This Privacy Policy aims to inform you about the processing of personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation ‒ GDPR), specifying the type, scope, and purpose of personal data processing on our website.

I. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by identifiers such as name, identification number, location data, online identifier, or one or more specific characteristics of physical, physiological, genetic, mental, economic, cultural, or social identity.

  • Processing of Personal Data: Any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, comparison, linking, restriction, erasure, or destruction.

  • Data Controller: The natural or legal person, public authority, agency, or other body which determines the purposes and means of processing personal data.

  • Recipient: A natural or legal person, public authority, agency, or other body to whom personal data is disclosed. Public authorities acting in the context of a specific investigation are not considered recipients.

II. General Information

Company: MBK-AL GROUP SRL
Office Address: Calea Baciului 2 -4 , Cluj, Romania 
Factory Address: Calea Baciului 2 -4 , Cluj, Romania
Phone: (+40) 743 434 323
Email: office@joinerybydesign.eu

Legal Basis for Processing:
We process personal data based on at least one of the following legal bases:

  1. Consent of the data subject (Art. 6(1)(a) GDPR)

  2. Necessity for performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)

  3. Compliance with a legal obligation (Art. 6(1)(c) GDPR)

  4. Protection of vital interests (Art. 6(1)(d) GDPR)

  5. Legitimate interests pursued by the controller or third parties (Art. 6(1)(f) GDPR)

Data Transfer to Third Parties:
Personal data is shared only when necessary and under one of these conditions: consent, contractual necessity, legal obligation, or protection of legitimate interests.

Transfers Outside the EU/EEA:
Any transfer is subject to GDPR-compliant safeguards. Some services may transfer data to the U.S., which may involve a risk of access by U.S. authorities.

Data Subject Rights:

  • Access, rectification, deletion, restriction, objection, data portability

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

Deletion and Restriction:
Data is deleted or restricted when no longer necessary unless legal obligations require retention (commercial/fiscal documents retained for 6–10 years).

III. Specific Processing Operations

  1. Hosting Services:
    Data is processed by our hosting provider based on our legitimate interest in operating the website securely and efficiently.

  2. Access Data & Log Files:

    • IP address, date/time, requested file, referring website, browser, OS, status codes, data volume, ISP

    • Purposes: site operation, smooth connection, security, anonymous statistics

  3. General Contact Options:
    Data sent via email or contact form is processed for responding to inquiries.

  4. Contact Form:
    Name and email are required; other fields are optional. Processing is based on consent (Art. 6(1)(a) GDPR).

  5. Direct Email Marketing:
    Customer emails may be used for direct marketing of similar products/services unless objection is raised (Art. 6(1)(f) GDPR).

  6. Review Reminders:
    Emails may be sent for purchase reviews based on consent (Art. 6(1)(a) GDPR).

  7. Newsletter:
    Emails are collected via double opt-in. Tracking pixel is used for open/click statistics. Data is not shared with third parties.

  8. Contract Data:
    Necessary personal and payment data collected for pre-contractual or contractual purposes. Shared only with banks, payment, and shipping providers.

  9. Installation Services:
    Personal data may be shared with external installation service providers and deleted after completion, unless required for documentation.

IV. Statistics & Analysis

  1. Facebook Pixel:
    Used for ad targeting and statistical analysis. Data transfer to the U.S. is based on consent (Art. 6(1)(a) & Art. 49(1)(a) GDPR).

  2. Google Services:
    Includes Google Analytics, Ads Remarketing, AdWords Conversion Tracking, and Google Maps. Data may be transferred to the U.S. Consent is required for processing and transfer. Users can opt-out via browser settings or relevant Google tools.

  3. YouTube:
    Embedded content tracks user interaction and IP addresses. Data may be transferred to the U.S. Users can prevent association with their YouTube account by logging out.

V. Social Media Plugins

Plugins enable interaction with social networks (like, share, comment). Data may be transferred to the U.S. and stored there. We use a two-click solution to activate plugins only after user confirmation. Consent is required for processing and transfer.

Contact for Data Protection:
Email: marketing@joinerybydesign.eu