Privacy Policy

Last updated: November 5, 2025

1. Introduction

Timeea Rusea Art ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use timeearusea.art ("Website"), purchase products, or subscribe to our services. By using our services, you consent to the data practices described in this policy.

2. Information We Collect

We collect several types of information: (a) Personal Information you provide directly including name, email address, shipping address, billing address, phone number (optional), and payment information (processed by Stripe); (b) Account Information including username, password (encrypted), subscription status, order history, and preferences; (c) Automatically Collected Information including IP address, browser type and version, device information, pages visited and time spent, referral source, and cookies and similar tracking technologies; (d) Communication Data including correspondence through contact forms, email communications, and customer support interactions.

3. How We Use Your Information

We use your information for the following purposes: (a) Order Processing and Fulfillment including processing payments, shipping products, sending order confirmations and shipping notifications, and managing subscription deliveries; (b) Account Management including creating and maintaining your account, processing subscription renewals and cancellations, and providing customer support; (c) Communication including responding to inquiries, sending transactional emails (order updates, shipping notifications), and sending promotional emails (with your consent, which you can withdraw anytime); (d) Website Improvement including analyzing usage patterns, improving user experience, troubleshooting technical issues, and preventing fraud and security threats; (e) Legal Compliance including complying with legal obligations, enforcing our Terms of Service, and protecting our rights and property.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on: (a) Contract Performance - processing necessary to fulfill our contract with you (orders, subscriptions); (b) Legitimate Interests - improving our services, preventing fraud, and marketing to existing customers; (c) Consent - marketing communications to non-customers and optional data collection; (d) Legal Obligations - complying with tax, accounting, and other legal requirements. You have the right to object to processing based on legitimate interests.

5. Data Storage and Security

Your data is stored securely using industry-standard practices: (a) Database - PostgreSQL database with encryption at rest and in transit; (b) Payment Processing - Stripe handles all payment data according to PCI DSS standards (we never store complete credit card information); (c) Hosting - secure hosting infrastructure with SSL/TLS encryption; (d) Security Measures - encrypted data transmission (HTTPS), secure password hashing, regular security updates, access controls and authentication, and regular backups. Despite our security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for different periods based on purpose: (a) Active Accounts - retained while your account is active and for 3 years after last activity; (b) Order History - retained for 7 years for tax and accounting purposes (legal requirement in Romania); (c) Marketing Data - retained until you unsubscribe or request deletion; (d) Technical Logs - retained for 90 days for security and troubleshooting. You may request earlier deletion of your data, subject to legal retention requirements.

7. Third-Party Services

We use the following third-party services that may collect or process your data: (a) Stripe (Payment Processing) - processes payment information, subject to Stripe Privacy Policy; (b) Database Provider - stores user and order data securely; (c) Hosting Provider - provides secure website infrastructure; (d) Analytics Services - may use analytics tools to understand website usage (anonymized data). These services have their own privacy policies and data practices. We carefully select partners who comply with data protection regulations.

8. Cookies and Tracking

We use cookies and similar technologies for: (a) Essential Cookies - required for website functionality (authentication, shopping cart, security); (b) Analytics Cookies - help us understand how visitors use our site (can be disabled); (c) Preference Cookies - remember your settings and preferences. You can control cookies through your browser settings. Disabling essential cookies may affect website functionality. We do not use cookies for targeted advertising.

9. International Data Transfers

We are based in Romania (European Union). Your data may be transferred to and processed in countries outside the EEA, including the United States (for payment processing). When we transfer data internationally, we ensure appropriate safeguards are in place through: (a) Standard Contractual Clauses approved by the European Commission; (b) Adequacy decisions by the European Commission; (c) Service providers certified under relevant data protection frameworks. By using our services, you consent to these transfers.

10. Your Privacy Rights

Depending on your location, you have the following rights: (a) Access - request a copy of your personal data; (b) Correction - request correction of inaccurate data; (c) Deletion - request deletion of your data (subject to legal retention requirements); (d) Portability - receive your data in a structured, machine-readable format; (e) Objection - object to processing based on legitimate interests; (f) Restriction - request restriction of processing in certain circumstances; (g) Withdraw Consent - withdraw consent for marketing communications or optional data collection; (h) Complaint - lodge a complaint with your local data protection authority. To exercise these rights, contact us through the website contact form. We will respond within 30 days.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

12. Marketing Communications

With your consent, we may send promotional emails about new artworks, special offers, and updates. You can unsubscribe anytime by: (a) clicking the "unsubscribe" link in any marketing email; (b) updating your account preferences; (c) contacting us directly. You will continue to receive transactional emails (order confirmations, shipping updates) even after unsubscribing from marketing.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach. Notifications will include the nature of the breach, likely consequences, and measures taken to address it.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Changes are effective immediately upon posting with an updated date. Material changes will be communicated through email or prominent website notice. Your continued use after changes constitutes acceptance.

15. Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns, please contact us through the contact form on this website. We typically respond within 1-2 business days. For GDPR-related inquiries, you may also contact your local data protection authority.