General
MERLINS BEVERAGES S.R.L. (www.merlinsbeverages.com) thanks you for visiting our website and for your interest in the company and its offerings. We take the protection of your personal data seriously and want you to feel comfortable while browsing our site.
Below, we provide information about the data we store in connection with the use of our website and how this data is used. If our website contains links that direct you to another provider’s site, this privacy policy does not apply to the redirected website.
By accepting the following privacy policy, you agree to the collection, processing, and use of personal data by MERLINS BEVERAGES S.R.L., in accordance with the data protection law/General Data Protection Regulation (GDPR) and the following terms and conditions.
Please take the time to read this notice carefully.
DATA CONTROLLER
The data controller is the data subject responsible for processing your personal data and deciding on the purposes and means of processing your personal data. In this case, the data controller is:
MERLINS BEVERAGES S.R.L.
str. Izvoare, no. 58, Neamț County, Romania
Phone: 0800 800 259
Email: contact@vitaminaqua.ro
Correspondence address: bd. Traian no. 19, 4th Floor, Piatra Neamț
You can contact our Data Protection Officer at contact@vitaminaqua.ro.
If you wish to refuse the collection, processing, or use of your personal data by MERLINS BEVERAGES S.R.L., in accordance with the data protection law, you may send your refusal via email to the address above. This may result in the service becoming unavailable.
Please note that refusal may make it technically impossible to use the website.
Your Rights
You have the right to receive explicit information from MERLINS BEVERAGES S.R.L. regarding the personal data we have stored about you, free of charge.
In addition, you have the following rights:
- Right of access – The right to know which data is collected and how it is processed
- Right to rectification – The right to request correction of personal data if it is not up to date
- Right to erasure – The right to request deletion of personal data
- Right to restriction of processing – The right to limit the processing of personal data
- Right to data portability – The right to transfer personal data in a machine-readable format
- Right to object – The right to withdraw consent or object to the processing of personal data
- Right to lodge a complaint with a supervisory authority – The right to file a complaint against MERLINS BEVERAGES S.R.L. with a supervisory authority or any other EU supervisory authority
If you wish to exercise your rights as a data subject, please do not hesitate to contact us using the contact information provided above.
When, why, and how we collect your data
We also need to collect, process, store, and sometimes disclose various personal data in order to provide information and services to you. Below, you can see which of your data we need, for what purposes, and under what circumstances we disclose your data to other parties.
Personal data are information that can directly or indirectly identify you, such as your name, address, phone number, date of birth, location data, or email address.
Please provide only the information we need.
To give you a clear overview, we use a table-based form. We believe this allows us to provide information in a transparent, easily understandable, and easily accessible format, using clear and simple language.
Below we show which personal data is collected. Since there are different types of data, we have grouped them into categories according to how we consider the information easiest to understand.
Personal data collected when you visit our website
When you open our website to learn about MERLINS BEVERAGES products, but do not fill out the contact form, we collect the following personal data:
| CATEGORY OF PERSONAL DATA | EXPLANATION |
|---|---|
| Device Information | Device ID, operating system and corresponding version, or other device identifiers |
| Connection Data | Time, date, and duration of website usage, origin, corresponding IP address, and other protocol data |
This information is collected in order to display the visited website to you. We also limit ourselves to what is absolutely necessary to ensure compliance with a key principle of personal data processing: data minimization.
Personal data we collect when you visit our website and fill out the contact form
As mentioned above, we follow the principle of minimization: the less information, the better. All collected data is strictly related to well-defined purposes.
If you do not only visit the website but also wish to contact us—for example, because you want to distribute our products—you will need to complete a contact form. The fields required to process your messages are marked as mandatory. Without this information, we cannot respond to your messages, and for this purpose, we collect the following personal data:
| CATEGORY OF PERSONAL DATA | EXPLANATION |
|---|---|
| Personal Data | First and last name, email address, phone number |
| Device Information | Device ID, operating system and corresponding version, or other device identifiers |
| Connection Data | Time, date, and duration of website usage, origin, corresponding IP address, and other protocol data |
| Communication Data | Comments, ratings or feedback, communication data (e.g., email correspondence) |
| Other Information | Data you voluntarily provide while using the website, application, or other related activities, as well as data from other sources such as social media or other (public) databases (e.g., user ID from other platforms) |
To ensure that you agree with MERLINS BEVERAGES’ privacy policy, before submitting a message using the contact form, you will be asked to provide your consent for the use of personal data.
If you provide personal data of another person, you must obtain that person’s prior consent. In this case, you must inform them about how we process personal data in accordance with our privacy policy.
Defined Purposes and Legal Basis
As mentioned above, we collect your personal data only when necessary, and the purpose is lawful and previously defined. The information in parentheses indicates the legal basis on which the respective processing relies. Below, we provide more details regarding the purposes and legal basis:
| PURPOSE | WHY WE PROCESS DATA FOR THIS PURPOSE |
|---|---|
| Customer Relations | When you contact Customer Service to obtain information or to make a complaint, we store the information you provide. For example, the reason why you contacted us. Depending on the reason for your contact, personal data may vary. As we aim to improve our services for you, written communication is stored in our database. This way, you receive a quick and satisfactory response. Categories of personal data: Communication Data, Other Information Legal basis: This information is necessary to provide you with the best possible service experience (legitimate interest). |
| Security and Protection | We want to offer you and all our customers the best possible services. Unfortunately, not every visitor to our website is as friendly as you. For this reason, to protect our services, we must collect personal data that helps us identify potential attackers and prevent risks. We also record that we informed you about the privacy policy. For this purpose, the privacy policy has been made available to you. Categories of personal data: Connection Data, Access Data Legal basis: We are legally obliged to protect your data appropriately (compliance with legal obligations), and protecting the company is in our legitimate interest (legitimate interest). |
Further Processing Based on Our Legitimate Interest
In addition to the purposes and legal bases mentioned above, we also process your personal data based on so-called legitimate interest. Legitimate interest particularly includes the processing of personal data within a group of companies, network and information security processes, or direct marketing activities.
We use your personal data to pursue our legitimate interests, provided that your rights and freedoms do not override them. To balance our interests with your rights, we have implemented appropriate operational safeguards. The processes described below have been subject to a review to ensure that your rights and freedoms are not adversely affected by our processing. These processes include:
| PROCESS BASED ON LEGITIMATE INTEREST | EXPLANATION |
|---|---|
| Advertising | We will send you emails to introduce new products, conduct opinion surveys, and carry out studies to improve our services. You can object to the further processing of your data for advertising purposes with each email. Of course, you can also contact our Data Protection Officer directly at contact@vitaminaqua.ro if you wish to object to the processing of your data for advertising purposes or request more information on this matter. |
| Email Marketing | We aim to avoid generic newsletters and unpersonalized marketing measures. Therefore, we will select communications that match your interests and contact you if we believe the information may be useful to you. You can object to the further processing of your data for advertising purposes with each email. Of course, you can also contact our Data Protection Officer directly at contact@vitaminaqua.ro if you wish to object to the processing of your data for advertising purposes or request more information on this matter. |
| Measurement Data | To improve our services, we collect various measurement data, which cannot be assigned to you or a profile. This helps us optimize our advertisements. |
| Other Information | If you voluntarily choose to share information beyond the required fields, we are, of course, happy. This allows us to continue improving our service. These are data you voluntarily provide while using our website, applications, or other related activities, as well as information from other sources, such as social media or other (public) databases (e.g., user ID from other platforms). |
| Quality Assessment | To continuously provide improved services, we regularly evaluate the success or potential causes of unsuccessful marketing measures. For this, we analyze, for example, whether our newsletters are opened and whether the content is also selected accordingly. |
When We Delete Your Data
In general, we delete data after the purpose for which it was collected has been fulfilled. The exact deletion rules are defined in our regional deletion concepts. Different deletion rules apply depending on the purpose of processing. Within our deletion concepts, we have defined different classes of data and the retention periods assigned to them. Collected data is marked with a deletion rule. Once the retention period is met, the stored data will be deleted accordingly.
We will also delete your personal data if you request it, or automatically ten years after the data was collected.
In addition to the deletion rules defined by us, there are other legal retention periods that we must comply with. For example, fiscal data must be retained for a period of six to ten years, or even longer in some cases. These special retention periods vary depending on local legal requirements. Therefore, despite your request to delete your data, we may still retain some stored data due to legal regulations. In such cases, we will restrict the data from further processing.
Who We Disclose Your Data To
In the following section, we provide information about who we disclose your data to and under what conditions.
Third Parties with Access to Personal Data
We do not provide your data to unauthorized third parties. However, as part of our operations, we obtain services from selected providers and grant them limited and strictly monitored access to some of our data. Before sharing personal data with these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must comply with legal requirements for personal data protection and demonstrate the level of data protection with appropriate evidence.
Below, we transparently and clearly inform you about all data recipients and the reasons for the disclosure:
| DATA RECIPIENT | REASON |
|---|---|
| External Service Provider | As mentioned above, our communication extends not only within our group members but also with external service providers. They support our business operations by evaluating and optimizing our marketing campaigns, providing personalized advertising, delivering IT solutions and infrastructure, or ensuring the security of our business operations, such as identifying and resolving malfunctions. |
| Law Enforcement Authorities and Judicial Proceedings | Unfortunately, some of our clients or service providers may act improperly and cause harm. In such cases, we are not only legally obliged to provide personal data, but it is also in our interest to prevent damage, enforce our rights, and contest unjustified claims. |