I. Protection of personal data
1. Personal data controller
1.1 «PHILIP MORRIS SALES & MARKETING» SRL (hereinafter «Philip Morris Moldova») has established the purposes and the means for the processing of personal data in the «IQOS» filing system, and it acts in the capacity of a data controller of personal data (hereinafter referred to as – «Data Controller»).
1.2 «Philip Morris Moldova», with rights and responsibilities of a Data Controller of personal data, based on its legitimate interest – «freedom to contract», has contracted other natural/legal persons – hereinafter referred to as authorized persons by the Data Controller, for provisioning of its services.
1.3 Delegation of any tasks and responsibilities that involve the collection, storing and/or processing of IQOS customers’ personal data to the persons authorized by the Data Controller, does not mean the sale or use of such data for purposes other than those closely related to and necessary for the services provided by «Philip Morris Moldova» in relation to IQOS and lil products.
1.4 Philip Morris Moldova, before selecting these authorized persons, has taken all enhanced security measures to ensure that personal data shall be processed for the purposes established by the Data Controller, to be carried out exactly, and to ensure an adequate level of protection of data, has provided written guidelines to each of these persons.
1.5 The list of persons authorized by the Data Controller who were contracted and authorized on behalf of «Philip Morris Moldova» to process personal data can be viewed at iqos.com.
2. Term in this Regulation are used with the following meaning:
customer– any individual acting for purposes other than commercial activities;
user – any individual/legal over 18 years of age who consumes products containing nicotine and who has or creates an Account on www.md.iqos.com from any communication device: phone, tablet, PC, laptop, etc.
products – оther IQOS products and services, including those specified in the user reservation.
account – A section of the Site consisting of an e-mail address and a password that allows the User to request a reservation and which contains information about the User and his history on the Site (these may be, but are not expressly limited to product reservations, warranties, etc.).
profile creation – means any form of automatic processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyze or foresee aspects of the individual’s economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
personal data – any information relating to an identified or identifiable individual;
special categories of personal data – data that reveals the racial or ethnic origin of the person, his/her political, religious or philosophical beliefs, social affiliation, data concerning health or sex life, and data relating to criminal convictions, procedural measures or penalities;
personal data subject – any individual that can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to his/her physical, physiological, mental, economic, cultural or social identity;
processing of personal data – any operation or series of operations performed upon personal data by automated or nonautomated means, such as collection, recording, organization, storage, keeping, restoring, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
personal data filling system – any structured set of personal data accessible according to a specific criterion, whether centralized, decentralized or dispersed on a functional or geographical basis;
controller – - the natural or legal person governed by public or private law, including public authority, any other institution or organization which, individually or jointly with others, sets out the purposes and means of processing personal data expressly provided for by the applicable law;
person authorized by the controller – natural or legal person governed by the public or private law, including public authority and its territorial subdivisions, who processes personal data on behalf of and in the interest of the controller, based on the instructions received from controller;
third party – a natural or legal person governed by public or private law, other than the personal data subject, the controller or the person authorized by the controller and the person who, under the direct authority of the controller or of the person authorized by the controller, is authorized to process personal data;
anonymization – means the processing of personal data in such a way that they can no longer be assigned to a particular data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures ensuring that the respective personal data concerned are not attributed to an identified or identifiable individual;
responsible authority – refers to the National Center for Personal Data Protection of the Republic of Moldova;
IQOS Rental Contract – agreement between an authorized person and a consumer on the temporary possession of IQOS devices.
reservation – an electronic document through which the consumer places a request with the intention of obtaining information about a product on the site and through which a form of communication is allowed between the processor and, directly, the consumer.
product replacement – the process of returning a product where the consumer issues a valid request to report a product malfunction, defined in terms of material or workmanship, although the product has been used in accordance with the IQOS/lil User Guide. This service is only applicable to products whose commercial warranty is active and whose non-functionality is confirmed by an IQOS representative.
extended Care Plus warranty – an additional service, offered by Philip Morris Moldova to users whose IQOS devices have an active commercial warranty. It applies when the product loses its functionality due to accidental or unintentional damage and the consumer is entitled to receive a new component in exchange for the defective one. The conditions of use of the programme can be found here.
opt-in – a form of consent given by users, whereby they confirm their subscription to informational communications from IQOS via channels such as: email, Viber, SMS.
IQOS representative – a person authorised by the operator to process IQOS / lil consumer requests for device maintenance support in order to receive information on how to use the devices or available points of sale.
content – Information that can be viewed or accessed using electronic equipment.
order – an electronic document through which the consumer expresses his/her intention to purchase products and through which communication between the Company and the User takes place.
3.Who can use the website iqos.com
3.1 The registration form filled on the website can be carried out by any individual, on his/her own name and only if he/she has reached the age of 18 years.
3.2 The activities performed by the controller are intended for residents of the Republic of Moldova or, as the case may be, for other persons in connection with the service of IQOS and lil products.
3.3 All information accessible on the website that concerns the content of text, image, structure, etc. are intended exclusively for individuals with the purpose of personal use and are protected according to national legislation on copyright and related laws. Any copying or use of this information for purposes other than the stated one, is forbidden and is subject to liability in accordance with the legislation in force.
4. Logging in to the system – iqos.com
4.1 Registration in the system is performed by accessing the iqos.com4.2 After completing the mandatory fields listed, the user account will be activated by filling in the secret code received at the phone number indicated or by accessing the link that will be sent to the e-mail address provided. Registration will be completed only after all mandatory fields have been filled in. The password is confidential and cannot be disclosed to third parties.
5. Categories of processed personal data
5.1 The following categories of personal data are/will be processed in the «IQOS» filing system:
a) First and last name;
c) Date and place of birth;
e) Mobile phone/telephone (including checking if it is still active);
f) Email address;
g) Address (home/residence);
i) IQOS and lil device ID and other technical information regarding the IQOS or lil device in case of repairs and/or maintenance (charge cycles, firmware update, possible faults and errors, production date);
j) Experience shared by IQOS/lil device consumers;
k) Any other data communicated by consumers, relating to the use of the IQOS and lil devices, including any complaints and/or communications, related, including possible adverse events.
6. Purpose of processing personal data
6.1 Personal data are collected and processed in «IQOS» personal data filing system (database), for the purposes of:
a. keeping records of customers who have purchased/rented or intend to purchase/rent IQOS devices from the controller. The Terms and Conditions of the rental program can be viewed here;
b. keeping records of customers who have purchased or intend to purchase or to do a lil product reservation from the controller;c. providing support in connection with the rendered products;
7. Applicable legal framework and jurisdiction
7.1 The personal data processing operations carried out in the "IQOS" database are performed under the supervision of the controller in the Republic of Moldova.
8. Legal basis for processing personal data х
8.1 The personal data controller may process personal data on the following legal grounds:
a) where there is consent given by the data subject (consent may be given directly by the data subject through any unambiguous action or communicated by other persons who have such consent from the data subject, for example: in the case of recommendation of other persons.
b) Where it is necessary to take certain actions prior to the conclusion of a contract (legal relationship) at the request of the data subject: registration of the user profile, completion of necessary forms or surveys;
c) Where it is necessary for the performance of the contract (legal relationship) with the data subject, for example: in the case of the provision of support and maintenance services in relation to IQOS and lil devices or other services provided by «Philip Morris Moldova»;d) Where there is a legal obligation or legitimate interest. For example: to validate (identity and age), update (contact data: phone number, email or other identity data), rectify or delete personal data (inaccurate or incomplete data on the person's identity or contact data or other data). 8.2 The personal data controller informs that personal data may be used for other purposes expressly provided by law, such as: at the request of the police or law enforcement authorities – e activities that the controller cannot provide but takes them into consideration when collecting personal data. In such cases, the data controller will verify if the request complies with the principles of personal data protection and will execute it if there is only a legal purpose and basis. 8.3 The controller may disclose personal data to:
9. Rights of the personal data subjects
9.1 The right to information - consists of the right to be informed before collecting and processing personal data regarding the identity of the controller, the purpose for processing data, the recipients or categories of data recipients, the existence of rights provided for by the Law on the protection of personal data, as well as the conditions under which they can be exercised.
9.2 The right of access to data - consists of the right to obtain from the controller on the basis of a request, information about whether his/her personal data were processed or not, information regarding the purposes and categories of data processed, the recipients or categories of recipients to whom the data is disclosed, how automated processing of data takes place, the legal consequences generated by the data processing for the data subject and how the right of intervention on personal data is exercised.
9.3 The right of intervention - consists in obtaining, on the basis of a request, the rectification, updating, blocking, erasure or anonymization of information the processing of which does not correspond to the requirements of the Law on the protection of personal data, especially of incomplete or inaccurate data.
9.4 The right to object - consists in the right to disagree at any time, for well-founded and legitimate reasons related to his/her particular situation, with the processing of data, unless there are legal provisions that stipulate otherwise.
9.5 The right not to be subject to an individual decision - consists of the possibility to request and obtain the withdrawal, annulment or reassessment of any decision that has legal effects on the data subject which was adopted exclusively on the basis of automated processing designed to evaluate some aspects of his/her personality, such as professional competence, reliability, behavior or other such aspects.
9.6 The right to justice - consists in the right to address the National Center for Personal Data Protection or the court for the defense or reinstatement on the impaired rights. Therefore, you have the right to file a complaint with the National Center for Personal Data Protection if you are not satisfied with any aspect of the processing of personal data by us or you believe that we do not fulfill our responsibilities as a data controller. The contact details of the authority are: MD-2004, Republic of Moldova, Chisinau municipality, 48 Serghei Lazo Street, phone: +373-22-820801, fax: + 373-22-820807, e-mail: email@example.com.
9.7 For the exercise of these rights, you can send a written request by using postal services in Chisinau, 21/3 N. Dimo Street, MD-2068, to the attention of the person in charge of the protection of personal data or by using electronic mail services at firstname.lastname@example.org . We will respond to the request within 15 days from the date of receipt.
9.8 In accordance with Art. 25 of Law No 133/2011 on the protection of personal data and point 37 paragraph (6) of the GDPR, the company «Law, Privacy & Data Protection Services» SRL, IDNO 1018600008466, is appointed as the personal data protection officer under the service contract and can be contacted at email@example.com.
9.9 You may also refuse to provide personal data to Philip Morris Moldova. Refusal to provide such data may result in the inability of Philip Morris Moldova to provide the service.
II. Processing personal data in the context of using IQOS web page, md.IQOS.com
10. Purpose of data processing10.1 In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Law no. 133/2011 regarding the protection of personal data of the Republic of Moldova, Philip Morris Moldova is required to process safely and only for the purposes specified below, the personal data you provide to us.
13. Disclaimer13.1 Philip Morris Moldova does not warrant that the Site, the servers on which it is hosted or e-mails sent from Philip Morris Moldova are free of viruses or other potentially harmful computer components, that it is free of omissions, defects, delays or interruptions in operation or transmission, line failures or other similar factors.
14. Notification of cross-border transfer14.1 Personal data will be stored on servers in Ireland, but under the monitoring and control of the controller.
15. Cookies15.1 The data controller processes two types of cookies: per session and fixed. The last ones are temporary files that remain in the user's terminal until the session ends or when the application (web browser) is closed.
16. Blocking access to the website16.1 Access may be blocked when:
III. Services17.1 «Philip Morris Sales & Marketing» SRL (hereinafter referred to as «Philip Morris Moldova»), based in Chisinau, 21/3 N. Dimo Street, MD-2068 ( firstname.lastname@example.org , 0 8000 24 00), registered with the Public Services Agency, under no. 1016600001027, on 14.01.2016, with VAT code 0609130, notification nr. P-7684/2019 from 30.12.2019, hereinafter Philip Morris Moldova.
18. IQOS/lil products
18.1. The list and characteristics of IQOS products and bat products present on the website md.iqos.com, may be modified and adapted at any time in order to best meet the requirements of consumers and legislation in force.
18.2 The IQOS and lil product sheet can be found on the IQOS and lil product page on the md.iqos.com website, where detailed product information is represented. This is accompanied by one or more images of the IQOS and lil product, specifying the product name and characteristics.
18.3. Philip Morris Moldova assumes no responsibility for any errors or misrepresentations regarding IQOS and lil products. The content of the product information on this website is for reference purposes only and is not intended to replace the advice of specialists in various fields (nutrition, health, etc.).
19. Products reservation online
19.1 In order to reserve a product, the consumer must create an account or access the existing one by logging in with his/her email address and password. From the menu displayed, one can access the IQOS product category or the lil product category and request to reserve a product. The product page will display its price and availability (for information only).
19.2. Merely reserving IQOS and/or lil products does not constitute a sale and does not create any obligation for Philip Morris to deliver IQOS and/or lil products. By reserving a product, the consumer expresses an interest in a product and an IQOS representative will then process the request placed on the website by telephone call. In turn, the product reservation gives the consumer the flexibility to decline the product reservation request without having to justify their decision or incur financial damages.
20. Steps to follow in the process of reserving an IQOS / lil product20.1 If you click on the «Reservation» button, the desired IQOS or lil product will be placed in «My reservation». Once a product has been added to «My Reservation», it will be updated as you add new products. In the «My Reservation» menu you have the following details: the list and price of the reserved products, the reserved quantity, the payment method upon receipt of the order, the method of receipt of the order and the total amount of the product reservation.
21. Processing of personal data in the context of the product reservation service through the md.IQOS.com website21.1 By using the internet booking services, you accept the terms and conditions regarding the protection of personal data. Personal data may be processed for the purposes set out above only for as long as necessary in accordance with applicable law. Philip Morris Moldova may reserve the right to process, for legitimate reasons, certain personal data for a longer period than required by the applicable legislation, exclusively if the competent national authorities may decide on certain investigations in accordance with the time limits provided for by the Administrative Code, the Penal/Criminal Code or other specific laws. Other personal data processed by Philip Morris Moldova may only be used if you give your explicit and granular consent on one of our/our proxy's websites.
22. Quality and guarantee22.1 The guarantee is granted to the User based on applicable provisions respectively of Law no. 105/2003 on consumer protection, Law no. 284/2004 regarding electronic commerce and Law no. 241/2007 regarding electronic communications, etc. including the Civil Code. A legal guarantee of compliance is granted on the basis of the Guarantee Certificate. According to Article 11 of Law 105/2003, each Client may request first of all, in the event of non-compliance, the repair of the product, or has the right to request the replacement of the product, unless the measure is impossible or disproportionate. Product replacement is possible only within the limit of available stock. Upon receipt of goods, the Client is recommended to ensure that the delivered products correspond qualitatively and quantitatively to his/her expectations. In the event of IQOS Rental Contract, the guarantee, quality, rights and obligations of the consumer are specified in the provisions of the contract.
23. IQOS and lil devices repair and maintenance23.1 Consumers are obliged to use and to carry their IQOS and lil devices according to the specifications given by the manufacturer in the corresponding documentation. Consumers are entitled to complain about defects and/or request maintenance support at authorized points of sales and service during the product warranty period.
24. Processing of personal data relating to the Care Plus extended warranty program (applicable to IQOS devices only)24.1 The method of processing of personal data related to the Care Plus program. As of 01.10.2020 the company «Philip Morris Moldova», decided to include the Care Plus program as a default service offered to users of IQOS together with the inclusion of the opt-in.
25. Product Refunds25.1 The Client is entitled to return the products within 14 calendar days from the entry into possession of the devices. When returning products, the consumer must present:
26. Liability limits26.1 Philip Morris Moldova may at any time amend the Terms and Conditions of iqos.comsite, with the new provisions becoming public and binding on Clients from the date of their uploading to the site.
27. Information for consumers:27.1 Agency for Consumer Protection and Market Surveillance mun. Chisinau, str.Vasile Alecsandri 78, MD-2012, phone nr. 022515151
080028028 (toll free for all districts),
28. Final provisions28.1. For new users, acceptance by ticking and completing the survey data when registering as a user confirms that you have read and agree to the TERMS AND CONDITIONS OF PERSONAL DATA PROTECTION.