Privacy Policy (GDPR)
Last updated: April 2026
This Privacy Policy explains how EMCAES FOODIE SRL (hereinafter "we", "Sifo" or "the Seller") collects, processes, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679).
1. Identity of the Data Controller
Company: EMCAES FOODIE SRL
Registered office: Brașov Municipality, Str. Zaharia Stancu nr. 6 B, Ap. 202, Brașov County
CUI: 46998422
Email for data protection: bere@sifo.ro
Phone: 0756 666 555
2. What data do we collect, for what purpose, and on what legal basis?
We collect only data strictly necessary to offer you our products and an optimal experience on the sifo.ro website.
| Purpose of Processing | Data Collected | Legal Basis (According to GDPR) |
|---|---|---|
| Processing, invoicing, and shipping of orders placed on the site. | Name, first name, delivery/billing address, phone number, email. | Art. 6 para. 1 lit. b (Contract performance). |
| Verification of legal age for alcohol purchase (+18 years). | Age confirmation declaration (over 18 years) upon site entry / checkout. | Art. 6 para. 1 lit. c (Legal obligation). |
| Marketing and Newsletter communications (e.g., pre-launch announcements, offers). | Email address. | Art. 6 para. 1 lit. a (Your consent). |
| Customer support, complaint management, and returns. | Name, email, phone, order history. | Art. 6 para. 1 lit. f (Legitimate interest in solving customer problems). |
Note regarding payments: Online card payments are securely processed by an authorized third-party provider. Sifo does not collect and store your complete bank card data.
3. To whom do we transmit data?
To operate the online store, we collaborate with trusted third parties to whom we may transmit only data necessary to fulfill their services:
- Courier companies (for order delivery);
- Online payment processors (for transaction confirmation);
- IT service and web hosting providers;
- Accounting firms (for invoice registration according to law).
4. Data retention period
We keep your data only as long as necessary for the purposes mentioned above or to comply with legal obligations:
- Financial-accounting documents (invoices): 10 years, according to Romanian legislation.
- Marketing data (newsletter): Until you withdraw your consent (you unsubscribe).
- Customer account data: Until account deletion request or a reasonable period of inactivity.
5. Your rights (GDPR)
As a data subject, you have the following rights:
- Right of access: You can request a copy of data we hold about you.
- Right to rectification: You can request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): You can request data deletion, under legal conditions.
- Right to restriction of processing: You can request limitation of data processing in certain circumstances.
- Right to data portability: You can request receiving data in a structured format to transfer to another controller.
- Right to object: You can object to data processing for reasons related to your particular situation.
- Right to withdraw consent: For processing based on agreement (e.g., marketing), you can unsubscribe at any time.
To exercise these rights, you can contact us at bere@sifo.ro. We will respond within a maximum of 30 days.
You also have the right to file a complaint with the National Authority for Supervision of Personal Data Processing (ANSPDCP - www.dataprotection.ro) if you consider your rights have been violated.