GDPR Policy

ByFavia acts as the data controller for the personal data described in this policy.

Brand: ByFavia | Legal entity: FAVIA GLOBAL TRADING S.R.L. | Registered address: Ilfov County, Snagov Village, 31 Nucului Street | Contact: info@byfavia.ro

This policy applies to the ByFavia website, the ByFavia contact form, customer order processing, delivery coordination, and related customer-service communications.

Based on the current ByFavia implementation, the following categories of personal data may be processed:

Identity and contact data, such as first name, last name, email address, phone number, and preferred contact time.

Order and account data, such as order number, ordered items, bracelet configuration details, size selections, coupon code, notes, payment method, payment status, quote ID, and transaction reference for digital payments.

Delivery data, such as shipping address, courier name, delivery date, shipping status, and tracking number.

Customer support data, such as topic selection, free-text message content, and any order reference submitted through the contact form.

Technical and security data, such as request metadata used for rate limiting, fraud prevention, error tracing, and service security. This may include IP-related metadata processed by the application or hosting infrastructure.

To accept, validate, and fulfill orders, including payment handling, stock reservation, shipping, and order confirmations. Legal basis: Article 6(1)(b) GDPR – performance of a contract.

To respond to pre-sale questions, support requests, and order-related communications. Legal basis: Article 6(1)(b) GDPR for contract-related requests, or Article 6(1)(f) GDPR for general customer support.

To maintain service security, prevent abuse, enforce rate limits, and investigate technical issues. Legal basis: Article 6(1)(f) GDPR – legitimate interests in protecting the website and business operations.

To comply with accounting, tax, consumer-protection, and legal record-keeping obligations. Legal basis: Article 6(1)(c) GDPR – compliance with a legal obligation.

ByFavia may share personal data only where necessary with the following categories of recipients:

Hosting, infrastructure, and database providers that operate the website and backend systems.

Email and communications providers used to send order confirmations and customer-service messages.

Payment providers involved in digital payment processing.

Courier and delivery providers involved in shipping completed orders.

Professional advisers, regulators, courts, or public authorities where disclosure is legally required or necessary to protect legal rights.

If personal data is transferred outside the European Economic Area, ByFavia ensures that an appropriate transfer mechanism is in place, such as an adequacy decision or the European Commission's Standard Contractual Clauses.

Contact-form submissions are kept only for as long as necessary to respond to the request and manage any follow-up.

Order, payment, and delivery records are retained for as long as needed to perform the contract and to meet applicable accounting, tax, warranty, fraud-prevention, and dispute-handling requirements.

Temporary reservation and quote data for unpaid digital-payment flows is retained only for the active reservation period and related operational follow-up, after which it is deleted or anonymized unless a legal need requires longer retention.

Technical logs and security-related metadata are retained only for as long as reasonably necessary for security, troubleshooting, and audit purposes.

Subject to the conditions and limits in the GDPR, you may request: access to your personal data, rectification of inaccurate data, erasure of your data, restriction of processing, data portability, and the right to object to processing.

You may also lodge a complaint with the competent supervisory authority – in Romania, the National Authority for the Supervision of Personal Data Processing (ANSPDCP).

ByFavia uses reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. No internet-based service can guarantee absolute security.

The ByFavia website and checkout are not intended for children to use independently where parental consent is required by law. If ByFavia becomes aware that personal data has been collected unlawfully from a child, appropriate steps will be taken to delete it.

For any privacy-related requests or questions, please contact us at: info@byfavia.ro

ByFavia may update this policy from time to time. The latest version is always available on the website together with the effective date.