Privacy Policy
Barak Carpet SRL
Effective Date: February 17, 2026
Website: www.barakcarpet.eu
Barak Carpet SRL ("we," "us," "our") is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website www.barakcarpet.eu ("Website") and purchase products from us.
This Privacy Policy applies to all users of our Website in the European Union (excluding Romania, which is served by a separate website).
We process your personal data in accordance with:
· EU General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679
· ePrivacy Directive – Directive 2002/58/EC (as amended)
· Romanian Law 190/2018 on data protection measures
· Applicable national data protection laws in your country of residence
For Germany and Austria: This Privacy Policy ("Datenschutzerklärung") meets the transparency requirements under GDPR Articles 13 and 14 and German/Austrian national data protection law.
The data controller responsible for processing your personal data is:
Barak Carpet SRL
Registered office: Strada Viitorului, Nr 12, Municipiul Medgidia, Județul Constanța, Romania
Company Registration Number: J13/3080/2017
Tax Identification Number (CUI): RO38195708
European Unique Identifier (EUID): ROONRC.J13/3080/2017
Email: barakcarpet.eu@gmail.com
Phone:WatsApp: +40 761 896 761
Data Protection Supervisory Authority (Romania):
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, Romania
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro
For Germany: You may also contact the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) – www.bfdi.bund.de
For Austria: You may also contact the Austrian Data Protection Authority (Datenschutzbehörde) – www.dsb.gv.at
For France: You may also contact the Commission Nationale de l'Informatique et des Libertés (CNIL) – www.cnil.fr
For Spain: You may also contact the Agencia Española de Protección de Datos (AEPD) – www.aepd.es
For Italy: You may also contact the Garante per la Protezione dei Dati Personali – www.garanteprivacy.it
3. What Personal Data We Collect
We collect and process the following categories of personal data:
When you place an order (guest checkout or with account):
· Full name (first name and last name)
· Delivery address (street, city, postal code, country)
· Billing address (if different from delivery address)
· Email address
· Phone number
· Company details (company name, VAT/Tax ID number, registration number) – if ordering as a business
When you create a customer account:
· Email address
· Password (encrypted and stored securely)
· Order history and preferences
When you subscribe to our newsletter:
· Email address
· Name (optional)
· Subscription preferences
When you contact us (customer support, inquiries, complaints):
· Name
· Email address
· Phone number (if provided)
· Content of your message or inquiry
3.2 Data Collected Automatically
When you visit our Website, we automatically collect:
· IP address
· Browser type and version
· Operating system
· Device type (desktop, mobile, tablet)
· Pages visited, time spent on pages, clickstream data
· Referring website (how you arrived at our site)
· Date and time of access
Cookies and tracking technologies:
We use cookies, pixels, and similar technologies to collect data about your browsing behavior. See our Cookie Policy for full details.
For Germany and Austria: We only use non-essential cookies (analytics, marketing) after obtaining your explicit consent via our cookie banner.
4. How We Use Your Personal Data (Purpose and Legal Basis)
We process your personal data for the following purposes and legal bases under GDPR Article 6:
|
Purpose |
Data Used |
Legal Basis (GDPR Art. 6) |
|
Processing and fulfilling your order (payment, shipping, delivery confirmation) |
Name, addresses, email, phone, company details, order details |
(b) Performance of contract – necessary to fulfill our sales contract with you |
|
Creating and managing your customer account |
Email, password, order history |
(b) Performance of contract – necessary to provide account services you requested |
|
Sending order confirmations, shipping updates, invoices |
Name, email, order details |
(b) Performance of contract |
|
Handling returns, exchanges, warranty claims, customer support |
Name, email, phone, order details, correspondence |
(b) Performance of contract and (f) Legitimate interest – to resolve issues and provide support |
|
Issuing invoices and complying with accounting, tax, and legal obligations |
Name, addresses, VAT/Tax ID, order details, payment information |
(c) Legal obligation – required under Romanian and EU tax, accounting, and commercial law (10-year retention) |
|
Fraud prevention and website security |
IP address, payment data, order patterns |
(f) Legitimate interest – to protect our business and customers from fraud and abuse |
|
Sending marketing emails and newsletters (promotions, product recommendations, news) |
Email, name, preferences |
(a) Consent – you explicitly opted in via checkbox or subscription form; you may withdraw consent at any time |
|
Website analytics and performance optimization (Google Analytics 4) |
IP address (anonymized), browsing data, pages visited, device info |
(a) Consent – obtained via cookie banner before GA4 tracking starts |
|
Marketing and advertising (Meta Pixel, TikTok Pixel) |
Browsing behavior, IP address, device info, pages viewed, conversions |
(a) Consent – obtained via cookie banner before marketing pixels load |
|
Heatmaps, session recordings, user experience analysis (Hotjar) |
Anonymized browsing behavior, mouse movements, clicks, scrolling |
(a) Consent – obtained via cookie banner; Hotjar anonymizes personal data |
For Germany and Austria: We rely on explicit consent for all non-essential cookies and tracking. You may withdraw consent at any time via our cookie settings or by emailing us.
For France, Spain, and Italy: We comply with national ePrivacy rules requiring prior consent for cookies, except strictly necessary cookies for site functionality.
5. Who We Share Your Data With (Data Recipients)
We share your personal data only with trusted third-party service providers who help us operate our business. These recipients process data on our behalf under strict data processing agreements (GDPR Article 28).
|
Recipient |
Purpose |
Data Shared |
Location |
|
GLS (General Logistics Systems) |
Parcel delivery and shipping |
Name, delivery address, phone, order reference |
EU (Romania, and local GLS partners in destination countries) |
|
Shopify Inc. |
E-commerce platform hosting |
All order and account data |
EU/Canada/USA (Standard Contractual Clauses in place) |
5.2 Third-Country Recipients (Outside EU/EEA)
Some of our service providers are located outside the European Economic Area. We ensure adequate safeguards are in place as required by GDPR Chapter V.
|
Recipient |
Purpose |
Data Shared |
Location |
Safeguards |
|
Stripe (Shopify Payments) |
Payment processing |
Name, email, billing address, payment card data (tokenized) |
USA (certified under EU-US Data Privacy Framework) |
Adequacy decision + Standard Contractual Clauses (SCCs) |
|
PayPal |
Payment processing |
Name, email, billing address |
USA (certified under EU-US Data Privacy Framework) |
Adequacy decision + Standard Contractual Clauses (SCCs) |
|
Google LLC (Google Analytics 4) |
Website analytics |
Anonymized IP, browsing data, device info |
USA (certified under EU-US Data Privacy Framework) |
Adequacy decision + IP anonymization + SCCs |
|
Meta Platforms Inc. (Facebook/Instagram Pixel) |
Marketing and advertising |
Browsing behavior, pages viewed, conversions, hashed email |
USA (certified under EU-US Data Privacy Framework) |
Adequacy decision + SCCs + data minimization |
|
TikTok Technology Limited |
Marketing and advertising |
Browsing behavior, pages viewed, conversions |
Singapore/USA |
Standard Contractual Clauses (SCCs) |
|
Hotjar Ltd. |
User experience analytics (heatmaps, session recordings) |
Anonymized browsing behavior, mouse movements |
Malta (EU) / USA (data storage) |
IP anonymization + data minimization + SCCs for USA storage |
For Germany and Austria: Transfers to third countries (USA) are based on the EU-US Data Privacy Framework adequacy decision (2023) and/or Standard Contractual Clauses approved by the European Commission. You have the right to request copies of these safeguards by contacting us.
6. How Long We Keep Your Data (Retention Periods)
We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law.
|
Data Category |
Retention Period |
Reason |
|
Order data (invoices, receipts, accounting records) |
10 years from end of fiscal year |
Legal obligation under Romanian accounting and tax law (Legea contabilității 82/1991) |
|
Customer account data |
Until account is deleted by the customer, or 3 years of inactivity (after which we may notify you before deletion) |
Performance of contract; deleted upon request |
|
Marketing/newsletter data |
Until you unsubscribe or withdraw consent |
Consent-based; deleted immediately upon withdrawal |
|
Cookies and tracking data |
See Cookie Policy (typically 13–24 months for analytics/marketing cookies) |
Consent-based; deleted or anonymized after expiry |
|
Customer support correspondence |
3 years from last contact |
Legitimate interest in resolving disputes and improving service |
|
Fraud prevention logs |
Up to 5 years |
Legitimate interest and legal obligation |
After the retention period expires, we securely delete or anonymize your personal data.
As a data subject in the EU, you have the following rights:
7.1 Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you.
7.2 Right to Rectification (Article 16)
You have the right to correct inaccurate or incomplete personal data.
7.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data if:
· The data is no longer necessary for the purposes for which it was collected.
· You withdraw consent (where processing was based on consent).
· You object to processing based on legitimate interest and we have no overriding legitimate grounds.
· The data was unlawfully processed.
Exceptions: We may refuse deletion if we are required to retain data for legal, accounting, or tax obligations (e.g., invoices for 10 years).
7.4 Right to Restriction of Processing (Article 18)
You have the right to request that we limit how we use your data in certain circumstances (e.g., while we verify accuracy or your objection).
7.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and to transmit it to another controller.
7.6 Right to Object (Article 21)
· You have the right to object at any time to processing based on legitimate interest (e.g., direct marketing, fraud prevention).
· You have an absolute right to object to direct marketing at any time (including profiling for marketing purposes).
7.7 Right to Withdraw Consent (Article 7)
Where processing is based on consent (e.g., cookies, newsletter), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to withdraw consent:
· Cookies: Use our cookie settings banner or browser settings.
· Newsletter: Click "unsubscribe" in any marketing email or contact us.
7.8 Right to Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to lodge a complaint with:
· ANSPDCP (Romania): www.dataprotection.ro
· Your local EU data protection authority (see list in Section 2)
7.9 How to Exercise Your Rights
To exercise any of the above rights, contact us at:
Email: barakcarpet.eu@gmail.com
Phone:WatsApp: +40 761 896 761
Address: Strada Viitorului, Nr 12, Municipiul Medgidia, Județul Constanța, Romania
We will respond to your request within one month (extendable by two additional months for complex requests).
For Germany and Austria: We will provide information free of charge for your first request. For subsequent repetitive or manifestly unfounded requests, we may charge a reasonable administrative fee or refuse the request in accordance with GDPR Article 12(5).
8. Cookies and Tracking Technologies
We use cookies, pixels, and similar tracking technologies on our Website. For full details, see our Cookie Policy.
Key points:
· Essential cookies: Necessary for website functionality (e.g., shopping cart, session management) – no consent required.
· Analytics cookies (Google Analytics 4): Used to understand website traffic and user behavior – consent required.
· Marketing cookies (Meta Pixel, TikTok Pixel): Used for targeted advertising and conversion tracking – consent required.
· User experience cookies (Hotjar): Used for heatmaps and session recordings (anonymized) – consent required.
For Germany, Austria, France, Spain, and Italy: We obtain explicit consent via a cookie banner before loading non-essential cookies. You can manage your preferences at any time via the banner or your browser settings.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure, including:
· Encryption: HTTPS/TLS encryption for data in transit; encryption of payment data by our payment processors.
· Access controls: Restricted access to personal data on a need-to-know basis; password-protected systems.
· Secure hosting: Our Website is hosted on Shopify's secure cloud infrastructure with regular security audits.
· Data processing agreements: All third-party processors are bound by GDPR-compliant data processing agreements.
· Regular backups: Automated backups to prevent data loss.
Despite our efforts, no online system is 100% secure. We cannot guarantee absolute security but commit to promptly notify you and the relevant supervisory authority of any data breach as required by GDPR Article 33.
Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent.
If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete that information promptly.
For Germany: The age limit is 16 under GDPR; for certain services, German law may require parental consent for children under 18.
11. Newsletter and Marketing Communications
You may subscribe to our newsletter by:
· Entering your email address in our newsletter subscription form on the Website.
· Checking the newsletter opt-in box during checkout (optional).
By subscribing, you consent to receive promotional emails, product recommendations, news, and special offers from Barak Carpet SRL approximately 1–2 times per month.
Legal basis: Consent (GDPR Article 6(1)(a)).
You may withdraw your consent and unsubscribe at any time by:
· Clicking the "unsubscribe" link in any marketing email.
· Logging into your customer account and updating your email preferences.
· Contacting us at barakcarpet.eu@gmail.com with the subject "Unsubscribe."
Once you unsubscribe, we will stop sending marketing emails within 48 hours. We may still send transactional emails related to your orders (order confirmations, shipping updates, etc.), which are necessary to fulfill our contract with you.
We may use third-party email marketing services (e.g., Shopify Email, Klaviyo, Mailchimp) to manage and send newsletters. These providers process your email address and name on our behalf under data processing agreements compliant with GDPR.
12. Automated Decision-Making and Profiling
We do not use automated decision-making (including profiling) that produces legal effects or similarly significantly affects you.
We may use basic analytics and segmentation for marketing purposes (e.g., sending product recommendations based on past purchases), but you always have the right to object to such processing and request human review.
Our Website may contain links to third-party websites (e.g., social media platforms, payment providers, courier tracking pages). We are not responsible for the privacy practices or content of these external sites.
We recommend reviewing the privacy policies of any third-party sites you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Changes will be posted on this page with a new "Effective Date." Material changes will be highlighted or communicated via email if you have an account or are subscribed to our newsletter.
Your continued use of our Website after changes are posted constitutes acceptance of the revised Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
Barak Carpet SRL
Email: barakcarpet.eu@gmail.com
Phone:WatsApp: +40 761 896 761
Address: Strada Viitorului, Nr 12, Municipiul Medgidia, Județul Constanța, Romania
Supervisory Authority (Romania):
ANSPDCP – www.dataprotection.ro – anspdcp@dataprotection.ro
End of Privacy Policy