Privacy policy

Privacy Policy – ​​www.haiart.ro

General information

The confidentiality of your personal data is a major priority for RAI CONCEPT DESIGN SRL , with registered office at STR. CÂMPULUI, NR. 47Y, BERCENI, ILFOV, which acts as Data Controller (hereinafter referred to as the "Company").

This document informs you about the processing of your personal data in the context of using the website. https://www.haiart.ro (hereinafter referred to as the "Site").

Contact Details for GDPR Requests:

  • Email Address: office@haiart.ro

  • Postal Address: STR. CAMPULUI, NO. 47Y, BERCENI, ILFOV

1. Categories of Personal Data Processed

We process your personal data based on your interaction with our Site:

A. If you are a Customer (placing an order):

We process the data you provide us directly: Name and surname, Phone number, Email address, Billing address, Delivery address , as well as data related to how you use the Site (order history, preferences).

  • Third-Party Authentication: If you use your Facebook or Google account for authentication, we will process the public profile data displayed by those applications (username, email address).

  • Abandoned Cart/Unfinished Order: If you initiate the creation of an account or place an order but do not complete it, the data provided (email, etc.) is temporarily processed for the purpose of recovering the cart.

B. If you are a Site Visitor:

We process the data you provide:

  • Directly: Through the contact/questions/complaints section.

  • Indirect (Technical Data): IP address, browser used, browsing duration, operating system, information regarding interaction with the Site (clicks, pages viewed). This data is collected mainly through cookies . Please consult the Cookies Policy for details.

2. Purposes and Legal Grounds of Processing

We process your data strictly for the following purposes and based on the legal grounds established by the GDPR:

Purpose of Processing Legal Basis (GDPR) Why is the data needed?
A. Execution of the Contractual Relationship (Orders, Invoicing, Delivery, Returns). Execution of the Contract (Art. 6 (1) letter b)) Without this data, we cannot fulfill the order and delivery.
B. Fulfillment of Legal Obligations (Taxation, Archiving, Accounting). Legal Obligation (Art. 6 (1) letter c)) The data is mandatory for compliance with Romanian legislation.
C. Direct Marketing (Newsletter, Commercial SMS). Consent (Art. 6 (1) letter a)) Unless you explicitly choose to receive these communications. You can unsubscribe at any time.
D. Analysis, Service Improvement and Monitoring (Internal Reports, Complaint Resolution, Site Security). Legitimate Interest (Art. 6 (1) letter f)) To ensure that the Site functions properly and to constantly improve the user experience.

3. Duration of Data Processing

The company processes personal data only for as long as necessary to achieve the stated purposes:

  • Customer Data: For the entire duration of the contractual relationship and, subsequently, for a period of 10 years (in accordance with legal tax and archiving obligations).

  • Marketing Data: Until consent is withdrawn or until a reasonable period of user inactivity.

  • Account Deletion: If you request account deletion ( the "right to be forgotten" ), your account will be deactivated. Transaction data (invoices, delivery details, etc.) will be retained for 10 years for legal reasons and will be anonymized thereafter. Account deletion does not affect active orders.

4. Disclosure and Transfer of Personal Data

RAI CONCEPT DESIGN SRL does not rent or sell your data to third parties.

The data may be disclosed to the following categories of recipients (processors), who are contractually obliged to maintain the confidentiality of the data:

  • IT service providers (hosting, website maintenance);

  • Transport/courier operators (for order delivery);

  • Marketing service providers (for newsletter management);

  • Public Authorities (central and local), in situations where disclosure is required by a legal obligation.

Data Transfer Outside the EU/EEA

Personal data is generally processed in Romania or in EU member states. If we use service providers with servers located outside the European Economic Area (EEA), such as the United States (e.g. Google, Meta, Mailchimp), the transfer will only take place if appropriate safeguards are in place, such as:

  • The supplier's adherence to agreements recognized by the EU (if applicable).

  • Implementation of the Standard Contractual Clauses (SCC) adopted by the European Commission.

5. Your Rights (GDPR)

In accordance with applicable data protection legislation, as a data subject, you have the following rights:

Law Description
Right to Information To receive details regarding data processing activities (including through this document).
Right of Access To obtain confirmation that your data is being processed and to receive a copy of it.
Right to Rectification To request the correction of inaccurate or incomplete data, without undue delay.
Right to Erasure ("Right to be forgotten") To request the deletion of data, except for those for which there is a legal obligation to retain it (e.g., invoice data).
Right to Restrict Processing To request the limitation of data processing in certain circumstances.
Right to Data Portability To receive the data in a structured, commonly used and machine-readable format and to request its transmission to another controller.
The Right to Opposition To object to processing based on legitimate interest (Art. 6 (1) letter f)) and to object at any time to processing for direct marketing purposes (free of charge and without justification).
The right not to be subject to automated individual decision-making To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
The Right to File a Complaint To file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) or with the competent courts.

To exercise these rights, please send a request to the email address mentioned at the beginning of the document: office@haiart.ro .

6. Minors' Privacy

The Company does not intentionally collect data from individuals under the age of 18. If, in error, we obtain such information, we will take immediate steps to delete it or request appropriate parental consent.

7. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. Any major changes will be communicated to users either by email (if possible) or by a visible message on the Site, at least 30 days before the new provisions come into force.

8. Use of Cookies

This Site uses cookies . For more detailed information about how we use these files, please visit: [Link to Cookies Policy] .