PRIVACY POLICY
(Compliant with GDPR, ePrivacy Directive & EU Consumer Rights)
Last Updated: 15 May 2025
Applicable to: Customers in the European Union (EU), European Economic Area (EEA).
1. Data Controller & EU Representative
CORAL FARM REEF SRL (Legal Entity under Romanian Law)
Registered Address:
Str. Cap. Dumitru Călin, Nr. 16, Sat Roșu, Comuna Chiajna, Ilfov, 077042, Romania
EU VAT Number: RO34971709
Commercial Registry No.: J23/3141/2015
Designated EU Representative (Art. 27 GDPR): Not required (Romania is EU member)
Contact:
Email: [email protected] (Data Protection Officer)
Phone: +40 729 154 576
2. Legal Framework
We comply with:
General Data Protection Regulation (GDPR) (EU) 2016/679
ePrivacy Directive 2002/58/EC (Cookie Law)
EU Consumer Rights Directive 2011/83/EU
Romanian Law No. 506/2004 (Electronic Communications)
3. Personal Data We Collect (Art. 4 GDPR)
| Category | Examples | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Identity Data | Name, address, email | Contract (b), Legal Obligation (c) |
| Transaction Data | Order history, payment info | Contract (b), Tax Compliance (c) |
| Technical Data | IP, cookies, device ID | Consent (a), Legitimate Interest (f) |
| Marketing Data | Preferences, opt-ins | Consent (a) |
Special Notes:
No sensitive data (Art. 9 GDPR) collected (e.g., health, biometrics).
Automated decision-making: Not used (Art. 22 GDPR).
4. How We Use Your Data (Purpose & Legal Basis)
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Order processing | Contract (Art. 6(1)(b)) | 7 years (tax law) |
| Customer support | Legitimate Interest (Art. 6(1)(f)) | 3 years post-purchase |
| Marketing emails | Consent (Art. 6(1)(a)) | Until withdrawal |
| Fraud prevention | Legal Obligation (Art. 6(1)(c)) | 5 years |
5. International Data Transfers (Chapter V GDPR)
EEA-Based Processors: All vendors (e.g., DHL, Stripe EU) operate under GDPR-compliant contracts.
Third Countries: If data is transferred outside EEA (e.g., US), we use:
Standard Contractual Clauses (SCCs) (Art. 46 GDPR)
Adequacy Decisions (e.g., EU-US Data Privacy Framework)
6. Your EU Data Subject Rights
You may exercise the following at no cost (Art. 12-23 GDPR):
| Right | How to Request |
|---|---|
| Access (Art. 15) | Email [email protected] |
| Rectification (Art. 16) | Update via your account dashboard |
| Erasure (“Right to Be Forgotten”) (Art. 17) | Submit a deletion request |
| Portability (Art. 20) | Receive data in CSV/JSON format |
| Withdraw Consent (Art. 7(3)) | Click “unsubscribe” in emails |
Response Time: 30 days (Art. 12 GDPR).
7. Cookies & Tracking Technologies (ePrivacy Directive)
We use:
Necessary Cookies (no consent required) – Session management.
Analytics Cookies (consent-based) – Google Analytics (IP anonymized).
Marketing Cookies (opt-in) – Facebook Pixel.
Manage Preferences: Via our Cookie Banner or browser settings.
8. Data Security (Art. 32 GDPR)
Encryption: TLS 1.2+ for all transmissions.
Access Controls: Role-based permissions.
Breach Notification: Reported to ANSPDCP within 72h (Art. 33 GDPR).
9. Complaints & Supervisory Authority
If unsatisfied, you may lodge a complaint with:
Romanian Data Protection Authority (ANSPDCP)
📧 [email protected]
🌐 www.dataprotection.ro
10. Policy Updates
We will notify users of material changes via email (Art. 13(3) GDPR).
Reviewed by: Legal Team, CORAL FARM REEF SRL
Key Enhancements for EU Compliance:
GDPR-Article Mapping – Explicitly links each process to legal bases.
ePrivacy Integration – Clear cookie consent mechanics.
EU Consumer Rights – Aligns with refunds/returns policies.
International Transfers – SCCs and DPF compliance.
Breach Protocols – 72-hour reporting requirement.