Privacy policy

Last updated: June, 2025

This Privacy Policy describes how SC MIDO MAISON PRIVEE SRL (“MiDo Maison Privée”, “we”, “our”, “us”), with headquarters in Strada Moliere, Nr. 11, Ap. 1, Sector 1, Bucharest, 011963, Romania, registered with the Romanian Trade Registry under no. J40/12921/2018, and VAT ID RO39852377 (“Data Controller”), collects, uses, and shares your personal information when you visit or make a purchase from our website https://midoprivee.com (“Website”).

We strictly comply with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018 on implementing GDPR.

1. Personal Information We Collect

We may collect and process the following personal data:

Identification and Contact Data: name, surname, billing address, delivery address, email address, telephone number.
Payment Data: payment method details, transaction information. (We do not store card details; they are securely processed by our payment provider, e.g. PayU).
Account Data: email address, username, encrypted password, preferences.
Marketing and Communication Data: preferences for receiving marketing communications and newsletters, contact history.
Technical Data and Cookies: IP address, browser type and version, operating system, cookies, and usage behavior (see Cookie Policy).

2. How We Collect Personal Information

  • Directly from you: placing an order, registering, contacting us, subscribing to our newsletter.

  • Automatically: via cookies, analytics, and tracking tools.

  • From third parties: including Shopify, payment processors, analytics/advertising platforms (Google, Facebook).

3. Purposes and Legal Grounds for Processing Your Data

  • Order fulfillment and contractual obligations (GDPR Art. 6(1)(b)): processing orders, payments, deliveries, returns.

  • Marketing activities and newsletters (GDPR Art. 6(1)(a)): based on your explicit consent, which you may withdraw anytime.

  • Legal obligations (GDPR Art. 6(1)(c)): accounting, taxation, consumer protection.

  • Legitimate interest (GDPR Art. 6(1)(f)): improving site performance, fraud prevention, enhancing customer experience.

4. Data Sharing and Third Parties

We may share your data with:

  • Service Providers: courier companies (e.g. Fan Courier), hosting (Shopify), payment platforms (PayU).

  • Marketing and analytics platforms: e.g. Google Analytics, Google Ads, Facebook Ads.

  • Authorities: where legally required or to protect our legal rights.

All third parties comply with GDPR and contractual confidentiality obligations.

5. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA) to countries such as the United States or Canada, where some service providers are based. Such transfers rely on:

  • Such transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions confirming an adequate level of protection by the recipient country.

6. Data Retention

We retain your data only for as long as necessary:

  • Billing and order data: 5 years (Romanian accounting laws).

  • Marketing data: until consent is withdrawn.

  • Customer account data: as long as your account is active or until deletion request.

7. Security Measures

We apply appropriate technical and organizational measures to protect personal data:

  • SSL encryption.

  • Secure access control (staff access only).

  • Encrypted data storage.

  • Confidentiality agreements with employees.

  • Regular internal reviews and audits.

8. Your GDPR Rights

You have the following rights:

  • Right to access: obtain information about personal data we hold.

  • Right to rectification: correct inaccurate or incomplete data.

  • Right to erasure: request deletion ("right to be forgotten").

  • Right to restrict processing under specific circumstances.

  • Right to data portability: receive data in a structured, machine-readable format.

  • Right to object: particularly to processing for direct marketing or profiling.

To exercise these rights, contact us at office@midoprivee.com.

9. Profiling and Advertising

We may use profiling for personalized advertising (e.g., based on browsing or purchase history). You can opt out via the cookie banner or by contacting us.

10. Complaints

If you are not satisfied with how we process your data, you may contact us at office@midoprivee.com or file a complaint with the:

Romanian Data Protection Authority (ANSPDCP)
Website: www.dataprotection.ro
Address: Bd. G-ral Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page and the date of the latest version will be indicated at the top.

12. Contact Information

For inquiries or to exercise your GDPR rights, please contact:

SC MIDO MAISON PRIVEE SRL
Strada Moliere, Nr. 11, Ap. 1, Sector 1
Bucharest, 011963, Romania
Email: office@midoprivee.com