PRIVACY POLICY

​

1. Preliminary information

Thank you for your interest in our company 24METAL CARD S.R.L., in our products and services. The protection and privacy of personal data is a very important matter for us. When you enter with us into a relationship of any kind, you entrust us with your information. This information set out in this document (hereinafter referred to as "Privacy Policy" or "Document") is important. We encourage you to read it carefully. We recommend that this document should be read together with the Terms and Conditions of Use. In the event of a conflict or an inconsistency between the terms of this Privacy Policy and any other provision of the Terms and Conditions, the terms of this Document shall prevail. For more information about the use of cookies or similar technologies, please see our Cookie Policy.

The purpose of this Privacy Policy is to explain what data we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can exercise those rights. In collecting this information, we act as a controller and are required by law to provide this information to you. Fully aware that your personal information belongs to you, we do our best to store it securely and to process it carefully. We do not provide information to third parties without informing you in accordance with legal provisions. We do not make solely automated decisions that have a significant impact on you.

By visiting the site, purchasing our services and products or interacting with us by any means and/or through any communication channel (email, phone, social media, etc.), you agree to this Privacy Policy. If you do not agree with what is described in this Privacy Policy, please do not use our services.

24METAL CARD SRL is a data controller within the meaning of the GDPR for the processing of personal data.

 

1. Definitions

 

"GDPR", "RGPD" or "Regulation" means (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation);

2.2. "Operator" or "We" mean 24METALCARD S.R.L., a Romanian company with registered office in Bucharest, sector 6, b-dul Ghencea no. 158, block Z, et. 3, ap. 48, registered with the Trade Register Office of Bucharest under number J40/7845/2021, with fiscal registration code 44206542.

2.3 "Data Subject" means any identified or identifiable individual whose data is processed by us as controller, such as customers, potential customers, or visitors to the site.

2.4 "Contract" or "Terms and Conditions" mean the consensual remote agreement between the Customer and us, without their simultaneous physical presence, regarding the purchase of the Services or the Products on the Website, in compliance with the legal provisions and the terms and conditions for the online provision of the Services or the provision of the Services.

2.5 "Processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

2.6. "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes, by which the data subject signifies his or her agreement, in a statement or by an unambiguous action, to the processing of personal data relating to him or her;

2.7 "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Other terms used in this document have the meaning given by the GDPR and by other applicable legal provisions.

 

1. Other Services

 

This Privacy Policy does not cover other third party applications and sites that you can reach by accessing links on our site. This is beyond our control. We encourage you to review the Privacy Policy of any site and/or application before providing any personal data.

 

1. Who are we?

 

24METAL CARD S.R.L. , a Romanian company with registered office in Bucharest, sector 6, b-dul Ghencea no. 158, block Z, et. 3, ap. 48, registered with the Trade Register Office of Bucharest under number J/40/7845/2021, with fiscal registration code 44206542, e-mail is info@24metalcard.com, responsible for the processing of your personal data that we collect directly from you or from other sources.

As you can see in the presentation details on the website, through our service we personalize your credit card by transferring the chip from your bank-issued card to a customized metal card as offered.

The operation carried out by us only concerns the transfer of the chip from your bank card to the new metal card and we do not retain any card data in our systems.

During this operation, there is a minimal risk of the chip being damaged during the transfer procedure.

It is important to note that we will protect your personal data in all respects, but we do not cover the cost and disclaim any liability if your new metal card is lost or stolen while in your possession.   

How you use your new metal card is your responsibility and please be advised that this type of card, especially those with mirror finishes, may have minor scratches or small factory defects (normal for this type of finish) and are also easily scratched during use.

Please note that it is not recommended that this type of metal card be used at an ATM by physically inserting it into the machine, but it can be used in those ATMs where you insert the card but do not pull it in, as the thickness of the metal card is 8 mm. 

If the customer performs such an operation by mistake, the company is not liable for the damage caused by the customer and for the damage to the card, and the client is fully liable.

 

We recommend that the metal card payment method be made exclusively by inserting the card into the POS or using it online.

 

Our company does not ask for PIN, access code or any other data related to the security of the customer's card or bank account. However, for additional protection you have the option to submit a debit/prepaid card with no monetary funds available in your account, or a bank card that is not activated or temporarily blocked during the processing of your order. Once your metal card is processed, all information you have entrusted to us will be deleted from our computer system.

 

We assume responsibility for keeping your bank information only for as long as we are in possession of the card.

Our company does not copy the card chip and does not retain the customer's bank card details such as the card number, the name on the card and/or possibly the CVV code.

According to the law, our company is a personal data controller. To ensure that your data is processed securely, we have made every effort to implement reasonable and appropriate technical and organisational measures to protect your personal and banking data.

 

5. Who are you?

 

According to the law, you, the individual benefiting from our services and products, the representative or contact person of a company that is our customer or potential customer, the visitor to the website or the person in any kind of relationship with us, are a "data subject", i.e. an identified or identifiable individual. In order to be fully transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights. For more information, please see Sections 12 and 13 of this document.

 

6. Our commitment

 

Protecting your personal information is very important to us. This is why we are committed to complying with European and national legislation on the protection of personal data, in particular (EU) Regulation 679/2016, also known as GDPR and the following principles:

✓ Legality, fairness and transparency

We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed.

✓ You are in control

Within the limits of the law, we offer you the ability to review, amend, delete personal data you have shared with us and exercise your other rights. For more information, see Sections 12, 13 and 14 of this document.

✓ Data integrity and purpose limitation

We only use the data for the purposes described at the time of collection or for new purposes compatible with the original purposes. In all cases, our purposes are compatible with law. We take reasonable steps to ensure that personal data is accurate, complete and up to date.

✓ Security

We have implemented reasonable security measures for the processing of personal data in order to protect your personal information to the best of our ability. However, please note that no website, no application and no internet connection is completely secure.

 

7. Changes

 

We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately upon notice, which we will provide by posting on the Site and/or notification by email.

 

8. Your information. Purposes. Legal grounds

 

When you browse our website, send us an e-mail request or contact us for any other purpose and through any other communication channel, you may disclose the following personal data, which we collect directly from you or from other sources, as explained in the table below and in this section.

Personal data processed*

 

Purpose/Purposes*

Legal Basis/Temes

Name

Address

- In order to create an account on the site;

- For billing;

- To comply with legislation;

- To prevent fraud and other crimes.

- For direct marketing (only if we have your

prior consent)

- Conclusion or performance of a contract - Art. 6 (1) b GDPR;

- legal obligation - Art. 6 (1) c GDPR;

- Consent - Art. 6 (1) a) - (only for direct marketing).

e-mail

- In order to create an account on the site;

- For billing;

- To comply with legislation;

- To prevent fraud and other crimes.

- For direct marketing (only if we have your

prior consent)

- Conclusion or performance of a contract - Art. 6 (1) b GDPR;

- Consent - Art. 6 (1) a) - (only for direct marketing)

- legitimate interest - Art. 6 (1) f) GDPR

IP address

 

- to defend against cyber attacks;

- to prevent fraud;

- for the operation of the network;

- legitimate interest - Art. 6 (1) f) GDPR

*While we have made every effort to identify all personal data processed and purposes, please note that the above table is not exhaustive.

We collect most information directly from you. (e.g. by filling in a form on the website). Most of the information is as described above, but there may be situations where we collect data from third parties (e.g. partners, platforms).

In addition to the above information, we may also collect the following information, depending on the circumstances:

• How you interact with our site(s) (for example, information about how and when you access our site or what device you use to access the site). For more information in this regard, we invite you to also read our Cookies Policy.

• Information provided when filling in forms or questionnaires;

• Content of messages sent via messaging systems and e-mail.

When you make purchases, certain payment information (card data) will be collected, but it will be stored by our processing partners in a way that we cannot read or access.

 

8.1. Purposes

 

In addition to the purposes listed in the table in the previous section, we also process personal data for the following purposes:

• To answer your questions and requests and provide customer service;

• For marketing purposes, but only where we have your prior consent or where there is a legal exception to obtaining consent;

• To provide and improve the services we offer;

• To diagnose or fix technical problems;

• To defend against cyber attacks;

• For creating and/or maintaining accounts;

• In order to comply with legislation, such as tax compliance which requires us to keep accounting records for 10 years;

• In the unlikely event of a dispute, to establish or assert a right in court.

 

8.2. Further information on the purposes

 

(a) Registration as a user. If you decide to register as a user on our website, we must process your data in order to identify you as a user of our website and to provide you with access to the various features or services available to you as a registered user. At the same time, you have the possibility to log in via a Google/Facebook account, either to register as a new user or to associate the login with your current account.

b) Improving services. If you use our services, we inform you that we will process your browsing data for analytical and statistical purposes, i.e. to understand how users interact with our website and thus to make improvements.

 

8.3. What happens if you do not provide us with data

 

When we ask you to fill in your personal data in order to give you access to certain features or services of the site, we will mark some fields as mandatory, as this is the information we need in order to provide you with the service or to give you access to the feature in question.

Please note that if you choose not to provide us with this information, you may not be able to complete your user registration or to benefit from these services or features.

 

8.4. Other information on legal grounds

 

(a) Legitimate interest.  Where we use legitimate interest, we carry out a legitimate interest analysis (balancing test) through which we can balance our interest against your interests. Where our interests prevail, we will use the legitimate interest. If your interests prevail, we will not use the legitimate interest, and to the extent that we are unable to identify another correct legal basis, we will not carry out the processing activity. We currently use legitimate interest for the categories of data listed in the table in Section 8.

(b) Consent. Please note that obtaining consent is not mandatory, and we will only proceed to obtain consent from you where we have failed to use another legal basis. We currently only use consent for email marketing.

(c) Vital interest. In the unlikely event of a medical emergency or other exceptional event processing may be necessary to protect your vital interests or those of another natural person.

 

9. Storage period

 

We store your personal data only for as long as necessary to fulfil the purposes, but no longer than 5 years after the termination of the contract or the last interaction with us.

After the end of the period, personal data will be destroyed or deleted from computer systems or rendered anonymous for scientific, historical or statistical research purposes.

Please note that in certain expressly regulated situations, we store data for the period required by law.

The following table explains the storage period for different categories of records.

Categories of personal data

 

Storage period

Email address

Content of messages

5 years since the

last   interaction

with us

Data required for invoicing (i.e. address, client name, delegate name)

 

10 years

according to

legislation

Other personal data

 

5 years

 

10. Data transfers

 

We may disclose your data, in compliance with applicable law, to business partners or to other third parties. We make reasonable efforts at all times to ensure that these third parties have appropriate safeguards and security measures in place. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is lawful under the law.

For example, we may provide your data to other companies, such as IT service providers (cloud, hosting) or telecommunications, accounting, legal services and other third parties with whom we have a contractual relationship. These third parties are selected with great care so that your data is only processed for the purposes we indicate and in accordance with security standards.

We may also transmit data to other parties with your consent or according to your instructions, for example, in the event that you exercise a portability request.

We may also provide your personal information to prosecutors, police, courts and other authorized state bodies, based on and within the limits of legal provisions and following specific requests.

The transfer of personal data to a third State may only take place if the State to which the transfer is intended ensures an adequate level of protection.

The transfer of data to a State whose legislation does not provide for a level of protection at least equal to that offered by the General Data Protection Regulation is only possible if there are sufficient guarantees with regard to the protection of the fundamental rights of the data subjects. These safeguards will be established by us through contracts concluded with the providers/service providers to whom your personal data will be transferred.

Whenever we transfer your personal data outside the EEA, we will ensure that a similar level of protection is in place through one of the following safeguards:

• we will transfer your personal data to countries where it has been demonstrated by the European Commission to provide an adequate level of security for personal data. For more details, click here.

• when we use certain service providers, we will be able to use certain model contracts provided and approved by the European Commission which offer the same protection to personal data as they do in Europe. For more details, click here.

Please contact us at info@24metalcard.com if you like more information about the specific mechanism we use when transferring your personal data outside the EEA.

 

11. Data security

 

We understand how important the security of personal data is and we take the necessary measures to protect our customers and others whose data we process from unauthorised access to personal data, as well as from unauthorised modification, disclosure or destruction of the data we process in our day-to-day business.

We have implemented the following technical and organisational personal data security measures:

a) Dedicated policies. We adopt and constantly review our internal personal data processing practices and policies (including physical and electronic security measures) to protect our systems from unauthorized access or from other possible security threats. These policies are subject to constant review to ensure that we comply with legal requirements and that systems are functioning properly.

b) Data minimisation. We ensure that the personal data we process is limited to that which is necessary, appropriate and relevant for the purposes stated in this Policy.

c) Restricting access to data. We try to restrict access to the personal data we process as much as possible to the minimum necessary: employees, collaborators and other persons who need to access these data in order to process them and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (either by contract or by law).

d) Specific technical measures. We use technologies to ensure the security of our customers, always trying to implement the best solutions for data protection. We also make regular back-ups of data in order to be able to recover them in the event of an incident and we have regular audit procedures in place regarding the security of the equipment used. However, no website, no application and no internet connection is completely secure and unreachable.

e) Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or currency of your data to ensure that it reflects the truth.

f) Staff training. We constantly train and test our employees and collaborators on legislation and best practices in the field of personal data processing.

g) Data anonymisation. Where we can, we try as far as possible to anonymise/pseudo-anonymise the personal data we process so that we can no longer identify the individuals to whom it relates.

However, while we constantly strive to ensure the security of the data you entrust to us, we may also experience less happy events and security incidents/breaches. In these cases, we will strictly follow the security incident reporting and notification procedure and take all necessary steps to restore the situation to normal as soon as possible.

 

12. Direct marketing

 

To the extent that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies using information collected about you. We currently send commercial messages by e-mail (e-mail marketing).

 

12.1. How can you opt out of direct marketing?

 

You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribing instructions in each email ("unsubscribe") or by sending a request to the email info@24metalcard.com

 

13. Your rights.

 

Your rights under the GDPR Regulation are as follows:

(a) The right to be informed about the processing of your data.

(b) The right of access to data. You have the right to obtain confirmation from us as to whether or not personal data relating to you is being processed and, if so, access to that data and to the information referred to in Article 15 para (1) of the GDPR.

(c) The right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.

(d) Right to erasure ("right to be forgotten").  In the situations set out in Article 17 of the GDPR, you have the right to request and obtain the erasure of personal data.

e) Right to restriction of processing. In the cases provided for in Article 18 of the GDPR, you have the right to request and obtain restriction of processing.

f) The right to transfer the data we hold about you to another controller ("portability right"). The right to transfer the data we hold about you to another controller ("portability right")

g) The right to object to data processing. In the cases provided for in Article 21 of the GDPR, you have the right to object to the processing of your data.

h) The right not to be subject to a decision based solely on automated processing, including profiling with legal or similar significant effects on you.

i) The right to take legal action to defend your rights and interests.

j) The right to submit a complaint to a Supervisory Authority.

Name

National Supervisory Authority for Personal Data Processing

Address

B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1,

postal code 010336, Bucharest, Romania

Phone:

+40.318.059.211 or +40.318.059.212

E-mail

anspdcp@dataprotection.ro

 

Please note that:

(1) You may withdraw your consent to direct marketing at any time by following the unsubscribing instructions in each email.

(2) If you wish to exercise your rights, you may do so by sending a signed and dated written request to the following e-mail address: info@24metalcard.com

(3) The rights listed above are not absolute. There are exceptions, so each request received will be examined to decide whether it is justified or not. To the extent that your request is justified, we will facilitate the exercise of your rights. If the request is ungrounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to lodge a complaint with the Supervisory Authority and to take legal action.

(4) We will try to respond to the request within one month. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a reasonable time.

(5) If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with your request.

14. Questions, requests and exercise of rights

 

If you have any questions or concerns about the processing of your information or if you wish to exercise your legal rights or if you have any other privacy concerns, you can contact us at email info@24metalcard.com

 

Our identification data:

24METAL CARD S.R.L. , a Romanian company with registered office in Bucharest, sector 6, b-dul Ghencea no. 158, block Z, et. 3, ap. 48, registered with the Trade Register Office of Bucharest under the number J40/7845/2021 and tax registration code 44206542.

​

​

POLICY ON THE USE OF COOKIES

​

Additional information about cookies

We want to make your online experience as interactive as possible. To this end, we use cookies or similar techniques. It is important for you to know which cookies our site uses and for what purpose. This will help protect your privacy while ensuring the ease of use of our website.

What are cookies?

Cookies are small text files that are stored on your hardware (computer or mobile device) when you access certain websites.

Why are cookies used?

Cookies can be used for different purposes. Firstly, cookies may be needed to ensure the proper functioning of the website. For example, without cookies, it may be difficult for the website to remember that you have logged in or what products you have added to your shopping cart. These are called mandatory cookies.

Cookies can be used to analyse how a website is used, to count the number of visitors and to find out how the website can be improved. We do not associate website usage statistics and other reports with individuals. These cookies are called analytics cookies.

Thirdly, we use social media cookies to enable social media integration on the website and to give you the ability to immediately like or share a page or product on your preferred social media service.

A fourth important reason we use cookies is to enable online advertising, which can be tailored to display more relevant and interesting ads to you, both on and off our site. We do this through advertising (targeted) cookies.

For example, our website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google") that helps analyse the use of the site. For this purpose, Google Analytics uses "cookies", which are text files placed on your computer.

The information generated by the cookie about how the website is used - standard internet usage log information (including your IP address) and information about visitor behaviour in an anonymised form - is transmitted to and stored by Google, including on servers in the United States. Before being transmitted to Google, your IP address is anonymised.

In accordance with its Privacy Shield certification, Google state that they complies with the EU-US Privacy Shield Framework. Google may transfer the information collected by Google Analytics to a third party where required to do so by law, or where that third party is processing the information on Google's behalf.

In accordance with the Google Analytics Terms of Use, Google will not associate your IP address with any other data held by Google.

How to manage or disable cookies in your browser

You can manage your cookie preferences from the pop-up window on our website or from your browser settings.

Most browsers allow you to:

• see what cookies you have and delete them individually

• block third-party cookies

• block cookies from certain sites

• block the setting of all cookies

• delete all cookies when you close your browser

If you disable all (our) cookies in your browser settings, certain sections or features of our websites may not work, because your browser may prevent us from setting cookies that are necessary for the site to function. We therefore recommend you not to disable all cookies in your web browser.

In the list below, you can find more information on how to disable cookies or how to manage cookie settings for your browser:

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

• Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

• Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies

• Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471