Privacy policy

Last updated on 14.04.2025

Please read this Privacy Policy (hereinafter referred to as the “Policy”) carefully as it contains important information regarding how, when, and why World Comm Trading GFZ SRL collects, uses, and stores your personal data, with whom it may share it, as well as to inform you about your rights as a data subject and the measures taken to protect your personal data, in connection with World Comm Trading GFZ SRL’s processing over its website, partner platforms and in relation to its products and services.

The website www.worldcomm.ro (hereinafter referred to as the “Website”) is owned and managed by World Comm Trading GFZ SRL, a company incorporated by the Romanian laws, headquartered in Bucharest, Splaiul Independenței, no. 319, OB 209, registered under trade registration no. J40/10819/2014, VAT no. RO16167421.

1. APPLICABILITY

This Policy regarding the processing of personal data only applies to the processing activities performed by World Comm Trading GFZ SRL and shall be complemented with the Cookie Policy .

The Website may contain information about or links to other websites that are outside World Comm Trading GFZ SRL custody and/or control. Carefully read and review the privacy policies of each of those websites when you browse on them to get an understanding of how your personal data is being used and shared by those third-party websites.

2. DEFINITIONS

The terms used within this Policy have the same meaning as those mentioned in Terms and Conditions, unless otherwise mentioned in this Policy.

• “World Comm”, “we”, “us” or “our” means World Comm Trading GFZ SRL and any of its affiliates that are providing the Website, products and services.

• “Users” means any natural person or any customer’s employees, representatives, consultants, contractors, or agents who are using the Services for customer’s benefit.

• “You” or “your” means current or potential customer of World Comm, as a User of the Website, products and Services provided by World Comm.

• “Services” means all of our web-based websites (including this website), applications, tools and platforms that you have subscribed to or that we otherwise make available to you, and are developed, operated, and maintained by us, accessible via the Website or another designated URL, and any ancillary products and services, including any consulting services, that we provide to you either for a fee or free of charge; Services or other products or features made available by us to you on an unpaid trial or free basis are considered free Services.

• “Personal data” means any information relating to an identified or identifiable natural person;

• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• “Processing activity(ies)” means one or more operations that relate to one of the different stages that the processing of personal data may involve.

• “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Policy, World Comm acts as Controller.

• “Data subject” means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the user’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. COLLECTING PERSONAL DATA

In general, the personal data we process is collected directly from you, as a data subject. However, there may be situations where your personal data is collected indirectly from social media, from the website of the company you represent, from your employer as a contact person, from a third party who recommended you or from various public platforms (for example ad platforms).

When we, as the Controller, do not receive the personal data directly from you, we will inform you within the legal term about our processing of your personal data.

If you provide us with personal data belonging to other individuals (for example, colleagues), you have the responsibility to make sure you have obtained prior approval from those persons for sharing their data with us.

4. CHILDREN AND SPECIAL DATA

Our Website and Services are not directed at children. We do not knowingly or intentionally collect personal data from children who have not reached the level of maturity in their country and who are not able to assume obligations in accordance with the applicable legislation.

If you are the holder of parental responsibility of a child who has not reached the level of maturity in the country of residence and you believe your child has provided us with personal data, please contact us to request the erasure of their personal data and we will act upon your request in accordance with the legal requirements.

We do not collect nor is our intention to collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, or personal data relating to criminal convictions and offences or related security measures, excepting the situations expressively regulated by the law.

5. PROCESSED PERSONAL DATA, PURPOSES, LEGAL GROUNDS AND RETENTION PERIODS

Below you will find information about the purposes for which we process your personal data, the categories of personal data we collect for those purposes, the legal grounds on which we carry out the processing activities and the periods of time we store the personal data in relation to the purposes of the processing.

Where the lawful basis for the processing is the data subject’s consent, you may withdraw your consent at any time without constraint and without affecting the lawfulness of the processing prior to its withdrawal.

We will inform you and, where the lawful basis is your consent, we will ask for you freely-given consent if we intend to process your personal data for a new purpose that is materially different from that for which the personal data was initially collected.

Depending on the nature of our relationship or interaction, we will process your personal data for the following purposes:

5.1. If you are the legal representative or contact person of a legal entity with which we are in a business-to-business contractual relationship:

# Scope Data categories Legal ground Retention

5.1.1 Negotiation and conclusion of commercial contracts, through representatives of legal entities Name, surname, represented legal entity, title and capacity, e-mail address, telephone number, signature – belonging to the legal or conventional representative of the contracted legal entity The legitimate interest of companies (Controller and contractor) to enter into commercial relations or the conclusion and performance of the contract (in the case of freelancers) Personal data is stored for the duration of the contractual relationship and thereafter, in accordance with tax and accounting legislation

5.1.2 Verification of the capacity and the power of the representative to engage the company’s liability Name, surname, title and capacity, validity period of the mandate, powers of representation, as well as any other data included in the documents attesting to the capacity as a representative of the company. The legitimate interest of companies (Controller and contractor) to enter into commercial relations and to ensure that the contract signatory has the necessary power to engage the company’s liability in specific contractual relationships Personal data is stored for the duration of the contractual relationship and thereafter, in accordance with tax and accounting legislation. If the contract is not concluded, the data will be deleted

5.1.3 Performance of commercial contracts, through the parties’ contact persons Name, surname, professional email address, professional phone number, represented entity, role, department The legitimate interest of companies (Controller and contractor) to conduct commercial relations Personal data is stored for the duration of the contractual relationship and thereafter, in accordance with tax and accounting legislation

5.2. If you are our customer following an order placed through partner online platforms (e.g. eMag Marketplace) or following a purchase of our products from partner physical stores, all or some of the following purposes may apply to you:

# Scope Data categories Legal ground Retention

5.2.1 Management of orders placed through the partner platform (eMag Marketplace): registration, confirmation and delivery of products Order number and date, ordered products, billing data (last name, first name, address, price), invoice series, number and date, delivery data (name, surname of recipient, delivery address, phone number), email address, payment method Performance of the contract represented by the Terms and Conditions of use of the partner platform (eMag Marketplace) applicable to the relations between the Controller and you Personal data is stored in accordance with applicable tax and accounting legislation – 5 years (documents issued before 31st of December 2022) or 10 years (documents issued after 31st of December 2022)

5.2.2 Issuance and communication of the invoice for the purchased products Name, surname, address, invoice series, number and date, purchased products, quantity, price, payment method, email address • Fulfilment of the Controller’s legal obligation to issue invoices under legal conditions

• Performance of the contract represented by the Terms and Conditions of use of the partner platform (eMag Marketplace) applicable to the relations between the Controller and you Personal data is stored in accordance with applicable tax and accounting legislation – 5 years (documents issued before 31st of December 2022) or 10 years (documents issued after 31st of December 2022)

5.2.3 Registration and resolution of the return request, receipt and verification of products Name, surname, email address, phone number, order number and date, billing data (name, surname, address, price), invoice series, number and date, returned products, return reason, resolution, price refund account details (name, IBAN account) or, as appropriate, exchange products • Fulfilment of the Controller’s legal obligation to ensure the customer the possibility of returning the purchased products.

5.2.4 Registration, verification and resolution of product return/change requests Name, surname, product, invoice series, number and date, billing address, delivery address, reason for repair, resolution, persons authorized to hand over/pick up the product (name, surname), telephone number, e-mail address Fulfilment of the Controller’s legal obligations regarding product warranties

Personal data is stored for a period of 3 years

5.2.5 Collecting your feedback to improve the quality of our customer interaction Name, surname, username, email address/phone number, products purchased, interaction with the Controller’s staff, level of satisfaction The Controller’s legitimate interest in verifying the level of customer satisfaction in order to improve the way services are provided Personal data is stored in accordance with the Terms and Conditions of use of the partner platform (eMag Marketplace) – data is not stored outside the platform

5.3. If you participate in our recruitment and selection process as a candidate for vacant positions within World Comm:

# Scope Data category Legal ground Retention

5.3.1 Recruitment

*detailed information regarding the processing of personal data within the recruitment and selection process for vacant positions is contained in the specific notice provided at the time of CV collection or, as the case may be, during the first interaction between you and our recruitment team Name, surname, telephone number, e-mail address, home/residence address or country of home/residence, professional training, studies, certifications and the like, professional experience, seniority in work or in a specific area of activity, linguistic and/or technical skills, profile on a professional social network (e.g. LinkedIn), if applicable, and other data included in the documents provided • Steps taken at your request before concluding the employment contract

• The legitimate interest of the Controller to resolve any complaints following the recruitment process

• Your consent to keep your CV in order to contact you regarding any subsequent vacancies Personal data is stored during the recruitment process and subsequently for a period of 6 months to manage possible complaints.

5.4. When you visit our premises:

# Scope Data categories Legal ground Retention

5.4.1 Ensuring the security and safety of people and property through video surveillance equipment at the Controller’s premises Video images, arrival time and departure time, date, car registration number (if applicable) The legitimate interest of the Controller to ensure the security and safety of persons and property or, as applicable, the fulfilment of the legal obligations of the Controller under specific legislation Personal data is stored for 30 days or according to the applicable legal retention period

In addition to the purposes mentioned above, we may process your personal data for the purpose of fulfilling our legal obligations under the laws governing our activity, including those regarding equal opportunities and non-discrimination, ensuring physical and IT security and protecting whistleblowers in the public interest. In these situations, the categories of data processed and the data storage periods are determined according to the applicable legal provisions.

Your data may also be processed, based on the legitimate interest of the Controller, for the purpose of exercising or defending a right or legitimate interest in a judicial, administrative or similar procedure, in which the Controller is involved or to respond to requests from public authorities, courts and tribunals or criminal investigation and prosecution bodies, based on and within the legal obligations the Controller is subject to. The categories of data processed and the storage periods are determined on a case-by-case basis, depending on the applicable legal procedures and provisions.

At the end of the retention periods specified above, personal data will be deleted or anonymized, as applicable to the specific situation.

6. TRACKING TECHNOLOGIES

Our website uses cookies, plug-ins and other online identifiers (collectively referred to as “cookies”) in order to ensure functional browsing or to provide a better browsing experience, to perform statistical analysis regarding accessed information, or to provide you with custom content and advertising appropriate to your preferences and interests.

Detailed information regarding the cookies we use may be found in our Cookie Policy .

7. AUTOMATED DECISION MAKING, INCLUDING PROFILING

We do not make decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

8. DISCLOSURE AND TRANSFER OF PERSONAL DATA

We may transfer your personal data, to the extent that this is necessary, to the following categories of recipients: companies from the same group, service partners, subcontractors, payment providers, courier service providers, archiving companies, IT service providers, software or hardware vendors, market research companies, marketing companies, public authorities, court or arbitral tribunals, as well as competent authorities to investigate criminal offenses.

Personal data may be disclosed or transferred to the categories of recipients mentioned above in order to provide our Services at the highest quality level, ensure the intervention of specialists by outsourcing parts of our business or to provide access to services and benefits according to our business partnerships, or to ensure compliance with the specific legal obligations to which we are subject according to the activity carried out.

In the event that personal data is transferred to third countries we will apply the technical and organizational measures required by law and we will inform you about the transfer in accordance with the legal requirements.

9. SECURITY OF PERSONAL DATA

The security of your personal data is important to us. Therefore, we maintain a variety of appropriate technical and organizational measures to protect your personal data from loss, misuse, and unauthorized access or disclosure. We limit access to personal data to employees or contractors who we believe reasonably need to retrieve that information to provide our Services. Considering the current state of technology, we have implemented reasonable physical, technical and procedural safeguards designed to protect your personal data, such as limiting access, encrypting, anonymizing, or storing it on secure media.

It is very important that you, as a data subject, know the risks and take the measures to protect your personal data, for example by checking the sources of information, avoiding access to suspicious or unknown links, regularly changing passwords and using appropriate anti-virus and anti-malware solutions.

10. YOUR RIGHTS AND HOW TO EXERCISE THEM

The law grants data subjects enforceable and effective rights concerning their personal data which can be exercised under particular conditions.

You have the following rights regarding your personal date:

• Right to be informed: You have the right to be informed regarding the processing of your personal data, as we are doing through this Policy.

• Right of access: You have the right to obtain confirmation whether or not we process your personal data, as well as information on the specifics of the processing activities, and get access to that personal data.

• Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

• Right to erasure: You have the right to obtain from us without undue delay the erasure of your personal data, to the extent that the legal requirements are met. Personal data will be erased when the legal requirements are met.

• Right to restriction of processing: If the applicable legal provisions are met, you have the right to obtain the restriction of processing of your personal data.

• Right to data portability: If the applicable legal provisions are met, you have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another Controller.

• Right to object: In certain situations, such as when we process personal data based on legitimate interest, you have the right to object to the processing of your personal data. In the event of unjustified opposition, as Controller we are entitled to further process your personal data.

• Right to object to commercial communication: You may also object to the processing of your personal data for the purpose of sending commercial messages.

• Right not to be subject to decisions based solely on automated processing, including profiling: If the applicable legal provisions are met, you have the right not to be subject to a decision based solely on automatic processing, including profiling, which has legal effects on you or affects you similar to a significant extent.

• Right to Opt-Out of Sale or Sharing of Personal Data: If we sell your personal data to third parties or share it with third parties for cross-context behavioral advertising, you have the right, at any time, to stop us from selling or sharing your personal data.

• Right to address to the Supervisory Authority: You have the right to file a complaint with the competent Supervisory Authority on any violation of your rights regarding the processing of your personal data.

If you want to contact the Supervisory Authority from your place of residence in EU, you may find the contact details at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

• Consent withdrawal: To the extent that we process your personal data based on your given consent, you can withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

• Right to No Retaliation: If you choose to exercise any of these rights, we will not discriminate against you in any way. However, if you exercise certain rights, understand that you may be unable to use or access certain features of our websites or services, or we may be unable to execute the employment or collaboration agreement with you.

Except for the right to contact the Supervisory Authority, which you can exercise using the contact details indicated above, you can exercise your legal rights by contacting our Data Protection Officer by e-mail at privacy@worldcomm.ro.

We will respond to your requests without undue delay and in any case within one month of receiving the request. This period may be extended by two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receiving your request, stating the reasons for the delay.

In the event that we do not take action on your request, we will inform you, without undue delay and no later than one month after the receipt of your request, of the reasons for not taking action. In such a case, you have the possibility to lodge a complaint with the competent Supervisory Authority or to take a legal action.

11. UPDATES

This Policy is subject to periodic reviews and updates to ensure that it always corresponds to reality, and it is in line with the applicable legal requirements. For this reason, please regularly consult this Policy to keep up to date with any changes. Any major changes to this Policy will be notified accordingly.

12. CONTACT

If you have any questions or concerns regarding the processing of your personal data, this Policy or how it applies, or you wish to exercise any of your rights, you can contact our Data Protection Officer by e-mail at: privacy@worldcomm.ro