Privacy Policy

Last updated: March 27, 2026

This policy describes how we collect, use, and protect your personal data when you use the refashioned.ro online store, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Romanian Law no. 190/2018.

1. Who We Are (Data Controller)

[TODO: PFA Name]
Tax ID (CUI): [TODO: CUI]
Address: [TODO: Address]
Contact email: comenzi@refashioned.ro

2. Data We Collect

We only collect data necessary to process your orders:

  • Identification data: name, email address, phone number
  • Delivery data: full address (street, city, county, postal code)
  • Payment data: processed directly by Stripe — we do not have access to card details
  • Account data: if you sign in through Clerk (email, name)
  • Technical data: preferences stored locally (theme, language) via localStorage

3. Purpose of Data Processing

  • Order processing — to deliver purchased products
  • Transactional communications — order confirmation, delivery status
  • Legal obligations — invoicing, accounting records
  • Service improvement — based on legitimate interest

4. Legal Basis

We process your data based on the following legal grounds (Art. 6 GDPR):

  • Art. 6(1)(b) — contract performance (order processing, delivery)
  • Art. 6(1)(c) — legal obligation (invoicing, accounting)
  • Art. 6(1)(f) — legitimate interest (fraud prevention, service improvement)
  • Art. 6(1)(a) — consent (newsletter, marketing — only if you explicitly opt in)

5. Data Retention

We retain your data only as long as necessary:

  • Order data: 5 years (accounting and tax obligations)
  • Account data: until account deletion or upon your request
  • Marketing data: until consent is withdrawn

6. Data Recipients

Your data may be shared with the following partners, strictly for service functionality:

  • Stripe (USA) — payment processing. Stripe complies with PCI DSS and GDPR through Standard Contractual Clauses (SCC).
  • Clerk (USA) — authentication. Transfer protected by SCC.
  • Cloudflare (global) — hosting and CDN. Data processed under GDPR with SCC.
  • Courier services — for order delivery (name, address, phone).

7. Your Rights

Under GDPR, you have the following rights:

  • Right of access — you can request a copy of your data
  • Right to rectification — you can correct inaccurate data
  • Right to erasure ("right to be forgotten") — you can request data deletion
  • Right to restriction — you can limit data processing
  • Right to portability — you can receive data in a structured format
  • Right to object — you can object to processing based on legitimate interest

To exercise any of these rights, write to us at comenzi@refashioned.ro. We will respond within 30 days.

8. Cookies

We use cookies and local storage for website functionality. For full details, see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your data: encrypted HTTPS connection, restricted database access, payment processing through Stripe (PCI DSS certified). However, no internet transmission can be guaranteed 100% secure.

10. Policy Changes

We reserve the right to update this policy. Significant changes will be communicated via email or website notification. The last update date is displayed at the top of this page.

11. Contact and Complaints

For any questions about your personal data, contact us at comenzi@refashioned.ro.

If you believe your data is being processed unlawfully, you have the right to file a complaint with:

  • ANSPDCP (National Supervisory Authority for Personal Data Processing): dataprotection.ro