Privacy Policy

Privacy Policy – www.daospureherbs.eu (In accordance with European Union legislation, including Regulation (EU) 2016/679 – GDPR, Directive 2002/58/EC (ePrivacy), Directive 2011/83/EU, Regulation (EU) 2018/302, and applicable national laws) 1. Introduction This Privacy Policy explains how Soare M.N.B. Individual Enterprise, VAT Number (CIF) 35982498, registered with the Trade Registry under no. F40/713/2016, as the operator of the website www.daospureherbs.eu (“the Operator”), collects, uses, stores, and protects personal data. The Operator processes personal data in full compliance with: Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR) Directive 2002/58/EC on privacy and electronic communications (ePrivacy Directive) Directive 2011/83/EU on consumer rights Regulation (EU) 2018/302 on unjustified geo‑blocking National legislation implementing these EU rules Protecting your personal data is a priority. 2. Personal Data We Collect Depending on your interaction with the website, we may collect the following categories of personal data: a) Data provided directly by the user First and last name Email address Billing and shipping address Phone number Information required for order processing b) Data collected automatically IP address Device and browser type Website usage and navigation data Cookies and similar technologies (in accordance with the ePrivacy Directive and GDPR) c) Transaction data Order history Payment method (processed by secure third‑party providers; the website does not store card details) 3. Purposes of Data Processing Your data is processed exclusively for legitimate purposes, including: processing and delivering orders issuing invoices and fulfilling legal obligations communicating with users (confirmations, notifications, support) improving website functionality fraud prevention and security marketing communications (only with explicit consent, in accordance with GDPR) 4. Legal Basis for Processing Data processing is carried out under one or more of the legal bases defined in Articles 6 and 7 of GDPR: Performance of a contract (Art. 6(1)(b)) User consent (Art. 6(1)(a)) Legal obligations (Art. 6(1)(c)) Legitimate interest (Art. 6(1)(f)) 5. Data Retention Period Data is stored only for as long as necessary for the purposes for which it was collected or as required by EU and national law. Examples: Billing data: retained according to fiscal legislation (typically 5–10 years) Account data: retained until account deletion Marketing data: retained until consent is withdrawn 6. Disclosure of Data to Third Parties Data may be shared with: courier companies payment processors IT and hosting service providers public authorities, when required by law All third parties must comply with GDPR and ensure adequate data protection. 7. International Data Transfers If personal data is transferred outside the European Economic Area, this will occur only in accordance with Chapter V of GDPR, using: Adequacy decisions issued by the European Commission Standard Contractual Clauses (SCCs) Other appropriate safeguards 8. Data Security The Operator implements technical and organizational measures in accordance with Articles 24, 25, and 32 of GDPR, including: encrypted communications (HTTPS) restricted access to data protection against unauthorized access However, no method of online transmission can guarantee absolute security. 9. User Rights Under Articles 12–22 of GDPR, you have the following rights: Right of access Right to rectification Right to erasure (“right to be forgotten”) Right to restrict processing Right to data portability Right to object Right to withdraw consent at any time Right to lodge a complaint with the supervisory authority (ANSPDCP in Romania) To exercise your rights, you may contact us at: [insert email address] 10. Marketing Communications Marketing messages are sent only with your explicit consent, in accordance with Articles 6 and 7 of GDPR. You may unsubscribe at any time. 11. Cookies and Similar Technologies The use of cookies complies with: Directive 2002/58/EC (ePrivacy Directive) Article 5(3) of the ePrivacy Directive GDPR requirements regarding consent Full details are provided in the Cookies Policy. 12. Changes to the Privacy Policy The Operator may update this policy to reflect changes in EU legislation or technical requirements. The updated version will be published on the website. 13. Contact For questions regarding data protection, you may contact: Soare M.N.B. Individual Enterprise VAT Number (CIF): 35982498 Trade Registry No.: F40/713/2016 Email: [insert email address] Address: [insert full address]