📋 Quick Navigation

🏢 Data Controller 📊 Data Collection 🎯 Usage Purposes ⚖️ Legal Basis 🤝 Data Sharing 📅 Data Retention 🛡️ Your Rights 🔒 Security Measures 🍪 Cookies Policy 📞 Contact DPO
🏢

Data Controller Information

The data controller responsible for your personal data is:

🏢 Company Details

Company Name: BOOSTER28 ADS S.R.L.

Registration Number: VAT RO48459815

Registered Address: Str. Lungă, Nr. 149, Ap. P3, Brașov, 500059, România

Website: https://yardunakraft.shop

Email: support@yardunakraft.shop

Phone: +40 745 123 456

Our Data Protection Officer (DPO) can be reached at: dpo@yardunakraft.shop

As a Romanian company operating within the EU, we are subject to the General Data Protection Regulation (GDPR) and Romanian data protection laws.

📊

What Data We Collect

We collect different types of personal data depending on how you interact with our services:

Data Category Specific Data Collection Method Mandatory/Optional
Identity Data First name, last name, title Account registration, order forms Mandatory for orders
Contact Data Email address, phone number Account registration, checkout Mandatory for communication
Address Data Billing and delivery addresses Order checkout process Mandatory for delivery
Financial Data Payment method (card last 4 digits) Payment processing (secure) Mandatory for purchases
Transaction Data Order history, purchase details, amounts Automatic during purchases Mandatory for order fulfillment
Technical Data IP address, browser type, device info Automatic website visit Automatic collection
Usage Data Pages visited, time spent, interactions Website analytics tools Optional (can opt-out)
Marketing Data Newsletter preferences, interests Voluntary subscription Optional only
⚠️ Important Note

We do NOT collect sensitive personal data such as race, religion, political opinions, health information, or sexual orientation unless explicitly required and consented to for specific garden product recommendations (e.g., allergy-safe plants).

🎯

How We Use Your Data

We use your personal data for the following specific purposes:

Order Processing & Customer Service

  • Process your orders and arrange delivery of garden products
  • Provide customer support and handle inquiries
  • Send order confirmations, shipping updates, and delivery notifications
  • Process returns, refunds, and warranty claims
  • Maintain order history for your reference

Account Management

  • Create and manage your user account
  • Authenticate your identity and secure your account
  • Store your preferences and delivery addresses
  • Provide personalized product recommendations

Legal Compliance & Business Operations

  • Comply with legal obligations (VAT reporting, consumer protection)
  • Prevent fraud and maintain platform security
  • Resolve disputes and enforce our terms of service
  • Maintain business records and accounting

Marketing & Communications (With Your Consent)

  • Send promotional emails about new garden products
  • Share seasonal gardening tips and care instructions
  • Notify you about special offers and discounts
  • Conduct customer satisfaction surveys
🎯 Purpose Limitation Principle

We strictly adhere to the GDPR principle of purpose limitation. Your data is only used for the specific purposes listed above and never for unrelated activities. If we need to use your data for a new purpose, we will ask for your explicit consent first.

🤝

Who We Share Your Data With

We may share your personal data with the following categories of recipients, but only when necessary and with appropriate safeguards:

Service Providers (Data Processors)

  • Shipping Companies: Fan Courier, GLS, DPD for delivery services
  • Payment Processors: Secure payment gateways for transaction processing
  • Email Service: For sending order confirmations and newsletters
  • Web Hosting: Cloud infrastructure providers with EU data centers
  • Analytics Services: Google Analytics (with IP anonymization)

Legal Requirements

  • Tax Authorities: Romanian tax office (ANAF) for VAT compliance
  • Law Enforcement: Only when legally required by court order
  • Regulatory Bodies: Consumer protection authorities when required

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, but only with the same privacy protections.

🚫 What We Never Do

We NEVER:

  • Sell your personal data to third parties
  • Share data for third-party marketing without consent
  • Transfer data outside the EU without adequate safeguards
  • Use your data for purposes unrelated to our services

Data Processing Agreements

All service providers who process your data on our behalf are bound by strict data processing agreements (DPAs) that ensure:

  • Data is processed only for our specified purposes
  • Appropriate security measures are implemented
  • Data is not used for their own purposes
  • Compliance with GDPR and data protection laws
  • Immediate notification of any data breaches
📅

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Data Type Retention Period Reason for Retention Legal Basis
Account Information Until account deletion requested Provide ongoing service Contract performance
Order and Transaction Data 7 years after transaction Legal compliance (accounting, tax) Legal obligation
Customer Support Records 3 years after last contact Quality assurance and legal protection Legitimate interest
Marketing Consent Until consent withdrawn Marketing communications Consent
Website Analytics 26 months (Google Analytics) Website improvement and optimization Legitimate interest
Security Logs 12 months Fraud prevention and security Legitimate interest
🗑️ Automatic Deletion

We have implemented automated systems to delete personal data when retention periods expire. You can also request immediate deletion of your data (subject to legal obligations we must comply with).

🛡️

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

🔍 Right to Access (Article 15)

You can request a copy of all personal data we hold about you, including information about how it's processed.

✏️ Right to Rectification (Article 16)

You can ask us to correct any inaccurate or incomplete personal data.

🗑️ Right to Erasure "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

🚫 Right to Restrict Processing (Article 18)

You can ask us to limit how we use your data in certain circumstances.

📦 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format to transfer to another service.

⛔ Right to Object (Article 21)

You can object to processing based on legitimate interests, including direct marketing.

🤖 Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling (though we currently don't engage in these practices).

⏱️ Response Times

We will respond to your requests within one month of receipt. For complex requests, we may extend this by an additional two months, but we'll inform you of any delay and the reasons for it.

How to Exercise Your Rights

To exercise any of these rights, contact us:

🏛️ Right to Lodge a Complaint

If you're not satisfied with how we handle your personal data, you can lodge a complaint with:

🇷🇴 Romanian Supervisory Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

Website: www.dataprotection.ro

Phone: +40 21 252 5599

🔒

Data Security Measures

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

  • Encryption: All data transmitted using TLS 1.3 encryption
  • Secure Hosting: EU-based data centers with ISO 27001 certification
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Updates: Security patches and system updates applied promptly
  • Firewall Protection: Advanced firewall and intrusion detection systems
  • Data Backup: Encrypted, secure backups with regular testing

Organizational Measures

  • Staff Training: Regular privacy and security training for all employees
  • Access Limitation: Data access limited to authorized personnel only
  • Confidentiality Agreements: All staff bound by strict confidentiality terms
  • Data Minimization: We collect only necessary data
  • Regular Audits: Internal security audits and assessments

Payment Security

  • PCI DSS Compliance: Payment Card Industry standards
  • Secure Payment Gateways: Certified third-party processors
  • No Storage: We never store full payment card details
  • Tokenization: Payment data replaced with secure tokens
🚨 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and steps we're taking
  • Offer support and guidance on protective measures
🍪

Cookies and Similar Technologies

We use cookies and similar technologies to enhance your browsing experience:

Types of Cookies We Use

🔧 Essential Cookies (Always Active)

  • Shopping cart functionality
  • User authentication and security
  • Payment processing
  • Site navigation and core functionality

📊 Analytics Cookies (Optional)

  • Google Analytics (with IP anonymization)
  • Website performance monitoring
  • User behavior analysis for improvements
  • Popular product and page tracking

🎯 Marketing Cookies (With Consent)

  • Personalized product recommendations
  • Targeted advertising (if consented)
  • Social media integration
  • Email marketing optimization

Managing Your Cookie Preferences

You can control cookies through:

  • Our cookie banner when you first visit
  • Your browser settings (delete/block cookies)
  • Opting out of Google Analytics: Google Analytics Opt-out
  • Contacting us to update your preferences
⚙️ Cookie Settings

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our footer or by contacting our support team.

🔄

Updates to This Privacy Policy

This privacy policy was last updated on: March 15, 2024

We may update this privacy policy from time to time to reflect:

  • Changes in our data processing practices
  • New legal requirements or regulations
  • Improvements to our services
  • Enhanced security measures

How We'll Notify You of Changes

  • Email Notification: For significant changes affecting your rights
  • Website Banner: Prominent notice on our homepage
  • Account Notification: Message in your account dashboard
  • Version History: Previous versions available upon request
📝 Your Continued Use

By continuing to use our services after we post changes to this privacy policy, you accept the updated terms. If you disagree with changes, you can close your account and stop using our services.