Privacy Policy - Homelyf.shop

Privacy Policy

GDPR-compliant privacy practices protecting your personal data

Last Updated: September 11, 2025 | Effective Date: September 11, 2025

Table of Contents

1. Data Controller Information

This Privacy Policy describes how Homelyf SRL ("we," "us," or "our") collects, uses, and protects your personal information when you use our website homelyf.shop and our services.

Data Controller Details

  • Company Name: Homelyf SRL
  • Registration Number: J03/XXXX/2024
  • VAT Number: RO34567892
  • Address: Str. Smeurei 63, Arges, Romania
  • Email: privacy@homelyf.shop
  • Phone: +40 742 389 567

GDPR Compliance

We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and Romanian data protection laws. This policy explains your rights and how we handle your personal data.

2. Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, phone number, password
  • Order Information: Billing and shipping addresses, payment information
  • Communication Data: Customer service inquiries, reviews, feedback
  • Marketing Preferences: Newsletter subscriptions, communication preferences

Information Collected Automatically

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, time spent, referring websites
  • Location Data: General location based on IP address
  • Cookies and Tracking: See our Cookie Policy for details
Data Category Examples Purpose Retention
Identity Data Name, date of birth, gender Account management, age verification Account lifetime + 3 years
Contact Data Email, phone, address Communication, delivery Account lifetime + 3 years
Financial Data Payment card details, bank info Payment processing Not stored (processed by payment providers)
Transaction Data Order history, preferences Order fulfillment, customer service 7 years (legal requirement)
Technical Data IP address, browser, device ID Security, analytics, improvement 2 years
Marketing Data Preferences, campaign responses Personalized marketing Until consent withdrawn

3. How We Use Your Information

Primary Purposes

  • Order Processing: Fulfill orders, process payments, arrange delivery
  • Customer Service: Respond to inquiries, provide support, handle returns
  • Account Management: Create and maintain your account, preferences
  • Legal Compliance: Meet tax, accounting, and regulatory requirements

Secondary Purposes (with consent)

  • Marketing Communications: Newsletters, promotional offers, product updates
  • Personalization: Customized product recommendations, targeted content
  • Analytics: Website usage analysis, performance improvement
  • Research: Market research, product development, customer satisfaction

Consent Withdrawal

You can withdraw your consent for marketing and analytics at any time through your account settings, email unsubscribe links, or by contacting us directly.

5. Information Sharing

We Share Information With:

  • Service Providers: Payment processors, shipping companies, IT support
  • Legal Authorities: When required by law or legal process
  • Business Partners: With explicit consent for joint marketing
  • Professional Advisors: Lawyers, accountants, auditors (under confidentiality)

Third-Party Service Providers

Service Type Data Shared Purpose Safeguards
Payment Processing Name, address, payment details Transaction processing PCI DSS compliance, encryption
Shipping & Logistics Name, address, phone, order details Order delivery Data processing agreements
Email Marketing Email address, preferences Newsletter delivery GDPR-compliant platforms
Analytics Anonymized usage data Website improvement Data minimization, anonymization
Customer Support Contact details, inquiry history Support ticket management Confidentiality agreements

No Selling of Data

We never sell, rent, or trade your personal information to third parties for their marketing purposes. All data sharing is limited to the purposes described in this policy.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Data Type Retention Period Reason
Account Information Until account deletion + 3 years Customer service, legal obligations
Order Records 7 years from purchase Legal requirement (tax, warranty)
Marketing Data Until consent withdrawn Marketing communications
Website Analytics 26 months Performance analysis
Support Tickets 3 years from resolution Quality improvement
Security Logs 12 months Fraud prevention, security

Automated Deletion

  • Inactive accounts are flagged after 3 years of no activity
  • Marketing data is removed when consent is withdrawn
  • Technical logs are automatically purged after retention period
  • We conduct annual reviews to ensure compliance

7. Data Security

Technical Safeguards

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication
  • Regular Updates: Security patches, software updates
  • Monitoring: 24/7 security monitoring, intrusion detection

Organizational Measures

  • Staff Training: Regular privacy and security training
  • Data Minimization: Collect only necessary information
  • Regular Audits: Internal and external security assessments
  • Incident Response: Breach notification procedures

Data Breach Notification

In case of a data breach affecting your personal information, we will notify you and the relevant authorities within 72 hours as required by GDPR, along with steps we're taking to address the issue.

8. Your Privacy Rights

Under GDPR, you have the following rights regarding your personal data:

πŸ” Right to Access

Request a copy of the personal data we hold about you, including how it's processed.

✏️ Right to Rectification

Correct inaccurate personal data or complete incomplete information.

πŸ—‘οΈ Right to Erasure

Request deletion of your personal data in certain circumstances ("right to be forgotten").

⏸️ Right to Restrict Processing

Limit how we process your data while disputes are resolved.

πŸ“¦ Right to Data Portability

Receive your data in a machine-readable format to transfer to another service.

❌ Right to Object

Object to processing based on legitimate interests or for direct marketing.

How to Exercise Your Rights

  • Email: privacy@homelyf.shop with subject "Data Rights Request"
  • Online Form: Available in your account settings
  • Phone: +40 742 389 567 (ask for Data Protection Officer)
  • Response Time: Within 30 days (may extend to 60 days for complex requests)

Identity Verification

To protect your privacy, we may need to verify your identity before processing rights requests. We may ask for additional information or documentation.

12. Contact Information

Data Protection Officer

Email: dpo@homelyf.shop

Address: Homelyf SRL, Str. Smeurei 63, Arges, Romania

Phone: +40 742 389 567

Supervisory Authority

If you're not satisfied with our response to your privacy concerns, you can lodge a complaint with:

  • Romanian Data Protection Authority (ANSPDCP)
  • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest
  • Website: dataprotection.ro
  • Phone: +40 318 059 211

Policy Updates

We may update this Privacy Policy periodically. We'll notify you of significant changes by email or through our website. The "Last Updated" date at the top indicates when the policy was last revised.

Homelyf Footer
Homelyf Footer
Scroll to Top