GDPR Notice

Last updated: 15 May 2026

This GDPR Notice details your rights under the EU General Data Protection Regulation (Regulation 2016/679) and how to exercise them with Handmade Pasta SRL (“Verdella”, “we”). It complements our Privacy Policy.

1. Data controller and contact

  • Handmade Pasta SRL
  • Str. Pășunii nr. 1B/31, Baia Mare, Maramureș, Romania
  • J24/607/2017 · CIF RO37447050
  • Data requests & customer support: team@verdella.food

We do not have a designated Data Protection Officer as we do not meet the threshold requiring one under Article 37 GDPR. For all GDPR-related matters, contact us at team@verdella.food.

2. Your rights in detail

2.1 Right of access (Article 15)

You have the right to know whether we process your personal data and, if so, to receive a copy along with information about: the purposes of processing, the categories of data, the recipients, the retention period, your rights, and the data sources.

2.2 Right to rectification (Article 16)

You can ask us to correct inaccurate data or complete incomplete data. We update records within 30 days of your request.

2.3 Right to erasure / “right to be forgotten” (Article 17)

You can request deletion of your personal data when:

  • The data is no longer needed for the original purpose.
  • You withdraw consent (where consent was the legal basis).
  • You object to processing and we have no overriding legitimate grounds.
  • The data has been unlawfully processed.
  • Deletion is required by EU or national law.

Important: certain data must be retained for legal reasons (e.g., invoice records for 10 years under Romanian Accounting Law). We will explain which data cannot be deleted and why.

2.4 Right to restriction of processing (Article 18)

You can ask us to temporarily stop processing your data while we verify accuracy, while you object to processing, or in cases of unlawful processing where you prefer restriction over deletion.

2.5 Right to data portability (Article 20)

You can receive the data you provided to us in a structured, commonly used, machine-readable format (such as JSON or CSV), and have the right to transmit it to another controller. This applies to data processed on the basis of consent or contract.

2.6 Right to object (Article 21)

You can object to processing based on legitimate interests, including direct marketing. For direct marketing, your objection is absolute — we will stop immediately.

2.7 Right to withdraw consent (Article 7(3))

Where processing is based on consent (e.g., newsletter, advertising cookies), you can withdraw that consent at any time. Withdrawal does not affect processing prior to withdrawal.

  • Newsletter: click “Unsubscribe” in any email.
  • Cookies: click “Cookie settings” in the footer to update preferences.

2.8 Rights related to automated decision-making (Article 22)

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

3. How to submit a request (DSAR procedure)

  1. Email team@verdella.food with the subject line: “GDPR request — [Access / Rectification / Erasure / etc.]”.
  2. Include:
    • Your full name and email used for your Verdella account or orders.
    • The specific right you wish to exercise.
    • Any supporting details (e.g., which data you want corrected).
  3. Identity verification: to prevent fraudulent requests, we may ask you to confirm your identity by replying from the email associated with your account or by providing your most recent order number.
  4. Response time: we respond within 30 days (Article 12(3)). For complex requests, we may extend by up to 2 additional months and will inform you of the reason.
  5. Cost: requests are free of charge. We may charge a reasonable fee only for manifestly unfounded or excessive requests (Article 12(5)).

4. Lawful bases summary

We process your personal data on the following legal bases:

  • Contract (Art. 6(1)(b)): processing orders, payment, shipping, customer support.
  • Legal obligation (Art. 6(1)(c)): invoicing, accounting (10 years), tax compliance, responding to authorities.
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, site security, improving our service, defending legal claims.
  • Consent (Art. 6(1)(a)): newsletter, analytics cookies, advertising cookies, post-purchase review requests.

For balancing tests on legitimate interest processing, contact team@verdella.food.

5. International transfers

Some of our processors (Shopify, Klaviyo, Google, Meta, TikTok) are based outside the European Economic Area, including the United States. We rely on:

  • Standard Contractual Clauses (Commission Decision 2021/914/EU).
  • EU-US Data Privacy Framework for certified US recipients.
  • Swiss-EU adequacy for shipments to Switzerland.

You can request a copy of the safeguards in place by emailing team@verdella.food.

6. Special categories of data

We do not knowingly collect or process special categories of personal data under Article 9 GDPR (e.g., health data, religious beliefs, biometrics). Allergen-related dietary preferences you share with customer support are treated with the same protection but are not classified as special category data.

7. Data breaches

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay (Article 34 GDPR), and the Romanian Data Protection Authority within 72 hours (Article 33).

8. Complaints to supervisory authority

If you believe we have not handled your data correctly, you can lodge a complaint with the supervisory authority of your country of residence or with the Romanian Data Protection Authority:

  • Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
  • B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, Romania
  • Email: anspdcp@dataprotection.ro
  • Phone: +40 318 059 211 / +40 318 059 212
  • Website: www.dataprotection.ro

For complaints related to other EU/EEA countries, find your national authority at edpb.europa.eu.

9. Updates

We may update this GDPR Notice as our practices evolve. Material changes will be communicated via the website and, where appropriate, by email.

10. Contact

For all GDPR-related requests: team@verdella.food