Privacy policy

Last updated: 31 October 2025

  1. Who we are
    This Privacy Policy describes how we collect and process your personal data when you use the BYEVAA website (byevaa.com) and the BYEVAA mobile application (together: “Services”).
    Data controller:
    SC EVA MARIA ENDLESS SRL
    Address: Str. Grădina Veche nr. 21, Galați, Romania
    Email: andreia.pop02@icloud.com

In this Policy, “we”, “us” or “our” refers to SC EVA MARIA ENDLESS SRL.

  1. What data we collect
    We may collect and process the following categories of personal data:

a) Identification and contact data

  • Name, surname

  • Billing and delivery address

  • Email address

  • Phone number

  • Company details (if you buy as a business)

b) Account data

  • Username, password (stored securely, never in plain text)

  • Order history, wishlists, saved items

  • Communication preferences

c) Order and payment data

  • Products ordered

  • Delivery method

  • Invoices and transaction details
    We do not store full card details. Payments are processed through secure payment providers.

d) Technical and usage data

  • IP address, device type, operating system, browser

  • App usage data and log files

  • Cookies and similar technologies (for analytics, security, preferences, marketing)

e) Communication data

  • Messages sent via contact forms, chat, email, social media

  • Customer support requests

f) Marketing data

  • Your consent/preferences for newsletters and promotions

  • Interactions with our emails and campaigns

  1. How we collect data

  • Directly from you (when you create an account, place an order, contact us)

  • Automatically (when you browse the website/app, via cookies and similar technologies)

  • From third parties (payment providers, delivery partners, analytics tools)

  1. Purposes and legal bases of processing
    We process your personal data only when we have a legal basis under GDPR (Art. 6 GDPR):

a) To create and manage your account

  • Legal basis: performance of a contract (Art. 6(1)(b))

b) To process and deliver your orders (webshop and app)

  • Legal basis: performance of a contract (Art. 6(1)(b))

c) To communicate with you regarding orders, deliveries, returns, complaints

  • Legal basis: performance of a contract / legitimate interest (Art. 6(1)(b), (f))

d) To issue invoices and comply with accounting/tax obligations

  • Legal basis: legal obligation (Art. 6(1)(c))

e) To improve the website/app, user experience and our products

  • Legal basis: legitimate interest (Art. 6(1)(f))

f) To send marketing communications (newsletter, offers, app push notifications)

  • Legal basis: consent (Art. 6(1)(a)) or, where applicable, legitimate interest (Art. 6(1)(f))
    You can withdraw your consent at any time.

g) To ensure security and prevent fraud/abuse

  • Legal basis: legitimate interest (Art. 6(1)(f))

  1. Cookies and similar technologies
    We use cookies and similar technologies to:

  • make the site/app work (necessary cookies)

  • remember your preferences

  • analyze traffic and performance

  • provide personalized content and ads (if you accept)
    Where required, we will ask for your consent before placing non-essential cookies. You can manage your cookie settings in your browser or in the app.

  1. Who we share your data with
    We may share personal data only on a need-to-know basis and under data protection agreements, with:

  • IT and hosting providers

  • Payment processors

  • Delivery/courier services

  • Email and marketing platforms

  • Accounting/tax consultants

  • Analytics and anti-fraud tools

  • Authorities, where the law requires it

We do not sell your personal data.

  1. International transfers
    Our main processing takes place in the EU/EEA (Romania). If we transfer data outside the EU/EEA (for example, because a service provider is located there), we will ensure an adequate level of protection, e.g. through:

  • an adequacy decision of the European Commission, or

  • Standard Contractual Clauses (SCCs)
    You can request more information about these safeguards.

  1. How long we keep your data
    We keep personal data only for as long as it is necessary for the purposes listed above:

  • Account data: as long as your account is active

  • Order/invoice data: according to Romanian legal and tax rules (usually 5–10 years)

  • Customer service communication: usually up to 2 years

  • Marketing data: until you withdraw consent or object
    After the retention period, data will be deleted or anonymized.

  1. Your rights under GDPR
    As a data subject, you have the following rights:

  • Right of access: to know what data we process about you

  • Right to rectification: to correct inaccurate or incomplete data

  • Right to erasure (“right to be forgotten”): in cases provided by law

  • Right to restriction of processing

  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format

  • Right to object: you can object at any time to processing based on legitimate interest or to direct marketing

  • Right to withdraw consent: when processing is based on consent, you can withdraw it at any time (this will not affect processing done before withdrawal)

To exercise your rights, please contact us at: andreia.pop02@icloud.com.
We may need to verify your identity before responding.

  1. Children
    Our Services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us data, please contact us and we will delete it.

  2. Security
    We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. However, no system is 100% secure.

  3. Third-party links
    Our website/app may contain links to other websites or services. We are not responsible for their privacy practices. We recommend reading their privacy policies.

  4. App-specific notes
    When you use the BYEVAA mobile application, we may collect additional technical data (device ID, app version, notification tokens) to provide push notifications, app updates and to ensure proper functioning. You can disable notifications from your device settings.

  5. Contact and complaints
    If you have any questions or requests regarding this Policy or the way we process your data, please contact:
    SC EVA MARIA ENDLESS SRL
    Str. Grădina Veche nr. 21, Galați, Romania
    Email: andreia.pop02@icloud.com

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or with your local supervisory authority in the EU.

  1. Changes to this Policy
    We may update this Privacy Policy from time to time, for example if the law changes or if we add new features. The updated version will be published on byevaa.com and in the app, with a new “Last updated” date. Please check it periodically.