Privacy Policy
Last updated: February 27, 2026
1. Who we are
The personal data controller is:
Robotic Works S.R.L.
CUI: 44638834
Reg. Com.: J21/419/23.07.2021
Headquarters: Strada Smardan Nr 3, Slobozia, Ialomita, Romania, 920075
This policy describes how we collect, use, store and protect your personal data when you use our online store, in compliance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Romanian Law no. 190/2018.
2. What personal data we collect
We collect the following categories of personal data:
Identification data: first name, last name, email address, phone number
Delivery data: full delivery address (street, city, county, postal code, country)
Billing data: billing address (if different from delivery)
Order data: products ordered, quantities, prices, chosen payment method
Technical data: IP address, browser type, pages visited (collected automatically through cookies)
We do not collect or store payment card data. All payments are processed directly by Shopify Payments and/or PayPal, which are PCI-DSS Level 1 certified payment processors.
3. Purpose and legal basis of processing
We process your personal data for the following purposes:
Contract performance (Art. 6(1)(b) GDPR):
• Processing and delivering orders
• Communicating with you regarding orders (confirmations, shipping notifications, tracking numbers)
• Managing returns and complaints
Consent (Art. 6(1)(a) GDPR):
• Sending newsletters and promotional offers (only with your explicit consent)
• Placing non-essential cookies (analytics, marketing)
Legitimate interest (Art. 6(1)(f) GDPR):
• Improving the website and shopping experience
• Fraud prevention
Legal obligation (Art. 6(1)(c) GDPR):
• Retaining fiscal documents as required by applicable legislation
Our website uses the following types of cookies:
Essential cookies (required for website functionality):
• Shopify session cookies (shopping cart, authentication)
• Security cookies (fraud prevention, CSRF protection)
These cookies do not require consent as they are strictly necessary.
Analytics cookies (only with your consent):
• Google Analytics — helps us understand how the website is used (pages visited, time spent, traffic sources)
• Data is anonymized and not used to personally identify you
Marketing cookies (only with your consent):
• Facebook Pixel, TikTok Pixel — for remarketing and measuring advertising campaign effectiveness
You can manage your cookie preferences through the banner displayed on your first visit to the site or through your browser settings.
5. Your rights
In accordance with GDPR, you have the following rights:
Right of access (Art. 15) — You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — You may request correction of inaccurate data or completion of incomplete data.
Right to erasure (Art. 17) — You may request deletion of personal data (“right to be forgotten”), except where retention is legally required.
Right to restriction of processing (Art. 18) — You may request limitation of data processing in certain circumstances.
Right to data portability (Art. 20) — You may request transfer of data in a structured, commonly used and machine-readable format.
Right to object (Art. 21) — You may object to data processing for direct marketing purposes at any time.
Right to lodge a complaint — You have the right to lodge a complaint with the supervisory authority (ANSPDCP).
To exercise any right, fill in the form on the Contact page. We will respond within 30 days.
6. Data retention period
• Order data: for the duration of the commercial relationship + 3 years from the last order
• Fiscal documents: 10 years (as required by Romanian fiscal legislation)
• Marketing data (newsletter): until consent is withdrawn
• Technical data (cookies): according to each cookie's duration (session or maximum 2 years)
After the storage period expires, data is deleted or irreversibly anonymized.
7. Data security
We implement appropriate technical and organizational measures to protect personal data:
• SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted
• Shopify PCI-DSS Level 1: Our platform meets the highest security standards for online transactions
• Restricted access: Only authorized personnel have access to customer personal data
• Certified payment processors: Shopify Payments and PayPal handle financial data in secure environments
8. Data transfer to third parties
Your personal data may be shared with the following categories of third parties, exclusively for the purpose of fulfilling contractual obligations:
• Shopify Inc. (Canada/USA) — e-commerce platform, site hosting, order processing. Transfer is based on Standard Contractual Clauses approved by the European Commission.
• Courier services (Fan Courier, Sameday, Romanian Post) — for package delivery (name, address, phone)
• Payment processors (Shopify Payments, PayPal) — for secure payment processing
• Google Analytics (only with your consent) — for website traffic analysis
We do not sell, rent or transmit your personal data to third parties for marketing purposes without your explicit consent.
9. Contact and supervisory authority
For any questions or requests regarding personal data protection, fill in the form on the Contact page.
Data Protection Officer: Daniel Roman
Supervisory Authority:
ANSPDCP (National Supervisory Authority for Personal Data Processing)
Bd. G-ral Gheorghe Magheru nr. 28-30, Sector 1, Bucharest, 010336
Website: anspdcp.ro
Email: anspdcp@dataprotection.ro