Privacy Policy

This Privacy Policy explains how we collect, use and protect personal data when you use https://youth20.eu.

Data controller: LCA-RETAIL S.R.L. (trade name: YoutH20.eu)

Privacy contact: hello@youth20.eu

Address: Turda Municipality, LOTUS Street, No. 2, Block B.1, Staircase D, 4th Floor, Apt. 54, Cluj County, Romania

1. Categories of Personal Data

Identity and contact data: name, surname, email address, phone number.

Order and transaction data: ordered items, order history, payments, refunds, invoices and related records.

Shipping and billing data: delivery address, billing address and invoicing details.

Technical and usage data: IP address, device/browser data, log data and cookie-related identifiers, depending on your consent choices and browser settings.

Communications data: messages sent through email, forms, WhatsApp Business or other support channels.

2. Purposes and Legal Bases

Contract performance, including order handling, delivery, payment, customer support and after-sales service: Article 6(1)(b) GDPR.

Compliance with legal obligations, including accounting, taxation, consumer protection, guarantees, record retention and fraud-prevention duties imposed by law: Article 6(1)(c) GDPR.

Legitimate interests, such as website and account security, risk management, fraud prevention, business analytics on a minimised basis and service improvement: Article 6(1)(f) GDPR.

Marketing communications, newsletters and non-essential cookies where consent is required: Article 6(1)(a) GDPR and applicable ePrivacy rules.

3. Recipients and Processors

Hosting, e-commerce and technical service providers, including Shopify and essential app/service providers used to operate the store.

Payment processors, banks, anti-fraud service providers and carriers/logistics partners.

Professional advisers and public authorities where disclosure is required by law or necessary to establish, exercise or defend legal claims.

4. International Transfers

Some suppliers or service providers may process personal data outside the EEA. Where applicable, we rely on lawful transfer mechanisms, such as adequacy decisions, Standard Contractual Clauses, supplementary safeguards where needed, and data-processing arrangements with service providers.

5. Retention

Accounting, invoicing and tax records are retained for the statutory retention period under applicable accounting and tax law, generally up to 10 years from the end of the relevant financial year unless a shorter lawful exception applies.

Order, delivery, return, refund, guarantee and complaint records connected to a purchase are retained for the period necessary to perform the contract and handle after-sales obligations and, as a rule, for up to 3 years thereafter or longer where required by law or necessary for the establishment, exercise or defence of legal claims.

Customer account data, where accounts are offered, is kept while the account remains active and may then be retained for a limited period for fraud prevention, dispute handling and record continuity, after which it is deleted or anonymised unless the law requires longer retention.

Support enquiries not resulting in an order are generally retained for up to 24 months from the last substantive interaction, unless a longer period is needed to protect our legitimate interests or comply with the law.

Marketing subscription data is retained until consent is withdrawn or the person unsubscribes; we may keep limited suppression records thereafter to ensure the opt-out is respected and to demonstrate compliance.

Cookie consent and preference logs are retained for as long as reasonably necessary to manage preferences and demonstrate compliance, typically up to 5 years unless a shorter or longer period is justified.

Product safety, recall and batch-complaint records are retained for as long as necessary for safety management and legal compliance and, where relevant, for up to 5 years from the creation of the record.

Where no mandatory retention period applies, personal data is kept only for as long as necessary for the purpose for which it was collected and, where relevant, for the establishment, exercise or defence of legal claims, after which it is deleted or anonymised.

6. Your Rights

Subject to the conditions laid down by law, you may request access, rectification, erasure, restriction, portability or objection.

You may withdraw consent at any time for consent-based processing, without affecting the lawfulness of processing carried out before withdrawal.

You also have the right to lodge a complaint with the Romanian supervisory authority (ANSPDCP).

7. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration or unlawful disclosure. No system can guarantee absolute security.

8. Children

We do not knowingly collect personal data from children in violation of applicable law. Marketing subscriptions are intended for users who are legally old enough to consent under the applicable rules.

9. Automated Decisions and Profiling

We do not normally make decisions producing legal effects or similarly significant effects solely by automated means in connection with ordinary store operations.

We do not normally personalise consumer prices on the basis of automated decision-making. Limited automated checks may be used for fraud-prevention, payment-risk screening or website security, with human review where appropriate. If a specific offer is ever personalised on the basis of automated decision-making, that fact will be disclosed before order placement.

10. Contact

For privacy-related requests, please contact hello@youth20.eu. We may need to verify your identity before responding to a request.

ANSPDCP website: https://www.dataprotection.ro

Last updated: March 14, 2026