Logo

v1.0.0

© 2026 F&B Global Solution SRL

Privacy Policy

Last Updated: June 15, 2025

1. Definitions

For the purposes of this policy, the following terms shall have the meanings set forth below:

"Personal Data" means any information relating to an identified or identifiable natural person, directly or indirectly, including but not limited to name, email address, IP address, etc.;

"Processing" means any operation or set of operations performed on personal data, such as collection, recording, organization, storage, adaptation, alteration, consultation, use, disclosure by transmission, dissemination, making available, alignment, combination, restriction, erasure, or destruction thereof;

"Data Controller" means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of processing personal data (in this case, S.C. F&B GLOBAL SOLUTION SRL);

"Data Subject" means the identified or identifiable natural person to whom the personal data relates.

2. General Information

This Privacy Policy regulates the manner in which S.C. F&B GLOBAL SOLUTION SRL collects, uses, stores, and protects the personal data of users accessing the website fb-global-solutions.ro, in compliance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR), as well as the California Consumer Privacy Act (CCPA).

The Data Controller's details are as follows:

  • Name: S.C. F&B GLOBAL SOLUTION SRL
  • Registered Office: Bucharest, Sector 6, Bulevardul Iuliu Maniu, Corp 1, Office 2.11, Unit 16, 2nd Floor
  • Trade Register Number: J2024019834007/04.09.2024
  • Unique Registration Code: 50502313
  • Contact Email: [email protected]

The Controller has not appointed a Data Protection Officer (DPO); any inquiries or requests regarding data processing may be addressed to the above email.

3. Categories of Data Collected

The Controller collects the following categories of personal data:

  • Identification data: full name;
  • Contact data: email address, telephone number (optional);
  • Geographical location data: country, city, obtained via IP address or similar technologies;
  • Technical data related to device and session: device type, operating system, browser, IP address;
  • Website behavior data: accessed pages, actions taken, expressed preferences;
  • Order and booking data: purchased products or services, their value, payment methods used;
  • Marketing preferences: options related to newsletter subscription or promotional communications.

4. Methods of Data Collection

Personal data is collected by the following means:

  • Completing contact forms available on the website;
  • Completing order or booking forms;
  • Creating and using a user account on the website;
  • Subscribing to newsletters, based on the explicit consent of the Data Subject;
  • Use of cookies and similar tracking technologies (e.g., Google Analytics);
  • Automatic collection through interaction with the website (server logs, browsing sessions).

Consent for personal data processing is obtained through clear and unequivocal actions such as ticking dedicated checkboxes or submitting forms. The Data Subject has the right to withdraw consent at any time by accessing their account settings or by contacting the Controller at the specified email address.

5. Purposes of Data Processing

Personal data is processed for the following legitimate purposes:

  • Providing requested services, including processing orders and bookings, invoicing, payment processing, and delivery of products/services;
  • Direct communication with users, including responding to requests, questions, and sending notifications relevant to placed orders;
  • Marketing and advertising activities, including sending newsletters, promotional offers, and remarketing via Google Ads, subject to obtaining explicit user consent;
  • Analyzing user behavior and improving the website experience;
  • Fulfilling legal and fiscal obligations of the Controller;
  • Ensuring platform security and fraud prevention.

6. Legal Basis for Processing

Personal data processing is conducted on the basis of the following legal grounds:

  • Performance of a contract to which the Data Subject is a party (e.g., order processing);
  • Explicit consent of the Data Subject (e.g., newsletter subscription);
  • Legitimate interest of the Controller, including service improvement and fraud prevention;
  • Compliance with legal obligations incumbent upon the Controller (e.g., retention of accounting documents under fiscal law).

7. Data Transfers and Third-Party Recipients

Personal data may be disclosed and transmitted to the following third parties under confidentiality and security terms:

  • Google LLC, for web analytics and advertising purposes (Google Analytics and Google Ads), with compliance with GDPR Standard Contractual Clauses;
  • Brevo (formerly Sendinblue), for sending electronic communications and newsletters;
  • Stripe Inc., for online payment processing, in compliance with GDPR and CCPA regulations;
  • DigitalOcean, for hosting and managing IT infrastructure (servers located within the European Union).

The Controller ensures that all partners comply with legal data protection requirements and, where necessary, enters into data processing agreements with them.

The Controller expressly declares that it does not sell the personal data of users as defined by the CCPA.

Data is stored in data centers located within the European Union and, where applicable, the United States of America, in accordance with applicable legal provisions.

8. Cookies and Similar Technologies

The website uses cookies for the following purposes:

  • Functionality, including maintaining the user session;
  • Statistical analysis of traffic and user behavior (e.g., Google Analytics);
  • Marketing and remarketing (e.g., Google Ads).

Consent to the use of cookies is obtained through a banner displayed upon site access. Users may manage their cookie preferences at any time via browser settings or from their personal account, if such functionality is available.

For further details, please consult the separate Cookies Policy.

9. Data Retention Period

Personal data is retained only for the time necessary to fulfill the purposes for which it was collected, respecting applicable legal deadlines, as follows:

  • User account data - for the duration of the active account;
  • Order and invoicing data - at least 5 years, in compliance with fiscal legislation;
  • Marketing data - until consent is withdrawn or user unsubscribes;
  • Cookies - in accordance with individually established durations per the Cookies Policy.

The Controller performs regular data backups, which are securely stored and automatically deleted after 30 days.

10. Rights of the Data Subject

In accordance with GDPR and CCPA, the Data Subject is granted the following rights:

  • Right of access to personal data processed;
  • Right to rectify inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten");
  • Right to restrict processing;
  • Right to data portability;
  • Right to object to processing;
  • Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) - www.dataprotection.ro;
  • CCPA rights, including the right to know what data is collected, the right to request deletion, the right to opt-out of sale of personal information ("Do Not Sell My Personal Information"), and the right to non-discrimination.

To exercise these rights, the Data Subject may contact the Controller at: [email protected]. The Controller will respond within a maximum of 30 calendar days, with a possible extension of another 30 days in justified cases, notifying the Data Subject in advance.

11. Data Security

The Controller implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or unlawful disclosure, including encryption, access controls, and periodic audits.

12. Minors' Data

The Controller does not knowingly collect personal data from persons under 13 years of age. If it is discovered that such data has been collected, it will be deleted immediately.

13. Changes to the Privacy Policy

The Controller reserves the right to modify this policy at any time. Any changes will be communicated to users by publication on this page, with the date of the last update clearly indicated.

14. Contact

For any questions or requests regarding the processing of personal data, Data Subjects may contact the Controller at: [email protected].