We consider ensuring the right to the protection of personal data as a fundamental Sameday commitment, thus we will devote all the resources and efforts necessary to process your data in full compliance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation. As one of the essential principles of this legal framework is transparency, we have prepared this document by which we want to inform you about how we collect, use, transfer and protect your personal data when you interact with us about our products and services, including through our website.
Who we are and how you can contact us
Sameday is the trade name of S.C. DELIVERY SOLUTIONS SA, legal person of Romanian nationality, having its registered office in Bucharest, Splaiul Independenţei, no. 319, Building OB 17C, 1st Floor, sect. 6, Romania, registered with the Registry of Commerce under no. J40/7031/2008, with tax registration code RO23743772S.A., (hereinafter “Sameday” or “we”). For the purposes of data protection legislation, we are an operator when we process your personal data.
As we are always open to find out your opinions, as well as to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact the Sameday Data Protection Officer at the e-mail address firstname.lastname@example.org or by post or courier to Bucharest, Splaiul Independenţei, no. 319, Building OB 17C, 1st Floor, sect. 6 – with the indication: to the attention of the Sameday Data Protection Officer.
What categories of personal data we process
In general, we collect your personal data directly from you, so you have control over the type of information you provide us. As example, we receive information from you as follows:
We may also collect and process later certain information about your behavior while visiting our website or using the smartphone app to personalize your online experience and provide you with offers adapted to your profile. We invite you to learn more about this by consulting the section below on the purposes of the processing.
We do not collect or otherwise process sensitive data included by the General Data Protection Regulation in special categories of personal data. We also do not wish to collect or process data of minors who have not reached the age of 16.
What are the purposes and reasons for the processing
We will use your personal data for the following purposes:
This general purpose may include, where appropriate, the following:
The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between Sameday and you. Certain processing covered by those purposes is also required by applicable law, including tax and accounting legislation.
We always want to offer you the best service purchase experience through an online platform. To do this, we may collect and use certain information about your Customer behavior, invite you to fill in follow-up questionnaires following the completion of an order, or conduct, directly or with the help of partners, studies and market research.
We base these activities on our legitimate interest in conducting business activities, always making sure that your fundamental rights and freedoms are not affected.
To keep you informed about the status of your deliveries, we may send you information on the date and time of delivery via e-mail/SMS channels. We always ensure that these processing is carried out in compliance with your rights and freedoms.
You may always stop the processing of your personal data for information purposes by the means described herein, and we will comply with your request as soon as possible. Withdrawing your consent will have the effect of inability to conduct information on the status of the services delivered.
There may be situations where we will use or transmit information to protect our rights and business. These may include:
The general reason for these types of processing is our legitimate interest in protecting our business, being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
In certain cases, we also base our processing on legal provisions such as the obligation to ensure the security of property and values provided for by the legislation applicable in this matter.
How long do we keep your personal data
As a general rule, we will store your personal data while you have an account in the Sameday platform. You may always ask us to delete certain information or close your account, and we will comply with these requests, subject to the retention of certain information including after the account is closed, in situations where the applicable law or our legitimate interests require it.
If you do not have an account in the Sameday platform, the general rule is to preserve information about orders made for a period of 4 years from the time of completion of the order (“Retention Period”). Similar to the previous situation, it is possible to retain certain data after the expiry of that period, in accordance with applicable law or our legitimate interests, in particular with a view to exercise the rights of the defense in the event of a litigation relating to the services delivered. For this purpose, the data will be kept separate from the data of other customers being stored as backup, encrypted and/or under pseudonym, and will only be accessed in the event of a litigation. Immediately after the Retention Period expires, Sameday will delete your Personal Data and any copies thereof from its systems.
To whom we transmit your personal data
Where appropriate, we may transmit or provide access to certain of your personal data to the following categories of recipients:
Where we have a legal obligation, or if necessary to protect a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your data by third parties, private law legal entities, is carried out in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
In which countries we transfer your personal data
We are currently storing and processing your personal data across Romania.
However, from time to time, we may transfer certain personal data to entities located outside Romania. These entities may be located in the European Union or outside the Union, including countries to which the European Commission has not recognized an adequate level of personal data protection.
We will always take action to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual arrangements and, where appropriate, other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data transferred from the EU to the United States of America.
You may contact us at any time, using the contact details set out above, to learn more about the countries to which we are transferring your data, as well as the safeguards we have implemented with regard to these transfers.
How do we protect the security of your personal data
We are committed to ensure the security of personal data by implementing appropriate technical and organizational measures, in line with industry standards.
We keep your personal data on secure servers using the latest generation encryption algorithms and providing storage redundancy.
For payments we can also use the services of the payment processor PayU. Any payment information is encrypted using SSL technology.
Despite the action taken to protect your personal data, we draw your attention to the fact that the transmission of information via the Internet in general or through other public networks is not entirely secure, with the risk that the data may be seen and used by unauthorized third parties. We cannot be held liable for such vulnerabilities of systems that are not under our control.
Which are your rights
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You can request access to your data, correct any mistakes in our files, and/or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to refer to the court of justice. Where appropriate, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information on each of these rights can be obtained by consulting the table below.
In order to exercise your rights, you can contact us using the contact details outlined above. Please note the following if you want to exercise these rights:
Identity. We take seriously the confidentiality of all records containing personal data. For this reason, please send us your requests for such records using the e-mail address of the Sameday account. Otherwise, we reserve the right to check your identity by requesting additional information that aims to confirm your identity.
Fees. We will not ask you for a fee to exercise any right regarding your personal data, unless your request for access to information is unfounded or repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before resolving your request.
Response time. We intend to respond to any valid requests within a maximum of one month, unless this is particularly complicated, or if you have made several requests, in which case we are to respond within a maximum of two months. We will tell you if we need more than one month. We may ask you whether you can tell us exactly what you want to receive or what concerns you. This will help us to act faster and shorten the response time to your request.
Third parties rights. We don’t have to resolve a request if it would adversely affect the rights and freedoms of other subjects concerned.
|Access||You may request:
|Correction||You can ask us to correct or complete your inaccurate or incomplete personal data.
It is possible to try to verify the accuracy of the data before they are rectified.
|Deleting the data||You may ask us to delete your personal data, but only if:
We do not have the obligation to comply with your request to delete your personal data if the processing of your personal data is necessary:
There are certain other circumstances we are not obliged to comply with your request to delete data, although these two are the most likely circumstances we could refuse this request.
Be sure that, before exercising this right, you download and save from your Sameday account all documents related to orders made to Sameday, whether the invoice was made to you or to another natural or legal person (such as invoices, guarantee certificates). If you do not do so before you exercise your right to delete, you will lose all these documents and Sameday will be unable to make them available to you because the process of deleting the data, the Sameday account, with all its data and documents, is an irreversible process.
|Restricting data processing||You may ask us to restrict the processing of personal data, but only if:
We can continue to use your personal data following a restriction request if:
|Data portability||You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can request that these are “ported” directly to another data operator, but in each case only if:
|Objection||For reasons of your particular situation, you may object at any time to the processing of your personal data for the reason of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.
You may also always object to the processing of your data for direct marketing purposes (including profiling) without invoking any reason, in which case we will cease processing as soon as possible.
|Automated making decisions||You may request that you are not the subject of a decision based solely on automated processing, but only when that decision:
This right shall not apply where the decision has been made following the automatic making of decisions if:
|Complaints||You have the right to complain to the supervisory authority about the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:
The National Supervisory Authority for The Processing of Personal Data
B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise you that we will make every effort to resolve any matter by mutual agreement.
We remind you that you can contact Sameday Data Protection Officer at any time by transmitting your request by any of the following means: