1. Information We Collect

1.1 Personal Information You Provide

We collect information you provide directly to us when you:

• Create an account: Name, email address, phone number, delivery address
• Place an order: Billing information, shipping address, payment preferences
• Contact us: Name, email, phone number, message content
• Subscribe to marketing: Email address, communication preferences
• Leave reviews: Name, review content, rating

1.2 Information Automatically Collected

When you visit our website, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, clicks, scrolling behavior
• Location Data: General location based on IP address
• Cookie Data: Preferences, session information, analytics data

1.3 Third-Party Information

We may receive information from:

• Payment Processors: Transaction data, fraud prevention information
• Delivery Partners: Shipping updates, delivery confirmations
• Social Media: Public profile information if you connect social accounts
• Analytics Providers: Website performance and user behavior data

2. How We Use Your Information

2.1 Primary Purposes

We use your personal information for the following purposes:

2.2 Marketing and Personalization

With your consent or based on legitimate interest, we may use your information to:

• Send promotional emails about products and offers
• Display personalized product recommendations
• Show targeted advertisements on our website and third-party platforms
• Conduct market research and customer satisfaction surveys
• Improve our products and services based on your feedback

3. Information Sharing and Disclosure

3.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

• Payment Processors: Stripe, PayPal, Klarna for secure payment processing
• Shipping Partners: DHL, UPS, local courier services for order delivery
• Email Service Providers: For sending transactional and marketing emails
• Analytics Providers: Google Analytics, Facebook Pixel for website analytics
• Customer Support Tools: For managing customer inquiries and support tickets
• Cloud Storage Providers: For secure data storage and backup

3.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to government requests or regulatory inquiries
• Protect our rights, property, or safety
• Prevent fraud, abuse, or illegal activities
• Enforce our Terms and Conditions

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4. International Data Transfers

As we operate across Europe and work with international service providers, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate data protection levels
• Standard Contractual Clauses: EU-approved contracts with data processors
• Binding Corporate Rules: For transfers within multinational organizations
• Consent: Where you have explicitly consented to the transfer

5. Data Security

We implement comprehensive security measures to protect your personal information:

5.1 Technical Safeguards

• Encryption: SSL/TLS encryption for data transmission and AES-256 for data storage
• Access Controls: Role-based access with multi-factor authentication
• Regular Security Audits: Vulnerability assessments and penetration testing
• Secure Servers: ISO 27001 certified data centers with 24/7 monitoring
• Backup Systems: Regular encrypted backups with disaster recovery procedures

5.2 Organizational Measures

• Employee training on data protection and privacy practices
• Confidentiality agreements with all staff and contractors
• Incident response procedures for data breaches
• Regular review and updates of security policies

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

7. Your Rights Under GDPR

How to Exercise Your Rights

To exercise any of these rights, contact us at support@homylyst.shop or office@booster28ads.com or call +40 717 434 871. We will respond within 30 days and may request identity verification for security purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. For detailed information, please review our Cookie Policy.

8.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (shopping cart, login sessions)
• Performance Cookies: Google Analytics for website performance monitoring
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Facebook Pixel, Google Ads for targeted advertising

8.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

9. Third-Party Services

9.1 Google Services

• Google Analytics: Website analytics and user behavior tracking
• Google Ads: Advertising and remarketing campaigns
• Google Tag Manager: Managing marketing and analytics tags

9.2 Social Media and Advertising

• Facebook Pixel: For targeted advertising and conversion tracking
• Social Media Integrations: For social login and content sharing

9.3 Payment and Shipping Partners

Our payment and shipping partners have their own privacy policies. We recommend reviewing their policies when using their services.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@homylyst.shop.

11. Marketing Communications

11.1 Email Marketing

We send marketing emails only to customers who have:

• Explicitly consented to receive marketing communications
• Made a purchase and haven't opted out (soft opt-in under GDPR)

11.2 Unsubscribe Options

You can unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at support@homylyst.shop
• Managing preferences in your account settings

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide clear information about the breach and steps being taken
• Offer guidance on protective measures you can take

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

• Post the updated policy on our website with a new "Last Updated" date
• Notify you by email for material changes if you have an account
• Obtain new consent where required by law
• Maintain previous versions for reference upon request

14. Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority. In Romania, this is: