Privacy
Policy
Last Updated: April 2025 · Technik Solutions S.R.L. · Reg. J40/XXXX/2020 · CUI ROXXXXXXXX
DATA CONTROLLER
Technik Solutions S.R.L., headquartered in Bucharest, Romania, is the data controller for all personal data collected through this platform. We are committed to protecting your privacy in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian national data-protection law. This policy explains what data we collect, why we collect it, and what rights you have over it.
Data We Collect
We collect the following categories of personal data when you use our platform:
| Category | Data Points | Collection Method |
|---|---|---|
| Identity | First name, last name | Registration form / Google OAuth |
| Contact | Email address, phone number | Registration form, checkout |
| Account | Password hash, authentication tokens | Created automatically on registration |
| Commercial | Orders, returns, invoices, favourites | Your activity on the platform |
| Billing | Invoice details, VAT number, company name | Billing profile form |
| Delivery | Delivery address, recipient name | Delivery address form |
| Technical | IP address, browser type, session data, cookies | Automatically on each visit |
| Behavioural | Pages visited, search queries, click events | Analytics cookies (with consent) |
Why We Process Your Data
We process personal data only for specified, explicit, and legitimate purposes. The table below maps each purpose to its legal basis under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Processing and fulfilling orders | Performance of a contract (Art. 6(1)(b)) |
| Issuing invoices and managing billing | Legal obligation (Art. 6(1)(c)) · Romanian fiscal law |
| Processing return and refund requests | Performance of a contract (Art. 6(1)(b)) |
| Sending order confirmation and status emails | Performance of a contract (Art. 6(1)(b)) |
| Sending marketing communications | Consent (Art. 6(1)(a)) · Opt-in only |
| Improving platform performance via analytics | Consent (Art. 6(1)(a)) · Cookie consent |
| Fraud detection and security | Legitimate interests (Art. 6(1)(f)) |
| Complying with tax and accounting obligations | Legal obligation (Art. 6(1)(c)) |
Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:
- Account data: retained for the duration of your account. Deleted within 30 days of account closure request, subject to legal hold requirements.
- Order and invoice data: retained for 10 years in accordance with Romanian fiscal and accounting legislation (Legea contabilității nr. 82/1991).
- Technical and log data: retained for up to 12 months for security and debugging purposes.
- Marketing consent records: retained until consent is withdrawn plus an additional 3 years for compliance evidence.
- Cookie data: session cookies expire at browser close; persistent analytics cookies expire after 12 months.
Data Sharing & Third Parties
We do not sell your personal data. We share data only with the processors listed below, under written data-processing agreements, and solely to the extent necessary:
- Courier and logistics partners — for delivery address and recipient name only.
- Payment processors — for transaction authentication. We do not store card numbers.
- Cloud infrastructure providers (EU-based) — for hosting the platform and its database.
- Email delivery services — for transactional and, with consent, marketing emails.
- Analytics platforms — aggregated, anonymised data only, subject to your cookie consent.
- Accounting and auditing firms — only invoice and fiscal data, under strict confidentiality requirements.
⚠ Any transfer of data outside the EU/EEA is governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction:
- All data in transit is encrypted using TLS 1.3.
- Passwords are never stored in plain text — only salted hashes using bcrypt.
- Access to production systems is restricted to authorised personnel via role-based access control.
- Authentication tokens use cryptographically secure random generation with short expiry windows.
- The platform undergoes regular security audits and dependency vulnerability scans.
- Databases are backed up daily and stored in encrypted form in a geographically separate location.
Cookies & Tracking
Strictly Necessary Cookies
These cookies are required for the platform to function (session management, authentication, CSRF protection). They cannot be disabled and do not require consent.
Analytics Cookies
With your consent, we use analytics cookies to understand how visitors interact with the platform. This data is aggregated and anonymised. You can withdraw consent at any time via the cookie settings panel.
Marketing Cookies
We do not currently use marketing or tracking cookies for advertising purposes. If this changes, we will request your explicit consent before activating them.
⚠ Cookie consent is managed via our in-platform cookie banner. You may update your preferences at any time.
Minors
Our platform is intended for use by individuals aged 18 and over, or by businesses acting through authorised representatives. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a minor has registered on our platform, please contact us immediately at privacy@technik-solutions.ro.
Your GDPR Rights at a Glance
Right of Access
Request a copy of all personal data we hold about you (Art. 15 GDPR).
Right to Rectification
Ask us to correct inaccurate or incomplete personal data (Art. 16 GDPR).
Right to Erasure
Request deletion of your data where there is no overriding legal basis to retain it (Art. 17 GDPR).
Right to Restriction
Ask us to pause processing your data in certain circumstances (Art. 18 GDPR).
Right to Portability
Receive your data in a structured, machine-readable format or have it transferred to another controller (Art. 20 GDPR).
Right to Object
Object to processing based on legitimate interests or for direct marketing at any time (Art. 21 GDPR).
PRIVACY_CONTACT
Exercise Your Rights
To make a data request or file a complaint, contact our privacy team. We respond within 30 days as required by GDPR.