Privacy policy

Privacy Policy regarding the processing of personal data
LavenderAnna and GDPR

SC LAVENDERANNA S.R.L organized according to the Romanian law, registered in Galati, J17/428/2019, CUI: 40643099, having its registered office in Galati, Gheorghe Doja, Nr. 2, Block 1A, Stairs 2, Ground floor, Ap. 22 manages the online store


The General Data Protection Regulation (GDPR) is an applicable set of rules and instructions, which will be implemented in all Member States of the European Union, coming into force as of May 25, 2018. The regulation will have an impact on all storage companies, controls or uses the personal data or sensitive information of the users. The objective is to create a higher standard of data protection, specific to today’s digital society.

GDPR is based on the existing Law on data protection, but the General Data Protection Regulation has a broader purpose and offers more prescriptive standards. Companies that do not comply with the new GDPR standards will have to pay substantial fines. The new GDPR focuses on individual personal data protection rights and emphasizes concepts such as ‘consent’, ‘data need’ and ‘right to be forgotten’. More information on all these aspects and how LavenderAnna intends to comply with GDPR can be found below!


According to the GDPR, there are a number of reasons that legitimize the processing of personal data. We present here the most relevant legal bases regarding the interaction of our company with your personal data under the GDPR.

Contractual necessity

Data processing is required to perform the services provided by the company.


Completing the order on our company website requires your consent, expressly and knowingly, provided by a clear and affirmative action.

Customers will be prompted to read the ‘How we use your data’ section and to consent by ticking a box during the order process. Customers have the right to withdraw their consent by contacting us by phone or email.

Conform legislaţiei, pentru a vă da consimţământul în mod legal, trebuie să aveţi peste 16 ani, prin urmare, vi se va solicita să confirmaţi acest lucru la finalizarea comenzii sau să solicitaţi acceptului unui părinte sau tutore legal de a-şi da consimţământul în numele dumneavoastră.

We will make reasonable efforts (based on available technologies) to verify whether the parent / guardian has consented or authorized the child’s consent. Please note that when checking the box where you express your consent, you agree to the use of your data by the company only for the processing of the order and for the execution of any returns or for solving the problems regarding the order.

The company’s newsletter and social pages require separate consent, so you will not be added to your email list or contacted for anything other than your LavenderAnna order or account without your consent.

A consent record is kept electronically on the order form when checking the online box. If you order by phone, our team will ask for your consent before the order is processed and check the box on the order form on your behalf.

We will process your data to complete the order each time you order. This means that you need to consent to each individual order to make sure you agree with the latest GDPR policy updates.

The consent you express will concern the GDPR policy displayed on our company website at the time of placing the order.


At LavenderAnna we store only the data necessary for the execution and shipment of orders, as well as for any possible returns or exchanges of products desired by the client.

These data include the following:
Name – used to send the order to the recipient and during communication with the customer.
E-mail – to send the order confirmation and notifications regarding the shipping process. We also use the email address to contact the customer in case of any order problems
Phone number – used in case of problems regarding the order or delivery of the order.
Billing address – to verify payments.
Shipping address – to send order to customer.
Order articles – to check if the products received by the customer are the ones they want.
Order cost – to process the order payment.
Payment method – to process the order payment.
Be it the last 4 digits of the card, or the Paypal transaction ID – to confirm the payment method in case of questions or returns.

The data is provided to our company by expressing our clients’ consent for the processing and shipping of placed orders. The data is then distributed to a selected number of required service providers, listed here:
DHL – The main provider of shipping services
Romanian Post – National courier service provider
Paypal – Payment processing service provider
Mobilpay – Payment processing service provider

If you would like more information about any of the service providers used by our company, please contact us by email or telephone.

You have permanent access to the information stored by logging in to your LavenderAnna account or, again, by contacting us by email or telephone.


According to the General Data Protection Regulation, your personal data rights are very clear. We have outlined some of your data protection rights right here, along with mentions of how these rights are relevant when you use our website.
You have the right to information about what personal data we process, as well as by virtue of the basis established by this policy.

You have the right to access your personal data by submitting a request for access by the data subject (see below).

You have the right to correct any inaccuracies with regard to your personal data. To do this, you must contact a member of the customer service team.

You have the right to request the deletion of your personal data which, according to the law, we had no right to process or are no longer required for processing, for the purpose for which they were collected. To do this, you must contact a member of the customer service team.

During the request to correct or delete your personal data or to challenge the legal character of the process of processing your personal data, you may request to restrict their use during the application. To do this, you must contact a member of the customer service team.

You have the right to object to the processing of your personal data when we rely on a legitimate interest to do so and you believe that your rights and interests prevail over our interests and you wish to stop us.

You have the right to object to us if we process your personal data for direct marketing purposes.
You have the right to receive a copy of your personal data and to transfer your personal data to another data operator. We will not charge any fees for this and, in most cases, we will seek to do so within one month.

With a few exceptions, you have the right not to be subject to automatic decision-making. You have the right to receive notifications in case of breach of security of your personal data.

In most cases, we will not consider your consent as a legal basis for the processing of your personal data. In any case, if we ask for your consent to the processing of your personal data for a particular purpose, you have the right to refuse or subsequently withdraw your consent. To withdraw consent, you must contact a customer service team member.

You have the right to file a complaint to the head of the operator control service from the National Supervisory Authority for Personal Data Processing (ANSPDCP). You can do this by contacting the Office of the Chief Operator Control Service directly from the National Supervisory Authority for Personal Data Processing (ANSPDCP). Full contact details, including a telephone support number, can be found on the website of the National Supervisory Authority for Personal Data Processing (ANSPDCP) ( This website presents more information about your rights and obligations.

Requests for access of the data subjects

You can make a ‘request for access’ (SAR) to find out what information we store about you. This request must be made in writing to our customer service team.

We must respond within one month, unless the request is complex or multiple, in which case the period in which we must respond can be extended by another two months.

There is no charge for making an access request. In any case, if your request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to comply with your request.

Data quality

The data is collected for each individual order, therefore, the processed data is always correct and updated. We carry out annual auditing and cleaning of the newsletter and marketing data to ensure the high quality of the stored data is maintained. You can update your own data by accessing the account or by contacting us to update this data for you.

Data Retention and Deletion

The order details are kept for as long as necessary for the application of taxes and VAT, the minimum period being 7 years and the maximum period of 10 years, after which the data will be permanently deleted from our system during the annual deletion process. of data. During this process of deletion of data, we also remove inactive subscribers from our newsletter list to maintain the high quality of the data.

Also, the accountants of our company have their own GDPR policy which provides for the elimination of old data, this information being available on request.

If you want to be ‘forgotten’ by our system, we can manually edit the relevant order data and delete the account from the system. We may also contact any third-party suppliers of our company that may collect your personal data and request them to do the same. You have the right to delete your own accounts and to unsubscribe manually from any form of communication; In any case, to ensure that you are removed from all registrations, you must contact us by phone or email to inform us of your particular concerns.

Data portability

You can easily change and delete your order details with our easy-to-manage customer account option. This feature allows you to modify and delete all the data we keep for each of your orders. You need to log in to your account where the data is stored, where you can view your order history, and also find a list of your order data, and where you can choose to view or download a copy for your personal archives.

This page aims to include all information that you may consider relevant regarding the application of GDPR by our company and should be viewed as an extension of our current privacy and security policy; In any case, the full GDPR enforcement policy is available upon request.

For more information, you can contact a member of our customer service team!

RON Romanian leu
EUR Euro