J2020000080231
36907907
Address: 16 Adam Ion Street
Phone: +40 745 166 244
Email: office@haiart.ro
Privacy policy
Privacy Policy – www.haiart.ro
General information
The confidentiality of your personal data is a major priority for RAI CONCEPT DESIGN SRL , with registered office at STR. CÂMPULUI, NR. 47Y, BERCENI, ILFOV, which acts as Data Controller (hereinafter referred to as the "Company").
This document informs you about the processing of your personal data in the context of using the website. https://www.haiart.ro (hereinafter referred to as the "Site").
Contact Details for GDPR Requests:
-
Email Address: office@haiart.ro
-
Postal Address: STR. CAMPULUI, NO. 47Y, BERCENI, ILFOV
1. Categories of Personal Data Processed
We process your personal data based on your interaction with our Site:
A. If you are a Customer (placing an order):
We process the data you provide us directly: Name and surname, Phone number, Email address, Billing address, Delivery address , as well as data related to how you use the Site (order history, preferences).
-
Third-Party Authentication: If you use your Facebook or Google account for authentication, we will process the public profile data displayed by those applications (username, email address).
-
Abandoned Cart/Unfinished Order: If you initiate the creation of an account or place an order but do not complete it, the data provided (email, etc.) is temporarily processed for the purpose of recovering the cart.
B. If you are a Site Visitor:
We process the data you provide:
-
Directly: Through the contact/questions/complaints section.
-
Indirect (Technical Data): IP address, browser used, browsing duration, operating system, information regarding interaction with the Site (clicks, pages viewed). This data is collected mainly through cookies . Please consult the Cookies Policy for details.
2. Purposes and Legal Grounds of Processing
We process your data strictly for the following purposes and based on the legal grounds established by the GDPR:
| Purpose of Processing | Legal Basis (GDPR) | Why is the data needed? |
| A. Execution of the Contractual Relationship (Orders, Invoicing, Delivery, Returns). | Execution of the Contract (Art. 6 (1) letter b)) | Without this data, we cannot fulfill the order and delivery. |
| B. Fulfillment of Legal Obligations (Taxation, Archiving, Accounting). | Legal Obligation (Art. 6 (1) letter c)) | The data is mandatory for compliance with Romanian legislation. |
| C. Direct Marketing (Newsletter, Commercial SMS). | Consent (Art. 6 (1) letter a)) | Unless you explicitly choose to receive these communications. You can unsubscribe at any time. |
| D. Analysis, Service Improvement and Monitoring (Internal Reports, Complaint Resolution, Site Security). | Legitimate Interest (Art. 6 (1) letter f)) | To ensure that the Site functions properly and to constantly improve the user experience. |
3. Duration of Data Processing
The company processes personal data only for as long as necessary to achieve the stated purposes:
-
Customer Data: For the entire duration of the contractual relationship and, subsequently, for a period of 10 years (in accordance with legal tax and archiving obligations).
-
Marketing Data: Until consent is withdrawn or until a reasonable period of user inactivity.
-
Account Deletion: If you request account deletion ( the "right to be forgotten" ), your account will be deactivated. Transaction data (invoices, delivery details, etc.) will be retained for 10 years for legal reasons and will be anonymized thereafter. Account deletion does not affect active orders.
4. Disclosure and Transfer of Personal Data
RAI CONCEPT DESIGN SRL does not rent or sell your data to third parties.
The data may be disclosed to the following categories of recipients (processors), who are contractually obliged to maintain the confidentiality of the data:
-
IT service providers (hosting, website maintenance);
-
Transport/courier operators (for order delivery);
-
Marketing service providers (for newsletter management);
-
Public Authorities (central and local), in situations where disclosure is required by a legal obligation.
Data Transfer Outside the EU/EEA
Personal data is generally processed in Romania or in EU member states. If we use service providers with servers located outside the European Economic Area (EEA), such as the United States (e.g. Google, Meta, Mailchimp), the transfer will only take place if appropriate safeguards are in place, such as:
-
The supplier's adherence to agreements recognized by the EU (if applicable).
-
Implementation of the Standard Contractual Clauses (SCC) adopted by the European Commission.
5. Your Rights (GDPR)
In accordance with applicable data protection legislation, as a data subject, you have the following rights:
| Law | Description |
| Right to Information | To receive details regarding data processing activities (including through this document). |
| Right of Access | To obtain confirmation that your data is being processed and to receive a copy of it. |
| Right to Rectification | To request the correction of inaccurate or incomplete data, without undue delay. |
| Right to Erasure ("Right to be forgotten") | To request the deletion of data, except for those for which there is a legal obligation to retain it (e.g., invoice data). |
| Right to Restrict Processing | To request the limitation of data processing in certain circumstances. |
| Right to Data Portability | To receive the data in a structured, commonly used and machine-readable format and to request its transmission to another controller. |
| The Right to Opposition | To object to processing based on legitimate interest (Art. 6 (1) letter f)) and to object at any time to processing for direct marketing purposes (free of charge and without justification). |
| The right not to be subject to automated individual decision-making | To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. |
| The Right to File a Complaint | To file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) or with the competent courts. |
To exercise these rights, please send a request to the email address mentioned at the beginning of the document: office@haiart.ro .
6. Minors' Privacy
The Company does not intentionally collect data from individuals under the age of 18. If, in error, we obtain such information, we will take immediate steps to delete it or request appropriate parental consent.
7. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy. Any major changes will be communicated to users either by email (if possible) or by a visible message on the Site, at least 30 days before the new provisions come into force.
8. Use of Cookies
This Site uses cookies . For more detailed information about how we use these files, please visit: [Link to Cookies Policy] .