Last Updated: September 23, 2025 | Effective Date: September 23, 2025
1. Company Information
Company Name: BOOSTER28 ADS S.R.L.
Address: Str. Lungă, Nr. 149, Ap. P3, Brașov, 500059, România
VAT Number: RO48459815
Website: https://katimoni.shop
Email: support@katimoni.shop
Phone: +40 721 456 789
2. Data Controller
BOOSTER28 ADS S.R.L. is the data controller responsible for your personal information. We determine the purposes and means of processing your personal data in accordance with the EU General Data Protection Regulation (GDPR).
For any questions about this Privacy Policy or your personal data, you can contact our Data Protection Officer at:
- Email: privacy@katimoni.shop
- Phone: +40 721 456 789
- Address: Str. Lungă, Nr. 149, Ap. P3, Brașov, 500059, România
4. How We Use Your Information
We use your personal information for the following purposes:
4.1 Order Processing and Fulfillment
- Process and fulfill your orders
- Communicate about order status and delivery
- Handle returns, refunds, and warranty claims
- Provide customer support
4.2 Account Management
- Create and maintain your account
- Authenticate your identity
- Provide personalized shopping experience
- Remember your preferences and order history
4.3 Marketing and Communications
- Send promotional emails and newsletters (with your consent)
- Inform you about new products and special offers
- Conduct market research and surveys
- Personalize marketing content
4.4 Legal and Security
- Comply with legal obligations and regulations
- Prevent fraud and ensure transaction security
- Protect our rights and property
- Resolve disputes and enforce our terms
4.5 Business Operations
- Analyze website usage and improve our services
- Conduct quality assurance and staff training
- Manage inventory and product development
- Generate reports and business analytics
5. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
5.1 Contractual Necessity
Processing necessary to fulfill our contract with you (order processing, delivery, customer service).
5.2 Legitimate Interest
Processing necessary for our legitimate business interests, such as:
- Fraud prevention and security
- Business analytics and improvement
- Direct marketing to existing customers
- Debt recovery and legal claims
5.3 Consent
Where you have given specific consent for:
- Marketing communications
- Non-essential cookies
- Product reviews and testimonials
5.4 Legal Obligation
Processing required to comply with legal requirements such as:
- Tax and accounting regulations
- Consumer protection laws
- Anti-money laundering requirements
6. Sharing Your Information
We do not sell your personal information. We may share your data with:
6.1 Service Providers
- Payment Processors: Secure payment processing (Stripe, PayPal)
- Shipping Partners: Order fulfillment and delivery (Fan Courier, DHL)
- IT Services: Website hosting, email services, customer support tools
- Marketing Services: Email marketing platforms, analytics providers
6.2 Legal Requirements
We may disclose your information when required by law or to:
- Respond to legal process or government requests
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
- Comply with regulatory obligations
6.3 Business Transfers
If we sell, merge, or transfer our business, your information may be transferred to the new owner with appropriate safeguards.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:
- Account Information: Until you delete your account or request deletion
- Order Data: 7 years for tax and legal compliance
- Marketing Data: Until you unsubscribe or withdraw consent
- Website Analytics: 26 months maximum
- Customer Support: 3 years for service improvement
- Legal Records: As required by applicable law
After the retention period expires, we securely delete or anonymize your personal information.
🇪🇺 Your GDPR Rights
As an EU resident, you have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for consent-based processing
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, contact us at privacy@katimoni.shop. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
9.1 Technical Safeguards
- SSL/TLS Encryption: All data transmission is encrypted
- Secure Servers: Data stored on protected, access-controlled servers
- Regular Updates: Software and security patches applied promptly
- Firewalls: Network protection against unauthorized access
- Backup Systems: Regular, secure data backups
9.2 Organizational Measures
- Access Controls: Limited access to personal data on need-to-know basis
- Staff Training: Regular privacy and security training
- Data Processing Agreements: Contracts with all third-party processors
- Incident Response: Procedures for handling security breaches
- Regular Audits: Periodic security assessments
⚠️ Data Breach Notification
In the unlikely event of a data breach that may result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience. For detailed information, please see our separate Cookie Policy.
Types of Cookies We Use:
- Essential Cookies: Required for website functionality
- Performance Cookies: Help us understand how visitors use our site
- Functionality Cookies: Remember your preferences and settings
- Marketing Cookies: Used to deliver relevant advertisements (with consent)
You can control cookies through your browser settings and our cookie consent manager.
11. International Data Transfers
Your personal data is primarily processed within the European Union. However, some of our service providers may process data outside the EU:
- Adequacy Decisions: Countries with adequate data protection levels
- Standard Contractual Clauses: EU-approved contracts for data transfers
- Certification Schemes: Providers certified under recognized frameworks
We ensure all international transfers comply with GDPR requirements and provide appropriate safeguards.
12. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our records.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on our website
- Update the "Last Updated" date at the top
- Notify you of material changes via email or website notice
- Obtain your consent for changes requiring it under GDPR
We encourage you to review this policy periodically to stay informed about how we protect your information.