Privacy policy

1. Purpose

Our commitment

True Fine Coffee respects the privacy of site Users (“data subjects”) and protects personal data. This Privacy Policy describes processing activities under the GDPR and applicable local rules.

Scope

This policy informs data subjects who contact us via the website contact form about how personal data are processed under the General Data Protection Regulation (“GDPR”).

It explains how True Fine Coffee collects and processes personal data, parties involved and data-subject rights.

We encourage stakeholders and data subjects to review this policy regularly alongside our high‑level privacy overview.

True Fine Coffee will not weaken protections for personal data through policy or practice changes.

2. Summary

3. Your rights

Contact gdpr@truefinecoffee.ro anytime at no charge to exercise GDPR rights.

You may exercise:
1. Access to know what data we process;
2. Rectification of inaccuracies;
3. Erasure where applicable;
4. Restriction while disputes on accuracy/lawfulness exist (data may be retained for claims);
5. Portability – receive a copy / technical transfer where feasible;
6. Objection to processing for questions raised with the DPO mailbox;
7. Marketing opt‑out via email or unsubscribe links in commercial messages.

4. Purposes and legal bases

We process personal data for:

1. Legal obligations and litigation defence.
2. Contract performance.
3. Security and fraud prevention.
4. Statistics and research.
5. Commercial/marketing where permitted.
6. Non‑marketing service communications.

4.1 Legal purposes

Examples: detecting fraud or offences against the platform; statutory retention; managing GDPR/local rights requests; court proceedings and incidents linked to orders.

4.2 Contractual purposes

Examples: account creation; delivering requested services and features; payment processing and receipts; customer care; refunds/promotions; notifying material changes to terms, privacy or cookie policies.

4.3 Security

Monitoring suspicious payment-related activity; cooperating with authorities where irregularities arise.

4.4 Analytics/research

Analysing trends, basket behaviour and platform usage to improve services.

4.5 Marketing

Marketing, surveys and personalised offers via permitted channels and cookies only where you have agreed under the Cookie Policy.

Non‑marketing

Receipts, operational incidents affecting orders, legal/policy updates and essential service notices.

5. Categories of data and collection

Data we may hold:

1. Provided by you:

1.1 Registration: username and email when creating an account.

1.2 Profile: optional phone or other profile fields you add.

1.3 Additional: e.g. billing details if invoicing is requested.

1.4 Communications: enquiries or comments you send.

2. Generated indirectly:

2.1 Platform usage: interaction logs.

2.2 Device/app data: IP address for fraud prevention; connection/browser/OS/device type; navigation paths (URLs, timestamps); order history and feedback; browsing preferences.

2.3 Cookies: see the cookie policy.

6. Recipients and disclosures

Partners and processors must contractually respect instructions, this Policy and applicable data-protection law.

We do not sell personal data. Commercial disclosures inconsistent with this Policy will not occur.

6.1 Order fulfilment chain

Data may reach Venue staff roles involved in preparing/serving orders, payment processors and telecom channels used for order-related communications.

6.2 Sharing with third parties

Including payment processors (card data handled directly by PCI-compliant providers—True Fine Coffee does not store full card numbers); fraud-screening providers; authorities where legally required; commercial partners only with explicit informed consent where applicable; successors in a business transfer with notice.

6.3 Disclosures occur only if

a) necessary to deliver services with contracted processors;

b) you give express consent;

c) requested by competent authorities under law;

d) otherwise required by law.