Privacy policy

Privacy Policy

Effective date: 24.03.2026

This Privacy Policy explains how SleemPlate S.R.L. collects, uses, shares, stores, and protects personal data when you visit our website, place an order, contact us, request support, submit a review, or otherwise interact with our store.

SleemPlate S.R.L. is the data controller for the personal data covered by this Privacy Policy. Our details are:

SleemPlate S.R.L.
Strada Emil Monția 28, 310242 Arad, Romania
Trade Registry No. J2024038696004
VAT / CUI RO50844537
Email: contact@sleemplate.com
Phone: +40 737 573 174

Under the General Data Protection Regulation (GDPR), a privacy notice must tell individuals, among other things, who the controller is, why data is processed, the legal basis, recipients, transfers, retention, and the rights available to the individual.

1. What personal data we collect

We may collect the following categories of personal data:

a. Order and account data
Name, billing address, shipping address, email address, phone number, company details if provided, order history, payment status, shipping method, delivery information, and transaction details.

b. Payment and fraud-prevention data
Payment method details, partial payment or cash on delivery information where applicable, payment-verification results, fraud-risk indicators, order-verification information, and records relevant to chargebacks or payment disputes.

c. Support and communication data
Messages you send to us by email, chat, contact forms, WhatsApp, social-media messaging, or other support channels, together with any attachments, photos, videos, or other evidence you provide.

d. Returns, warranty, and claim data
Information related to return requests, withdrawal requests, damaged shipment reports, wrong-item claims, defect reports, photos, videos, correspondence, and inspection outcomes.

e. Review and user-content data
If you submit a product review, rating, testimonial, image, video, or other user content, we may process the information you provide in connection with that content, including your name or display name, order reference, review text, rating, media, and related communications.

f. Device, usage, and technical data
IP address, browser type, device type, operating system, referring pages, approximate location derived from technical data, pages viewed, events on the site, and interactions with the store, checkout, and customer pages.

Shopify states that pixels and customer events can collect and pass behavioural customer data for marketing and analytics, and that app pixels and custom pixels can be governed by Shopify customer privacy settings.

2. How we use personal data

We may use personal data to:

provide and operate the website and online store;
create, verify, process, and fulfill orders;
arrange shipping, delivery, returns, replacements, refunds, and warranty handling;
communicate with you about your order, account, support request, or claim;
review orders manually for fraud, payment risk, abuse, delivery risk, and operational security;
improve the store, customer experience, product pages, checkout, and support processes;
request and manage product reviews and feedback;
show or manage site content, localization, search, recommendations, and checkout customizations;
comply with legal obligations, accounting obligations, tax obligations, consumer-law obligations, and dispute-handling obligations;
protect our rights, property, systems, staff, customers, and business operations;
send marketing communications where permitted by law and, where required, based on your consent or preferences.

Under GDPR, personal data processing must rely on a lawful basis, such as contract performance, legal obligation, legitimate interests, or consent.

3. Our legal bases for processing

Depending on the situation, we rely on one or more of the following legal bases:

Contract performance
Where processing is necessary to take steps at your request before entering into a contract or to perform a contract with you, such as processing an order, arranging delivery, or handling a return.

Legal obligation
Where processing is necessary to comply with applicable laws, including accounting, tax, consumer-protection, fraud-prevention, and record-keeping obligations.

Legitimate interests
Where processing is reasonably necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include fraud prevention, customer support, store security, order review, review management, internal reporting, product improvement, and the defense of legal claims.

Consent
Where consent is required, especially for certain non-essential cookies, advertising or analytics tracking, and some forms of direct marketing or data sharing.

GDPR recognises these lawful bases in Article 6, and valid consent must be freely given, specific, informed, and unambiguous.

4. Cookies, pixels, and similar technologies

Our store uses cookies, pixels, local storage, and similar technologies for functions such as site operation, cart and checkout functionality, fraud prevention, preferences, analytics, advertising measurement, and marketing.

Some technologies are strictly necessary for the store to function properly. Other technologies, especially analytics, advertising, and some app-based tracking tools, may require your consent depending on your location and applicable law. If cookies require consent, users must be given clear and comprehensive information and the ability to give specific consent by purpose.

We use Shopify’s customer privacy tools and consent settings, including the cookie banner and preference tools made available through Shopify, to help manage consent choices and related settings. Shopify states that customers can access and change their consent preferences through the cookie banner and related preference tools.

Depending on the store configuration at a given time, the store may use Shopify tools and third-party integrations for reviews, customer messaging, product feeds, discounts, checkout customization, and advertising or analytics integrations. Some of these tools may collect or receive customer data as needed to provide their services.

If advertising or social-media pixels are enabled, they may collect customer behaviour and, depending on your settings, additional customer information for marketing and measurement purposes. Shopify states that Meta pixel configurations can involve different customer data-sharing levels and are managed through Shopify and connected platform settings.

You can manage cookie preferences through the consent tools made available on the store, and you can also manage certain cookies through your browser settings. Disabling strictly necessary technologies may affect store functionality.

5. Reviews, testimonials, and user-generated content

If you leave a review, submit feedback, upload media, or otherwise send us user-generated content, we may process that content to display reviews, verify that the review relates to a real purchase, respond to your feedback, detect abuse or manipulation, and improve our products and services.

If the review tool or store settings allow public display, your review content, rating, display name, and any media you submit may appear publicly on the store or in related marketing materials, unless we state otherwise at the time of collection.

Please avoid submitting sensitive personal data or unnecessary third-party personal data in reviews, messages, or uploaded content.

6. Who we share personal data with

We may share personal data, where relevant and necessary, with the following categories of recipients:

Shopify and related infrastructure providers used to host and operate the store;
payment processors and payment-service providers;
shipping carriers, logistics providers, and delivery partners;
fraud-prevention, payment-risk, and chargeback-handling providers;
review, messaging, support, checkout, search, localization, and operational app providers;
analytics, advertising, social-media, and feed-management providers, where enabled and where lawful;
professional advisers, insurers, auditors, and service providers who support our business;
public authorities, regulators, law-enforcement bodies, courts, or other third parties where disclosure is required by law or necessary to establish, exercise, or defend legal claims.

GDPR requires controllers to inform individuals about recipients or categories of recipients of their personal data.

Some third-party providers may process data on our behalf, while others may process certain data under their own legal obligations or policies. For example, payment processors, social platforms, or messaging platforms may have their own privacy terms that also apply to your interactions with them.

7. International data transfers

Because Shopify and some third-party tools may operate internationally, personal data may be transferred to, stored in, or accessed from countries outside the European Economic Area (EEA).

Where such transfers take place, we aim to rely on a lawful transfer mechanism, such as an adequacy decision or Standard Contractual Clauses, where required under applicable law. The European Commission’s Standard Contractual Clauses are recognised as an Article 46 transfer safeguard.

8. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

fulfill orders and provide support;
manage returns, replacement requests, and defect claims;
maintain appropriate business and accounting records;
investigate fraud, delivery issues, or disputes;
defend legal claims;
comply with legal, tax, accounting, and regulatory obligations.

Retention periods can vary depending on the type of data and the purpose for which it was collected. When data is no longer needed, we aim to delete it, anonymise it, or securely archive it where appropriate.

Storage limitation is one of the core GDPR principles.

9. Your rights

If GDPR or similar data-protection laws apply to you, you may have the right to:

request access to your personal data;
request correction of inaccurate or incomplete data;
request deletion of personal data in certain cases;
request restriction of processing in certain cases;
object to processing based on legitimate interests;
object at any time to processing for direct marketing;
request data portability where the law provides it;
withdraw consent at any time, where processing is based on consent;
lodge a complaint with a competent supervisory authority.

The European Commission explains that individuals under GDPR have rights including access, rectification, erasure, restriction, objection, and portability, and that direct marketing objections must be respected.

To exercise a privacy right, contact us at contact@sleemplate.com. We may need to verify your identity before completing your request.

If you are in Romania or your complaint is handled there, you may contact the National Supervisory Authority for Personal Data Processing (ANSPDCP). ANSPDCP accepts complaints in Romanian or English and publishes its contact details and complaint procedures on its official website.

10. Marketing communications

If you subscribe to marketing communications, request promotional updates, or otherwise consent to receiving them, we may send you product, launch, offer, or brand communications by email or other channels permitted by law.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the message or by contacting us at contact@sleemplate.com.

If we rely on consent for a marketing activity, you can withdraw that consent at any time. If we rely on legitimate interest where the law allows it, you can object at any time, especially for direct marketing. EU guidance states that direct marketing objections must be respected, and the use of communication tools such as email for direct marketing must also comply with ePrivacy rules.

11. Security

We use reasonable technical and organisational measures to help protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no website, transmission method, or storage system can be guaranteed to be completely secure.

If we ask you to verify order details, identity details, or delivery information for fraud-prevention or order-review purposes, please respond only through our official channels.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, store features, service providers, business operations, or data practices. The updated version will be posted on this page with a revised effective date.