[PRIVACY_POLICY]

Effective Date: 30.10.2025

Business Owner: TIMELESS STUDIO S.R.L

Registered Office: 3 Iulia Street, 317405 Vladimirescu, Arad County, Romania

Email: andtimeless@gmail.com

Phone: +43 677 641 00916 / +43 677 634 71423

PREAMBLE

TIMELESS STUDIO S.R.L, with its registered office at 3 Iulia Street, 317405 Vladimirescu, Arad County, Romania, registered with the Trade Register under number J2/1552/2022, with CUI 46664694, undertakes to comply with the legal regulations set out in Regulation (EU) 679/2016 on the protection of personal data of &TIMELESS website users.

This Privacy Policy outlines how we collect, use, store, and protect your personal data when you visit our website, interact with our services, or make a purchase.

By making an online purchase, creating an account on the website you agree to our privacy policy.

Simply browsing the website is possible without indicating personal data.

We implemented technical and organizational measures to ensure the most complete protection of personal data processed through our website. However, data transmissions over the Internet may, in principle, have security gaps, so that absolute protection cannot be guaranteed. 

For further information or requests you can contact us. at the following e-mail address: andtimeless@gmail.com

1. DEFINITIONS OF TERMS

1.1. In this document the following terms are defined as follows:

Personal data = any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his physical, physiological, genetic, mental, economic, cultural or social identity;

The data subject = the customer whose personal data are processed by TIMELESS STUDIO S.R.L  as the controller responsible for processing in order to process the order placed on this website;

Data processing = means any operation or set of operations performed on personal data or on sets of personal data collected for the purpose of processing the order, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data controller = TIMELESS STUDIO S.R.L as a legal entity, which processes the customer's personal data as a result of the purchase and order on this website;

Consent = any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject signifies his or her agreement, by means of a statement or unequivocal action, to the processing of personal data relating to him or her;

2. Data We Collect

When you interact with our website or services, we collect personal data necessary for providing our products and services. This data includes:

2.1. Personal Data Provided by You

• Account Information: Name, email address, billing and shipping addresses, phone number, and payment information.
• Order Information: Details related to your purchases, including product selections and transaction history.
• Communication Data: Any messages, inquiries, or customer service interactions.

2.2. Automatically Collected Data

When you use our website, we may automatically collect information about your device, including:

• Technical Data: IP address, browser type, device type, operating system, and time zone settings.

• Usage Data: Information about how you use our website, including which pages you visit and for how long.

2.3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience and gather website usage data. For more details on how we use cookies, please see our Cookie Policy section.

3. How We Use Your Data

We use the personal data we collect to provide our services and ensure a smooth customer experience. Specific uses include:

• Order Processing and Fulfillment: To manage your orders, process payments, and deliver products;

• Customer Service: To respond to your inquiries, resolve issues, and provide customer support;

• Account Management: To maintain your account and allow you to manage preferences.

• Marketing: If you have opted in, we may send you marketing communications about new products, offers, and promotions;

• Website Improvement: To analyze website performance and improve our services and user experience;

• Compliance: To comply with legal obligations, including record-keeping and responding to regulatory requests;

• Security purposes - to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack;

4. Legal Basis for Processing Personal Data

Under GDPR, we process your personal data based on the following legal grounds:

4.1. Contractual Necessity

In accordance with Art. 6 paragraph (1) letter (b) of Regulation No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data we process your personal data to fulfill a contract with you (e.g., to process your order and deliver your purchases).

4.2. Legitimate Interests

In accordance with Art. 6 paragraph (1) letter f) of Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data we process your data in order to improve our services, to improve the user experience and to secure our website, provided that these interests are not overridden by your fundamental rights and freedoms.

4.3. Consent

In accordance with Art. 6 paragraph (1) letter a) of Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons we may process personal data relating to data used for marketing purposes for newsletter subscription, cookies and others.

In cases where consent is required, such as for marketing communications, we will seek your explicit consent. You have the right to withdraw this consent at any time.

4.4. Legal Obligations

In accordance with art. 6 paragraph (1) letter f) of Regulation No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data we may process your data to comply with legal obligations, such as tax, accounting, or regulatory requirements.

5. How We Share Your Data

&TIMELESS does not sell your personal data to third parties. We may share your data with trusted third parties in the following circumstances:

• Service Providers: We may share data with third-party vendors who assist in providing our services, such as payment processors, delivery companies, and email communication platforms. These providers are bound by data protection agreements and only process data on our behalf.

• Legal Compliance: We may disclose your data when required by law, for example, in response to a court order, regulatory request, or to prevent fraud or enforce our terms and conditions.

6. International Transfers

As &TIMELESS operates globally, your data may be transferred to and processed in countries outside of the European Economic Area (EEA). When transferring data outside the EEA, we ensure that appropriate safeguards are in place, such as:

• Contracts based on the European Commission's Standard Contractual Clauses.

• Transfers to countries with an adequate level of data protection as determined by the European Commission.

7. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Order Information: Retained for a period not exceeding the period necessary to comply with legal obligations and for record-keeping.

• Account Information: Retained as long as your account is active or as required to provide services to you.

• Marketing Data: Retained until you withdraw consent or opt out.

Once your data is no longer needed, we will securely delete or anonymize it.

8. Your Rights Under GDPR

In accordance with the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) you, as a data subject, have the following rights: 

8.1. Right to Access

You have the right to request a copy of the personal data we hold about you.

8.2. Right to Rectification

You have the right to correct any inaccuracies in your personal data.

8.3. Right to Erasure

You have the right to request the deletion of your personal data, subject to certain conditions (e.g., where the data is no longer necessary for the purpose it was collected).

8.4. Right to Object

You have the right to object to the processing of your data for marketing purposes or based on legitimate interests.

8.5. Right to Restriction

You have the right to request that we restrict the processing of your data under certain circumstances:

• the data subject disputes the accuracy of the data for a period allowing the controller to verify the accuracy of the data;

• the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use;

• the controller no longer needs the personal data for the purpose of the processing, but the data subject requests it for the establishment, exercise or defence of legal claims; or

• the data subject has objected to the processing for the period of time during which it is verified whether the legitimate rights of the controller prevail over those of the data subject.

8.6. Right to Data Portability

You have the right to receive a copy of your data in a structured, machine-readable format and to transmit them to another data controller without hindrance from the controller to whom the personal data have been provided, if:

• the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) of the GDPR; and

• the processing is carried out by automated means.

8.7. Right to Withdraw Consent

If you have provided consent for certain data processing activities, you may withdraw your consent at any time.

8.8. The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing

8.9. The right to be notified in case of data security breaches by the controller

You can exercise all these rights at any time by contacting the controller at the following e-mail address: andtimeless@gmail.com

9. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, or alteration. This includes:

• Encryption of sensitive data.

• Secure servers and systems.

• Regular security assessments and updates.

However, no method of transmission over the Internet can be completely secure.