GDPR Policy for Moda Autentica

Last Updated: July 7, 2025

Moda Autentica, operated by Moda Elisavi S.R.L., located at Str. Viorelelor, Nr. 1, Bl. 1, Sc. A, Ap. 7, Bacau, 600125, Romania, registered with the Bacau Trade Registry under no. J2025025004004, VAT ID: 51587210, EUID: ROONRC.J2025025004004, is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable Romanian data protection laws (e.g., Law no. 190/2018). As a dropshipping business hosted on Shopify, we collaborate with trusted suppliers and third-party processors to deliver our services. This GDPR Policy outlines how we collect, process, share, and protect your personal data, complementing our Privacy Policy.

1. Data We Collect

As detailed in our Privacy Policy, we collect personal data from your interactions with our websites (www.moda-autentica.com and www.moda-autentica.ro) and services, including:

Contact Details: Name, email address, phone number, billing and shipping addresses.

Transaction Data: Details of purchases, returns, or cart activity.

Device and Usage Data: IP address, browser type, and interactions with our websites, collected via cookies and similar technologies.

Third-Party Data: Information from partners like Shopify, payment processors (e.g., Netopia, Wise), or couriers.

We do not collect sensitive personal data (e.g., racial origins, political opinions, health) unless voluntarily provided, in which case it will be deleted unless required for legitimate purposes.

2. Purposes of Data Processing

We process personal data for the following purposes:

Order Processing and Delivery: To fulfill your orders, manage shipping, and process payments in our dropshipping model.

Customer Support: To respond to inquiries and maintain our relationship with you.

Marketing and Advertising: To send promotional communications or display targeted ads, with your consent where required.

Security and Fraud Prevention: To secure our services and detect fraudulent activity.

Legal Compliance: To meet obligations such as tax reporting to ANAF.

3. Legal Basis for Processing

We process your personal data based on:

Contract: To fulfill orders and deliver services (e.g., processing purchases).

Consent: For marketing communications or targeted advertising, which you can withdraw at any time.

Legal Obligations: For compliance with Romanian and EU laws (e.g., tax retention for 10 years under the Romanian Fiscal Code).

Legitimate Interests: For improving services, preventing fraud, or ensuring website security, provided your rights do not override these interests.

4. Data Sharing

We may share your personal data with:

Shopify: To host our platform and process transactions or analytics.

Suppliers and Couriers: To fulfill orders and deliveries in our dropshipping model.

Service Providers: For payment processing (e.g., Netopia, Wise), analytics (e.g., Google Analytics), or customer support.

Advertising Partners: For targeted advertising, with your consent, in accordance with their privacy policies.

Authorities: To comply with legal obligations or protect our rights.

Under certain U.S. privacy laws, sharing data for targeted advertising may be considered a “sale” or “sharing.” You can opt out of such activities by enabling Global Privacy Control (GPC) on your browser, which we recognize as a request to opt out of targeted advertising for the device and browser used. Alternatively, contact us at contact@moda-autentica.com to opt out.

5. Data Security and Transfers

We use industry-standard measures (e.g., SSL encryption, restricted access) to protect your data. However, no system is fully secure, and you are responsible for keeping your account credentials confidential.

Data is primarily stored within the European Economic Area (EEA). Some data may be transferred outside the EEA (e.g., via Shopify or Google Analytics) to countries like the USA, with safeguards such as Standard Contractual Clauses to ensure GDPR compliance.

6. Data Retention

We retain your personal data only as long as necessary:

Customer Data: 5 years from the last order (per Romanian tax law).

Financial Data: 10 years (per Romanian Fiscal Code).

Marketing Data: Until you withdraw consent.

Technical Data (e.g., cookies): Up to 2 years, per our Cookie Policy.

Data is deleted after these periods unless required for legal or legitimate purposes.

7. Your Rights

Under GDPR, you have the following rights:

Access: Request a copy of your personal data.

Rectification: Correct inaccurate data.

Erasure: Request deletion, subject to legal obligations.

Restriction: Limit certain processing activities.

Portability: Receive or transfer your data to another entity.

Objection: Oppose processing for marketing or other purposes.

Withdraw Consent: Revoke consent for processing (e.g., newsletters) without affecting prior processing.

Complaint: File a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or appeal our decisions.

To exercise these rights, contact us at contact@moda-autentica.com or +40766254138. We may verify your identity before processing requests. Responses will be provided within one month, as required by GDPR.

8. Contact

For questions or to exercise your rights, contact:

Operator: Moda Elisavi S.R.L., VAT ID: 51587210

Email: contact@moda-autentica.com

Phone: +40766254138

Address: Str. Viorelelor, Nr. 1, Bl. 1, Sc. A, Ap. 7, Bacau, 600125, Romania