Your Order Is Being Sent


Your order is being processed.

Do not press "Back" or "Refresh"!

GDPR Privacy Notice

GDPR Privacy Notice - LoveWithoutTears.com

The purpose of this document is to inform you about what data we use, for what purposes and for how long, who has access to it and what your rights are regarding the processing of your data.

The company that manages LoveWithoutTears.com

IUBIRE FARA LACRIMI DIGITAL SRL is a Romanian company, based in Strada Silozului, Nr. 19, Birou Nr. 6, Etaj 2, Bucharest, identified by J40/1367/2023, VAT number RO47515577.

LoveWithoutTears.com is an online shop whose purpose is to sell and deliver books of the same name to website visitors, as well as to conduct promotional campaigns to attract potential customers. In achieving the proposed purpose, we come into contact with website visitors who freely consent to place orders for the books. After placing orders, we process the data provided by customers in order to deliver the orders placed on the website.

The purpose of this notice is to explain why we need your personal data in order to provide services.

This privacy notice explains how we collect personal information through our website and how we process it after obtaining it. This privacy policy also describes the collection and use of personal information on behalf of customers who freely consent to our website and order books from the website.

LoveWithoutTears.com lawfully, fairly and transparently processes the personal data of users and/or customers ("legality, fairness and transparency").

LoveWithoutTears.com is responsible for the above and can demonstrate this compliance ("accountability").

Information collected by LoveWithoutTears.com
LoveWithoutTears.com collects the following information from visitors/users and customers:

(a) information you voluntarily submit,

(b) technical data automatically collected from all website visitors,

(c) information collected through our services,

(d) information we collect from third party sources.

Information you provide directly through the order form (for example, by completing the order form and requesting an order from LoveWithoutTears.com).

Information we obtain when you visit our website (As a web-based service, we automatically receive and record information in server logs from your browser when you use the LoveWithoutTears.com website. We use a variety of methods, including "cookies" or "web beacons", to collect this information. We use existing session cookies as well as persistent cookies. The information we can collect through these automated methods may include, for example, your IP address, user code, browser type, system type, content and pages you access on our site, duration and frequency of your visits. We can also use cookies on our website to store session validators on your hard drive. If any information collected through passive means is directly combined with personal information, we treat the combined information according to this privacy policy. Otherwise, we use the information collected through passive means in aggregate forms.)

LoveWithoutTears.com uses the order form through which we can contact you and order books. This form includes fields such as name, email address, phone number, country, county, locality, delivery address, delivery method, payment method. Customers can order products from LoveWithoutTears.com either online, by email or by phone.

This personal data processing complies with legal provisions, by consent freely expressed when concluding a contract in which you have the capacity of party (each time you perform the above operations, you agree to the terms and conditions for providing those services). The data you provide as a result of using this contact option are processed on the basis of our legitimate interest in responding to your request and keeping a record of your message, service request such as selling books and others similar.

We do not use the data we collect to send marketing communications unless you expressly agree to such communication, in which case you can withdraw your consent at any time.

Recipients of personal data

LoveWithoutTears.com discloses personal data only for the purposes and to third parties listed below.

LoveWithoutTears.com takes all appropriate measures to ensure the processing, security and transfer of personal data in accordance with applicable law.

courier service providers;
payment / banking service providers;
website administration/maintenance service providers;
other service providers, entities that assist IUBIRE FARA LACRIMI DIGITAL SRL in data processing as processors, public authorities, within and within the limits of legal provisions and as a result of expressly formulated requests.
We may also disclose your personal data to third parties only in the following situations:

If you expressly and unconstrainedly consent to this disclosure;
To persons demonstrating that they are legally acting on your behalf;
Where it is in the legitimate interest of LoveWithoutTears.com to administer, grow and develop its business, in the following situations: In the event of the sale of the website, we reserve the right to disclose your personal data to the potential buyer of the domain or its parties, given the need to maintain business continuity.
In the event that we are required by law or by a competent judicial body to do so, and as may become necessary to meet certain national security or law enforcement requirements or to prevent certain illegal activities;
To respond to any claims, to protect our rights or those of a third party, to protect the safety of any person or to prevent any illegal activity; or
To protect the rights, property or safety of IUBIRE FARA LACRIMI DIGITAL SRL, its employees, customers, suppliers or others. Some of these recipients (including our affiliates) may use your personal information in countries outside the European Economic Area.
Except as expressly detailed above, we will never disclose, sell or rent your personal information to a third party without your prior consent.

Transfer of data outside the European Union

If we provide any personal data to such entities located outside the EEA, we will take appropriate measures to ensure that the recipient adequately protects your personal information, in accordance with this privacy notice. These measures include:

for service providers based in the US, entering into standard contractual clauses approved by the European Commission with them or ensuring that they have signed up to the Privacy Shield program (see further https://www.privacyshield.gov/welcome); or
for service providers based in other non-EEA countries (including Japan), entering into the European Commission's standard contractual clauses with them.
Rights of LoveWithoutTears.com users

The right to personal data protection is a fundamental right, this principle is enshrined in the Charter of Fundamental Rights of the European Union (hereinafter "the Charter"), which provides in Article 8 that: "(1) Everyone has the right to the protection of personal data concerning him or her. (2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. (3) Compliance with these rules shall be subject to control by an independent authority." In addition, this fundamental right is closely linked to the right to respect for private and family life enshrined in Article 7 of the Charter. The right to the protection of personal data is also provided for in Article 16(1) of the Treaty on the Functioning of the European Union (TFEU), which is the successor in this regard to Article 286 EC.

The GDPR regulates a number of rights for data subjects, and the data controller is required to ensure compliance with them:

The right to information - art. 13 and 14 GDPR, respectively the information to be provided where personal data are collected from the data subject, information to be provided where personal data have not been obtained from the data subject, as detailed above

The right of access to data - art. 15 GDPR, respectively
(1) The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(2) Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
(3) The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
(4) The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

The right to rectification - art. 16 GDPR

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The right to erasure ('right to be forgotten') - art. 17 GDPR.
(1) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
(2) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(3) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defence of legal claims.

The right to restriction of processing - art. 18 GDPR
(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
(2) Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

The right to data portability - art. 20 GDPR.
(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
(b) the processing is carried out by automated means.
(2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

The right to object - art. 21 GDPR.
(1) The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
(2) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
(3) Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
(4) At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
(5) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
(6) Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The right not to be subject to a decision based solely on automated processing, art. 22 GDPR
(1) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
(2) Paragraph 1 shall not apply if the decision:
(a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
(c) is based on the data subject's explicit consent.
(3) In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
(4) Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing. 28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania. +40.318.059.211 / +40.318.059.212, anspdcp@dataprotection.ro.

Please note:

Time period: We will try to meet your request within 30 days. This period may be extended due to specific reasons related to the legal right you invoke or the complexity of your request. In any case, if this period is extended, we will inform you regarding the extension period and the reasons that led to this extension.

Restricted access: In some situations, we may not be able to grant you access to all or some of your personal data due to legal restrictions. If we deny your access request, we will communicate the reason for this refusal.

Inability to identify: In some cases, we may not be able to identify your personal data due to the identification elements you provide in the request. In such cases, if we cannot identify you as a data subject, we cannot accommodate your request in accordance with this section, unless you provide us with additional information to enable us to identify you. We will inform you and give you the opportunity to provide such additional details.

Exercising your rights: To exercise your rights, please contact us in writing (including electronically) at the contact details provided in the section below.

If you would like additional information regarding the rights above or if you would like to exercise any of these rights, please contact us.

We will consider all these requests and provide a response within a reasonable time (and at any time no later than one month, a period that we can further extend by two more months if your request is complex). However, please note that there are exceptions to some of the aforementioned rights. If your request is denied, LoveWithoutTears.com will provide you with an explanation as to why your request was rejected.

The information provided under Articles 13 and 14 of the GDPR and any communication and any action taken under Articles 15-22 and 34 of the same normative act shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, LoveWithoutTears.com may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request. In these cases, LoveWithoutTears.com shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

If any exception applies, we will notify you when responding to your request. Before responding to any request made by you, we may ask you for certain information necessary to confirm your identity.

If you have any questions about how we process your personal data, please contact us at the phone number or email address provided.

Security

LoveWithoutTears.com is committed to protecting your personal data against loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction, and takes all reasonable measures to ensure the confidentiality of your personal information, including the use of appropriate organizational and technical measures.

Organizational measures include controlling physical access to our premises, staff training, and filing physical records in locked cabinets. Technical measures include password access to our systems and the use of antivirus software.

In the process of providing your personal data to us, your personal information may be transferred over the internet, however while we take all precautions we have at our disposal to protect the personal information you make available to us, the exchange of information between us and you via an internet connection is not entirely secure. Therefore, we cannot guarantee the security of your personal information you transmit to us via the internet and therefore such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorized access to it.

CHANGES TO THE PRIVACY NOTICE

This privacy notice may be amended whenever we deem necessary. Any changes made to this privacy notice will be displayed on the same website page, and may be brought to your attention via email or other means of communication, where feasible.

ADDITIONAL QUESTIONS OR FILING COMPLAINTS

Please address any questions regarding data protection and any requests to exercise your rights to the following contact information:

EMAIL: gdpr@LoveWithoutTears.com

MAILING ADDRESS: Strada Silozului, Nr. 19, Birou Nr. 6, Etaj 2, BUCHAREST, ROMANIA.

We will investigate and attempt to resolve any such complaint or request regarding your rights.

If you are not satisfied with the response received, you can file a complaint with the National Supervisory Authority for Personal Data Processing. You can find additional information on the above procedure at http://dataprotection.ro/?page=procedura_de_solutionare_a_plangerilor.