Privacy Policy

We, TT AGRO MOTO SRL, take the privacy and security of the personal data of our clients, partners, and users seriously. The security of the information provided is a priority for us and an integral part of our corporate responsibility. We are committed to acting in full compliance with the provisions of Regulation (EU) No. 2016/679 (hereinafter referred to as the "Regulation" or "GDPR"), which governs the processing of personal data and its free movement within the European Union. This Privacy Policy explains what personal data we collect, how and for what purposes we process it, with whom we may share it, and the measures we take to protect it. We also inform you of your personal data protection rights and how to exercise them, ensuring transparency and trust in our relationships. TT AGRO MOTO SRL considers ensuring the right to personal data protection one of its key obligations and dedicates all necessary resources to processing data in strict compliance with the General Data Protection Regulation (GDPR) and applicable Romanian law. We are constantly improving our internal procedures and technical solutions to ensure a high level of security and confidentiality. We reserve the right to periodically update this Privacy Policy in light of changes in legislation or personal data processing practices. If changes are made, the updated version will be published on the company's official website. We recommend that you periodically review it to stay informed.

1. GENERAL PROVISIONS
1.1. This Privacy Policy governs the collection, use, storage, processing, and protection of the personal data of visitors/users of the TT AGRO MOTO SRL website (hereinafter referred to as the "Company" or "we").
1.2. We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian law.

2. DATA CONTROLLER
2.1. For the purposes of the Regulation, TT AGRO MOTO SRL is the personal data controller and has a designated data protection officer, YEVHENII KOLESNYK.
2.2. We are a Ukrainian company with 15 years of experience in the market and have been operating in Romania since 2025.
2.3. Our physical office in Romania: Strada Revoluției 14, Afumați 077010, Romania, Warehouse E3.
2.4. Legal representative: YEVHENII KOLESNYK.
2.5. Contact email: order@ttg-agro-moto.ro

3. WHAT DATA DO WE COLLECT?
3.1. We may collect and process the following categories of data: • Identification data: Full name; • Contact information: Email, phone number, delivery address; • Financial data: Payment information; • Technical data: IP address, cookies, browser and device data; • Website usage data: Order history, website actions. 3.2. Depending on the nature of your interaction with the company, we may collect different categories of information.
This includes identification data, such as your first name and last name. We also process contact information, including your email address, phone number, and postal address, to communicate with you and deliver your orders. When you place or pay for orders, we receive financial data, which may include payment method and transaction details. To ensure the technical stability of the website, we automatically collect technical data, such as your IP address, browser type and version, operating system, and the devices you use. We also use cookies and similar technologies to analyze user behavior and improve the website's usability. We may also collect website usage data, including order history, page views, and actions taken on the platform. This data helps us understand which sections of the website are most popular and how to improve the interface and functionality.
3.3. The Company does not collect excessive information and limits its processing to only that data necessary for the stated purposes. All personal data is processed confidentially, in compliance with the principles of lawfulness, fairness, and proportionality. If necessary, you may request clarification, correction, or deletion of your data in accordance with the provisions of the GDPR and this Policy.

4. DATA SOURCES
4.1. Data is provided directly by the user upon registration, placing an order, or using website functions.
4.2. Some data (IP address, cookies, website behavior) is collected automatically through analytical tools.

5. PURPOSES OF PROCESSING AND GROUNDS FOR PROCESSING
5.1. Our Company collects and processes personal data exclusively for purposes stipulated by applicable law and consistent with our activities.
5.2. The main purposes of processing include: 1. Providing our services and fulfilling contractual obligations.
We use personal data to create and administer user/client accounts, process and deliver orders, issue invoices, provide consulting support, and resolve any issues related to ordered goods or services. The legal basis for processing is the need to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract. 2. Improving the quality of service and user experience.
We strive to continually improve ourselves, the services we provide, and the interface of our website. To this end, we analyze technical data, user behavior, and visitor statistics to optimize the content and functionality. The basis for processing is our legitimate interest in developing and improving our business activities while strictly respecting your rights and freedoms. 3. Direct marketing and information about our products.
We may send you marketing messages (emails, SMS, push notifications) with offers, promotions, and recommendations that may be of interest to you. This processing is based on your prior consent, which you can revoke at any time by using the "Unsubscribe" link or by contacting us directly. 4. Fulfillment of legal obligations.
In certain cases, we are obliged to process your data to comply with tax, accounting, and other laws of Romania and the European Union. The basis for processing is fulfilling a legal obligation imposed on the company. 5. Ensuring security and preventing fraud.
We process certain technical and identification data to protect our infrastructure and prevent unauthorized access, attacks, and other threats. The basis for processing is our legitimate interest in protecting information systems and maintaining user security. 6. Protecting the Company's Rights and Legitimate Interests.
In exceptional cases, we may use or disclose information to protect our rights, property, or legitimate interests, or to comply with government requests. The basis for processing is the Company's legitimate interests and legal obligations. 5.3. If in the future we use personal data for purposes other than those specified, we will notify you in advance via our website and explain the legal basis for such processing.

6. INABILITY OR REFUSAL TO PROVIDE US WITH CERTAIN PERSONAL DATA
6.1. If you do not provide us with the requested information, you may not be able to use our website properly, and we may not be able to accept and process your request/order, which will prevent us from providing you with the goods or services you are interested in.

7. DATA RECIPIENTS
7.1. Your personal data is processed by TT AGRO MOTO SRL and may be transferred to third parties only in cases stipulated by this Privacy Policy and applicable law.
7.2. We do not transfer, sell, or disclose personal data to third parties for purposes unrelated to the provision of our services or fulfilling legal obligations.
7.3. If necessary and only to the extent required to fulfill contractual or legal obligations, we may transfer or provide access to your data to the following categories of recipients: - courier and logistics service providers who ensure the delivery of orders; - payment and banking service providers; - IT service providers, including hosting, maintenance, and data security; - marketing and analytics partners, including behavioral analytics platforms (e.g., Google Analytics, Meta/Facebook); - accounting, legal, and tax advisors with whom we have entered into confidentiality agreements; - companies participating with us in joint programs or projects to promote goods and services. 7.4. In addition, if we are legally obligated or if it is necessary to protect the company's legitimate interests, we may disclose certain data to government agencies, regulatory bodies, or supervisory authorities.
7.5. We guarantee that any access to your data is granted only to partners who ensure the appropriate level of security, confidentiality, and responsibility in accordance with the requirements of the GDPR.

8. THIRD-PARTY SERVICES USED
8.1. To ensure the stable operation of the website, analyze its performance, and improve the quality of service, we use a number of external services and technologies. These services help us understand how users interact with our website, improve functionality, optimize marketing campaigns, and ensure secure payment transactions. 8.1.1. Google Analytics
We use Google Analytics to analyze website traffic, study user behavior, and evaluate the effectiveness of our pages and advertising campaigns. This service collects anonymized technical data, such as IP address, device type, browser, geographic location, and website actions. This information helps us optimize content and improve your user experience. Data is processed in accordance with the Google Privacy Policy and EU Standard Contractual Clauses. 8.1.2. Meta (Facebook) Pixel
The Facebook Pixel allows us to track user interactions with our website after viewing ads in Meta (Facebook, Instagram). This helps us display relevant ads and measure the effectiveness of campaigns. The collected information is used solely for statistical and marketing analysis and does not contain data that directly identifies the user. 8.1.3. CRM System
We use a CRM system to manage customer data and interaction history. It helps us organize order processing, store customer information, record requests, and ensure a personalized approach when providing services. Access to the CRM is restricted to authorized employees, and data storage is protected by modern encryption. 8.1.4. Email Marketing Services
We use specialized platforms to send emails with information about orders, promotions, and news. These services allow us to manage subscriptions, ensure email deliverability, and comply with GDPR consent requirements. Users can unsubscribe at any time by using the "Unsubscribe" link in each message. 8.1.5. Payment Systems
To ensure secure online payments, we partner with authorized payment providers that comply with international data security standards (PCI DSS). They process card data exclusively for transaction processing and do not transfer it to third parties. We do not store payment card details on our servers. 8.2. We carefully select third-party services based on their reputation, compliance with EU law, and ability to provide a high level of personal data protection.

9. INTERNATIONAL DATA TRANSFERS
9.1. We currently store and process your personal data in Romania.
9.2. Personal data may be transferred outside the EU (e.g., to the United States when using cloud services).
9.3. Transfers are only made subject to appropriate data protection safeguards.

10. DATA SECURITY MEASURES
10.1. We implement technical and organizational security measures, including encryption, access restrictions, and the use of secure servers.
10.2. We attach utmost importance to the protection of personal data and implement a range of technical and organizational measures aimed at ensuring its security, integrity, and confidentiality.
10.3. Our Company adheres to the principles of the GDPR and industry information security standards to prevent unauthorized access, alteration, loss, or destruction of data.
10.4. Personal data is stored both electronically on secure servers and, if necessary, on paper (e.g., in contracts or invoices). In both cases, data is protected from unauthorized access, copying, or transfer to third parties.
10.5. Access to personal information is granted only to authorized employees who have been trained in data protection issues and have signed a confidentiality agreement.
10.6. Data transmission over the internet is carried out using modern encryption technologies and secure communication protocols.
10.7. For online payment processing, we partner only with certified payment providers that comply with international security standards.
10.8. We conduct regular infrastructure audits, update software, restrict physical access to servers, and implement protection systems against viruses and unauthorized intrusions.
10.9. Despite these measures, it is important to remember that transmitting information over the internet or other public networks cannot be completely free of risks. We cannot be held responsible for vulnerabilities in systems beyond our control. Therefore, we recommend that users exercise caution when transmitting data online and use only secure devices and connections.
10.10. Our Company, in turn, undertakes to promptly respond to any incidents related to data security and notify authorized authorities and users in accordance with GDPR requirements.

11. STORAGE PERIOD
11.1. Personal data is stored for the duration of the contract with the user, or until consent is revoked if processing is carried out on the basis of consent.
11.2. If data processing is necessary to fulfill pre-contractual or contractual obligations, we retain the data for the duration of the contract and for a reasonable period after its termination in order to resolve potential claims, fulfill warranty obligations, or comply with legal requirements.
11.3. In cases where data is processed due to a legal obligation or in the public interest, storage continues for as long as necessary to comply with statutory requirements or for as long as the relevant public interest persists.
11.4. If data is processed to protect the Company's legitimate business interests, the storage period is determined by the period necessary to realize these interests. We will cease storing such data at your request, unless we can demonstrate compelling legitimate grounds that outweigh your rights and freedoms.
11.5. If processing is based on your explicit consent, the data will be stored until it is revoked, after which it will be deleted or anonymized within the specified timeframe.
11.6. Upon expiration of the relevant retention periods, personal data will be securely deleted or anonymized so that no personal identification is possible.
11.7. In any case, the Company guarantees that personal data will not be stored longer than necessary to achieve the purposes for which it was collected.

12. USER RIGHTS
12.1. In accordance with the provisions of the Regulation and current Romanian legislation, you, as a data subject, have the following rights regarding the processing of your information: 12.1.1. Right to information - you have the right to know whether your personal data is being processed, what data is collected, for what purpose and on what basis, by whom it is being processed, for how long, and whether it is subject to automated processing that could affect you legally or in fact. 12.1.2. Right to access - you can request confirmation as to whether your data is being processed, as well as receive a copy of all personal data we hold. Access is provided free of charge unless the request is excessive or repetitive. 12.1.3. Right to rectification (updating) - You have the right to request that inaccurate personal data be corrected or that incomplete personal data be supplemented to ensure its accuracy and currency. 12.1.4. Right to erasure ("right to be forgotten") - You may request that your personal data be deleted if it is no longer necessary for the purposes for which it was collected, if you have withdrawn your consent, or if the processing is carried out in violation of the law. 12.1.5. Right to restriction of processing - in certain situations, you may request that we temporarily restrict the processing of your data, for example, where its accuracy is contested or where the processing is unlawful but you object to its erasure. 12.1.6. Right to object - you have the right to object to the processing of your personal data at any time, particularly where the processing is based on the company's legitimate interests or is used for direct marketing. 12.1.7. Right to object to automated processing and profiling - if your data is used in automated processes that may produce legal or other significant effects, you may request that your data be deleted from such systems. 12.1.8. Right to data portability - You have the right to receive your personal data in a structured, commonly used, machine-readable format and, where technically feasible, to request its direct transmission to another data controller. 12.1.9. Right to withdraw consent - If the processing of your data is based on consent, you have the right to withdraw it at any time. This withdrawal will not affect the lawfulness of any processing carried out up to that point. 12.1.10. Right to lodge a complaint and contact the company - If you wish to submit a complaint or request regarding the processing of your personal data, you can contact us using the contact details provided in this Privacy Policy. We will review your request within a reasonable time and provide an official response. 12.1.11. Third-Party Rights - We are not obligated to comply with a request if doing so could negatively impact the rights and freedoms of other data subjects. 12.2. The user also has other rights provided for by applicable law.

13. HOW TO EXERCISE YOUR RIGHTS
13.1. The User may exercise their rights under this Policy and Regulation (EU) No. 2016/679 by submitting a request in their preferred manner.
13.2. You can: • submit a request through your personal account on our website by selecting the appropriate section for personal data protection inquiries; • send a written request by email to: ek887777@icloud.com • if necessary, send a formal written request to the company's legal address specified in Section 2 "Data Controller". 13.3. All requests will be processed without undue delay, no later than 30 calendar days from their receipt.
13.4. If your request is complex or requires additional time, we will notify you of an additional 60-day extension of the processing period, in accordance with the provisions of the GDPR.
13.5. The response will be provided in an accessible and understandable form, stating the measures taken or the grounds for refusal (where required by law).

14. FINAL PROVISIONS
14.1. This Privacy Policy may be periodically updated due to changes in legislation, internal company procedures, or technologies used. The current version of the document is always posted on our official website and takes effect upon publication.
14.2. Users are advised to periodically review the Company's Privacy Policy to stay informed of possible changes and the current terms of personal data processing.
14.3. All questions, suggestions, or requests regarding this Privacy Policy and the processing of personal data can be sent to the following email address: order@ttg-agro-moto.ro