ANORMAL

Home & Living · Online Store · Romania / EU

MANDATORY LEGAL PAGE 02

Privacy Policy

GDPR (EU 2016/679) compliant personal data protection policy

Effective date: June 5, 2026 · Version 1.0 · Data controller: Anormal Popup

At Anormal Popup, we value the privacy of your personal data. This policy explains what data we process, for what purpose, on what legal basis, and your rights, in accordance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).

1. Data Controller

Data Controller

Anormal Popup

Address

Mandenmakersweg 1/102, 8531 Bavikhove, Belgium

Contact

anormallion@hotmail.com

Competent Authorities

ANSPDCP (Romania) and APD/GBA (Belgium)

2. Personal Data We Collect

  • Identity and contact: name, surname, email, phone, delivery/billing address.

  • Order and transaction: purchased products, order history, amounts.

  • Payment: transaction reference and last 4 digits of the card number only (full card data is not stored).

  • Technical: IP address, device/browser information, cookie identifiers.

  • Marketing preferences and customer service correspondence.

3. Purposes of Processing and Legal Bases (GDPR Art.6)

Purpose

Legal Basis

Order processing and delivery

Performance of a contract (Art.6/1-b)

Payment and fraud prevention

Contract + legitimate interest (Art.6/1-b,f)

Invoicing, tax, accounting obligations

Legal obligation (Art.6/1-c)

Marketing emails and newsletter

Consent (Art.6/1-a)

Site analysis and improvement

Consent / legitimate interest (Art.6/1-a,f)

4. Third Parties with Whom Data is Shared

We share your data only with business partners who are necessary for the provision of the service and are bound by GDPR-compliant contracts:

  • Payment providers: Stripe, PayPal, Mollie.

  • Shipping & logistics: FAN Courier, Sameday (domestic in Romania), DHL (international).

  • Hosting and email infrastructure providers.

  • Analytics & marketing: Google Analytics 4, Meta Pixel (only with your consent).

We do not sell your data to third parties for marketing purposes.

5. Your User Rights (GDPR Art.15-22)

  • Access, rectification, and erasure: you can access, rectify, or request the erasure ("to be forgotten") of your data.

  • Portability: you can receive your data in a structured, machine-readable format or request its transfer.

  • Objection and restriction: you can object to processing or request its restriction.

  • Withdrawal of consent and complaint: you can withdraw your consent at any time, and lodge a complaint with the supervisory authority.


How to Exercise Your Rights?

Submit your requests to anormallion@hotmail.com; they will be answered free of charge within 30 days (GDPR Art.12).

6. Data Retention and Security

  • Order/invoice records are retained for the legal period (up to 7 years); other data is deleted once the purpose ceases to exist.

  • All traffic is encrypted with SSL/TLS (HTTPS); payments are processed in compliance with PCI DSS.

  • In case of a data breach, the competent authority is notified within 72 hours (GDPR Art.33).

7. Transfer Outside the EU

Data is primarily processed within the EU/EEA. Transfers outside the EU are only made with appropriate safeguards, such as Standard Contractual Clauses (SCC) or an adequacy decision (GDPR Art.44-49).

 

Contact Us!