Privacy Policy - TOAH SRL / www.toah.ro
This Privacy Policy explains how TOAH SRL collects, uses, stores and protects the personal data of users of the www.toah.ro website in accordance with Regulation (EU) 679/2016 (GDPR) and applicable national law.
By using the website and placing an order, the user confirms that he/she has read and understood this policy.
- Data controller
TOAH SRL Address: Str. Kelemen Arpad nr. 95, Chinteni, jud. Cluj, Romania E-mail: info@toah.ro Phone: 0791 520 209 CUI: 50416557 Nr. Reg. No.: J2024015457127
TOAH SRL is the controller of personal data collected through the website www.toah.ro.
- What data we collect
We only collect the data strictly necessary to process orders and operate the online shop:
Data provided directly by the client:
- Full name
- Delivery address
- E-mail address
- Phone number
- Data required for invoicing (natural or legal person)
- Order details (products, value, payment methods)
Data collected automatically:
- IP address
- Device and browser technical data
- Cookies necessary for the functioning of the website (see Cookies Policy)
We do not collect sensitive data.
- Purposes of data processing
TOAH SRL processes personal data exclusively for:
- order processing and confirmation
- issuing invoices
- delivery of products
- communications strictly related to the order placed
- managing returns and guarantees
- meeting legal obligations (accounting, taxation)
- fraud prevention and transaction security
We do not use the data for marketing, newsletters or profiling.
- Legal basis of processing
We process data on the basis of:
- contract execution (order processing)
- legal obligations (invoicing, accounting)
- legitimate interest (site security, fraud prevention)
- consent, where necessary
- To whom we transmit personal data
TOAH SRL transmits personal data only to the partners necessary to process the order, respecting the principle of data minimization.
Data may be sent to:
- DPD and Dragon Star – to deliver orders
- EuPay – for online payment processing
- IT service providers (for technical maintenance only)
- Public authorities, only on legal request
We do not sell, rent or transfer personal data to third parties for commercial purposes.
- Data storage duration
Data is kept only as long as necessary for:
- order processing
- legal obligations (e.g. invoices are kept for 10 years under tax law)
- Collateral management (24 months)
After the legal deadlines expire, the data is deleted or anonymized.
- Data security
TOAH SRL implements technical and organizational measures for data protection:
- encryption of data transmitted through the website
- secure servers
- restricted access to data
- GDPR compliant contractual partners
- permanent platform security monitoring
Card details are NOT accessed and are NOT stored by TOAH SRL. Payments are processed exclusively by EuPlătesc, in 3D-Secure system.
- User rights (GDPR)
According to Regulation (EU) 679/2016, the user has the following rights:
- Right of access to personal data
- Right to rectification
- Right to erasure (‘right to be forgotten’)
- Right to restrict processing
- Right to oppose
- Right to data portability
- Right to complain to the ANSPDCP
To exercise these rights, the user can send a request to: 📩 info@toah.ro
- Minors
The www.toah.ro website is not intended for minors. We do not knowingly collect data from people under 18.
- Cookies
The site uses cookies necessary for its functioning. For details, see our Cookies Policy.
- Policy changes
TOAH SRL reserves the right to update this policy. The updated version will be published on the website.
- Contact
For questions about data protection:
TOAH SRL E-mail: info@toah.ro Str. Kelemen Arpad nr. 95, Chinteni, jud. Cluj