GDPR & Data Protection

Effective Date: 23.06.2025

Data Controller

Nocturna Frames is the data controller responsible for your personal data under GDPR (EU Regulation 2016/679).

Legal Bases for Processing

We process your personal data only when there is a valid legal basis:

• Contract performance (e.g., order processing, delivery, support);

• Legitimate interests (e.g., improving our service and marketing—after balancing your rights);

• Legal obligations (e.g., tax and accounting laws);

• Consent, when explicitly granted (e.g., for newsletters).

What We Collect & Why

Types of data

• Identity & contact info: name, email, shipping/billing address, phone (to process orders and provide support).

• Payment details: typically processed through third-party payment processors—Nocturna Frames does not store full card details.

• Technical data: IP address, browser type, browsing activity (via cookies) to enhance user experience and security.

• Marketing data: communications preferences (for newsletter, special offers).

Why we collect it

• To fulfill contracts (e.g., deliver products);

• To comply with legal obligations;

• To improve our platform, analyse usage trends, and protect against fraud;

• To communicate with you (e.g., order confirmation, updates, promotional emails when consented).

How We Share & Transfer Your Data

• Service Providers: couriers, payment processors, hosting and analytics platforms operate under data processing agreements.

• Legal compliance: with authorities when required (e.g., tax inspections).

• Business transfers: in cases of assets or business mergers.

• No sale of personal data to third parties.

Data transfers outside the EEA (e.g., to payment providers) are covered by EU standard contractual clauses or adequacy decisions.

Your Rights

Under GDPR you have the right to:

• Access your data;

• Rectify inaccuracies;

• Erase data (“right to be forgotten”);

• Restrict/change processing;

• Withdraw consent at any time;

• Data portability (receive your data in a usable format);

• Lodge a complaint with a supervisory authority (e.g., ANSPDCP in Romania).

To exercise any rights, contact us at office@nocturnaframes.com

Data Retention

We retain your personal data only as long as needed:

• Transactional data: 5 years (for legal purposes);

• Marketing data: until consent is withdrawn;

• Technical logs: limited to necessary retention periods per law.

Cookies & Tracking

We use cookies for:

• Essential site functionality;

• Analytics and performance improvement (Google Analytics, etc.);

• Marketing and retargeting, if you’ve opted in.

You can manage cookie preferences via our banner or browser settings.

Security Measures

We implement appropriate technical and organizational measures—encryption, access controls, secure servers—to protect personal data against accidental loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Updates to this Section

We may modify this GDPR section occasionally. Changes will be flagged with the date.