Privacy Policy

Your personal data privacy is a priority for us as a data controller, in accordance with Regulation (EU) 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (“GDPR”) and applicable Romanian legislation.

This document informs you about the processing of your personal data in the context of using our website (hereinafter referred to as the “site”).

Personal data processed

Depending on how you interact with the site, we may process the following categories of personal data:

Directly collected data:

  • Full name;
  • Email address;
  • Phone number;
  • Billing and/or delivery address;
  • Data voluntarily provided through account creation or order placement
  • Order history and preferences expressed on the site (e.g., sizes, selected colors).

Indirectly collected data:

  • Technical data automatically collected, such as IP address, browser type, operating system, visit duration, pages accessed, and other usage-related information.

Purposes and legal bases for processing

We process your personal data for the following purposes and based on the following legal grounds:

  • For contract execution: Processing orders, product delivery, invoicing, managing returns, and communicating about order status. Providing this data is necessary to conclude and execute the contract with you; refusal may result in our inability to provide the products.
  • For legal obligations: Compliance with Romanian tax, accounting, and archiving obligations (e.g., keeping financial-accounting documents as required by Law no. 82/1991). Providing data for this purpose is mandatory.
  • Based on legitimate interest: Improving site functionality, analyzing usage, preventing fraud, and protecting the Seller’s rights and interests. We ensure our legitimate interest does not override your rights and freedoms.
  • Based on consent: Sending commercial communications (e.g., offers, promotions for clothing items) by email, SMS, or other means, only if you have given your explicit consent. You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

What we do with your data

Data is processed by the Seller, located at [Address: e.g., Example Street, No. 123, Bucharest, Romania]. Data is stored and hosted on servers located in the European Economic Area (EEA), including Romania and other EEA member states, in compliance with GDPR.

Data recipients: We may share data with partners (e.g., courier companies, payment processors, IT providers) only under confidentiality agreements and solely for the stated purposes. These partners act as processors under Art. 28 of the GDPR. We do not store or request your card details; these are handled directly by the payment processors.

Legal disclosure: We may disclose data to public authorities when necessary to comply with the law, prevent fraud, or defend our rights, always respecting the principle of proportionality.

For international customers: In the case of international deliveries, data may be transferred to partners outside the EEA (e.g., couriers), but only to entities that ensure adequate data protection standards in accordance with the GDPR.

Data retention period

We store data for as long as necessary to fulfill the described purposes or to comply with legal obligations:

  • Order-related data is stored for the duration of the contractual relationship and afterward, as required by law (e.g., 5 years for financial-accounting documents).
  • Data used for marketing purposes is retained until consent is withdrawn.
  • Technical data of visitors is stored for a limited period, necessary for site analysis and improvement.

You may request deletion of your data or account via email at contact@thinthebrand.com or through the account options on the site. If there are active orders, account deletion will only be possible after order completion.

Data transfer

Data is primarily processed and stored within the European Economic Area (EEA). Transfers outside the EEA occur only in exceptional cases (e.g., international deliveries) and in compliance with the GDPR’s requirements, such as explicit consent or appropriate safeguards (e.g., standard contractual clauses).

Your rights

Under the GDPR, you have the following rights regarding your data:

  • To be informed about processing (details in this document).
  • To access processed data.
  • To rectify inaccurate data.
  • To request deletion (“right to be forgotten”), except for legal obligations.
  • To restrict processing in certain cases.
  • To receive or transfer data (portability).
  • To object to processing, including direct marketing.
  • To not be subject to automated decisions with legal effects.

If you believe your rights have been violated, you can contact the National Supervisory Authority for Personal Data Processing or the competent courts.

Children’s privacy

We do not knowingly collect data from persons under 18 years old. If we discover such data was collected without parental consent, we will delete it immediately. Please contact us at contact@thinthebrand.com if you suspect unintentional collection.

Policy updates

We reserve the right to update this policy. Essential changes will be communicated via email or displayed on the site, with the effective date clearly indicated.

Contact

For questions or requests regarding data processing, please contact us using the contact details available on the site.