Politica de confidențialitate

1) Introduction

ARMORIS SYSTEMS S.R.L. (“ARMORIS”, “we”, “us”, “our”) operates this online store and website, including all related information, content, features, tools, products, and services (collectively, the “Services”). The Services are powered by Shopify.

This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you visit, use, or make a purchase via the Services, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to personal data.

By using the Services, you acknowledge you have read and understood this Privacy Policy.

2) Who We Are (Data Controller)

ARMORIS SYSTEMS S.R.L.
CIF (VAT ID): 47143848
Trade Registry: J29/3203/2022
Contact us

Unless otherwise stated, ARMORIS is the data controller of your personal data within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national laws.

Shopify’s role. Shopify provides the ecommerce platform and acts either as our processor (e.g., hosting/checkout) or as an independent controller for certain activities it determines (e.g., some analytics, fraud prevention, platform improvements, and enhanced advertising services). For those activities, Shopify is responsible for responding to data-subject requests that relate to Shopify’s own processing. Please consult Shopify’s privacy documentation for details.

3) Definitions

  • Personal data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed on personal data (collection, storage, use, disclosure, etc.).
  • EEA: European Economic Area (EU + Iceland, Liechtenstein, Norway).

4) Personal Data We Collect or Process

Depending on your interactions with the Services and local law, we may collect or process:

  • Contact details: name, billing/shipping address, country, phone, email.
  • Account data: username, password, preferences, saved addresses.
  • Order/transaction data: items viewed, cart/wishlist, purchases, returns/exchanges/cancellations, order identifiers, invoices, payment status.
  • Payment data: payment method, payment processor confirmation, transaction details. (Card details are handled by payment providers; we do not store full card numbers.)
  • Communications: messages sent to us (support, email, forms).
  • Device/technical data: IP address, device identifiers, browser, OS, network, log files, time stamps.
  • Usage data: how and when you access or interact with the Services (pages, features, clicks).
  • Cookies & similar tech: identifiers, analytics, marketing tags (see Cookies section).
  • Design files & technical information (specific to 3D printing): CAD files, drawings, dimensions, tolerances, materials, technical notes you supply for custom manufacturing.

We do not intentionally collect special categories of data (GDPR Art. 9). Please do not send such data via the Services.

5) Sources of Personal Data

  • Directly from you (account creation, checkout, support requests, CAD uploads).
  • Automatically via your device when using the Services (including cookies/SDKs).
  • From service providers acting on our behalf (e.g., payment, logistics, IT).
  • From partners/third parties, where permitted (e.g., anti-fraud, address validation).

6) Purposes and Legal Bases (GDPR Art. 6)

We only process personal data when a legal basis applies:

Purpose Examples Legal Basis
Provide the Services / Contract process orders & payments, manufacture custom parts, ship goods, handle returns/exchanges, manage your account Art. 6(1)(b) contract necessity
Customer support respond to inquiries, warranty handling Art. 6(1)(b) contract necessity
Compliance invoicing, accounting, tax, consumer protection, product safety Art. 6(1)(c) legal obligation
Security & fraud prevention authentication, monitoring, risk scoring, misuse detection Art. 6(1)(f) legitimate interests
Analytics & service improvement usage measurement, performance, debugging Art. 6(1)(f) legitimate interests
Direct marketing newsletters, product updates, promotions Art. 6(1)(a) consent
Personalized advertising ads based on interactions (where enabled) Art. 6(1)(a) consent (and/or legitimate interests where permitted)
Records & dispute management contract evidence, legal claims/defense Art. 6(1)(f) legitimate interests

Where we rely on legitimate interests, we balance our interests against your rights and expectations and apply appropriate safeguards.

7) How We Use Personal Data

  • Provide, tailor, and improve the Services (manufacture orders, remember preferences, recommend products).
  • Account & order management (notifications, shipping arrangements, returns/exchanges).
  • Marketing (with opt-in consent; unsubscribe anytime).
  • Security & fraud prevention (secure checkout, detect/prevent malicious activity).
  • Communications (respond to you, maintain relationship).
  • Legal reasons (comply with law, respond to lawful requests, enforce our terms).

8) How We Disclose Personal Data

We may disclose personal data to:

  • Shopify (hosting, checkout, payments, analytics/features run by Shopify).
  • Vendors/service providers acting on our instructions: IT/cloud hosting, payment processors, banks, logistics & couriers, support tools, marketing tools (where consented).
  • Business/marketing partners (only with your consent for marketing or where legally permitted).
  • Affiliates / corporate group (if applicable) under appropriate safeguards.
  • Authorities, courts, or advisors where required by law or to establish/exercise/defend legal claims.
  • Corporate transactions (merger, acquisition, restructuring), subject to confidentiality and applicable law.

We do not sell your personal data.

9) Relationship with Shopify (Platform Provider)

The Services are hosted by Shopify. Data you submit via our storefront and checkout is processed on Shopify’s infrastructure. Shopify may also collect data about your interactions across merchants to provide platform security, performance, analytics, and enhanced advertising features. For those specific activities, Shopify may act as an independent controller and is responsible for handling related data-subject requests. Please consult Shopify’s privacy materials for details on: categories of data, purposes, recipients, international transfers, and your rights in relation to Shopify’s processing.

10) Cookies and Similar Technologies (ePrivacy/TTDSG)

We use cookies and similar technologies:

  • Strictly necessary (site operation, cart, checkout, security).
  • Analytics (usage measurement, performance).
  • Marketing/advertising (personalized ads, retargeting), where enabled.

Except for strictly necessary cookies, we use non-essential cookies only with your consent via our cookie banner/manager, in line with the ePrivacy rules and national implementations (e.g., Germany’s TTDSG). You can withdraw consent or adjust preferences at any time in the cookie settings. Browser settings may also be used to block cookies (functionality may be affected).

11) International Data Transfers

Some recipients (including Shopify and certain providers) may process your data outside the EU/EEA (e.g., Canada, USA). Where such transfers occur, we implement appropriate safeguards, including:

  • Adequacy decisions by the European Commission (where applicable), and/or
  • Standard Contractual Clauses (SCCs) under GDPR Art. 46, plus supplementary measures where required.

You can contact us for more information about applicable transfer safeguards.

12) Data Retention

We keep personal data only as long as necessary for the purposes set out in this Policy, or as required by law. Typical periods include:

  • Invoices/transaction records: up to 10 years (accounting/tax obligations).
  • Customer account data: retained while the account remains active or until deletion request (subject to legal holds).
  • CAD/technical files: retained for production + warranty period; then securely deleted unless you consent to extended storage (e.g., for easy re-orders).
  • Marketing: until you withdraw consent or object.
  • Logs/security records: for a reasonable period necessary for security, debugging, and compliance.

13) Security

We apply appropriate technical and organizational measures such as SSL/TLS encryption, access controls, secure hosting, back-ups, monitoring, and staff confidentiality. No system is perfectly secure; we cannot guarantee absolute security. Avoid sending sensitive information over unencrypted channels.

14) Children’s Data

The Services are not directed to children under 16, and we do not knowingly collect personal data from them. If you are a parent/guardian and believe a child under 16 has provided data, contact us to request deletion.

15) Your Rights (GDPR Arts. 15–22)

Subject to conditions and local law, you have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data (“right to be forgotten”) in certain circumstances.
  • Restrict processing in certain circumstances.
  • Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Object to processing based on legitimate interests, including object to direct marketing at any time.
  • Withdraw consent (for consent-based processing) without affecting prior lawful processing.

We will respond within one month (extendable by two months for complex requests). We may need to verify your identity. To exercise rights related to Shopify’s independent processing, please refer to Shopify’s privacy pages.

You also have the right to lodge a complaint with a supervisory authority: in Romania, ANSPDCP; or your local EU/EEA authority.

16) Managing Communication Preferences

You can unsubscribe from marketing emails at any time through the link in our emails. We may continue to send non-marketing messages (e.g., order updates, service notices).

Germany note (best practice): for email marketing to German recipients, we implement double opt-in to document consent under local unfair competition rules (UWG).

17) Automated Decision-Making / Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects as defined by GDPR Art. 22. We may use limited profiling for marketing personalization with your consent (e.g., product recommendations/ads based on site behavior). You can withdraw consent at any time via cookie settings or email.

18) Complaints & Dispute Resolution

Please contact us first so we can try to resolve your concern. You may also lodge a complaint with ANSPDCP or your local supervisory authority in the EEA/UK.

19) Changes to This Privacy Policy

We may update this Privacy Policy from time to time (e.g., legal/operational changes). We will post the revised Policy here with an updated “Last updated” date and, where required by law, additional notice.

20) Contact

For questions or to exercise your rights:

ARMORIS SYSTEMS S.R.L.
Strada Cuptoarelor, Nr. 4, Construcția C7 – birouri, Ploiești, Prahova, Romania
Contact us