Privacy Policy

Last updated: March 2026

1. Data Controller

Your personal data is processed by:

  • GGAFFAIRS S.R.L.
  • VAT ID: 52994476
  • Registered office: Str. Mioriței, Nr. 59, Ap. 1, Târgu Mureș, Mureș County, Romania
  • GDPR contact email: ggaffairsro@gmail.com

2. What Data We Collect

We collect the following categories of personal data:

  • Identification data: Full name
  • Contact data: Email address, phone number
  • Delivery data: Full delivery address
  • Technical data: IP address, browser type (collected automatically for site operation)

3. Purpose and Legal Basis for Processing

Purpose Legal Basis
Order processing and delivery Contract performance
Order status communications Contract performance
Issuing tax invoices Legal obligation
Responses to questions/complaints Legitimate interest
Marketing and newsletter Explicit consent

4. Retention Period

  • Order data: 5 years (under tax legislation)
  • Marketing data: Until consent is withdrawn
  • Technical data (cookies): Maximum 12 months

5. Data Recipients

Data may be shared with:

  • Courier companies: For order delivery (name, address, phone)
  • Stripe Inc.: Online payment processor — processes card data securely. Stripe Policy
  • Oblio.eu: Issuing tax invoices (name, address, email)
  • Google LLC: Google Analytics 4 — anonymized site usage data (only with your consent)
  • Datahost.ro: Hosting provider — stores data on servers in Romania
  • Public authorities: When required by law (ANAF, etc.)

We do not sell and do not rent your personal data to third parties for marketing purposes.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You may request a copy of your data.
  • Right to rectification: You may request correction of incorrect data
  • Right to erasure ("right to be forgotten"): You may request deletion of your data
  • Right to restriction of processing: You may limit how we use the data
  • Right to data portability: You may receive the data in a structured format
  • Right to object: You may object to processing for direct marketing
  • Right to withdraw consent: At any time, without affecting the lawfulness of prior processing

To exercise these rights, contact us at: ggaffairsro@gmail.com

7. Data Security

We implement technical and organizational measures to protect your data:

  • Secure HTTPS connection
  • Restricted access to data
  • Periodic backups

8. International Data Transfers

Some of our providers (Google LLC, Stripe Inc.) may transfer data outside the European Economic Area (EEA), particularly to the USA. These transfers are performed under the legal mechanisms provided by GDPR (Standard Contractual Clauses or adequacy decisions of the European Commission).

9. Automated Decisions

We do not use automated decision-making or profiling processes that would produce legal or significant effects on you.

10. Cookies

Our site uses cookies for optimal operation. Analytical cookies are activated only with your explicit consent. For full details, see the Cookie Policy.

11. Complaints

If you believe your rights have been violated, you have the right to file a complaint with:

The National Supervisory Authority for Personal Data Processing (ANSPDCP)

  • 🌐 www.dataprotection.ro
  • 📧 anspdcp@dataprotection.ro
  • 📍 B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest

12. Changes

This policy may be updated periodically. The date of the last update is shown at the top of the page.