Privacy Policy

1. Controller and contact details

The controller of personal data collected through dezshop.eu is Terra Cycle SRL, tax ID RO37298322, registered with the Trade Register under number J2017000856137. The registered office is located at Loc. Eforie Nord, Oras Eforie, Aleea Ghiocelului nr. 7, Jud. Constanta, Romania, while the public-facing operational address / work point is Str. Emil Botta, Nr. 16A, Agigea, Constanta, Romania, 907015.

For privacy questions or to exercise your rights, you can contact us at contact@dezshop.eu, by phone at +40 371 785 244, on WhatsApp at +40 756 100 149, or send a dedicated written request to dezmembrariagigea05@gmail.com.

2. What personal data we collect

Depending on how you use the site, we may process the following categories of personal data:

• identity and contact data, such as name, surname, email address, phone number, shipping address, and billing address;
• customer account data, such as login identifiers, preferences, and order history;
• transaction and payment data, such as ordered products, order values, currency, payment status, and transaction references; full card data is handled by payment providers and is not stored by us;
• business customer data, where relevant, such as company name, VAT number, and invoicing details;
• customer support communications, including emails, calls, attachments, and information necessary to handle returns or complaints;
• technical and security data, such as IP address, browser information, device data, technical logs, anti-fraud data, and information needed to secure the service;
• marketing preferences and consents, where you choose to receive promotional communications or where consent is otherwise required by law.

3. Purposes and legal bases

We process personal data only where we have a valid legal basis under the GDPR and applicable law.

• performance of a contract or steps prior to entering into a contract: account creation, cart management, order handling, delivery, returns, refunds, and customer support;
• legal obligation: invoicing, accounting and tax compliance, document retention, and cooperation with authorities where legally required;
• legitimate interests: site security, fraud prevention, defence of legal claims, customer relationship management, and service improvement;
• consent: marketing communications, certain cookies or similar technologies, and other processing activities where the law requires your consent.

4. Categories of recipients

We share personal data only where necessary with the following categories of recipients:

• technical, hosting, maintenance, authentication, and IT security providers;
• payment service providers, banks, and other services involved in handling transactions;
• couriers, logistics providers, and partners involved in shipping, delivery, or return handling;
• professional advisers, auditors, or compliance service providers where necessary;
• public authorities, courts, or regulators where disclosure is required by law or necessary to protect our rights.

5. International transfers

Where some service providers process data outside the European Economic Area, we use appropriate safeguards where required by law, such as standard contractual clauses or other legally recognised transfer mechanisms.

6. Retention periods

We keep personal data only for as long as needed for the purpose for which it was collected, and then for as long as required by legal, accounting, tax, warranty, limitation, or legal defence obligations.

• account data is kept while the account remains active and then for a reasonable period required for security, dispute resolution, and legal compliance;
• order, invoicing, payment, and related support data is retained in line with applicable legal retention periods and legitimate evidential needs;
• data processed on the basis of consent is kept until consent is withdrawn, without affecting the lawfulness of processing carried out before withdrawal;
• where no fixed legal retention period applies, we determine retention based on criteria such as the nature of the contractual relationship, operational necessity, data sensitivity, and applicable limitation periods.

7. Your rights

Subject to the conditions laid down by law, you have the following rights regarding your personal data:

To exercise any of these rights — including account deletion or an export of your personal data — please email contact@dezshop.eu. We will reply within 30 days from receipt of your request, as required by Article 12(3) GDPR. We may ask you to confirm your identity before acting on a request, and some data may be retained where mandatory legal, accounting, or tax retention periods apply (for example, invoicing records).

• right of access;
• right to rectification of inaccurate or incomplete data;
• right to erasure where legally applicable;
• right to restriction of processing;
• right to data portability where applicable;
• right to object to certain processing based on our legitimate interests;
• right to withdraw consent at any time where processing is based on consent, without affecting processing carried out before withdrawal;
• right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects, where the law grants that right.

8. Complaints and supervisory authority

If you believe that our processing of your personal data infringes applicable law, we encourage you to contact us first so that we can try to resolve the issue quickly.

You also have the right to lodge a complaint with the competent supervisory authority. In Romania, the competent authority is ANSPDCP.

• ANSPDCP: Bd. G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania;
• website: https://www.dataprotection.ro/;
• email: anspdcp@dataprotection.ro.

9. Whether providing data is mandatory

Some data is necessary in order to create an account, process an order, issue an invoice, deliver products, handle returns, or respond to requests. If you do not provide that data, we may be unable to perform the contract or provide certain site features.

10. Cookies, marketing, and security

The site may use cookies and similar technologies to operate correctly, secure the service, remember preferences, and, where permitted, measure usage or support marketing activities.

For more details, please see our Cookies page. Electronic marketing communications are sent only where permitted by law and can be disabled at any time.