GDPR Rights - Tooluxe Home

Your GDPR Rights

Your data protection rights under the General Data Protection Regulation

πŸ‡ͺπŸ‡Ί What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive European privacy law that gives you control over your personal data. As a EU registered business, Tooluxe Home SRL is fully committed to protecting your privacy and ensuring you can exercise all your rights.

Your rights are guaranteed and completely free to exercise. We will never charge you for accessing, correcting, or deleting your personal data.

Your Eight Fundamental GDPR Rights

πŸ” Right of Access

What it means: You can request a copy of all personal data we hold about you, including how it's used, where it came from, and who we share it with.

Response time: 30 days (free of charge)

What you'll receive: Complete data export, processing purposes, legal basis, and retention periods

✏️ Right to Rectification

What it means: You can ask us to correct or complete any inaccurate or incomplete personal data we have about you.

Response time: 30 days (immediate for urgent corrections)

Examples: Update address, correct name spelling, add missing information

πŸ—‘οΈ Right to Erasure ("Right to be Forgotten")

What it means: You can request deletion of your personal data when there's no compelling reason for us to continue processing it.

Limitations: We may keep data required by law (invoices, tax records) for legal compliance

Process: Account deletion, data anonymization, or complete removal

⏸️ Right to Restrict Processing

What it means: You can ask us to limit how we process your data while disputes are resolved or accuracy is verified.

Effect: We store but don't actively use your data

When available: During accuracy disputes, legal challenges, or when processing is unlawful

πŸ“„ Right to Data Portability

What it means: You can receive your data in a structured, machine-readable format to transfer to another service.

Format: JSON, CSV, or XML files

Scope: Data you provided to us directly and data processed by automated means

🚫 Right to Object

What it means: You can object to processing based on legitimate interests, direct marketing, or for research/statistical purposes.

Marketing: Absolute right to stop all marketing communications

Other processing: We must stop unless we have compelling legitimate grounds

πŸ€– Rights Related to Automated Decision-Making

Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or significant effects.

Our practice: We don't make automated decisions that significantly affect you without human oversight.

πŸ”„ Right to Withdraw Consent

Easy withdrawal: Where processing is based on consent, you can withdraw it at any time, as easily as you gave it.

Effect: Withdrawal doesn't affect past processing but stops future processing based on that consent.

How to Exercise Your Rights

πŸ“ Submit a GDPR Request

Use this form to exercise any of your GDPR rights. We'll respond within 30 days and verify your identity for security.

Request Processing Timeline

1

Request Received

We acknowledge your request within 72 hours and assign a unique reference number for tracking.

2

Identity Verification (1-3 days)

We verify your identity to protect your privacy and prevent unauthorized access to personal data.

3

Data Processing (5-25 days)

We locate, compile, and review all relevant data. Complex requests may take longer but we'll keep you informed.

4

Response Delivery (Within 30 days)

We provide a complete response to your request. For complex cases, we may extend by 60 days with explanation.

Special Circumstances

βš–οΈ When We Cannot Fulfill Requests

There are limited circumstances where we may not be able to fulfill your request:

  • Legal Requirements: We must retain some data for tax, accounting, or legal compliance (e.g., invoices for 10 years)
  • Legitimate Interests: When our legitimate business interests override your rights (rare and carefully assessed)
  • Third Party Rights: When fulfilling your request would harm others' privacy or rights
  • Impossible/Disproportionate: When the request is technically impossible or would require disproportionate effort

We will always explain our reasoning and inform you of alternative options.

πŸ”’ Identity Verification Process

To protect your privacy, we may need to verify your identity before processing requests:

  • Low Risk Requests: Email verification may be sufficient
  • High Risk Requests: Additional documentation may be required
  • Account Access: Login to your account for automatic verification
  • Sensitive Data: Enhanced verification for deletion or portability requests

Complaints and Enforcement

πŸ“ž Contact Our Data Protection Officer

Data Protection Officer:

πŸ“§ dpo@tooluxehome.shop

πŸ“ž +40 721 345 678

πŸ“ Calea Vitan 225, BucureΘ™ti 077085, Romania

Response Times:

β€’ Email: Within 24 hours

β€’ Phone: Business hours (9:00-18:00)

β€’ GDPR Requests: Within 30 days

β€’ Urgent Issues: Same day

πŸ›οΈ Romanian Supervisory Authority

You have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP):

Website: www.dataprotection.ro

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania

Email: anspdcp@dataprotection.ro

Phone: +40 21 252 5599

βš–οΈ Legal Remedies

If you're not satisfied with our response or the supervisory authority's handling, you have the right to:

  • Judicial Remedy: Seek court action against our data processing decisions
  • Compensation: Claim damages for material or non-material harm caused by GDPR violations
  • Legal Representation: Authorize consumer organizations to act on your behalf
  • EU Wide Protection: Lodge complaints in any EU member state where you reside or work

Frequently Asked Questions

Is exercising my GDPR rights free?

Yes, absolutely. We will never charge you for exercising your GDPR rights. All requests are processed free of charge.

How long do you keep my data?

We keep different types of data for different periods: order data (10 years for legal compliance), marketing data (until consent withdrawn), analytics data (26 months). See our Privacy Policy for complete details.

Can I request data deletion while keeping my account?

Yes, you can request deletion of specific data categories while keeping your account active. We'll work with you to find the best solution for your needs.

What if I'm not satisfied with your response?

You can contact our DPO for escalation, file a complaint with the Romanian Data Protection Authority, or seek judicial remedy through Romanian courts.

Do these rights apply if I'm not an EU resident?

GDPR rights apply to anyone whose data is processed by EU businesses, regardless of residence. We extend the same privacy protections to all our customers worldwide.

Tooluxe Home SRL | VAT: RO45123456 | EU Registered Business

GDPR Compliant Since Day One | Your Privacy is Our Priority

Questions about your rights? Contact us anytime at dpo@tooluxehome.shop

Tooluxe Home Footer

Β© 2024 Tooluxe Home SRL - All Rights Reserved

Website: tooluxehome.shop

All prices include VAT | Registered in Romania

Scroll to Top