Privacy policy

PRIVACY POLICY – KIROS DIET SRL

(Version compliant with Article 13 of EU Regulation 2016/679 and applicable Romanian legislation)

1. Data Controller

The Data Controller is SC KIROS DIET SRL, with registered office in Romania, Bucharest, Sector 1, Str. Argentina 33, registered with the Trade Registry under no. J40/2843/2021, tax ID RO30021692, represented by Giuseppe Castaldo, acting as sole director.

Contact email: info@kirosdiet.com

Personal data collected through the website www.kirosdiet.com is processed for the following purposes:

a) Contractual and pre-contractual purposes

  • order management
  • product delivery
  • customer support
  • billing

Legal basis: Art. 6(1)(b) GDPR – performance of a contract.

b) Legal and tax compliance

Legal basis: Art. 6(1)(c) GDPR – legal obligation.

c) Direct marketing (newsletters, offers, commercial communications)

Only with the user’s explicit consent.

Legal basis: Art. 6(1)(a) GDPR – consent.

d) Cybersecurity and abuse prevention

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Data Controller.

e) Retargeting and remarketing (Google, Facebook, etc.)

Used to display personalized ads and recover abandoned shopping carts.

Legal basis:

  • Art. 6(1)(a) GDPR – consent via profiling cookies
  • Art. 22 GDPR – no automated decision-making with legal effects

3. Processed data

Data voluntarily provided by the user

  • first and last name
  • address
  • Email
  • phone number
  • Information required for delivery and billing

Browsing data

Collected automatically:

  • IP addresses
  • domain names
  • Technical data regarding the browser and operating system

Data collected via cookies

  • technical cookies
  • functional cookies
  • anonymous analytics cookies
  • Profiling cookies (only with consent)

Full details in the Cookie Policy.

4. Nature of data provision

  • Mandatory for contractual, legal, and tax purposes
  • Optional for marketing and newsletter purposes

Failure to provide mandatory data makes it impossible to provide the services.

5. Methods of processing

Data is processed using manual, IT, and telematic tools, in compliance with the security measures provided for by the GDPR and Romanian legislation (Law 190/2018).

Appropriate measures are taken to:

  • prevent the loss or destruction of data
  • prevent unauthorized access
  • ensure integrity and confidentiality

6. Data Retention

Personal data will be retained for:

  • 10 years for tax and accounting obligations
  • Duration of the contractual relationship for order-related data
  • until consent is revoked for marketing and newsletters
  • up to 24 months for profiling cookies
  • Max 12 months for technical security logs

7. Recipients of the data

Data may be disclosed to:

  • payment service providers
  • couriers and shipping services
  • hosting and IT infrastructure providers
  • legal and tax advisors
  • marketing platforms (only with consent)

All parties act as Data Processors pursuant to Article 28 of the GDPR.

Data will never be disclosed.

8. International Transfers

Some providers (e.g., Google, Meta) may process data in non-EU countries.
The transfer takes place in compliance with Articles 44–49 of the GDPR through:

  • Standard Contractual Clauses (SCCs)
  • additional security measures

9. Rights of the data subject

The user may exercise the rights provided for in Articles 15–22 of the GDPR at any time:

  • access
  • rectification
  • erasure
  • restriction
  • data portability
  • objection
  • withdrawal of consent

Requests must be sent to: info@kirosdiet.com

The Data Controller will respond within 30 days, extendable by an additional 60 days in complex cases.

10. Minors

The processing of data of children under 16 is lawful only with the consent of the holder of parental responsibility (Art. 8 GDPR).

11. Complaint to the Authority

The data subject may file a complaint with:

  • ANSPDCP Romania
  • any other competent EU supervisory authority

12. Data Protection Officer (DPO)

Kiros Diet SRL is not required to appoint a DPO pursuant to Article 37 of the GDPR.

13. Changes to this Policy

Kiros Diet SRL reserves the right to amend this policy at any time.
Changes will be posted on the website and will take effect immediately.

14. Contact

For any inquiries regarding personal data:
📧 orders@kirosdiet.com
📧 info@kirosdiet.com