Skip to content

Privacy Policy

Last updated: May 20, 2026

1. Who We Are

The website creative-side.ro is operated by:

MIND CANVAS S.R.L. acts as the data controller within the meaning of Regulation (EU) 2016/679 (GDPR). For any questions regarding the processing of personal data, you may contact us at office@creative-side.ro (data protection contact person).

2. What Personal Data We Collect

2.1. Account Data

When you create an account on our website (WooCommerce account), we collect:

  • First and last name
  • Email address
  • Phone number (optional)
  • Account password (stored in encrypted form)

2.2. Billing Data

For the purpose of issuing tax invoices, we collect:

  • Full name or company name
  • Billing address
  • Tax identification number (CUI) — for legal entities
  • Trade register number — for legal entities

2.3. Order Data

When you place an order, we record:

  • Products or services purchased
  • Order history
  • Payment method used (without storing card details — these are processed exclusively by Stripe)
  • Date and time of the transaction

2.4. Technical Data

When you access the website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited, visit duration, traffic source
  • Data collected through Google Analytics 4 and cookies (see GDPR & Cookies Policy)

2.5. Contact Form Data

When you contact us through the website form, we collect:

  • Name
  • Email address
  • Content of the message submitted

2.6. Chatbot Data (Singularity)

If you use the Singularity Woo AI Chat chatbot on a Creative Side client's website:

  • Conversations with the AI assistant are stored on the client's server that operates the respective website, not on MIND CANVAS S.R.L.'s servers.
  • MIND CANVAS S.R.L. does not have access to end-user conversations with the chatbot installed on clients' websites.
  • For details on data processing through the chatbot, please refer to the privacy policy of the website on which you are using the chatbot.

3. Why We Collect Data (GDPR Legal Bases)

We process your personal data on the basis of the following legal grounds, in accordance with art. 6 of Regulation (EU) 2016/679:

3.1. Performance of a Contract — art. 6 (1) (b)

  • Processing orders and delivering digital products
  • Providing web development, maintenance, and SEO services
  • Managing your customer account
  • Communication related to orders and ongoing projects
  • Providing post-purchase technical support

3.2. Legitimate Interest — art. 6 (1) (f)

  • Improving our services and the website experience
  • Ensuring website security and preventing fraud
  • Statistical analysis of traffic and browsing behavior (in aggregated form)
  • Responding to inquiries submitted through the contact form

3.3. Consent — art. 6 (1) (a)

  • Enabling analytics cookies (Google Analytics 4) — only with your express consent
  • Sending commercial communications (newsletter) — only if you have voluntarily subscribed

Consent may be withdrawn at any time, without affecting the lawfulness of processing carried out before the withdrawal.

3.4. Legal Obligation — art. 6 (1) (c)

  • Issuing and retaining tax invoices (fiscal and accounting legislation)
  • Mandatory accounting records (Accounting Law No. 82/1991)
  • Responding to requests from competent authorities

4. How Long We Retain Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data Category Retention Period Legal Basis
Account data While the account is active + 3 years from last activity Performance of contract
Billing data 10 years from the date of invoice issuance Legal fiscal obligation
Order data 10 years (associated with invoices) Legal obligation
Analytics data (Google Analytics) 14 months Consent
Contact form data 2 years from last communication Legitimate interest
Chatbot conversations On the client's server (not ours) Not applicable

Upon expiration of the retention period, data is deleted or irreversibly anonymized.

5. Who We Share Data With

Your data may be shared with the following third parties, exclusively for the purpose of providing our services:

Recipient Purpose Location / Safeguards
Stripe, Inc. Card payment processing EU / USA — Standard Contractual Clauses (SCC), DPF certification
Google LLC (Google Analytics 4) Anonymous website traffic analysis EU / USA — Standard Contractual Clauses (SCC)
Hosting providers (Hetzner / DigitalOcean) Website and data hosting EU (Germany / Netherlands)
Authorized accountant Accounting and tax records Romania

We do not sell, rent, or share your data with third parties for marketing purposes.

We do not carry out automated profiling and do not make automated decisions that significantly affect you.

6. Your Rights (GDPR art. 15-22)

As a data subject, you have the following rights guaranteed by Regulation (EU) 2016/679:

6.1. Right of Access (art. 15)

You have the right to obtain confirmation that we process data concerning you and to request a copy of such data.

6.2. Right to Rectification (art. 16)

You have the right to request the correction of inaccurate data or the completion of incomplete data.

6.3. Right to Erasure — "Right to Be Forgotten" (art. 17)

You have the right to request the deletion of your data, under the conditions provided by law. This right does not apply when data retention is necessary to comply with a legal obligation (e.g., billing data — 10 years).

6.4. Right to Restriction of Processing (art. 18)

You have the right to request the restriction of data processing in certain situations (e.g., while the accuracy of the data is being verified).

6.5. Right to Data Portability (art. 20)

You have the right to receive your data in a structured, commonly used, and machine-readable format, as well as the right to transmit that data to another controller.

6.6. Right to Object (art. 21)

You have the right to object to the processing of data based on legitimate interest, including profiling. You may also object at any time to the processing of data for direct marketing purposes.

6.7. Right Not to Be Subject to Automated Decision-Making (art. 22)

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. We currently do not use such processes.

6.8. How to Exercise Your Rights

To exercise any of the above rights, you may contact us at:

We will respond to your request within 30 calendar days of receipt. In complex cases, the deadline may be extended by an additional 60 days, with prior notification.

To verify your identity, we may request additional information before processing your request.

6.9. Right to Lodge a Complaint

If you believe that the processing of your data violates GDPR provisions, you have the right to lodge a complaint with:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, 010336, Bucharest, Romania
Phone: +40 318 059 211
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

7. Cookies

Our website uses cookies to ensure proper functionality and to analyze traffic. For detailed information about the cookies used, their categories, and your control options, please refer to our GDPR & Cookies Policy.

8. Data Security

We protect your data through the following technical and organizational measures:

  • Encryption in transit: All connections to the website are secured with SSL/TLS certificates (HTTPS).
  • Restricted access: Access to personal data is limited to authorized personnel, based on the "need to know" principle.
  • Encrypted backups: We perform regular database backups, stored in encrypted form.
  • Encrypted passwords: Account passwords are stored using secure hashing algorithms (bcrypt).
  • Secure payment processing: Card data is processed exclusively by Stripe (PCI DSS Level 1 certified) and never passes through our servers.
  • Security updates: We keep our software up to date by promptly applying security patches.

9. Changes to This Privacy Policy

We reserve the right to update this policy whenever necessary, to reflect changes in our practices or applicable legislation.

The updated version will be published on the website at creative-side.ro/en/privacy-policy, indicating the date of the last update.

For significant changes, we will notify registered users by email.

MIND CANVAS S.R.L.
Brand: Creative Side
Email: office@creative-side.ro
Phone: +40 769 947 592

Blog

Latest Articles

Uncategorized

WooCommerce Conversion Optimization: What Actually Works Technically, Not Just in Theory

The average conversion rate for an online store in Romania is 1.5–2.5%. That means out of 100 visitors, 97–98 leave without buying. The difference between...

Read
Uncategorized

WordPress SEO Optimization 2026: Advanced Strategies and Automation

Read
Uncategorized

WooCommerce Agency vs. Freelancer: How to Choose the Right Partner

The choice between a WooCommerce agency and a freelancer determines your budget, delivery timeline, and most importantly, what happens to your store 6 months from...

Read

Schedule a Call

Free Audit

Get a Quote