3. The term “personal data” refers to personally identifiable information about you, such as your first and last name, birth date, age, gender, e-mail address, delivery and billing address, phone number, signature (when collecting online purchases), voice (when calling Customer Service), Paypal details, APCO details, historic purchase information, user ID and any other information that is identified with you personally.
4. Romano Cassar is continually improving and adding new functionality and features to its Site and improving and adding to our existing products, services, and programs. Because of these ongoing changes, changes in the law, and the changing nature of technology, Romano Cassar’s data practices will change from time to time. If and when our data practices change, Romano Cassar notify any such changes by posting them on the Site. Please check this Site regularly for any changes. This policy was last updated on the 25th of May, 2018.
5. Romano Cassar is not responsible for the content or privacy policies of other third-party websites linked to the Site.
Personal Data Collected
7. Romano Cassar collects and processes your personal information (“Personal Data”) when you use the Site. Without limitation, personal data includes the personal information you submit when you sign up to or browse the Site, contact Customer Service and/or make purchases through it. If you do not supply us with your personal data, we will not be able to fulfil our services to you (e.g. supply the products you wish to purchase online from the Site).
8. Romano Cassar also logs IP addresses, or the location of your computer on the Internet for internal security purposes of the Site and such data will not be shared or disclosed to third parties except as provided for in Clause 15 below.
9. When you visit the Site, a cookie may be sent to you. A cookie is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing the website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity. Your browser sends these cookies back to the website every time you visit the site again, so it can recognise you and can customise what you see on the screen according to your registered preferences. Certain cookies are essential for the functioning of the website, thus disabling them may hinder the full functioning of the Site. Please do refer to our Cookies Policy for further details.
Use of Personal Data Collected
10. Romano Cassar uses the personal data information you provide for the following purposes:
a. The personal data you provide Romano Cassar to register as a user of the Site will be processed in order to identify you as a user of the Romano Cassar Site and provide access to the different services and functions that are available to you as a registered user.
11. When effecting a purchase, such data will be used for the development, facilitation and performance of the purchase and sale contract between both parties of the products you have purchased from the Site and related administrative and legal purposes. Such data may also be used to be able to contact you via email / telephone call / SMS to inform you about the status of your order and other messages related to the services, including the security updates of the Site.
12. In case you provide Romano Cassar with third party information, you will be responsible for having informed and obtained their consent for this information to be provided for the purposes explained herein. If you have purchase a product or gift card for such third party, the information of such third party will only be used for managing the delivery or verification of the receipt of the goods and attending to any query or request which you or the third party may have.
13. In case you wish to make any queries through the contact form available on the Site, your personal data and contact details may be used by Romano Cassar in order to respond to your queries.
14. You hereby guarantee that the personal data provided are true and accurate and undertake to notify us of any change or alteration of them. Any loss of damage to the Site or the Romano Cassar, or to any third party through the provision of erroneous, inexact or incomplete information on the registration form, will be exclusively the responsibility of the user.
15. You may also subscribe to our newsletter or other e-mail alerts from Romano Cassar or its affiliates, which enable you to receive current news about Romano Cassar and its business. For all such services, you may “opt-out” of, or unsubscribe from any such messages either upon subscription, from the newsletter email itself or by contacting Customer Service.
16. The Personal Data entered in the form on the Checkout Page may be used for email remarketing purposes to improve the shopper journey. Visitors might receive soft email reminders about the items in their shopping bags and any pending orders. In all sent emails visitors have the option to unsubscribe from receiving these types of emails from Romano Cassar.
Requirements and Criteria for Processing
17. Romano Cassar ensures that:
a. personal data is processed fairly and lawfully;
b. personal data is always processed in accordance with good practice;
c. personal data is only collected for specific, explicitly stated and legitimate purposes;
d. personal data is not processed for any purpose that is incompatible with that for which the information is collected. [The processing of personal data for historical, statistical or scientific purposes shall not be regarded as incompatible with the purposes for which the information was collected];
e. personal data that is processed is adequate and relevant in relation to the purposes of the processing;
f. no more personal data is processed than is necessary having regard to the purposes of the processing;
g. personal data that is processed is correct and, if necessary, up to date;
h. all reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
i. personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed.
18. Personal data may be processed only if:
a. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or
b. processing is necessary for compliance with a legal obligation to which Romano Cassar is subject; or
c. processing is necessary in order to protect the vital interests of the data subject.
d. processing is necessary for the performance of an activity that is carried out in the public interest or in the exercise of official authority vested in Romano Cassar or in a third party to whom the data is disclosed; or
e. processing is necessary for a purpose that concerns a legitimate interest of Romano Cassar or of such a third party to whom personal data is provided, except where such interest is overridden by the interest to protect the fundamental rights and freedoms of the data subject and in particular the right to privacy.
Disclosure of Your Personal Data
19. Romano Cassar may disclose such personal data only if we are required and permitted to do so by law, in accordance with the Data Protection Act, or we believe, in good faith, that such action is necessary to:
a. comply with the law or with legal process,
b. protect and defend our rights and property,
c. protect against misuse of unauthorised use of the Site and its content; or
d. protect the personal safety or property of our users or the public.
20. In order to fulfil our services in regard to any of your purchases or requests, Romano Cassar may need to disclose or transfer some of the information provided by you to third parties contracted for the delivery of the goods purchased by you. You are hereby informed that by registering and providing us with information via the Site, you are expressly authorising Romano Cassar to disclose and/or transfer such data to such companies and for the purpose of executing your purchases or requests.
21. Where strictly necessary, we may also disclose this information to third party processors, financial institutions or other third-party service providers who help with our business operations (e.g. technological services suppliers, financial transaction management, logistics services, etc.) or as necessary to process your purchases. By providing information in this Site or otherwise to Romano Cassar, you expressly authorise us to disclose and process your information as described.
Sharing of Personal Data
22. Romano Cassar may share the information collected, in aggregate form, with advertisers and other partners. We will not release personal information about you as an individual to third parties, except under the circumstances described above in compliance with legal process. Upon request, we will provide you with all of your personal information associated with your UserID and information will only be sent to the email address you provided us with when registering your details.
23. In compliance with the provisions of the Data Protection Act, personal data may not be processed for purposes concerning direct marketing, if the data subject notifies the data controller that s/he opposes such processing. The data controller shall appropriately inform the data subject of his right to oppose such processing at no cost.
24. While no method of data transmission is guaranteed against unlawful third-party interception or other misuse, Romano Cassar uses commercially reasonable efforts to ensure protection of your data including industry-standard encryption and offline security methods in our physical facilities.
Rectification, Deletion, etc.
25. Romano Cassar shall, at the request of the data subject, immediately rectify, block or erase such personal data that has not been processed in accordance with the Data Protection Act or with regulations made thereunder.
26. Romano Cassar shall notify any third party to whom the data has been disclosed about the measures undertaken as aforesaid. Provided that no such notification need be provided if it is shown to be impossible or it will involve a disproportionate effort.
27. Should you wish to exercise your rights for access, rectification, erasure and/or objection in regard to the personal data collected in your regard, you may send us an email on firstname.lastname@example.org. We may request that you provide us with an identification document in order to ensure maximum security and confidentiality.
Data Subject Access Policy
28. Romano Cassar will provide information in response to any reasonable data subject access request. Romano Cassar will ensure that the data is kept in an accessible form to facilitate access by the data subject.
29. At the data subject’s request, Romano Cassar shall provide to the data subject, without excessive delay and without expense, written information as to whether and which personal data concerning the data subject was processed, shared or disclosed. Provided that a request by the data as aforesaid shall only be made by the data subject at reasonable intervals.
30. Should you wish to exercise your rights for access in regard to the personal data collected in your regard, you may send us an email on email@example.com. We may request that you provide us with an identification document in order to ensure maximum security and confidentiality.
31. If such data is processed Romano Cassar shall provide to the data subject written information in an intelligible form about:
a. actual information about the data subject which is processed;
b. where this information has been collected;
c. the purpose of the processing;
d. to which recipients or categories of recipients the information is disclosed; and
e. knowledge of the logic involved in any automatic processing of data concerning the data subject.