Our Privacy Policy was last updated on September 1, 2025.

1) Introduction

This Privacy Policy explains how GLITZ&GRAF AGENCY SRL (“GLITZ&GRAF,” “we,” “us,” “our”) collects, uses, and protects your personal data when you use our website https://glitzandgraf.com (the “Site”) and related services.

We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable Romanian and EU legislation.

2) Data Controller

The Services are operated by:

GLITZ&GRAF AGENCY SRL
Calea Moșilor 88, Sc. F, Ap. F1, Sector 3, 030152, Bucharest, Romania
Trade Registry No.: J40/1076/2024
Fiscal Identification Code (CUI): 49445834
EU VAT No.: RO49624287

For the purposes of the GDPR, we act as the Data Controller.

3) Data We Collect

We may collect the following categories of data:

ü  Personal Data: name, billing/shipping address, email, phone number, order details.

ü  Account Data: if you create an account, login details and preferences.

ü  Payment Data: processed securely by third-party payment providers; we do not store full card details.

ü  Usage Data: IP address, browser type, device information, pages visited, time/date of access.

ü  Cookies & Tracking Data: see Section 6.

4) How We Use Your Data

We use your data for the following purposes:

ü  To process and deliver your orders.

ü  To provide and improve our Site and services.

ü  To manage your account.

ü  To communicate with you about your orders, returns, or support requests.

ü  To send you marketing communications (only with your explicit consent).

ü  To comply with legal obligations (invoicing, tax reporting).

ü  To prevent fraud and ensure site security.

5) Legal Basis for Processing

We process your personal data under the following legal bases:

Ø  Contract – processing is necessary to fulfill your purchase/order.

Ø  Consent – for optional marketing communications and cookies.

Ø  Legal obligation – for accounting and tax compliance.

Ø  Legitimate interest – for fraud prevention, website security, and business analysis.

6) Cookies and Tracking

We use cookies and similar technologies to operate our Site.

Ø  Necessary Cookies – required for the site to function (checkout, authentication).

Ø  Preference Cookies – save language, login, or settings.

Ø  Analytics Cookies – help us understand traffic and improve performance.

Ø  Marketing Cookies – only used with your consent, to deliver relevant offers.

You can manage cookies via your browser settings or through our cookie banner. For more details, see our Cookie Policy.

7) Sharing of Data

We may share your data with trusted third parties:

Ø  Shopify (website hosting, checkout, payment infrastructure).

Ø  Printify and its production partners (to manufacture and ship your orders).

Ø  Payment providers (e.g., Stripe, PayPal, card processors).

Ø  Email & communication providers (e.g., Microsoft 365).

Ø  Carriers and logistics providers (for delivery).

Ø  Analytics providers (Google Analytics, if active).

We require all partners to comply with GDPR and only process data as instructed.

8) International Transfers

Some of our processors (e.g., Shopify, Printify, email services) may transfer your data outside the EU/EEA. In such cases, data transfers are safeguarded using Standard Contractual Clauses (SCCs) or other EU-approved mechanisms.

9) Data Retention

We keep your personal data only as long as necessary:

Ø  Orders & invoicing data: minimum 10 years (per Romanian accounting/tax law).

Ø  Customer support & account data: until your account is closed or request is resolved.

Ø  Marketing data: until you withdraw your consent.

Ø  Usage data: typically retained for up to 2 years.

10) Your GDPR Rights

You have the following rights under GDPR:

Ø  Access – request a copy of the data we hold about you.

Ø  Rectification – correct inaccurate or incomplete data.

Ø  Erasure (“right to be forgotten”) – request deletion of your data where legally possible.

Ø  Restriction – limit processing under certain circumstances.

Ø  Portability – request transfer of your data in a structured, machine-readable format.

Ø  Objection – object to processing based on legitimate interest, including direct marketing.

Ø  Withdraw consent – for any processing based on your consent (e.g., marketing emails).

To exercise your rights, contact us at gdpr@glitzandgraf.com. We may require verification of your identity before fulfilling your request.

11) Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority. In Romania, this is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
www.dataprotection.ro

12) Children’s Privacy

Our Site and services are not directed to children under 16 years (per Romanian and EU law). We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at gdpr@glitzandgraf.com, and we will delete the information.

13) Links to Other Websites

Our Site may contain links to third-party websites. We are not responsible for their content, privacy practices, or compliance. Please review the privacy policy of any external site you visit.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Effective Date.” For significant changes, we will notify you by email or a prominent notice on our Site.

15) Contact Us

If you have any questions or requests about this Privacy Policy or your GDPR rights, please contact us:

Ø  For GDPR requests: gdpr@glitzandgraf.com

Ø  For general inquiries: contact@glitzandgraf.com

Company details (for identification only):
GLITZ&GRAF AGENCY SRL
Calea Moșilor 88, Sc. F, Ap. F1, Sector 3, 030152, Bucharest, Romania
Trade Registry No.: J40/1076/2024
Fiscal Identification Code (CUI): 49445834