Privacy policy
1. Who We Are (Data Controller) and How to Contact Us
Nostalgia Retro Disco Future SRL, with its registered office in Constanța Municipality, Adrealului Street no. 10, Constanța County, postal code 900162, registered with the Trade Registry under no. J2019004018133, VAT ID (CUI) 42038175, is the controller of the personal data processed through the Website, within the meaning of the GDPR.
For matters related to data protection, you may contact us at nostalgiastore@infinit.love and/or at the postal address mentioned above, with the note “attn. GDPR officer”.
2. What Data We Process
Depending on how you use the Website, we may process: identification and contact data (first name, last name, e-mail, phone number), delivery and billing data (address, city, county, postal code, company details if you request an invoice issued to a legal entity), order-related data (products, quantities, prices, order history), communications with us (support messages, complaints), technical data (IP address, online identifiers, cookie data, event logs), as well as preferences (e.g. newsletter subscription/unsubscription).
We do not intend to collect special categories of personal data (sensitive data). However, if you voluntarily provide such data in free-text fields (for example, in a complaint), we will process them with appropriate restrictions and solely for the purpose of handling your request.
3. Why We Process Data (Purposes) and Legal Bases
We process personal data to conclude and perform contracts (placing orders, confirmations, delivery, handling returns, warranties, refunds), based on the performance of a contract or steps taken at the data subject’s request prior to entering into a contract, in accordance with the GDPR.
We process personal data to comply with legal obligations (e.g. tax and accounting obligations, management of the legal warranty of conformity), based on compliance with a legal obligation. For distance contracts and the right of withdrawal, the relevant rules are set out in Government Emergency Ordinance no. 34/2014, and for conformity, Government Emergency Ordinance no. 140/2021. For certain national aspects of GDPR implementation, Law no. 190/2018 is applicable.
We process data based on our legitimate interest to ensure Website security, prevent fraud, defend our rights in the event of disputes, and improve our services. In such cases, we assess in advance whether our interests are overridden by your rights and freedoms.
We process data for direct marketing purposes (newsletters, commercial communications) only under the conditions permitted by law, generally based on consent (e.g. newsletter subscription) or, where applicable, based on legitimate interest for communications regarding similar products, within the limits allowed by law. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
4. To Whom We Disclose Data (Recipients)
We may disclose personal data to suppliers involved in operating the online store and fulfilling orders, such as: courier companies, payment processors, hosting and IT maintenance providers, e-mail/SMS service providers, e-commerce platforms, accounting service providers, as well as to public authorities where there is a legal obligation or a valid request.
These providers act either as processors on our behalf or as independent controllers, as applicable. In our relationships with processors, we use contractual clauses that impose confidentiality and appropriate security measures.
5. Transfers Outside the EEA
If we use providers that store or access data outside the European Economic Area (EEA), we will implement appropriate safeguards provided by the GDPR (such as standard contractual clauses), where applicable. Details may vary depending on the providers actually used within the Website’s infrastructure.
6. How Long We Keep Data (Retention Periods)
We retain personal data only for as long as necessary for the purposes for which they were collected. Typically, account and order data are retained for the duration of the commercial relationship and thereafter for as long as required to comply with applicable legal obligations (e.g. financial and accounting archiving), to exercise or defend legal claims, or to manage warranties and complaints. Data processed based on consent (e.g. newsletters) are retained until consent is withdrawn or until the relevant campaign/service ends, while retaining proof of consent for as long as necessary for compliance purposes.
7. Data Subject Rights
Under the GDPR, you have the right of access to your data, rectification, erasure (the “right to be forgotten”), restriction of processing, data portability, objection, and the right not to be subject to a decision based solely on automated processing, where applicable. Where processing is based on consent, you have the right to withdraw it at any time. You also have the right to lodge a complaint with the supervisory authority (ANSPDCP) and the right to bring a claim before the competent courts.
You may exercise your rights by sending a request to [GDPR email]. For your protection, we may request reasonable additional information to verify your identity.
8. Data Security
We apply reasonable technical and organizational measures to protect personal data, such as access control, authentication, logging, backups, confidentiality measures, and secure communications. No transmission or storage system can be guaranteed to be 100% secure; in the event of a security incident, we will manage the situation in accordance with GDPR obligations, including notifying the authority and/or affected individuals where required.
9. Cookies and Similar Technologies
The Website may use cookies and similar technologies for functionality, security, preferences, and, where applicable, analytics and marketing purposes. Strictly necessary cookies may be used to ensure essential functionalities (e.g. shopping cart, authentication, language preferences). For cookies that are not strictly necessary (e.g. analytics/marketing), we will request consent, in accordance with applicable rules. The relevant framework includes the GDPR and the rules on privacy in electronic communications, as reflected in Law no. 506/2004.
Details regarding cookie types, their duration, and preference-setting options are available in the Cookie Policy / cookie preference center on the Website.
10. Changes to This Policy
We may update this Privacy Policy to reflect legislative, technical, or operational changes. The applicable version is the one published on the Website at the time of use. If the changes are substantial, we will display a visible notice on the Website or inform you through other appropriate means.
11. Contact
For any questions regarding this Privacy Policy or how we process personal data, you may contact us at nostalgiastore@infinit.love or at the address: Constanța Municipality, Adrealului Street no. 10, Constanța County, postal code 900162, with the note “GDPR”.
