GDPR – PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA THROUGH THE WEBSITE WWW.DORALY.RO AND/OR ONLINE CHANNELS

GDPR – PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA
THROUGH THE WEBSITE WWW.DORALY.RO AND/OR ONLINE CHANNELS

 

 

1.      WHO WE ARE AND HOW TO CONTACT US

DORALY is a retail park with over 34 years of experience in supporting wholesale, retail and Cash&Carry operations, located in Afumați, Ilfov County. Expo Market Doraly SRL, headquartered in Afumați commune, 31 Bucharest–Urziceni Road, Ilfov County, registered at the Trade Register under J23/948/2001, VAT number RO5329714, and reachable via the contact details below (hereinafter “DORALY”, “the Company” or “the Data Controller”), processes personal data in compliance with EU Regulation 2016/679 of 27 April 2016 (“GDPR”) and applicable national data protection laws.

This Privacy Notice explains why and how we process personal data and outlines your rights. DORALY acts as the data controller under the GDPR. Data protection is a key priority for us, and we want to keep you informed about its evolution.

 

CONTACT DETAILS:

  • Address: Afumați commune, Ilfov County, 16 Bucharest–Urziceni Road, Pavilion P, 1st Floor, office no.1
  • Website: www.doraly.ro
  • Email: dpo@doraly.ro

 

2.      CATEGORIES OF PERSONAL DATA PROCESSED & TYPES OF PROCESSING

Personal data refers to any information relating to an identified or identifiable natural person. We only collect personal data necessary for the purposes described below, and only with your explicit consent where required.

Examples of data we process:

  • Browsing and technical data when you visit our website or social media platforms: browser type, OS, date/time of visit, page access status, search terms entered, frequency of page visits, file names, data volume, referring URLs, online identifiers, and social media IDs — processed per our Cookie Policy and for security/fraud prevention.
  • Contact form or email data: name, email address, phone number, preferences (e.g. quote requests, newsletter opt-ins, marketing consents), and any additional personal data you provide.
  • Testimonials/feedback and social media data: social media usernames, satisfaction ratings, comments, etc.
  • Security data: IP addresses, access logs, and other IT security measures.
  • Event/competition data: name, contact details, photos/videos/voice consent, age/date of birth, address, signature, tax identification if required, company role, etc.
  • Tenant account data: username, account usage data, representative details (name, contact, position), and documents such as invoices, contracts, reports, support tickets, complaints.

Processing operations include collection, recording, structuring, storage, use, disclosure, and deletion, as  [TS1] necessary.

 

3.      PURPOSES AND LEGAL BASES FOR DATA PROCESSING

We use your data to:

  • Manage relationships with potential customers, existing clients, suppliers, and other professionals from different areas of activity
  • Provide services and inform you about the outcome of these services
  • Comply with legal and regulatory obligations (e.g. accounting, fiscal requirements)
  • Fulfill contractual obligations and respond to requests, complaints, or disputes
  • Ensure risk management and IT security measures
  • Improve our services and conduct audits/surveys
  • Send marketing communications with your consent
  • Organize events and, if consented, follow-up marketing and publish event content/videos/photos
  • Manage damages and legal claims
  • Defend or enforce legal rights to solve possible legal disputes
  • Compile internal statistics
  • Use cookies and online tools for website analytics and security

Legal bases include contract performance, legal obligations, legitimate interests, consent, and safeguarding your rights.

 

4.      DATA SOURCES

We collect data directly from you and may also obtain it from your employers, clients, partners, public sources (e.g. social media), or other Doraly group companies. We will fulfill all GDPR transparency requirements regarding these sources.

 

5.      VOLUNTARINESS OF PROVIDED DATA

You are not generally obliged to provide personal data unless required by law or contract. Refusal may limit our ability to provide services, respond to inquiries, or allow you to use certain features or applications.

 

6.      RETENTION PERIOD

We retain personal data only as long as necessary for the stated purposes or required by law, including:

  • Duration of client relationship (e.g. active tenant accounts)
  • Statutory retention periods (e.g. accounting documents)
  • Duration of contractual relationship/performance
  • Until you opt out of marketing communications
  • While associated online identifiers/cookies remain active
  • Until consent is withdrawn
  • Within mandatory archival periods
  • At minimum, three years after the termination of the relationship or last contact, unless longer retention is necessary (e.g. legal claims)

We will delete your data upon request, except where legal exceptions apply, and will inform you of any exceptions in our response.

 

7.      RECIPIENTS OR CATEGORIES OF RECIPIENTS

We may share data with:

  • Affiliates, partners, and authorized processors
  • Public authorities (tax, regulatory bodies)
  • Third parties when legally required or for legitimate interests (e.g. banks, financiers)
  • Event partners, if consented
  • Recipients involved in corporate transactions (e.g. buyers, consultants)
  • Third-party platforms (e.g. social media, cookies) where consented.

We ensure that all recipients uphold data protection standards and provide adequate safeguards, especially for transfers outside the EU/EEA.

 

8.      NO AUTOMATED DECISION-MAKING

DORALY does not make legally binding or significantly impactful decisions solely via automated processing. We may profile customers (e.g. by demographics) for personalized communications, with your consent.

 

9.      YOUR RIGHTS AND HOW TO EXERCISE THEM

You have the following rights under GDPR:

  • Access: Confirm and access your data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure (“right to be forgotten”): Request deletion under certain conditions
  • Restriction: Temporarily limit processing in specific circumstances
  • Portability: Receive your data in a machine-readable format and transfer it
  • Objection: Object to processing based on legitimate interests or direct marketing[TS2] 
  • Withdraw consent: At any time for consent-based processing
  • Lodge complaint: With DORALY or the Romanian data authority (ANSPDCP).

To exercise your rights, send a request using the contact details above. We may need to verify your identity to prevent misuse. We will respond within the statutory timeframe (typically 30 days) and may charge for excessive requests.

 

10.  CHANGES TO THIS NOTICE

We may update this Privacy Notice; you should check it periodically. Material changes (e.g. in identity or processing purposes) will be communicated via our usual channels.

By reading this Notice, you acknowledge having been informed of your GDPR-based rights regarding your personal data and its protection.