PRIVACY POLICY
petru-claymoor.com
Last updated: April 3, 2025
Effective date: April 3, 2025
This Privacy Policy explains how PC Transylvania SRL collects, uses, stores and protects your personal data when you visit and use petru-claymoor.com. We are committed to protecting your privacy in full compliance with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and applicable Romanian data protection law.
1. DATA CONTROLLER
PC Transylvania SRL
55 Dionisie Lupu Street, App. 7, Sector 1
Bucharest, Romania 010456
VAT No: RO51486399
Trade Register: J2025020102008 / 21.03.2025
Email: contact@petru-claymoor.com
Website: petru-claymoor.com
2. DATA WE COLLECT
2.1 Data You Provide Directly
– Account information: name, email address, password (stored in hashed form), billing and shipping address, phone number
– Order information: items purchased, payment method details (we do not store full card numbers), delivery preferences
– Communications: messages sent via email or contact forms, customer service correspondence
– Newsletter subscription: email address and communication preferences
2.2 Data Collected Automatically
– Technical data: IP address, browser type and version, operating system, device type, time zone
– Usage data: pages visited, time spent on pages, clicks, referring URL
– Cookies and tracking technologies: as described in our Cookie Policy
2.3 Data from Third Parties
– Payment processors (e.g., Stripe, PayU) – transaction confirmation only
– Shipping partners – delivery status updates
– Social media platforms – if you connect your account or use social login
3. PURPOSES AND LEGAL BASES FOR PROCESSING
We only process your personal data when we have a valid legal basis under Article 6 GDPR:
– Performance of a contract (Art. 6(1)(b)): processing orders, managing your account, delivering purchases, providing customer support and handling returns
– Legal obligation (Art. 6(1)(c)): complying with Romanian and EU tax, accounting and consumer protection legislation
– Legitimate interests (Art. 6(1)(f)): fraud prevention, website security, improving our services, internal analytics and IT maintenance
– Consent (Art. 6(1)(a)): sending marketing emails and newsletters; placing non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
4. HOW WE USE YOUR DATA
– Processing and fulfilling your orders, including payment processing and shipping
– Creating and managing your customer account
– Communicating about orders, returns and queries
– Sending promotional emails and newsletters (only with your consent)
– Preventing and detecting fraud and abuse
– Complying with legal and regulatory obligations (invoicing, VAT reporting)
– Improving and personalising the website experience
– Conducting internal analytics and business reporting
5. DATA SHARING AND RECIPIENTS
We do not sell or rent your personal data to third parties. We may share your data with:
– Payment processors (e.g., Stripe, PayU, Netopia) – to process payments securely
– Shipping and logistics companies – to deliver your orders (name, address, phone number)
– Email service providers – to send transactional and marketing emails
– IT and hosting providers – who host our website and databases, bound by data processing agreements
– Accounting and legal advisors – where legally required
– Public authorities – when required by law (e.g., ANAF, courts, law enforcement)
All third-party processors are bound by data processing agreements and are required to maintain appropriate security measures.
6. INTERNATIONAL DATA TRANSFERS
Where we transfer personal data outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including:
– Transfers to countries recognised by the European Commission as providing adequate protection
– Use of Standard Contractual Clauses (SCCs) approved by the European Commission
– Binding Corporate Rules where applicable
You may request a copy of the applicable transfer safeguards by contacting us.
7. DATA RETENTION
We retain your personal data only for as long as necessary for the purposes described in this Policy or as required by law:
– Order and transaction data: 10 years (Romanian accounting law – Legea nr. 82/1991)
– Customer account data: duration of your account, plus 3 years after last activity
– Marketing consent records: until you withdraw consent, plus 3 years for legal evidence
– Customer service communications: 3 years from last contact
– Website analytics data: 26 months
– Cookie consent logs: 13 months
8. YOUR RIGHTS UNDER GDPR
As a data subject in the EU/EEA, you have the following rights under Chapter III of the GDPR:
– Right of access (Art. 15): obtain a copy of the personal data we hold about you
– Right to rectification (Art. 16): request correction of inaccurate or incomplete data
– Right to erasure (Art. 17): request deletion of your data where there is no legitimate reason to continue processing
– Right to restriction of processing (Art. 18): request we limit the processing of your data
– Right to data portability (Art. 20): receive your data in a structured, machine-readable format
– Right to object (Art. 21): object to processing based on legitimate interests or direct marketing
– Right not to be subject to automated decision-making (Art. 22): we do not carry out solely automated decisions that produce legal or similarly significant effects
– Right to withdraw consent (Art. 7(3)): withdraw consent at any time for consent-based processing
To exercise any of these rights, contact us at contact@petru-claymoor.com. We will respond within 30 days. We may need to verify your identity before processing your request.
If you believe your rights have been infringed, you have the right to lodge a complaint with the Romanian supervisory authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
www.dataprotection.ro
You may also lodge a complaint with the supervisory authority in your country of residence or place of work within the EU.
9. DATA SECURITY
We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:
– SSL/TLS encryption for all data transmitted via our website
– Encrypted storage of passwords and sensitive payment data
– Access controls and role-based permissions for our staff
– Regular security assessments and software updates
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ANSPDCP within 72 hours and inform you without undue delay as required by Art. 33–34 GDPR.
10. COOKIES
We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use and how to manage your preferences, please read our Cookie Policy.
11. CHILDREN’S PRIVACY
Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website. We encourage you to review this Policy periodically.
13. CONTACT US
For any questions, concerns or requests relating to this Privacy Policy or your personal data, please contact us:
PC Transylvania SRL
55 Dionisie Lupu Street, App. 7, Sector 1
Bucharest, Romania 010456
Email: contact@petru-claymoor.com