🏠 Homylyst Shop
Privacy Policy - Homylyst Shop
🔒 BOOSTER28 ADS S.R.L. is the Data Controller for homylyst.shop | Your data is protected under GDPR and Romanian law

Privacy Policy

Last updated: January 28, 2026 | Effective Date: January 28, 2026

Data Controller Information

Company: BOOSTER28 ADS S.R.L. (Operating as "Homylyst Shop")

Address: Strada Lungă, Nr. 149, Apartament P3, 500059 Brașov, Brașov, Romania

VAT: RO48459815

Company Registration: J8/1944/2023

Email: support@homylyst.shop | office@booster28ads.com

Phone: +40 717 434 871

Important: This Privacy Policy complies with the General Data Protection Regulation (GDPR), Romanian data protection laws, and Google Ads policies. By using our website and services, you acknowledge that you have read and understood this policy.

1. Information We Collect

1.1 Personal Information You Provide

We collect information you provide directly to us when you:

  • Create an account: Name, email address, phone number, delivery address
  • Place an order: Billing information, shipping address, payment preferences
  • Contact us: Name, email, phone number, message content
  • Subscribe to marketing: Email address, communication preferences
  • Leave reviews: Name, review content, rating

1.2 Information Automatically Collected

When you visit our website, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent, clicks, scrolling behavior
  • Location Data: General location based on IP address
  • Cookie Data: Preferences, session information, analytics data

1.3 Third-Party Information

We may receive information from:

  • Payment Processors: Transaction data, fraud prevention information
  • Delivery Partners: Shipping updates, delivery confirmations
  • Social Media: Public profile information if you connect social accounts
  • Analytics Providers: Website performance and user behavior data

2. How We Use Your Information

2.1 Primary Purposes

We use your personal information for the following purposes:

Purpose Legal Basis (GDPR) Data Used
Order Processing & Fulfillment Contract Performance Contact info, payment data, shipping address
Customer Support Contract Performance Contact info, order history, communication records
Payment Processing Contract Performance Payment information, billing address
Marketing Communications Consent / Legitimate Interest Email, phone, purchase history, preferences
Website Analytics Legitimate Interest Usage data, device info, cookies
Fraud Prevention Legitimate Interest Device info, payment data, behavioral patterns
Legal Compliance Legal Obligation Transaction records, customer communications

2.2 Marketing and Personalization

With your consent or based on legitimate interest, we may use your information to:

  • Send promotional emails about products and offers
  • Display personalized product recommendations
  • Show targeted advertisements on our website and third-party platforms
  • Conduct market research and customer satisfaction surveys
  • Improve our products and services based on your feedback

3. Information Sharing and Disclosure

3.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

  • Payment Processors: Stripe, PayPal, Klarna for secure payment processing
  • Shipping Partners: DHL, UPS, local courier services for order delivery
  • Email Service Providers: For sending transactional and marketing emails
  • Analytics Providers: Google Analytics, Facebook Pixel for website analytics
  • Customer Support Tools: For managing customer inquiries and support tickets
  • Cloud Storage Providers: For secure data storage and backup

3.2 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with court orders, subpoenas, or legal processes
  • Respond to government requests or regulatory inquiries
  • Protect our rights, property, or safety
  • Prevent fraud, abuse, or illegal activities
  • Enforce our Terms and Conditions

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4. International Data Transfers

As we operate across Europe and work with international service providers, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection levels
  • Standard Contractual Clauses: EU-approved contracts with data processors
  • Binding Corporate Rules: For transfers within multinational organizations
  • Consent: Where you have explicitly consented to the transfer

5. Data Security

We implement comprehensive security measures to protect your personal information:

5.1 Technical Safeguards

  • Encryption: SSL/TLS encryption for data transmission and AES-256 for data storage
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Security Audits: Vulnerability assessments and penetration testing
  • Secure Servers: ISO 27001 certified data centers with 24/7 monitoring
  • Backup Systems: Regular encrypted backups with disaster recovery procedures

5.2 Organizational Measures

  • Employee training on data protection and privacy practices
  • Confidentiality agreements with all staff and contractors
  • Incident response procedures for data breaches
  • Regular review and updates of security policies

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Data Type Retention Period Reason
Account Information Until account deletion + 3 years Customer service, legal compliance
Order & Transaction Data 7 years after purchase Tax obligations, warranty claims
Marketing Data Until consent withdrawal + 6 months Suppression list maintenance
Website Analytics 26 months Google Analytics standard retention
Customer Support Records 3 years after last contact Quality assurance, dispute resolution

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

1. Right of Access (Article 15): Request a copy of your personal data we hold

2. Right to Rectification (Article 16): Correct inaccurate or incomplete data

3. Right to Erasure/Right to be Forgotten (Article 17): Request deletion of your data under certain circumstances

4. Right to Restrict Processing (Article 18): Limit how we use your data

5. Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format

6. Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing

7. Rights Related to Automated Decision Making (Article 22): Not be subject to decisions based solely on automated processing

8. Right to Withdraw Consent: Withdraw consent for processing based on consent

How to Exercise Your Rights

To exercise any of these rights, contact us at support@homylyst.shop or office@booster28ads.com or call +40 717 434 871. We will respond within 30 days and may request identity verification for security purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. For detailed information, please review our Cookie Policy.

8.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality (shopping cart, login sessions)
  • Performance Cookies: Google Analytics for website performance monitoring
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Facebook Pixel, Google Ads for targeted advertising

8.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

9. Third-Party Services

9.1 Google Services

  • Google Analytics: Website analytics and user behavior tracking
  • Google Ads: Advertising and remarketing campaigns
  • Google Tag Manager: Managing marketing and analytics tags

9.2 Social Media and Advertising

  • Facebook Pixel: For targeted advertising and conversion tracking
  • Social Media Integrations: For social login and content sharing

9.3 Payment and Shipping Partners

Our payment and shipping partners have their own privacy policies. We recommend reviewing their policies when using their services.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@homylyst.shop.

11. Marketing Communications

11.1 Email Marketing

We send marketing emails only to customers who have:

  • Explicitly consented to receive marketing communications
  • Made a purchase and haven't opted out (soft opt-in under GDPR)

11.2 Unsubscribe Options

You can unsubscribe from marketing emails at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at support@homylyst.shop
  • Managing preferences in your account settings

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and steps being taken
  • Offer guidance on protective measures you can take

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

  • Post the updated policy on our website with a new "Last Updated" date
  • Notify you by email for material changes if you have an account
  • Obtain new consent where required by law
  • Maintain previous versions for reference upon request

14. Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority. In Romania, this is:

National Authority for the Supervision of Personal Data Processing (ANSPDCP)

Address: Bulevardul General Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania

Website: www.dataprotection.ro

Email: anspdcp@dataprotection.ro

15. Contact Information

Data Protection Officer / Privacy Contact:

Company: BOOSTER28 ADS S.R.L. (Operating as "Homylyst Shop")

Address: Strada Lungă, Nr. 149, Apartament P3, 500059 Brașov, Brașov, Romania

Email: support@homylyst.shop | office@booster28ads.com

Phone: +40 717 434 871

VAT: RO48459815

Company Registration: J8/1944/2023

Business Hours:

Monday - Friday: 9:00 AM - 6:00 PM (EET)
Saturday: Closed
Sunday: Closed

For privacy-related inquiries, please include "Privacy Request" in your email subject line for faster processing.

Effective Date: This Privacy Policy is effective as of January 28, 2026, and applies to all information collected by BOOSTER28 ADS S.R.L. (operating as Homylyst Shop) through our website, mobile applications, and related services.
Scroll to Top
Footer - Homylyst Theme