asset 1@3x

[ PRIVACY POLICY ]

Last updated: 13/02/2026

This Privacy Policy explains how [FULL LEGAL COMPANY NAME] S.R.L. (“we”, the “Controller”) processes personal data when you use [WEBSITE NAME / DOMAIN] (the “Website”), create an account, place an order, contact us, or subscribe to marketing communications. This policy is intended to meet the transparency requirements under the General Data Protection Regulation (GDPR).

Who we are and how to contact us

Data Controller: [FULL LEGAL COMPANY NAME] S.R.L.
Registered office: [FULL ADDRESS]
Trade register no.: [J/…/…]
Tax ID: [CUI]
Email: [CONTACT EMAIL]
Phone: [PHONE]

What personal data we process

Depending on how you interact with the Website, we may process:

Identity and contact data

  • name, email address, phone number

Order and delivery data

  • delivery and billing address, order details (items, quantities, prices), order history

  • information required for delivery to a fixed pickup point / locker (e.g., selected locker, delivery confirmations/codes where applicable)

Payment data

  • we do not store full card details; payments are handled by a payment provider. We typically receive transaction confirmation, payment identifiers, and status (approved/declined/refunded), and possibly fraud-prevention signals from the payment provider.

Communications

  • messages you send via forms/email/chat, support requests, complaints, order/return/warranty communications

Technical and usage data

  • IP address, cookie identifiers, browser/device type, operating system, pages visited, actions on the Website, security logs

Marketing and preferences

  • newsletter preferences and engagement metrics (opens/clicks) where enabled

Public content (if applicable)

  • product reviews/comments you post (may be displayed publicly).

We do not intend to collect special category data (e.g., health or biometric data). Please do not provide such data to us.

Sources of data

  • directly from you (account, checkout, forms, emails)

  • automatically through your use of the Website (cookies/similar technologies and logs)

  • from partners involved in payment and delivery (payment status, delivery confirmations, fraud prevention).

Purposes and legal bases

We process personal data only where we have a legal basis under the GDPR.

Contract performance / pre-contract steps

  • account (optional), processing and fulfilling orders, shipping, invoicing, service communications, returns and warranties

Legal obligations

  • accounting and tax compliance, record keeping, consumer protection compliance

Legitimate interests

  • operating and securing the Website, preventing fraud, defending legal claims, improving services (e.g., aggregated analytics)

Consent

  • marketing newsletters/communications where required

  • non-essential cookies and similar tracking technologies where required. Cookie rules in the EU generally require consent unless a cookie is strictly necessary.

You can withdraw consent at any time (e.g., unsubscribe links or cookie settings). Withdrawal does not affect processing carried out before withdrawal.

Retention

We keep data only as long as needed for the purposes above, then delete or anonymize it, unless the law requires longer retention.

Typical retention logic may include:

  • account data: while the account is active and a reasonable period afterward (security/backup), subject to legal constraints

  • order and invoice data: for the period required by applicable accounting and tax laws

  • complaints and legal claims: as needed to establish, exercise, or defend legal claims, typically up to the applicable limitation periods (the general civil limitation period is commonly 3 years unless a special term applies).

  • marketing: until you unsubscribe/withdraw consent or object (as applicable).

Disclosures

We do not sell your personal data.

We may share data with:

  • IT and hosting providers

  • payment processors and parties involved in payment processing (sometimes as independent controllers)

  • shipping carriers and locker/pickup-point operators

  • email/marketing providers (if you subscribe)

  • analytics/functionality providers (subject to cookie settings/consent where required)

  • advisers (accountant, lawyer) and public authorities where legally required or justified.

We use processor agreements where providers act on our behalf, including confidentiality and security obligations.

International transfers

We aim to keep processing within the EEA. If any provider involves transfers outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, where required, supplementary measures.

Cookies and similar technologies

We use cookies/similar technologies for:

  • essential Website functionality (cart, login, security)

  • performance and personalization (depending on your choices)

  • marketing (only where permitted/consented).

Full details should be provided in your Website’s Cookies Policy.

Your rights

Subject to the GDPR and applicable conditions, you have rights of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and rights related to automated decision-making where applicable.

To exercise your rights, contact us at: [GDPR REQUEST EMAIL]. We may request verification of identity.

Complaints

You may lodge a complaint with your supervisory authority. In Romania, the supervisory authority publishes its contact details (address and email).

Children

The Website is not intended for children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child provided data to us, contact us so we can delete it.

Security

We apply reasonable technical and organizational measures (e.g., access controls, encryption where feasible, backups, logging, limited staff access). No method is 100% secure; please use strong passwords and avoid sending sensitive data via insecure channels.

Third-party links

The Website may link to third-party websites. We do not control their privacy practices; please review their policies.

Updates

We may update this policy when needed. The current version will be posted on the Website with the “Last updated” date. For material changes, we will try to notify you through reasonable means (e.g., Website notice or email where appropriate).