Privacy Policy

How we collect, use, and protect your personal data.

1. DATA CONTROLLER

The data controller responsible for the processing of your personal data is IFP FILATI PREGIATI SRL, with registered office at Str. Erou Apetrei, Nr.23, Mun. Piatra Neamt, Jud. Neamt, Romania, CUI: 47181930, VAT: RO47181930. You can contact us by phone at +40 730 012 045 or by email at italianafilatipregiati@gmail.com.

2. CATEGORIES OF PERSONAL DATA COLLECTED

We collect and process the following categories of personal data: full name, email address, phone number, delivery and billing address, and payment-related data. We may also collect technical data such as IP address, browser type, device information, and browsing behavior on our website through cookies and similar technologies.

3. PURPOSES AND LEGAL BASES FOR PROCESSING

We process your personal data for the following purposes and on the following legal bases under Article 6 of the GDPR: - Contract performance (Art. 6(1)(b)): to process and fulfill your orders, manage your account, provide customer support, and deliver products you have purchased. - Legitimate interest (Art. 6(1)(f)): to improve our website and services, prevent fraud, ensure network and information security, and conduct internal analytics. - Consent (Art. 6(1)(a)): to send you marketing communications, newsletters, and promotional offers. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal. - Legal obligation (Art. 6(1)(c)): to comply with applicable tax, accounting, and regulatory requirements under Romanian and EU law.

4. RECIPIENTS AND PROCESSORS

Your personal data may be shared with the following categories of recipients who act as data processors on our behalf: - Hosting and infrastructure providers: Supabase (database hosting) and Vercel (website hosting). - Payment processors: third-party payment service providers that process transactions securely on our behalf. - Delivery and logistics: courier and shipping companies necessary to fulfill your orders. - Cookie management: Cookiebot, used to manage cookie consent on our website. All processors are bound by data processing agreements and are required to process your data only in accordance with our instructions and applicable data protection laws.

5. RETENTION PERIODS

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: - Contract and transaction data: retained for the duration of the contractual relationship and for the legally required period thereafter (up to 10 years for fiscal/accounting obligations under Romanian law). - Marketing data: retained until you withdraw your consent or object to processing, after which it is deleted without undue delay. - Technical and log data: retained for up to 12 months for security and analytics purposes, unless a longer period is required by law.

6. YOUR RIGHTS AS A DATA SUBJECT

Under the GDPR, you have the following rights with respect to your personal data: - Right of access (Art. 15): to obtain confirmation of whether your data is being processed and to receive a copy of your personal data. - Right to rectification (Art. 16): to have inaccurate personal data corrected or incomplete data completed. - Right to erasure (Art. 17): to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent. - Right to restriction of processing (Art. 18): to request the limitation of processing in certain circumstances, such as when you contest the accuracy of your data. - Right to data portability (Art. 20): to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller. - Right to object (Art. 21): to object to the processing of your personal data based on legitimate interest or for direct marketing purposes. - Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal. To exercise any of these rights, please contact us at italianafilatipregiati@gmail.com or by phone at +40 730 012 045. We will respond to your request within 30 days.

7. RIGHT TO LODGE A COMPLAINT

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania. Website: www.anspdcp.ro.

8. AUTOMATED DECISION-MAKING

We do not use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.

9. INTERNATIONAL DATA TRANSFERS

Some of our data processors (such as Supabase and Vercel) may process your personal data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) approved by the European Commission, to guarantee that your data receives an adequate level of protection in compliance with the GDPR.

10. DATA SECURITY MEASURES

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS/SSL), secure database storage with access controls, regular security reviews, and restriction of data access to authorized personnel only.

11. COOKIES

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy page.