Privacy Policy

Who are we?

The address of the website is:

We’re S.C. BIOFLORA APUSENI S.R.L. (hereinafter referred to as “”, “BIOFLORA APUSENI or “we”), a Romanian company based in str. Cimitirului, nr. 21, com. Sâncel, jud. Alba, unique registration code RO27659357, no. registration with the Trade Register J01/31/2018.

The content below is very important and needs to be taken to understand why we need certain personal data to be able to provide certain products or services. We are trying to provide an easy understanding of existing European legislation, as well as its link with, or in interacting with the online environment in general.

Since we ask you to provide us with information about you, it becomes mandatory for us to tell you how we use this data, what rights you have in connection with it, how we process it, and especially what rights you have to understand and control this volume of personal data.

It’s not a gratuitous statement. And neither covered. We really take your legislation and especially your rights seriously. You chose to give us the data, which means it’s our duty to keep it, to secure it, to use it only in your interest, relative to the relationship with our website. Meaning that if you want to change or delete them from the, you can do this very simply. You can convince yourself that we really care about you and what you’re sending us.

We begin by declaring the content of this page as transparent as possible on the concepts, ideas, actions and obligations of both parties, as well as many other things to help you understand how certain things happen and how you can tell us what you would like to improve.

What is personal data?

“Personal data”, according to the GDPR, means any information concerning an identified or identifiable natural person (‘data subject’). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier or to one or more specific elements specific to his physical, physiological, genetic, mental, economic, cultural or social identity.

The GDPR does not oblige a list of personal data to be made because one date may be in a given personal context and in another context – simply information with no personal data value.

Here are some examples of personal data:

  • the name;
  • the domicile or residence of someone;
  • an email address (including addresses);
  • ID number, passport or iD card;
  • location data (e.g. location data function available on a mobile phone)*;
  • an IP;
  • a cookie ID;
  • silhouette of someone in the CCTV recordings;
  • a car registration number;

For example, let’s look at cases where information can be a personal date or not: let’s say that a person finds an envelope that says “Lăpușneanu”, without any other information, then that information is impossible to relate to a particular person. If, however, someone finds an envelope that says “Popescu” and “str. Ciresarii nr. 32”, then someone, if they were to search and manage to piece together information (including by searching for localities that have addresses containing str. Ciresarii and No. 32, then through discussions with block or street administrators), could reach a list of identifiable persons with the name or surname Popescu living at this address. Thus, the information becomes personal because it relates to an identifiable person.

As you can see, the definition of personal data also contains several important elements:

  1. Personal data relates to information on natural persons, not legal persons. The distinction is important because, for example, the registration number of the Trade Register, the Tax Code or other identification elements of some companies are not personal data. Moreover, when an email address or phone number clearly targets a legal person (e.g. emails office@ or phones from a company’s public call center), then we are not talking about personal data.
  2. It does not matter whether the processing of such personal data is done by means of an automatic system or by means of a non-automated system (e.g. manual processing), whether it is part of a structured data-recording system. The only important thing is that we’re talking about processing such a type of data.

More information for understanding what personal data is can be obtained by reading Opinion No. 4 of 2007 on the concept of personal data, issued by the Article 29 Working Group.

By simplifying the above definition, we could conclude that personal data means data that refers to a living person that can be identified:

  1. using this data; Or
  2. data and using additional information that is or may be in the possession of the data controller.

Do we collect personal data (and why)? collects personal data:

  1. Information provided directly by you through forms (for example, as a result of registration as a member, as a result of requesting a service, as a result of subscribing to newsletters).
  2. Information we get when using our services (for example, we process the history of your interactions with our newsletters so that we can understand and limit newsletters to those that interest you).

As you visit our site, we will follow:

  • Products you’ve seen: We’ll use this to show you, for example, the products you’ve recently viewed
  • Location, IP address and navigator type: We will use them for various purposes, such as tax estimate (taxes) and delivery
  • Delivery address: We’ll ask you to enter it, so we can estimate, for example, where delivery needs to be made before you place an order and send it to you!
  • Products you’ve added to Favorites. We will use them to show this basket to other users later.
  • Favorites list: We monitor the creation of lists and make them visible to the staff of the online store. We also use cookies to track the content of Favorite lists while browsing.

We will also use cookies to track the contents of your cart while browsing our site.

When you buy from us, we will ask you to provide information, including your name, billing address, delivery address, email address, phone number, credit card/payment details, and optional account information, such as your username and password. We will use this information for several purposes, such as:

  • We send you information about your account and your order
  • We respond to your requests, including refunds and complaints
  • We process payments and prevent fraud
  • We start your account for our store
  • We comply with all legal obligations we have, such as calculating taxes (taxes)
  • We improve our store offerings
  • We send you marketing messages if you choose to receive them

If you create an account, we’ll store your name, address, email and phone number, which will be used when future orders are completed.

In general, we store information about you for as long as we need it for the purposes for which we collect and use it, but we do not keep it unless legally binding. For example, we will store order information for 5 years for tax and accounting purposes. They include your name, email address and billing and delivery addresses.

We’ll also store comments or reviews if you choose to leave them.

Who has access to our team

Our team members have access to the information you provide to us. For example, both managers and store managers can access:

  • Order information, such as what was purchased, when it was purchased, and where the purchases were sent, and
  • Customer information, such as name, email address, and billing and delivery information.

Our team members have access to this information to help fulfill orders, process refunds, and provide you with support.

Information provided directly by you

If you leave comments

When visitors leave comments on the, data is collected from the comment forms as well as the visitor’s IP address.

If you post photos

Sometimes we ask you to upload your photos to our website. Great attention when uploading images that included embedded location data (EXIF GPS). The information can be downloaded and extracted from the images on the We recommend that this information not be included, as it is not useful to us, except in exceptional cases, in which case we will contact you in person.

If you send links

Sometimes we ask that you send certain links to give us an idea of the level of customization of a product/service. This link will be associated with your account and use it will use us to choose the right solution for your chosen product/service and to understand your needs/requirements.

Contact forms

These include fields such as your name, email address, mobile phone number, access password, details of your company’s head office dates, products or services you want to benefit from, etc.

We use this data to allow you access to the site and to be able to deliver the products or services you have chosen to receive (newsletter, comment on articles, etc.). The legal basis for this processing is the entry and performance of a contract to which you are a party (whenever you carry out the above operations, you agree to the terms and conditions of the provision of those services).

Messages also gives you the opportunity to send us a message. The data you send following the use of this contact option is processed based on our legitimate interest in responding to your request. and/or keep a record of your complaint, request for advice and the like. This data is stored for 5 years.

Information obtained by us


More information about cookies can be found on the Cookie Policy page.

Cookie control

Once you’ve given your consent to the submission of cookies, you can remove or reject them from your browser settings. at any time. We inform you that such action could affect the availability and functionality of the site. For more information about cookie control, check your browser or device settings for how you can control or reject cookies, or go to the following links:

Apple Safari

Google Chrome

Microsoft Edge

Microsoft Internet Explorer

Mozilla Firefox


Android (Chrome)


Iphone or Ipad (Chrome)

Iphone or Ipad (Safari)

You can also opt out of third-party cookies with the Network Advertising Opt-out Tool.

Content embedded from other web sites

Items in this site may include embedded content (for example, videos, pictures, articles, etc.). Content embedded from other Web sites behaves exactly the same as visitors have viewed another Web site.

These web sites may collect data about you, use cookies, incorporate additional tracking from third parties, and monitor your interaction with embedded content, including tracking your interaction with embedded content, and If you have an account and are logged into that Web site.

Who we share your data with uses the services of the following third parties for functionality, analysis and advertising purposes. These third parties may set and use cookies and/or similar technologies on websites and applications used by portides, as well as on websites and in applications other than those operated by

More information about cookies can be found on the Cookie Policy page.

How long do we keep your data

More information about cookies can be found on the Cookie Policy page.

What rights do you have on your data

More information about cookies can be found on the Cookie Policy page.

Where we send your data

Visitors ‘ comments can be verified through an automated spam detection service.

Your contact information

For questions and/or comments regarding our cookie policy and this statement, please contact us using the following contact details:


AMENDMENT OF THE CONFIDENTIALITY POLICY reserves the right to modify or replace the Privacy Policy at any time on a discretionary basis. Any changes will be published on the Site so that you always have access to the information we collect, how we use it, and under what circumstances we disclose it, if any. Any such change, significant or otherwise, will take effect with immediate effect on the date of publication on the Site.