Privacy policy

General provisions and contact details

This personal data processing policy (hereinafter referred to as “GDPR Policy”) applies to those personal data, which the company, operating under the laws of Romania, (hereinafter referred to as “Operator”) collects and processes about you, as a user of the website, as a user of the services offered, as a buyer in case of purchase of products from the webshop / brick and mortar shops or as a visitor of our shops (hereinafter referred to as “Data Subject”).

The website belongs to Faboltray SRL, a Romanian company with registered office in Praid, str. Zsogod nr.17., jud. Harghita, registered in the Trade Register under no. J19/8/2021, with fiscal code RO43531324, e-mail

We are a company dealing with the making and selling of wooden bowls.


The privacy of visitors of our website / shop is very important to us and we are committed to protecting it. This policy explains what we will do with your personal information

Knowledge and acceptance of the policy

Giving consent to the use of cookies in accordance with the terms of this policy when you first visit our website allows us to use cookies each time you visit our website.

By providing and making your personal data available to us, you declare that you are fully aware of and expressly accept the latest version of this GDPR policy (the version that was in force at the time of providing the data).

Collection of personal information

The following types of personal information may be collected, stored and used:

  • information about your computer, including your IP address, geographic location, browser type and version, and operating system;
  • information about your visits to and use of this website, including referral source, length of visit, page views and navigation paths on the website;
  • information such as your e-mail address, which you enter when you register on our website;
  • information such as your name and e-mail address, which you enter to set up subscriptions to our e-mails and/or newsletters;
  • information you enter while using the services on our website;
  • information that is generated while using our website, including when, how often and under what circumstances you use it;
  • information relating to any purchases you make, services you use or transactions you make through our website, which may include your name, address, telephone number, email address and bank card details;
  • information you post on our website with the intention of publishing it on the internet, which may include your username, profile pictures and the content of your posts;
  • information contained in any communications you send to us by email or through our website, including the content of the communications and their metadata;
  • any other personal information you send to us.

Before disclosing another person’s personal information to us, you must obtain that person’s consent to both the disclosure and the processing of personal information in accordance with this policy.

Changing and deleting personal data from your personal account

Immediately after registration, the data subject’s personal account is created and the data subject will receive a notification to the e-mail address with which he or she registered. The data processed during registration are necessary to provide the services provided by the webshop, i.e. to identify the buyer, so these data will be processed by the Seller until the personal account is deleted. The data subject may change the data entered during registration at any time by accessing the personal account. The data subject can initiate the deletion of the personal account by sending an e-mail to the customer service. The data subject will be notified of the deletion of the account by e-mail within 10 working days. Following the deletion of the personal account, the data subject’s personal data will become inactive and the Operator will suspend their processing. By requesting the deletion of the personal account, the consent to the processing of personal data is withdrawn and in this case the personal data will be deleted from the system within 30 days. 

Special provisions relating to minors

Persons under the age of 16 may not disclose personal information, request services or any communications on the Operator’s website, or participate in the Company’s contests or campaigns, unless such requests are made on behalf of the minor by the minor’s legal representative or guardian as required by law. In the case of a Data Subject who has not attained the age of 14, his/her legal representative, guardian may provide personal information and make a legal declaration on his/her behalf. In the case of Data Subjects under the age of 18 but who have reached the age of 14, they may provide personal data and make a legal statement only with the consent of their legal representative or guardian. By taking cognizance of the above information, you represent and warrant that you will take the information provided into account. In circumstances where you do not have a legal right to provide personal data, you are obliged to obtain the consent of a third party (e.g. legal representative, guardian). In this context, you have an obligation to decide whether or not the consent of a third party is required for the provision of certain information. It is possible that the Data Controller does not personally contact you, and therefore you are responsible for compliance with this clause, the Data Controller does not assume any liability in this respect. We make all reasonable efforts to delete any information that has been provided to us unlawfully and assure you that such information is not passed on to third parties, nor used for our own purposes (whether for advertising or otherwise). Please inform us immediately if you discover that a minor has disclosed his or her personal data without the authorization of a legal representative or guardian. To contact us, you can use our contact details mentioned at the beginning of this policy. 

Use of your personal information

Personal information submitted through our website will be used for the purposes specified in this policy or on the respective pages of the website. We may use your personal information for:

  • managing our website and our business;
  • customising our website for you;
  • authorising the use of the services available on our website;
  • sending commercial communications for information purposes;
  • sending you email notifications that you expressly request;
  • sending you our newsletter by e-mail, if you have requested it (you can inform us at any time if you no longer want this communication);
  • sending marketing communications about our business or the companies of carefully selected third parties that we believe may be of interest to you by mail or, where you have specifically consented, by e-mail or similar technologies (you may inform us at any time if you no longer wish to receive marketing communications);
  • providing third parties with statistical information about our users (these third parties will not be able to identify any users using this information);
  • dealing with requests and complaints made by or about you relating to our website;
  • maintaining the security of our website and preventing fraud;
  • checking compliance with the terms and conditions governing the use of our website (including monitoring private messages sent via our private messaging service);

If you submit personal information for publication on our website, we will publish and use that information in accordance with the scope of the agreement you provide to us.

Privacy settings may be used to limit the publication of your information on our website and can be changed using the privacy toggles on the website.

Without your express consent, we will not provide your personal information to third parties for direct marketing by those third parties or any other third parties.

Disclosure of personal information

We may disclose your personal information:

  • to the extent we are required to do so by law;
  • in connection with any potential or pending legal proceedings;
  • to establish, exercise or defend our legal rights (including providing information to third parties for fraud prevention and credit risk reduction purposes);

Except as set out in this policy, we will not provide your personal information to third parties.

International data transfers

Personal information that you post on our website or submit for posting on our website may be available via the Internet worldwide. We cannot prevent the use or misuse of this information by others.

You expressly consent to the transfers of personal information described in this Section.

Retention of Personal Information

This Section sets forth our data retention policies and procedures, which are designed to help ensure compliance with our legal obligations regarding the retention and deletion of personal information.

Personal information that we process for any purpose or purposes will not be retained longer than is necessary for that purpose or purposes.

Notwithstanding the other provisions in this section, we will retain documents (including electronic documents) containing personal data:

To the extent that we are required to do so by law;

if we believe the documents may be relevant to any ongoing or future legal proceedings; and to establish, exercise or defend our legal rights (including providing information to third parties for the purposes of fraud prevention and credit risk reduction);

Security of your personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all personal information you provide on our secure (password and firewall protected) servers.

You acknowledge that the transmission of information over the Internet is typically insecure and we cannot guarantee the security of data sent over the Internet.

You are responsible for maintaining the confidentiality of the password you use to access our website; we will never ask you for your password (except when you log on to our website).


We reserve the right to update this policy from time to time by posting a new version on our website. We recommend that you check this page occasionally to ensure that you understand any changes to this policy and to ensure that you are aware of any changes and how your information may be used.  In the event of a request, we may send you a copy of the current GDPR policy by email.

Your rights

You may ask us to provide you with any personal information we hold about you; the provision of this information will be subject to the following terms:

providing sufficient evidence of your identity. For this purpose, we will usually accept a notarised photocopy of your passport, plus a certified true copy of a utility bill containing your current address.

We may retain the personal information you request to the extent permitted by law.

You can ask us at any time not to process your personal information.

In practice, you usually either expressly agree in advance to our use of your personal information for marketing purposes or we will give you the opportunity to opt-out of our use of your personal information for marketing purposes.

You have the right to:

  • receive information on the processing of your personal data;
  • obtain access to personal data held about you;
  • request the correction of inaccurate, incorrect or incomplete personal data;
  • request deletion of personal data when they are no longer needed or if their processing is unlawful;
  • object to the processing of your personal data for marketing purposes or for reasons related to your particular situation;
  • request restriction of the processing of your personal data in certain cases;
  • receive your personal data in a machine-readable format and send it to another controller (“data portability”);
  • request that decisions based on automatic processing of your personal data which concern or significantly affect you are made by individuals, not exclusively by computers. In this case, you also have the right to express your point of view and challenge the decision;
  • lodge a complaint with the competent personal data protection authority;
  • of appeal against the National Supervisory Authority for the processing of personal data;
  • of appeal against the Data Controller

Third-party sites

Our website includes hyperlinks to and details of third party websites. We have no control over and are not responsible for the privacy policies and practices of third parties.

Updating information

Please let us know if the personal information we hold about you needs to be corrected or updated.

Categories of personal data and purposes of collection and processing

(Use you phone in landcape to view all the table)


Purpose of processing

Legal basis

Categoriile de date

Storage period, deadline for deletion of data

The user has the possibility to ask questions from our team

Consent of the data subject (Art. 6 para. (1)(a) GDPR)

Message content, name, email address, phone number

Until the consent given by the data subject is withdrawn

The data subject (the site user) has the option to register on the site in order to benefit from the services offered by the Operator.

Consent of the data subject (Art. 6 para. (1)(a) GDPR)

Person’s name, email address

Until the consent given by the data subject is withdrawn

The person concerned who has registered on the site has the possibility to order various items from our webshop (online shop) or from our physical shop.

For the performance of a contract (Art. 6 para. (1)(a) GDPR)

Registered data subject: full name, delivery address (country, postcode, city, address), billing details if different from delivery address, remarks, email address, telephone number

Personal data will be deleted after 5 years from the termination of the collaboration with the Data Subject, according to the Civil Code. According to the Accounting Act we are obliged to keep your data for 10 years after the end of the financial year in which the documents were drawn up. In practice, we encounter such cases when the data are part of accounting supporting documents.

The Operator shall use a video surveillance system for the purpose of guarding and protecting persons, property and assets of the Operator, preventing and combating crimes. 

For the purposes of legitimate interests pursued by the operator or a third party (Art. 6, para. (1)(f) of the GDPR) 

Targeted person (visitor to the point of work): portrait

 Location of cameras: entrance to customer area (cameras are located in visible places, and targeted persons are warned by message boards) 

The operator keeps track of the data for 8 days. In case of personal or proprietary incidents, the Data Controller reserves the right to process personal data for a period longer than 8 days.

The following persons have access to categories of personal data:  

  • Page editors;
  • Employees and administrators of the Operator;  
  • Employees of the data processors, formulated in this document;  
  • Certain authorities in respect of data requested by them in the course of official proceedings and lawfully requested from the Data Controller;  
  • Other persons, based on the express consent of the Data Subject. 

The Data Controller assumes a strict obligation of confidentiality with regard to the personal data it manages, which – subject to the Data Subject’s consent – it may not disclose to a third party. Withdrawal of consent does not affect the legitimacy of the previous data processing. 

Authorised persons for data processing

 The data controller authorises the following persons for the processing of personal data in relation to the performance of technical operations in connection with data processing. The rights and obligations of personal data processors are determined by the GDPR, respectively by the Controller under special data management laws. The Controller is responsible for the lawfulness of the instructions given. The Personal Data Processor may not take any fundamental decisions on data management, may process personal data brought to his knowledge and to which he has access only in accordance with the terms and conditions set by the Controller, is not allowed to process data for personal interest, at the same time he has the duty to archive and keep personal data as instructed by the Controller.

Persons/company authorised to process data

(Use you phone in landcape to view all the table)


Name and contact details of data processorsPersonal data of which he/she is aware/to which he/she has access and activities carried out in the course of data processingDuration of data processing
Contafex S.R.L.

Personal data provided by the Data Subject:  

Person’s name, company name, company address, CUI, registration number, telephone number, email address, products/services ordered

Its task is to manage the invoices of the Operator and to provide accounting services

Personal data will be deleted after 5 years from the termination of the collaboration with the Data Subject, according to the Civil Code. According to the Accounting Act we are obliged to keep your data for 10 years after the end of the financial year in which the documents were drawn up. In practice, we encounter such cases when the data are part of accounting supporting documents.

Name, surname, bank card number, CVV number, card validity date, amount and date/time of transaction, address, products/services purchased

Its task is to manage online payments

The information on your card is neither collected nor stored on our servers but transmitted directly to Stripe. Online payment information will be stored encrypted indefinitely on Stripe’s servers. You will be able to request the deletion of this data from Stripe at any time. If you want your card details to be saved for future payments, you can request this. In this case, the cookies will be valid for 90 days.

Presence of the operator on social media sites (Facebook, Instagram, Youtube)

The operator is present on Facebook, Instagram and Youtube. Visitors to the Facebook social media page can subscribe to the newsletter by clicking on the “Like”/”Like” button, and can also unsubscribe using the same button.


Our website uses cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a browser and stored by that browser. The identifier is then sent back to the server each time the browser requests a page from it. Cookies can be “persistent” cookies or “session” cookies: the persistent cookie will be stored by the browser and will remain valid until the set expiry date, unless it is deleted before the expiry date; the session cookie, on the other hand, will expire at the end of the user’s session, when the browser is closed. Cookies do not usually contain information that personally identifies a user, but the personal information we store about you may be linked to information stored and obtained through cookies. We use both persistent and session cookies on our site.

The names of the cookies we use on our website and the purposes for which they are used can be found below:

We use Google Analytics, Adwords and Facebook Analytics on our website to recognise a computer when a user visits the website / track users as they browse the website / improve website usability / analyse website usage / administer the website / prevent fraud and improve website security / personalise the website for each user / target advertisements that may be of particular interest. 

Most browsers allow you to refuse or accept cookies. 

Please refer to the web page of the browser you are using for more information about enabling/disabling and deleting cookies.

Blocking/deleting all cookies will have a negative impact on the usability of many websites. If you block cookies, you will not be able to use all the features of our website.

National Supervisory Authority for Personal Data Processing –