stored outside the EU and can be subject to other legal provisions that do not offer the same protection degree as EU laws.

3.3. Data obtained by placing an order

Legal basis for processing: necessary for the performance of a contract (Article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

We need the data for the:

• Provision of our Services, including but not limited to enabling and performing transactions with other users (including the transmission of your personal data to other users where necessary to perform the transaction, including in cases of terminated, failed, or subsequently voided transactions, e.g. by sharing your return address so a buyer may return an item), displaying your transaction and feedback history to you.

• Provision of our payment services in accordance with the Payments Terms of Use.
• Providing general customer support

3.4. Data collected using the newsletter subscription form

Legal basis for processing: your consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: You consent to receive marketing and commercial communication from Star Dapple.

3.5. Data collected using the chat app

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: ensuring that all the transactions are performed using the tools provided by the platform and the users are not using the chat tool as a way to bypass the platform and elude the due fees in case of a transaction.

Automatic filtering and, where necessary, manual review of messages sent through our messaging tools to prevent fraudulent or suspicious activity or violations of our User Agreement or other rules and policies, including enforcing the prohibition of purchases and sales outside of Star Dapple.

3.6. Data collected on the site

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: improving our website for our website users and knowing the preferences of website users so that our website can better respond to their needs and wishes.

4.      Where do we store and how long do we keep your data?

 

Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this User Privacy Notice.

Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged or permitted to keep your personal data longer (e.g. for legal compliance, tax, accounting or auditing purposes, or to detect and prevent fraudulent or illegal activity).

In Europe, the retention periods are generally 10 years (e.g. for contracts, notifications, and business letters). As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g. by restricting access to it).

This applies in particular to cases where we may still need the data for the execution of the contract or for the assertion of or defense against legal claims, or where such retention is otherwise required or permitted by law. In these cases, the duration of the restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired.

4.1. Data obtained through the contact form

Kept for 3 years on the email server and archived afterward in a password-protected offline archive. All the data sent to us is stored on servers owned by NameHero.com, a company located in the US, under the respective jurisdiction.

4.2. Data obtained by registering for an account in order to buy/sell, data regarding orders, and the chat app

Kept for as long as the account is active (at least 1 login) and 5 years after that. If an account is not active for 5 years is marked as inactive. Inactive accounts are deleted after 1 year with all corresponding data. All the data sent to us is stored on servers owned by NameHero.com, a company located in the US, under the respective jurisdiction.

4.3. Data collected using the newsletter subscription form

Kept on the Mailchimp.com servers,  a company located in the US, under the respective jurisdiction, as long as the user does not unsubscribe.

4.4. Data collected on the site

The data collected on the site are automatically stored according to the Cookies Policy, by category.

 

5. Disclosure of personal data to third parties

 

We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. In order to reconcile our legitimate interests with your rights, we have introduced appropriate control mechanisms.

5.1. Disclosure of user data to third parties: if you give your consent for a firm order and the conclusion of a Contract, your data is provided to third parties, in order to be able to realize the object of the contract: respectively the processing and delivery of the order. The personal data entered in the fiscal documents are processed by third parties (accounting companies, payment processors, delivery companies) in order to fulfill the legal and financial obligations and fulfil the order.

Currently, our providers are the following, together with their current privacy policies:

• PayPal
• Stripe
• DHL
• USPS
• FedEx
• Accounting company

If you would like additional information about the identity of service providers, please contact us directly via our contact form or by email and we will provide such information to you where you have a legitimate reason to request it).

5.2.User data is not sold to third parties.

5.3. For continued compliance with laws, regulations, and other legal requirements

We will use and process your information to comply with the legal obligations to which we are subject. For example, we may be required to disclose your information pursuant to a court order, if we receive one.

Legal basis for processing: compliance with a legal obligation [Article 6 paragraph (1) letter (c) of the General Data Protection Regulation.

Legal obligation: legal obligations to disclose information that are part of the laws of Romania or if they have been integrated into the legal framework of Romania (for example in the form of an international agreement that Romania has signed).

 

6. What rights do you have as a Data Subject?

 

6.1.Access right

You can ask us:

• to confirm whether we are processing your personal data;
• to provide you with a copy of this data;
• to provide you with other information about your personal data, such as what data we have, what we use it for, whom we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you by this notice.

 

• Correction right

• You can ask us to correct or complete your inaccurate or incomplete personal data.
• We may attempt to verify the accuracy of the data before rectifying it.

 

• Data deletion

You can ask us to delete your personal data, but only if:

• they are no longer necessary for the purposes for which they were collected; or
• you have withdrawn your consent (if the data processing was based on consent); or
• exercise a legal right to object; or
• they were processed illegally; or
• we have a legal obligation to do so.

We are not obliged to comply with your request to delete your personal data where the processing of your personal data is necessary:

• to comply with a legal obligation; or
• for establishing, exercising or defending a right in court.

There are certain other circumstances in which we are not obliged to comply with your data deletion request, although these two are the most likely circumstances in which we may refuse your request

 

• Restriction of data processing

You can ask us to restrict the processing of your personal data, but only if:

• their accuracy is disputed (see rectification section), to enable us to verify their accuracy; or
• the processing is illegal, but you do not want the data to be deleted; or
• they are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court; or
• you have exercised your right to object and checking whether our rights prevail is ongoing.

We may continue to use your personal data following a restriction request if:

• we have your consent; or
• to establish, exercise, or ensure the defence of a right in court; or
• to protect our rights or that of another natural or legal person.

 

• Data portability

You may ask us to provide your personal data in a structured, commonly used and machine-readable format, or you may request that it be “ported” directly to another data controller, but in each case only if:

• the processing is based on your consent or the conclusion or performance of a contract with you; and
• the processing is done by automatic means.

 

• Opposition

• You can object at any time, for reasons related to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.

 

• You can also object to the processing of your data for direct marketing purposes (including profiling) at any time without giving any reason, in which case we will stop this processing as soon as possible.

 

• Automated decision making

You can ask not to be the subject of a decision based solely on automated processing, but only where that decision:

• produce legal effects with respect to you; or
• affects you in another similar and significant way.

This right does not apply if the decision reached by automated decision-making:

• it is necessary for us to enter into or perform a contract with you;
• is authorized by law and there are adequate safeguards for your rights and freedoms; or
• is based on your explicit consent.

 

Claims

You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data.

In Romania, the contact details of the supervisory authority for data protection are as follows:

The National Supervisory Authority for the Processing of Personal Data

E-mail: anspdcp@dataprotection.ro

At EU-level you can contact the authorities here: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en

 

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise to make every effort to resolve any problem amicably.

 

Response time. We aim to respond to any valid requests within a maximum of 30 days, unless it is particularly complicated or you have made multiple requests, in which case we will respond within a maximum of 45 days. We may ask if you can tell us exactly what you want to receive or what you are concerned about. This will help us act faster and shorten the response time to your request.

CHANGES TO OUR PRIVACY POLICY

We update and change our privacy policy regularly.

Minor changes to our privacy policy

If we make minor changes to our Privacy Policy, we will update the Privacy Policy with a new effective date stated at the beginning of it. The processing of your information will be governed by the practices set forth in the new version of the Privacy Policy as of its effective date.

Major changes to our privacy policy or the purposes for which we process your information.

If we make major changes to our privacy policy or plan to use your data for a new purpose or for a purpose different from the purposes for which we originally collected it, we will notify you by email (if possible) or by posting an advertisement on our website.

We will provide you with information about the change in question and the purpose and any other relevant information before we use your information for the new purpose.

 

Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.