Login

Cart

Your cart is empty

Privacy policy

Thank you for your interest in our company, website, services and/or products.

When you want to establish a relationship with us and use the services of our company (hereinafter referred to as SC Art & Business Today srl), you entrust us with information about you, also called personal data, and we thank you for your trust. The protection and confidentiality of personal data is a very important subject for us and we strive to store it safely and process it carefully, and in this regard we explain to you in a clear and transparent way what our practices regarding the confidentiality of your data are.

This information is presented in this document (hereinafter referred to as the "Privacy Policy", "This Document" or the "Document" ) and please read it together with the Terms and Conditions section (which you can find here .

Our Privacy Policy wishes to inform you about the processing of your Personal Data in connection with your visit to our website www.millamilla.shop (hereinafter referred to as the "site" ) and your use of any additional services offered by SC Art & Business Today srl.

By visiting the site, purchasing our products and/or services, or interacting with us by any means, you declare that you agree to the Privacy Policy. If you do not agree with what is described in this Document, please do not use our services.

We inform you that SC Art & Business Today srl is a personal data controller within the meaning of the GDPR for the processing of personal data.

  1. Definitions.

1.1. Purpose of the privacy policy

1.2. Who are we?

1.3. Who are you?

1.4. Definitions

1.5. Other services

1.6. Complaints

  1. Personal data and data processing

2.1. The data we collect and how we use it

2.2. What happens if you do not provide us with your data?

2.3. The purpose for which we collect your personal data

2.4. Legal grounds for processing personal data

  1. Disclosure of personal data and data transfers
  2. Storage of personal data
  3. Personal data security
  4. Your rights - questions, requests and exercising rights
  5. Privacy Policy Changes/Modifications/Updates
  1. Definitions.

1.1. Purpose of the privacy policy

The purpose of this Privacy Policy is to explain to you what information we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can update, manage, export and delete it, and for this purpose we act as a controller and, by law, we are obliged to provide you with this information.

We inform you that this Privacy Policy applies everywhere you find us online.

1.2. Who are we?

Below you will find our identification data:

Name

Art & Business Today srl

Headquarters

11 Episcopul Ilarion Street, Bucharest, 2nd district

Trade Register Number

J40/1143/2008

Tax registration code

23127764

E-mail

info@millamilla.shop

Phone

+40 722 788 450

 

In accordance with the legislation in force, our company is a personal data controller , and in order for your data to be processed securely, we make every effort to implement reasonable and appropriate technical and organizational measures to protect your personal data.

1.3. Who are you?

According to the law, you, the natural person benefiting from our services/products, the representative or contact person of a company that is our client or potential client, the visitor to the site or the person in any kind of relationship with us, are a "data subject", that is, an identified or identifiable natural person. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights.

1.4. Definitions

Personal data - means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

GDPR (General Data Protection Regulation) or RGPD (General Data Protection Regulation) or Regulation - means REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF THE EUROPEAN UNION No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

The Operator or We - means SC Art & Business Todays srl, a Romanian company with its registered office in Bucharest, sec.2, str. E[iscopul Ilarion no.11, registered in the Trade Register under order no. J40/1143/2008, with fiscal registration code 23127764;

Data subject - represents any identified or identifiable natural person whose data is processed by us as an operator, such as customers, potential customers or visitors to the site;

Consent - means any free, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear action, signifies agreement to the processing of personal data concerning him or her;

Anonymization - means the irreversible removal of the identification of personal data, so that the person cannot be identified using a reasonable period of time, cost and technology, either by the Operator or by any other person, to identify that natural person. The principles of personal data processing do not apply to anonymized data, as they are no longer personal data.

1.5. Other services

This Privacy Policy does not cover other third-party applications and websites that you may reach by following links from our website, and we encourage you to review the Privacy Policy on any website and/or application before providing any personal data.

We are also not responsible for any links from our commercial partners or advertisers within our podcasts or articles, including those on social media profiles. When you click on those links, third parties may collect or share data about you.

You should be aware that we do not control any link that is placed on the site by us or by other Users (such as, for example, links left in comments, videos, community, on social networks, etc.) and that you are fully responsible when you access such links and assume any damage (direct or indirect) that may arise.

1.6. Complaints

For any problem or uncertainty regarding the processing of personal data, you should know that you can file a complaint with the personal data supervisory authority, but please first send us a request to the address mentioned in this document, and we will make every effort to resolve your request as soon as possible, amicably.

For Romania, the contact details are as follows:

Name

National Supervisory Authority for Personal Data Processing

Address

B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone

+40.318.059.211 or +40.318.059.212

E-mail

anspdcp@dataprotection.ro

 

  1. Personal data and data processing

2.1. The data we collect and how we use it

Personal data or personal information is all information about an individual that can help identify that person, and does not include data where the identity has been removed (anonymized data).

When you browse our website or when you contact us for any purpose and using any communication channel, you may communicate your personal data to us. We will need to collect, use, store or transfer certain personal data, directly from you or from other sources, as explained in the table below:

Category

Data included

Legal basis

Identification data

Name, surname, company name, trade register registration number, unique identification code, username or similar identifier, function, date of birth, gender, language in which you wish to interact with us, country, etc.

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Contact details

Billing address, shipping address, email address, phone number

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Profile and usage data

Username, password, orders placed by you, your interests and preferences, feedback provided, survey responses

Information about how you use our website, products and services.

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Financial and trading data

 

Payment or card/bank account information, purchase information

Details of payments to and from you and other details of the products and services you have purchased from us

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Marketing & communication data

Your preferences for receiving marketing materials from us and our third parties and your preferred methods of communication

Art. 6 (1) a), b), c) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Automated data/

TECHNICAL

IP (internet protocol) address, login details, browser type and version, location and time zone settings, browser plug-ins and their versions, operating system, operating platform and other technologies on the devices you use to access this site

Art. 6 (1) GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 

 

We inform you that we do not collect any Special Categories of Personal Data about you (this includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for your unique identification, data concerning health or data concerning your sex life or sexual orientation or information about criminal convictions and offences.

2.2. What happens if you do not provide us with your data?

When we ask you to fill in your personal data to provide you with access to certain functionalities or services of the site, we will mark some fields as mandatory because this is information that we need to be able to provide you with the service or to provide you with access to that functionality.

Please note that if you decide not to provide us with this information, you may not be able to complete your registration as a user or benefit from these services or functionalities.

2.3. The purpose for which we collect your personal data

Personal data

Scope

Identification data (including audio-video, where applicable)

Contact details

 

Registering as a user

Access to materials and products

Identification data

Contact details

Financial and trading data

Profile data

Marketing and communication data

Automated/technical data

Improving services

Using analytics data to improve the site, products, services, customer service and experience

 

Identification data

Contact details

Financial and Trading Data

Profile data

Marketing and communication data

Conclusion and execution of the sales or service contract that you conclude with us

Identification data

Contact details

Financial data

Trading data

Profile data

Marketing and communication data

Requests or requests made through Customer Service/Support

To manage the relationship we have with you, which may include notifying you about changes to our terms and conditions and processing policies or suggesting you leave us a review or participate in a survey

Identification data

Contact details

Financial and transaction data Profile data

Usage data

Marketing and communication data

Automated/technical data

Marketing

To deliver relevant content and personalized ads and to measure and understand the effectiveness of the ads we serve to you

 

We inform you that we will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another reason and that reason is compatible with the original purpose.

Please note that we may process your personal data without informing you or requiring your consent, in accordance with the rules above, where the law allows us to do so.

2.4. Legal grounds for processing personal data

Our legal grounds for processing your personal data will generally be as follows:

  • There is your consent for the processing of personal data;
  • The processing is necessary for the conclusion or performance of a contract between you and us;
  • Processing is necessary for the purposes of our legitimate interests or those of another party.
  1. Disclosure of personal data and data transfers

We inform you that we may disclose your data, in compliance with applicable law, to business partners or other third parties. We constantly make reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate according to the law.

We may also transmit the data to other parties with your consent or according to your instructions, for example, in the event that you exercise a portability request or to authorized state bodies, based on and within the limits of legal provisions and as a result of expressly formulated requests.

The transfer of personal data to a third country may only take place if the country to which the transfer is intended ensures an adequate level of protection.

The transfer of data to a country whose legislation does not provide a level of protection at least equal to that offered by the General Data Protection Regulation is only possible if there are sufficient guarantees regarding the protection of the fundamental rights of the data subjects. These guarantees will be established by us through contracts concluded with the suppliers/service providers to whom your personal data will be transferred.

Whenever we transfer your personal data outside the EEA, we will ensure that a similar level of protection is in place through one of the following safeguards:

  • we will transfer your personal data to countries where it has been demonstrated by the European Commission that they provide an adequate level of security for personal data.
  • When we use certain service providers, we will be able to use certain contract models provided and approved by the European Commission that provide personal data with the same protection as they have in Europe.
  1. Data storage

You should note that we store your personal data only for the period necessary to fulfill the purposes, but no longer than 5 years after the termination of the contract or your last interaction with us.

After the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data for use for scientific, historical or statistical research purposes.

In certain circumstances, we may anonymize personal data (so that it can no longer be associated with you) for scientific, historical or statistical research purposes, in which case we may use this information for an unlimited period without prior notice to you. Please note that in certain expressly regulated situations, we store data for the period required by law.

Categories of personal data

 

Storage period

Email address

Message content

5 years since your last interaction with us

Data required for billing (i.e. address, customer name, delegate name)

 

10 years according to legislation

Other personal data

 

5 years

 

  1. Data security

We understand how important the security of personal data is and we take the necessary measures to protect our clients and other persons whose data we process, from unauthorized access to personal data, as well as from unauthorized modification, disclosure or destruction of the data we process in the course of our daily activities.

We have implemented the following technical and organizational measures for the security of personal data:

Dedicated policies

We adopt and constantly review internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from possible unauthorized access or other possible threats to their security. These policies are subject to constant checks to ensure that we comply with legal requirements and that the systems are functioning adequately.

Data minimization

We ensure that your personal data that we process is limited to what is necessary, adequate and relevant for the purposes stated in this Policy.

 

Restricting access to data

We try to restrict access to the personal data we process to the minimum necessary: employees, collaborators and other persons who need to access this data to process it and perform a service. Our partners and collaborators are subject to strict confidentiality obligations (either by contract or by law).

 

Specific technical measures

We use technologies that ensure the security of our customers, always trying to implement the most optimal solutions for data protection. We also make periodic data back-ups to be able to recover them in the event of a possible incident and we have implemented periodic audit procedures regarding the security of the equipment used. However, no website, no application and no internet connection is completely secure and untouchable.

Ensuring the accuracy of your data

Sometimes we may ask you to confirm the accuracy or timeliness of your data to ensure that it reflects reality.

Staff training

We constantly train and test our employees and collaborators on legislation and best practices in the field of personal data processing.

Data anonymization

Where we can, we try as much as possible to anonymize/pseudo-anonymize the personal data we process, so that we can no longer identify the persons to whom they refer.

 

However, although we make constant efforts to ensure the security of the data you entrust to us, we may also experience less fortunate events and have security incidents/breaches. In these cases, we will strictly follow the security incident reporting and notification procedure and will take all necessary measures to return the situation to normal as soon as possible.

Direct marketing

To the extent that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies using the information collected about you. We currently send commercial messages by email (email marketing).

You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email ("unsubscribe") or by sending a request to this effect to the email info@millamilla.shop.

  1. Your rights - questions, requests and exercising rights

We are not required to appoint a data protection officer, so any questions regarding the use of your personal data should be directed to the contact details above.

For any questions, concerns, comments or complaints regarding the processing of your information or if you wish to exercise your legal rights or regarding privacy, you can contact us at the e-mail address info@millamilla.shop.

Your rights under the GDPR Regulation are as follows:

The right to be informed about the processing of your data.

 

Right of access to data

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and, if so, access to the data and information provided for in Article 15(1) of the GDPR.

The right to rectify inaccurate or incomplete data

You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.

Right to erasure ("right to be forgotten")

In the situations provided for in Article 17 of the GDPR, you have the right to request and obtain the deletion of personal data.

Right to restriction of processing

In the cases provided for in Article 18 of the GDPR, you have the right to request and obtain restriction of processing.

 

The right to transmit the data we have about you to another controller ("right to portability").

The right to transmit the data we have about you to another controller (“right to portability”)

The right to object to data processing

In the cases provided for in Article 21 of the GDPR, you have the right to object to the processing of your data.

The right not to be subject to a decision based solely on automated processing, including profiling which has legal effects or similar significant effects on you.

 

The right to seek justice to defend your rights and interests.

 

 

Please note that the rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed in order to decide whether it is well-founded or not. To the extent that the request is well-founded, we will facilitate the exercise of your rights, and if the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to file a complaint with the Supervisory Authority and to seek legal action.

We will also try to respond to your request within 30 (thirty) days. However, this period may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a reasonable time. If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with the request.

  1. Privacy Policy Changes/Modifications/Updates

We may occasionally update the Privacy Policy and will notify you via the Site or by email of the most recent version. All updates and changes to this document are effective immediately upon notification, which we will make by posting on the Site and/or by email. Even if you do not receive a notification, we encourage you to access and read the Privacy Policy periodically to stay up to date with the latest versions.

Privacy policy updated on 10/04/2023.

Fast Delivery

3-5 Days in EU.

Shipping Wolrdwide

By DPD Courier.

Worry-free return

For 14 days.

Secure payments

Fast and secure checkout.