Privacy Policy
Last updated: 2 July 2026
This policy explains how the operator of the Aeris store (“we”) processes personal data in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and Romanian Law 190/2018.
1. Controller
The Aeris store is operated from Romania. Contact for privacy matters: privacy@aeris-cool.com. Full legal-entity and registered-address details are provided on request and on every order invoice.
2. What data we collect
- Order data: name, shipping and billing address, email, phone, order contents.
- Payment data: handled by our payment processors (Shopify Payments, and any card network involved); we receive a confirmation and the last 4 digits, not the full card number.
- Support data: emails and messages you send us.
- Technical data: IP address, device and browser information, pages viewed, referrer, timestamps.
- Cookie data: see the Cookie Policy.
3. Why we process it (legal bases)
- Contract (Art. 6(1)(b) GDPR): to process your order, deliver the product, handle returns and warranty.
- Legal obligation (Art. 6(1)(c)): tax and accounting records, consumer-protection duties.
- Legitimate interest (Art. 6(1)(f)): fraud prevention, network and site security, aggregate analytics.
- Consent (Art. 6(1)(a)): marketing emails, non-essential cookies. You can withdraw consent at any time.
4. Who we share it with (processors)
We rely on the following service providers, each acting as a processor under a data-processing agreement:
- Shopify Inc. — e-commerce platform, order and payment processing.
- Zendrop — product fulfilment and supplier logistics.
- Shipping carriers — the courier chosen for your delivery (name and address are shared with them).
- Email provider — Shopify Email (transactional order emails) and, only with your explicit opt-in, Shopify Email marketing lists for order and (with consent) marketing emails.
- Analytics — Shopify Analytics for aggregated store performance data (no third-party analytics such as Google Analytics or Meta Pixel are enabled).
Some of these providers are established outside the EEA (e.g. the United States). Transfers rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
5. How long we keep it
- Order and invoicing records: as long as required by Romanian tax law (currently 10 years for accounting documents).
- Support conversations: up to 3 years after last contact.
- Marketing consents: until you unsubscribe or object.
- Technical logs: typically up to 12 months.
6. Your rights
Under the GDPR you can, at any time, request: access to your data, correction, deletion, restriction, portability, and object to processing based on legitimate interest. You can also withdraw consent for marketing. Contact privacy@aeris-cool.com. You have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP, dataprotection.ro).
7. Children
The Shop is not directed to children under 16 and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.
8. Security
The Shop runs on Shopify's PCI-DSS-certified infrastructure with TLS encryption in transit. We restrict access to personal data to what is necessary to run the Shop.
9. Changes
We may update this policy; the current version is always available at this URL.
