Privacy Policy

1) Information on the collection of personal data and contact details of the controller

1.1 The protection of your personal data is our top priority. We are pleased that you are visiting our website and thank you for your interest. In this privacy policy, we would like to inform you about how and which personal data we collect and process during your visit to our website. Personal data includes all information that relates to an identified or identifiable natural person, such as your name, address, email address, telephone number or your IP address. To ensure transparency, we explain in detail which data is processed for which purpose and to what extent.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is EuroClothing SRL, Strada Primaverii 55, 507190 Sanpetru, Brasov, Romania. The term "controller" refers to the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data. If you have any questions about data protection or would like to exercise your rights under the GDPR, you can contact us at any time. We have set up appropriate contact options for this purpose, which you will find at the end of this privacy policy.

1.3 Our website uses SSL or TLS encryption for your security and to protect your personal data. This ensures that the transmission of personal data and other confidential content, such as orders or inquiries, is protected. You can recognize an encrypted connection by the fact that the URL begins with "https://" and a lock symbol is displayed in the browser bar. This security measure ensures that your data cannot be intercepted or manipulated by third parties on the way between your device and our server.

When you use our website purely for informational purposes, i.e. if you do not register or otherwise transmit data to us, we only collect data that your browser automatically transmits to our server. This data is technically necessary to display the content of the website to you and to ensure functionality. This information includes, among other things:

• The website you visited
• Date and time of access
• The amount of data sent in bytes
• The source or reference through which you reached our site
• The browser used and the operating system
• Your IP address (possibly in anonymized form)

The processing of this data takes place in accordance with Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in ensuring the stability and functionality of our website and remedying any technical disruptions. We use this data to monitor the performance of the site and make adjustments if necessary. Data is not passed on to third parties in this context. However, if we suspect illegal use of our website, we reserve the right to review the server log files retrospectively.

We use cookies to make your visit to our website as pleasant as possible. Cookies are small text files that are stored on your device and store information that enables us to optimize your user experience and provide certain functions. Some cookies are deleted after you close your browser (so-called session cookies), others remain on your device for longer (so-called persistent cookies). Persistent cookies help to recognize your browser on a subsequent visit.

The cookies we use store and process information about your usage behavior, your preferred settings and your IP address. This is done both to improve the user-friendliness of our website and to customize our offers individually. Some cookies serve to simplify the ordering process, for example by storing the contents of a virtual shopping cart.

The legal basis for the processing of data through cookies is Article 6 paragraph 1 letter b) of the GDPR if the cookies are necessary to execute a contract. When using cookies that are not directly necessary for contract fulfillment, we rely on Article 6 paragraph 1 letter f) of the GDPR, our legitimate interest in improving the functionality and user experience on the website.

If you do not want cookies to be stored on your device, you can deactivate this in the settings of your browser. However, please note that certain functions of our website may not be available to their full extent without cookies.

If you contact us, whether by email, via a contact form or in any other way, we collect personal data. The type of data collected depends on the contact form you use and what information you provide us with. This data is used exclusively for the purpose of processing your request or for the associated communication.

The legal basis for processing this data is Article 6 paragraph 1 letter f) of the GDPR, our legitimate interest in responding to your inquiries. If your inquiry is aimed at concluding a contract, the data processing is additionally based on Article 6 paragraph 1 letter b) of the GDPR.

After completing the processing of your request, we delete the collected personal data, provided there are no legal retention obligations and no further contractual obligations need to be fulfilled.

If you open a customer account with us or place an order, we collect and process personal data that is necessary for the execution of the contract. This includes in particular name, address, email address and, if applicable, payment data. We use this data exclusively for processing the contract and managing your customer account.

The legal basis for this data processing is Article 6 paragraph 1 letter b) of the GDPR, which permits processing for the fulfillment of a contract. You can have your customer account deleted at any time by sending us a corresponding message. After deleting your account, we only store your data for as long as is necessary to fulfill legal retention obligations.

If you subscribe to our newsletter, we use the email address you provide to regularly send you information about our products and offers. For registration, we use the so-called double opt-in procedure: After you have entered your email address, we will send you a confirmation email in which you must confirm your registration. Only after this confirmation will your email address be added to our mailing list.

The legal basis for processing your data is your explicit consent in accordance with Article 6 paragraph 1 letter a) of the GDPR. You can unsubscribe from the newsletter at any time by using the corresponding link at the end of each email or by contacting us directly. After unsubscribing, we will delete your email address from our mailing list, unless you have consented to further use of your data or we are legally obliged to store your data for longer.

As part of processing your order, we transmit your personal data to third parties if this is necessary for contract fulfillment. This may include, for example, passing on your delivery address to the shipping company commissioned or transmitting payment data to our payment service providers.

We work with the following payment service providers:

• Stripe Payments Europe Ltd.: If you choose credit card payment via Stripe, the payment will be processed by Stripe. Stripe also processes the data associated with the order.
• PayPal: If you choose PayPal as a payment service provider, the payment will be processed by PayPal. PayPal also processes the data associated with the order.
• Bank Transfer (Advance Payment): For bank transfer payments, we process the information required to allocate the payment (e.g., name, amount, reference).

The legal basis for this data transfer is Article 6 paragraph 1 letter b) of the GDPR, as this is necessary for the fulfillment of the contract.

We use web analysis tools on this website to analyze the use of our website and continuously improve it. The following tools are used:

Google Analytics: We use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies and similar technologies to collect information about your use of the website. The collected data is transmitted to Google servers and processed there. We have activated IP anonymization, so that your IP address is shortened by Google within member states of the EU or in other contracting states of the Agreement on the European Economic Area.

Matomo (formerly Piwik): We use Matomo, an open-source web analytics software. Matomo is operated on our own servers, so that all analysis data remains with us and is not passed on to third parties. Matomo uses cookies to collect information about the use of the website.

The legal basis for the use of these analysis tools is Article 6 paragraph 1 letter f) of the GDPR (legitimate interest in the analysis and optimization of our website). You can object to data processing at any time or adjust your settings in your browser.

In accordance with the GDPR, you have various rights regarding the processing of your personal data:

• Right of access (Art. 15 GDPR): You can request information at any time about the personal data we process about you, including the processing, the storage period and the recipients.
• Right to rectification (Art. 16 GDPR): You have the right to have incorrect or incomplete data corrected.
• Right to erasure (Art. 17 GDPR): You can request the deletion of your data unless legal retention obligations or legitimate interests prevent this.
• Right to restriction of processing (Art. 18 GDPR): In certain cases, you can request a restriction of processing.
• Right to data portability (Art. 20 GDPR): You can receive your data in a structured, common and machine-readable format or request the transfer to another controller.
• Withdrawal of consent (Art. 7 para. 3 GDPR): If you have given your consent to data processing, you can revoke it at any time.
• Right to lodge a complaint (Art. 77 GDPR): If you believe that your rights have been violated, you can lodge a complaint with a supervisory authority.

The duration of storage of personal data depends on the respective legal basis, the processing purpose and, if applicable, the statutory retention period (e.g. commercial and tax law retention periods).

Storage based on consent (Art. 6 para. 1 lit. a GDPR):
Data is stored until the data subject revokes their consent.

Storage according to statutory retention periods (Art. 6 para. 1 lit. b GDPR):
Data processed in the context of legal transaction obligations is deleted after the expiry of the statutory retention periods, provided it is no longer required for contract fulfillment or initiation or there is no legitimate interest in further processing.

Storage based on legitimate interest (Art. 6 para. 1 lit. f GDPR):
Data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless compelling legitimate grounds for processing can be demonstrated that override the rights and freedoms of the data subject, or the processing serves the assertion, exercise or defense of legal claims.

Storage for direct marketing (Art. 6 para. 1 lit. f GDPR):
Data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR.

Deletion when no longer needed:
Personal data is deleted when it is no longer necessary for the purposes for which it was collected or processed.

Deletion on request:
If there are no statutory retention periods, data subjects can request the deletion of their data at any time, even without giving reasons. A request for deletion can be sent by email to support@softwarebay.de.

• Germany: Invoices: 10 years | Customer data: As long as necessary for the purposes, but at least 10 years due to tax requirements.
• Austria: Invoices: 7 years | Customer data: At least 7 years, depending on the case also longer.
• France: Invoices: 10 years | Customer data: 3 years from the last contact or purchase.
• Italy: Invoices: 10 years | Customer data: At least 10 years, depending on the purpose.
• Spain: Invoices: 6 years | Customer data: At least 6 years, often longer depending on the contract.
• Netherlands: Invoices: 7 years | Customer data: As long as necessary, but usually 7 years.
• Belgium: Invoices: 7 years | Customer data: 10 years if legally required.
• Sweden: Invoices: 7 years | Customer data: As long as necessary, usually not longer than 7 years.
• Denmark: Invoices: 5 years | Customer data: 5 years after business completion.
• Finland: Invoices: 6 years | Customer data: 6 years, depending on the purpose.
• Poland: Invoices: 5 years | Customer data: Maximum 6 years if required.
• Ireland: Invoices: 6 years | Customer data: Up to 6 years if tax required.
• Portugal: Invoices: 10 years | Customer data: 10 years or longer, depending on the purpose of use.
• Greece: Invoices: 5 years | Customer data: At least 5 years.
• Luxembourg: Invoices: 10 years | Customer data: 10 years, depending on the purpose of use.
• Romania: Invoices: 10 years | Customer data: At least 10 years.
• Bulgaria: Invoices: 5 years | Customer data: 5 years after business completion.
• Croatia: Invoices: 11 years | Customer data: Up to 11 years, depending on the type of data.
• Hungary: Invoices: 8 years | Customer data: Usually up to 8 years.
• Czech Republic: Invoices: 10 years | Customer data: Up to 10 years.
• Slovakia: Invoices: 10 years | Customer data: At least 10 years.
• Slovenia: Invoices: 10 years | Customer data: At least 10 years.
• Estonia: Invoices: 7 years | Customer data: 7 years after transaction completion.
• Latvia: Invoices: 5 years | Customer data: 5 years.
• Lithuania: Invoices: 10 years | Customer data: Up to 10 years.
• Malta: Invoices: 6 years | Customer data: 6 years.
• Cyprus: Invoices: 6 years | Customer data: Up to 6 years.

If you have a customer account with us - without having placed an order - you can request deletion of all your data directly at support@softwarebay.de. If you have already placed orders, we are subject to EU law.