Privacy policy

On 25 May 2018, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the General Data Protection Regulation (“GDPR”), became applicable. The GDPR protects the fundamental rights and freedoms of individuals, especially their right to the protection of personal data.

We, the Frontik team, pay special attention to the confidentiality of personal data and to protecting the rights of our customers and partners.

For this reason, we would like to provide you with relevant information about the personal data processing activities carried out by our company.

We reserve the right to update and amend this Privacy Policy periodically, in order to reflect any changes in the way we process your personal data or any changes in legal requirements. If such changes occur, the updated version of the Privacy Policy will be published on our website.

Meaning of Certain Terms

“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, agree to the processing of personal data relating to them.

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity.

“Recipient” means a natural or legal person, public authority, agency or other body to whom personal data is disclosed.

“Frontik” means the legal entity acting as Controller and operating the online store developed by the Controller.

“Controller” means the person who determines the purposes and means of processing personal data.

“Processor” means the entity, whether a natural or legal person, public authority, agency or other body, that processes personal data on behalf of the Controller.

“Data Subject” means an identified or identifiable natural person to whom personal data relates. As a user of this website, you should consider yourself a Data Subject in relation to Frontik.

“Processing” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller

The person determining the purposes and means of processing personal data through the Frontik.ro platform is Yongo Design S.R.L., with the following identification details:

Registered office: Bucharest, Sector 2, Strada Barbu Mumuleanu No. 14, Apt. 19

Trade Register number: J40/14176/2021

Tax identification number: RO39756752

Contact details:

Correspondence address: Bucharest, Sector 2, Strada Barbu Mumuleanu No. 14, Apt. 19

Email: office@Frontik.ro

Phone: 0753694054

Categories of Personal Data Processed. Source of the Data

Our company carries out several types of personal data processing. The information processed, the method of collection and the other processing conditions vary depending on the purpose of each processing operation and its legal basis.

In general, data is collected directly from you when you complete the information required to create a user account on Frontik.ro or when you complete other forms within the platform.

For the processing purposes mentioned below, we may process the following categories of personal data provided through our website:

  • Name, surname, phone number, email address and home address (“Personal data”);
  • Order number, information about the products ordered, delivery address, billing details and payment method (“Order data”);
  • Information about your use of your user account and of the website, or other technical data required for connecting to our website, such as the date and time of access, public IP address, public device ID, device type, browser type and similar data (“Monitoring data”).

We may also collect certain information about your behavior while using the website, in order to personalize your interaction with the platform and provide you with personalized offers.

On our website, we may store and collect information through cookies and similar technologies, in accordance with our Cookie Policy.

We do not collect sensitive data included by the GDPR in special categories of personal data.

We also do not intend to collect or process data relating to minors. For this reason, only adults may access the Frontik website to create a customer account and place orders through it.

Purposes and Legal Bases of Data Processing

We process your personal data for the following purposes and on the following legal bases:

Delivery of products and provision of services for your benefit

For this purpose, we may use your data for:

  • creating and managing your account on the Frontik website;
  • processing orders, including receiving, validating, shipping and invoicing them;
  • handling cancellations or issues of any kind relating to an order, or to purchased goods or services;
  • processing product returns in accordance with legal provisions;
  • refunding the value of products in accordance with legal provisions;
  • ensuring contact between customers and partner stores;
  • providing customer support, including answering your questions about your orders or about Frontik’s goods and services or those of its partners.

Processing your data for these purposes is necessary for entering into and performing a contract between you and Frontik and, in certain cases, for fulfilling related obligations imposed by applicable law, including tax and accounting obligations. The legal basis is the performance of a contract.

Improving our services and website

In order to provide you with an optimal online shopping experience, we may collect and use certain information about your customer behavior, the way you use the services offered, and we may also conduct market studies and research.

We base these activities on our legitimate interest in carrying out commercial activities.

Advertising, marketing and publicity activities, including direct marketing

In order to communicate our offers or those of our partners, if you agree to receive remote marketing communications, we may send you messages by email, SMS, phone, in-app notifications or other similar means. These communications may include information about offers or promotions, products similar or complementary to those you have purchased or shown interest in purchasing, as well as other commercial communications such as market research and opinion surveys.

Marketing communications are generally based on your prior consent. In these cases, you have the right to withdraw your consent at any time by:

  • changing the settings in your customer account;
  • accessing the unsubscribe link included in the messages you receive from us;
  • contacting Frontik using the contact details available on the website.

When you receive marketing communications based on your consent or because you subscribed to the newsletter, you have the right to withdraw your consent or object to the processing. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Where we base marketing activities on our legitimate interest in promoting and developing our business, we will take steps to ensure that your fundamental rights and freedoms are not affected. In such cases, you have the right to ask us, using the methods mentioned above, to stop processing your personal data for marketing purposes.

Defending our legitimate interests

There may be situations in which we process personal data, including by communicating such data to third parties, in order to protect our business.

In such cases, the legal basis for processing is the protection of our legitimate rights and interests.

Fulfilling our legal obligations

In the context of providing services through Frontik.ro, we may be legally required to process your personal data, for example for financial, accounting, tax and archiving obligations, or for handling requests related to the exercise of data subject rights, as well as other similar obligations.

In these cases, the legal basis for processing is the legal obligation incumbent on the Controller.

Data Retention Period

As a rule, Frontik will process your personal data for as long as necessary to achieve the processing purposes mentioned above.

If you are a Frontik customer, we will process your data throughout the duration of our contractual relationship and afterwards in accordance with Frontik’s internal policies, as well as during the limitation period applicable to each legal relationship.

If applicable law sets specific retention periods, the data will be kept for the entire period required by law.

For each processing activity carried out for other purposes, reasonable retention periods will be established and will not exceed the period necessary to fulfill the purpose of that processing.

If you no longer want your personal data to be processed or if you want your data to be deleted, you may exercise the rights detailed below.

If you withdraw your consent for the processing of personal data for marketing purposes, Frontik will stop processing your personal data for this purpose, without affecting processing carried out by Frontik on the basis of your consent before it was withdrawn.

You may request at any time that certain information be deleted or that your customer account be closed. We will comply with such requests, subject to retaining certain information after account closure where applicable law or our legitimate interests require it.

In certain particular cases, including but not limited to accidents, disputes, criminal or administrative offences, requests from public authorities and similar situations, data will be retained for the entire period necessary to definitively clarify the relevant event.

Categories of Recipients

We mainly use your personal data for our own purposes. However, personal data may be disclosed to certain categories of recipients in accordance with the purpose of each processing activity.

In such cases, we may send or provide access to certain personal data to the following categories of recipients:

  • Frontik business partners, only on the basis of a confidentiality commitment guaranteeing that the data is kept secure and that the provision of personal information complies with applicable law;
  • carriers, delivery companies and courier service providers;
  • payment and banking service providers;
  • marketing and telemarketing service providers;
  • market research service providers;
  • insurance companies;
  • IT service providers;
  • other companies with which we may develop joint programs for offering our goods and services on the market.

Some entities to whom we disclose your personal data are third parties that will not process the personal data themselves, but may have access to it when fulfilling their duties or interacting with us, such as technical maintenance companies, financial auditors or legal auditors.

If we are legally required to do so, or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

Personal data is communicated to public authorities or other third parties when there is a legal obligation to do so, when a binding decision or administrative order has been issued for the Controller, or when such communication is necessary for establishing, exercising or defending a legal claim in court.

Cross-Border Data Transfers

At present, we store and process your personal data in Romania.

However, we may transfer certain personal data to entities located in the European Union or the European Economic Area.

Security Measures for Personal Data Processing

We undertake to ensure the security of personal data by implementing technical and organizational measures appropriate to the risk, especially to protect personal data against destruction, loss, alteration, unauthorized disclosure or unauthorized access, in accordance with industry standards.

We will make efforts to constantly assess and update the security measures implemented in order to ensure the safety and security of personal data processing activities.

Despite the measures taken to protect your personal data, please note that transmitting information over the Internet or through other public networks is not completely secure, and there is a risk that data may be seen and used by unauthorized third parties. We cannot be responsible for vulnerabilities in systems that are not under our control.

Your Rights

In the context of the processing of your personal data, as a data subject you benefit from the following rights:

Right to information and access to the data you provide

The right of access means the right to obtain confirmation from us as to whether or not we process personal data relating to you and, if so, access to that data and to the following information:

  • the purposes of the processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations;
  • where possible, the period for which the personal data is expected to be stored, or, if this is not possible, the criteria used to determine that period;
  • where the personal data is not collected from you, any available information about its source;
  • the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the significance and expected consequences of such processing for the data subject.

You have the right to obtain a copy of the personal data processed. For additional copies, we may charge a reasonable fee based on administrative costs.

Right to rectification

You may request that the Controller rectify inaccurate personal data. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by providing an additional statement.

Right to erasure (“right to be forgotten”)

You have the right to request the deletion of your personal data, and we will delete your personal data when:

  • the data is no longer necessary for the purposes for which it was collected or processed;
  • you withdraw the consent on which the processing is based and there is no other legal basis for the processing;
  • you object to processing carried out on the basis of the Controller’s legitimate interest and there are no overriding legitimate grounds for the processing, or the processing is for direct marketing purposes;
  • the data has been processed unlawfully;
  • the data must be erased in order to comply with a legal obligation incumbent on the Controller;
  • the data was collected in relation to information society services offered to children, where specific consent requirements apply.

The obligation to delete data does not apply where processing is necessary:

  • for exercising the right to freedom of expression and information;
  • for compliance with a legal obligation requiring processing;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
  • for establishing, exercising or defending legal claims.

Right to restriction of processing

You have the right to obtain restriction of processing where:

  • you contest the accuracy of the data, for a period allowing us to verify its accuracy;
  • the processing is unlawful and you oppose the deletion of the personal data, requesting instead the restriction of its use;
  • the Controller no longer needs the personal data for processing purposes, but you require it for establishing, exercising or defending legal claims; or
  • you have objected to processing, for the period during which it is verified whether the Controller’s legitimate grounds override those of the data subject.

Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to processing carried out on the basis of the Controller’s legitimate interest, including profiling. In this case, the Controller will no longer process your data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the purpose is the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for this purpose, including profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your data will no longer be processed for that purpose.

Right not to be subject to automated decision-making, including profiling

This right means that you may choose not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This right does not apply where the decision:

  • is necessary for entering into or performing a contract between us and you;
  • is authorized by Union or national law and provides appropriate measures to safeguard your rights, freedoms and legitimate interests; or
  • is based on your explicit consent.

Right to data portability

Where the legal basis for processing is your consent or the conclusion or performance of a contract, and the processing is carried out by automated means, you have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to transmit that data to another controller without hindrance from us, as well as the right to have the data transmitted directly from one controller to another where technically feasible.

To exercise these rights, you may submit a written, dated and signed request to the following email address: office@Frontik.ro, or to the Controller’s correspondence address mentioned above.

If you wish to withdraw your consent for direct marketing, you may also use the “Unsubscribe” option available in each marketing communication.

You also have the right to lodge a complaint with the supervisory authority, the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), as well as the right to address the competent courts.

Children’s Personal Data

The services offered through www.Frontik.ro are not intended for minors.

Frontik does not knowingly collect, store or use personal data relating to minors. If information about a minor has been collected through the website without the consent or authorization of the person holding parental responsibility, please note that the minor’s legal representative may exercise the minor’s rights on their behalf. In such a situation, please contact us.

Other Provisions

This Privacy Policy may be amended by Frontik whenever necessary.

If Frontik wishes to adjust the Policy, for example if Frontik wishes to use your personal data in a way other than that provided in the Policy in force at the time the data was collected, a notice regarding any important or substantial changes will be displayed in a revised version of this Policy, and the revised version will become effective when published.

Providing your data is, to a large extent, a contractual obligation and a prerequisite for concluding the contract between us and providing services through Frontik.ro.

The other data we process is necessary for the legitimate interests pursued by the Controller, particularly with regard to the safety and security of Frontik.ro, business operations, and protecting, respecting and exercising our rights or those of our partners.

Refusal to provide this data may make it impossible to provide the services and therefore to conclude a contract between you and the Controller, or may prevent the continuation of existing contractual relationships.

If in the future we begin new personal data processing operations, or if we intend to process the personal data we hold for a purpose other than the one for which it was collected, we will provide you, before such further processing, with information about the new processing activity and the new purpose, as well as any other relevant information.

Our obligation to inform you about data processing does not apply in certain cases expressly provided by applicable law, namely if and to the extent that:

  • you already have the relevant information;
  • providing such information proves impossible or would involve disproportionate effort, or the obligation to inform is likely to make impossible or seriously impair the achievement of the objectives of that processing; in such cases, the Controller will take appropriate measures to protect your rights, freedoms and legitimate interests, including making the information publicly available;
  • obtaining or disclosing the data is expressly provided for by European Union law or national law applicable to the Controller, and that law provides appropriate measures to protect your legitimate interests; or
  • the personal data must remain confidential under a statutory obligation of professional secrecy governed by European Union or national law, including a legal obligation to maintain confidentiality.