Privacy policy

We consider ensuring the right to the protection of personal data as a fundamental commitment of Sameday, therefore we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR“), as well as any other applicable legislation. As one of the essential principles of this legal framework is transparency, we have prepared this document through which we want to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services, including through our website.

We reserve the right to update and amend this Privacy Policy from time to time to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of any such change, we will post the amended version of the Privacy Policy on our website, which is why please check the contents of this Privacy Policy periodically.

Who we are and how you can contact us

Sameday is the trade name of S.C. DELIVERY SOLUTIONS SA, a legal entity of Romanian nationality, having its registered office in Bucharest, Gara Herastrau Street, No. 6, GLOBALWORTH SQUARE Building, 6th and 7th Floor, Section 2, Romania, registered with the Trade Register under no. J40/7031/2008, having tax registration code RO23743772S.A., (hereinafter “Sameday” or “we“). For the purposes of data protection legislation, we are a controller when we process personal data collected directly from you, and a processor of the controller when we process personal data collected by it.

What categories of personal data we process

In general, we collect your personal data. directly from you, so you are in control of the type of information you provide to us. By way of example, we receive information from you as follows:

When you create a Sameday account, you send us your email address, first and last name, phone number;
When you place an order, you provide us with your personal data, such as first and last name, pick-up address, phone number, etc.
When you are the recipient of a delivery, we process the data collected by the sender or the data provided by you, such as: name, surname, delivery address, telephone number, e-mail address, signature, necessary to ensure that the deliveries reach you and not to other people, but also to protect our legitimate interests in the event of further disagreements regarding the correctness of the delivery.

On our website we may store and collect information in cookies and similar technologies in accordance with our Cookie Policy.

We do not collect or otherwise process sensitive data, included by the General Data Protection Regulation in special categories of personal data.

We also do not collect or process data of minors who have not reached the age of 16. Any person who provides us with personal data directly or through the sender who collects them, declares on their own responsibility that they are at least 16 years old and can give their valid consent for the collection and processing of their data.

What are the purposes and grounds of the processing

We will use your personal data for the following purposes:

To provide Sameday services for your benefit

This general purpose may include, as appropriate, the following:

Creating and managing the account within the Sameday platform;
Creating and managing the account within the SAMEDAY APP application
Processing orders, meaning their picking, validation, transport, delivery and invoicing, as the case may be;

Refund collection

The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract concerning courier services. Also, certain processing subsumed for these purposes is required by the applicable legislation, including tax and accounting legislation.

To improve our services

We always want to offer you the best experience for purchasing services through an online platform. For this we can invite you to fill in satisfaction questionnaires after completing an order or we can conduct, directly or with the help of partners, market studies and research.

We will also record the conversations carried out through the Chatbot present on the sameday.ro website

We base these activities on our legitimate interest in conducting business, always taking care that your fundamental rights and freedoms are not affected.

Communications

In order to keep you informed about the status of your deliveries, we can send you, via electronic communication channels (e-mail/SMS, telephone) delivery details or access codes for locker deliveries. We always ensure that this processing is carried out in compliance with your rights and freedoms.

When you interact with our representatives by phone, these phone calls will

recorded to analyze the quality of our services and your level of service. satisfaction, with a view to

improvement. You will be informed of this before the start of the call and if you continue the phone call we will consider that you have given your consent to the recording of the call. In the event that you do not agree with the recording of the phone call, you can contact us through the other dedicated channels, mentioned in the Contact section available here, including Online Support chat.

You can withdraw your consent at any time during the call or afterwards. However, the withdrawal of consent will not affect the processing already carried out on the basis of your consent or the registration already carried out. At the same time, the deletion of personal data recorded in this way may continue to be retained, based on legitimate interest or a legal obligation.

In addition, please note that in order to avoid repeated information about the registration

of the call, repeatedly requesting your consent for this processing activity (“information fatigue” / “consent fatigue”), for calls made less than 24 hours apart from each other, we will consider informing you about the call recording activity and requesting consent made on the occasion of the first call.You can ask us at any time, by the means described herein, to stop processing your personal data for information purposes, and we will comply with your request as soon as possible. The withdrawal of your consent will have the effect of making it impossible to carry out information on the status of the services provided.

For the defence of our legitimate interests

There may be situations where we will use or transmit information to protect our rights and business. These may include:

Measures to protect the website and users of the Sameday platform from cyberattacks:
Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in defending our business, it being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the security of goods and valuables provided by the applicable legislation in this area, the obligation to notify security breaches or the like.

How long we keep your personal data

As a general rule, we will store your personal data for as long as you have an account on the Sameday platform. You may ask us to delete certain information or close your account at any time, and we will comply with those requests, subject to retaining certain information even after you close your account, where required by applicable law or our legitimate interests.

If you do not have an account on the Sameday platform, the general rule is to keep information related to orders placed for a period of 5 years from January 1 of the year following the completion of the order (“Retention Period“). Similar to the previous situation, we may keep certain data after the expiration of this period, in accordance with applicable law or our legitimate interests, in particular in order to exercise the rights of defense in the event of a dispute regarding the services provided. For this purpose, the data will be kept separate from the data of other customers being stored as a backup, encrypted and/or pseudonymized and will only be accessed in the event of a dispute. Immediately after the expiration of the Retention Period, Sameday will delete Your Personal Data and any copies thereof from its systems.

To whom we transmit your personal data

Where appropriate, we may transmit or provide access to certain personal data of yours to the following categories of recipients:

companies within the same group of companies as Sameday;
Sameday’s partners and subcontractors;
payment/banking service providers;
marketing/telemarketing service providers;
market research service providers;
IT service providers;
legal service providers;
other companies with whom we can develop joint programs to offer our goods and services on the market.

If we are legally obliged to do so, or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties legal entities under private law is carried out in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

To which countries we transfer your personal data

Currently, we store and process your personal data on the territory of Romania.

However, from time to time, we may transfer certain personal data of yours to entities located outside of Romania. These entities may be located in the European Union or outside the Union, including in countries that have not been recognised by the European Commission as having an adequate level of protection for personal data.

In the event that your personal data will be transferred outside the European Union or EEA, the transfer will be made (a) pursuant to a decision of the European Commission deciding that the third country in question ensures an adequate level of protection, (b) based on binding corporate rules or (c) based on standard contractual clauses adopted by the European Commission. In addition, in the event that we identify that one of these measures is not sufficient to ensure an adequate level of protection, on a case-by-case basis, we will adopt additional technical and/or organizational security measures in accordance with the recommendations of the European Commission.

You can contact us at any time, using the contact details set out above, to find out more information about the countries to which we transfer your data, how and the safeguards we have put in place with respect to these transfers.

How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.

We keep your personal data on secure servers, using state-of-the-art encryption algorithms and ensuring storage redundancy.

We can also use the services of the PayU payment processor to make payments. Any payment information is encrypted using SSL technology.

Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, and there is a risk that the data will be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.

What rights do you have

The General Data Protection Regulation recognises a number of rights in relation to your data. personal information. You can request access to your data, the correction of any mistakes in our files and/or you can object to the processing of your data. personal information. You can also exercise your right to complain to the competent supervisory authority or to go to court. Where appropriate, you may also have the right to request the deletion of your personal data. the right to restrict the processing of your personal data. and the right to data portability.

More information about each of these rights can be obtained by consulting the table presented below.

In order to be able to exercise your rights, you can contact us using the contact details set out above. Please note the following if you wish to exercise these rights:

Identity. We take the privacy of all records containing personal data seriously. For this reason, please send us your requests regarding such registrations using the email address related to your Sameday account. Otherwise, we reserve the right to verify your identity by requesting additional information that is intended to confirm your identity.

Fees. We will not charge you a fee to exercise any rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before settling your claim.

Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what worries you. This will help us act faster and shorten the response time to your request.

Third Party Rights. We do not have to comply with a request if it would adversely affect the rights and freedoms of other data subjects.

Access

You can ask us:

to confirm whether we are processing your personal data;
provide you with a copy of this data (including the conversation you had via the chatbot on the sameday.ro website)
provide you with other information about your personal data. personal data, such as the data we hold, what we use it for, to whom we disclose it, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you by this information.

Correction

You can ask us to rectify or complete your personal data that is inaccurate or incomplete.

We may try to verify the accuracy of the data before rectifying it.

Deletion of data

You can ask us to delete your personal data, but only if:

they are no longer necessary for the purposes for which they were collected; or
you have withdrawn your consent (if the data processing was based on consent); or
exercise a legal right to object; or
they have been processed illegally; or
We are legally obliged to do so.

We are under no obligation to comply with your request. deletion of your personal data. personal data where the processing of your personal data is not the case. personal information is required:

for compliance with a legal obligation; or
for the establishment, exercise or defence of a right in court;

There are certain other circumstances in which we are not obliged to comply with your request. data deletion, although these two are the most likely circumstances in which we might refuse this request

Please note that, before exercising this right, you must download from your Sameday account and save all the documents related to the orders placed from Sameday, regardless of whether the invoicing was made to you or to another natural or legal person (such as: invoices, warranty certificates). If you do not take this step before exercising your right of deletion, you will lose all these documents and Sameday will be unable to make them available to you because the process of deleting the data, respectively the Sameday account with all the data and documents related to it, is an irreversible process.

Restriction of data processing

You can ask us to restrict the processing of personal data, but only if:

their accuracy is challenged (see corrigendum section) to enable us to verify their accuracy; or
the processing is unlawful, but you do not want the data to be deleted; or
they are no longer necessary for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court; or
you have exercised your right to object, and the verification of whether our rights prevail is ongoing.

We may continue to use your personal data. following a restriction request, if:

we have your consent; or
to establish, exercise or ensure the defence of a right in court; or
to protect the rights of another natural or legal person.

Data portability

You can ask us to provide you with your personal data in a structured, commonly used and machine-readable format, or you can request that it be ‘ported’ directly to another data controller, but in each case only if:

the processing is based on your consent or the conclusion or performance of a contract with you; and
The processing is done by automatic means.

Opposition

You can object at any time, on grounds related to your particular situation, to the processing of your personal data. based on our legitimate interest, where you believe that your rights and freedoms are not met. prevails over this interest.

You can also object to the processing of your data for direct marketing purposes (including profiling) at any time, without giving any reason, in which case we will cease such processing as soon as possible.

Automated decision-making

You can ask not to be subject to a decision based solely on automated processing, but only when that decision:

produces legal effects with respect to you; or
affects you in another similar way and to a significant extent.

This right does not apply if the decision reached as a result of automated decision-making:

it is necessary for us to enter into or perform a contract with you;
is authorised by law and there are adequate safeguards in place for your rights and freedoms; or
is based on your explicit consent.

Complaints

You have the right to lodge a complaint with the supervisory authority about the processing of your personal data. personal information. In Romania, the contact details of the data protection supervisory authority are as follows:

National Supervisory Authority for Personal Data Processing

G-ral Blvd. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212;

E-mail:[email protected]

Without affecting your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issues amicably.

You cancontact the Sameday Data Protection Officer at any time by submitting your request in any of the following ways:
by e-mail to: [email protected]
by mail or courier to the address: Bucharest, Gara Herastrau Street, No. 6, GLOBALWORTH SQUARE Building, 6th and 7th Floors, Sector 2 – with the mention to the attention of the Sameday Data Protection Officer.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_icl_current_language	1 day	This cookie is stored by WPML WordPress plugin. The purpose of the cookie is to store the current language.
cookielawinfo-checkbox-analize	1 year	CookieYes sets this cookie to store the user consent for the cookies in the category Analytics.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-marketing	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Marketing".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
wp-wpml_current_language	session	WordPress multilingual plugin sets this cookie to store the current language/language settings.
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gat_UA-10872482-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.

Privacy policy

Subscribe to the SAMEDAY newsletter