Privacy policy

Legal disclaimer

Complies with Regulation (EU) 2016/679 (GDPR) Law of the Republic of Moldova No. 133/2011 on the protection of personal data

Effective date: 20.04.2026
Last update: 23.05.2026

1. Data Controller

Name: Envie By Nica
Legal form: Self-employed person
Country of registration: France
Registration number (SIRET): 10392244900014
Address: 9B Rue De La Justice 94190 Villeneuve-Saint-Georges
Email contact: info@enviebynica.com and enviebynica@gmail.com
Website: www.enviebynica.com

For the purposes of the GDPR, we are the controller of personal data collected through this site. Although the company is registered in France, the site also addresses consumers in Romania and the Republic of Moldova, therefore this policy is also written in Romanian.

2. What data do we collect and why?
2.1 Data collected for order processing

When you place an order, we collect:

Name and surname;
Date, month, year of birth;
Delivery and billing address;
Email address;
Order history.

Legal basis: art. 6 para. (1) lit. (b) GDPR — performance of a contract to which the data subject is a party.
Storage duration: 5 years from the date of the last order, in accordance with legal accounting and tax obligations (French Commercial Code, art. L123-22).

2.2 Data collected for online payment (Stripe or PayPal)

Plățile cu cardul sunt procesate exclusiv prin Stripe Payments Europe, Ltd., procesator de plăți certificat PCI-DSS, înregistrat în Irlanda (UE). Noi nu stocăm și nu avem acces la datele cardului dumneavoastră (număr card, CVV, dată expirare). Stripe colectează și procesează aceste date în nume propriu, conform propriei politici disponibile la: https://stripe.com/fr/privacy

PayPal Payments – pentru procesarea plăților online efectuate prin PayPal. Datele necesare procesării tranzacțiilor, precum numele, adresa de email, adresa de facturare și informațiile de plată, pot fi transmise către PayPal în conformitate cu politica lor de confidențialitate disponibile la: securepayments.paypal.com

Temeiul juridic: art. 6 alin. (1) lit. (b) GDPR — executarea contractului.

2.3 Data collected for post-order communications

Technical session data (necessary for the functioning of the shopping cart);
IP address (anonymized);
Browser and device type.

Legal basis: art. 6 para. (1) lit. (f) GDPR — legitimate interest in the technical functioning of the website.

3. What data do we NOT collect?

We do not collect or process:

Health data;
Data on racial or ethnic origin;
Data of minors under 15 years of age — threshold applicable in France according to art. 8 GDPR;
Biometric or genetic data;
Passwords in readable format.

4. Who we share your data with

Your data may be transmitted exclusively to:

Courier and delivery services — for the delivery of orders (name, address, phone). They act as data processors and are contractually obligated to protect the data.

Stripe Payments Europe, Ltd . — for card payment processing. Headquarters: Dublin, Ireland (EU/EEA state). PCI-DSS Level 1 certified.

PayPal Payments – for processing online payments made through PayPal. Data necessary to process transactions, such as name, email address, billing address and payment information, may be transmitted to PayPal in accordance with their privacy policy.

Public authorities — exclusively when we are legally obliged to do so (e.g. French tax authorities — DGFiP, courts).

We do not sell, rent or transfer your data to any third party for commercial or advertising purposes.

5. International data transfers

Stripe Payments Europe is registered in Ireland and operates within the EU/EEA. Payment data is not transferred outside the European Economic Area without the safeguards provided for in the GDPR (Chapter V).

Payments processed through PayPal Payments may involve the transfer of your personal data outside the European Economic Area. PayPal Payments complies with the requirements of the GDPR and uses appropriate legal mechanisms to protect data transferred internationally, including standard contractual clauses approved by the European Commission.

We do not transfer your data outside the EU/EEA through any other mechanism.

6. Your rights

According to the GDPR, you have the following rights, which you can exercise free of charge by email at info@enviebynica.com or enviebynica@gmail.com:

Right of access (art. 15) — you can request a copy of the data we hold about you.

Right to rectification (art. 16) — you can request the correction of inaccurate or incomplete data.

Right to erasure (art. 17) — you can request the deletion of data, except in cases where storage is required by a legal obligation (e.g. accounting data).

Right to restriction of processing (art. 18) — you can request the restriction of data processing in certain circumstances.

Right to data portability (art. 20) — you can request your data in a structured, machine-readable format.

Right to object (art. 21) — you can object to processing based on our legitimate interest.

The right not to be subject to automated decision-making (art. 22) — we do not make automated decisions with legal effects based solely on the profiling of your data.

Response time: We will respond within 30 calendar days . In complex cases, the deadline may be extended by an additional 60 days, with your prior notice.

7. Right to file a complaint

Our company is registered in France, therefore the main supervisory authority is the CNIL :

CNIL — Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Website: www.cnil.fr | Phone: +33 1 53 73 22 22

Customers from other EU countries also have the right to contact the supervisory authority in their own country of residence:

Clients in Romania : ANSPDCP — www.dataprotection.ro

Clients from the Republic of Moldova : National Center for Personal Data Protection — www.datepersonale.md

Full list of EU authorities: https://edpb.europa.eu/about-edpb/board/members_ro
We encourage you to contact us directly before any formal complaint, in order to resolve the situation amicably.

8. Data security

Aplicăm măsuri tehnice și organizatorice adecvate, inclusiv:

Conexiune criptată HTTPS/TLS pe întreg site-ul;
Acces restricționat la date — doar personalul cu atribuții directe;
Parteneri de procesare a plăților cu certificare PCI-DSS;
Revizuire periodică a măsurilor de securitate.

În cazul unui incident de securitate, veți fi notificați în termen de 72 de ore de la constatare, conform art. 34 GDPR, dacă incidentul prezintă un risc ridicat pentru drepturile dumneavoastră.

9. Cookies

We only use cookies that are strictly necessary for the operation of the site (session, shopping cart). We do not use tracking, advertising or behavioral analysis cookies.

Consent is not required for strictly necessary cookies, according to Directive 2002/58/EC (ePrivacy) and CNIL recommendations.

If we introduce optional cookies in the future, we will implement a consent banner in accordance with CNIL requirements.

10. Policy changes

Any significant change will be communicated through:

Notice visible on the website at least 15 days before entry into force;
Email to customers with active orders if the change directly affects them.

The date of the last modification is indicated at the beginning of this document. Previous versions can be requested by email.

11. Contacts

Email: info@enviebynica.com and enviebynica@gmail.com
Postal address: 9B Rue De La Justice 94190 Villeneuve-Saint-Georges
Response schedule: Monday–Friday, 09:00–18:00 (we respond within a maximum 30 days)

Version 2025 — Complies with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC (ePrivacy), applicable French legislation (Loi Informatique et Libertés) and Law of the Republic of Moldova No. 133/2011 on the protection of personal data.