Privacy Policy
- home
- Privacy Policy
Last Updated: 02/11/25
1. Introduction
HELMIFY (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and purchase our personalized helmets.
Data Controller: – Business Name: IZED BETAINVEST SRL – Address: str. Sarmisegetuza 17-19, Cluj-Napoca, Romania – Email: support@helmify.com – Phone: +40 764 987 661
This Privacy Policy complies with the General Data Protection Regulation (GDPR) and applicable Romanian data protection laws.
2. Information We Collect
2.1 Personal Information You Provide
When you place an order or contact us, we collect:
For All Customers: – Full name – Email address – Phone number – Shipping address – Billing address – Payment information (processed securely by Stripe)
For Business Customers: – Company name – VAT number / Tax ID – Business address – Contact person details – Invoice requirements
2.2 Design and Customization Data
Through our ZAKEKE configurator, we collect: – Custom designs you create – Images and logos you upload – Text and personalization choices – Color and style preferences – Design files (PNG, JPG, SVG, AI)
Important: You retain all intellectual property rights to designs you upload. We use them solely to manufacture your helmet.
2.3 Order and Transaction Data
- Order history
- Purchase details
- Payment transaction records (processed by Stripe)
- Shipping tracking information
- Communication history with customer service
2.4 Technical Information
When you visit our website, we automatically collect: – IP address – Browser type and version – Device information – Operating system – Pages visited and time spent – Referring website – Cookies and similar technologies (see our Cookie Policy)
2.5 Communication Data
- Email correspondence
- Phone call records
- Customer service chat logs
- Feedback and reviews
3. How We Use Your Information
We use your personal data for the following purposes:
3.1 Order Processing and Fulfillment
- Process and manufacture your personalized helmet
- Verify payment information
- Arrange shipping and delivery
- Send order confirmations and tracking information
- Handle returns, refunds, and warranty claims
Legal Basis: Contract performance
3.2 Customer Service
- Respond to inquiries and support requests
- Resolve complaints and disputes
- Provide technical assistance with the configurator
Legal Basis: Contract performance and legitimate interest
3.3 Business Customer Management
- Process invoices and payment terms
- Manage bulk orders and sample approvals
- Maintain business relationships
Legal Basis: Contract performance
3.4 Marketing Communications (with consent)
- Send newsletters and promotional offers
- Inform you about new products and features
- Share special discounts for repeat customers
Legal Basis: Consent (you can opt-out anytime)
3.5 Legal and Security
- Comply with legal obligations
- Prevent fraud and unauthorized transactions
- Protect intellectual property rights
- Enforce our Terms and Conditions
Legal Basis: Legal obligation and legitimate interest
3.6 Website Improvement
- Analyze website usage and performance
- Improve user experience
- Optimize the configurator functionality
Legal Basis: Legitimate interest
4. Legal Basis for Processing
Under GDPR, we process your data based on: – Contract Performance: To fulfill your order and provide services – Legal Obligation: To comply with tax, accounting, and legal requirements – Consent: For marketing communications (you can withdraw anytime) – Legitimate Interest: To improve our services, prevent fraud, and operate our business
5. How We Share Your Information
We do not sell your personal data. We share information only with trusted partners necessary to fulfill your order:
5.1 Service Providers
Stripe (Payment Processing) – Processes credit/debit card payments securely – We do not store your full card details – Stripe Privacy Policy: https://stripe.com/privacy
ZAKEKE (Design Configurator) – Powers our 3D helmet customization tool – Stores your design configurations temporarily – ZAKEKE Privacy Policy: https://www.zakeke.com/privacy-policy/
DPD (Shipping) – Delivers your helmets across Europe – Receives your name, address, and phone number for delivery – DPD Privacy Policy: https://www.dpd.com/group/en/privacy-policy/
WooCommerce / WordPress (E-commerce Platform) – Manages our online store and order processing – Hosted on secure servers
5.2 Business Partners
For bulk orders, we may share relevant information with: – Your organization’s purchasing department – Authorized representatives for sample approval
5.3 Legal Requirements
We may disclose your information if required by law: – Court orders or legal proceedings – Government authorities – Law enforcement agencies – Protection of our legal rights
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner, who will continue to honor this Privacy Policy.
6. International Data Transfers
We are based in Romania (European Union). Your data is primarily stored and processed within the EU.
If we transfer data outside the EU (e.g., to service providers), we ensure: – Adequate protection through GDPR-approved mechanisms – Standard Contractual Clauses (SCCs) – Privacy Shield certification (where applicable)
7. Data Retention
We retain your personal data only as long as necessary:
Order and Customer Data: – Active customers: Duration of business relationship – After last purchase: 7 years (for tax and accounting obligations under Romanian law)
Design Files: – Stored for 2 years after order completion (for potential reorders or warranty claims) – Deleted upon request or after retention period
Marketing Data: – Until you unsubscribe or withdraw consent – Deleted within 30 days of opt-out
Technical Data: – Website analytics: 26 months (Google Analytics default) – Server logs: 90 days
You can request earlier deletion of your data (see Your Rights below).
8. Data Security
We implement industry-standard security measures to protect your data:
Technical Measures: – SSL/TLS encryption for all website communications – Secure payment processing via Stripe (PCI-DSS compliant) – Encrypted data storage – Regular security updates and patches – Firewall protection
Organizational Measures: – Access controls (only authorized personnel) – Employee confidentiality agreements – Regular security training – Data breach response procedures
Physical Security: – Secure production facility in Romania – Controlled access to design files and customer records
Despite our efforts, no system is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any breach.
9. Your Rights Under GDPR
As a data subject in the EU, you have the following rights:
9.1 Right to Access
Request a copy of all personal data we hold about you.
9.2 Right to Rectification
Correct inaccurate or incomplete information.
9.3 Right to Erasure (“Right to be Forgotten”)
Request deletion of your data (subject to legal retention requirements).
9.4 Right to Restriction
Limit how we process your data in certain circumstances.
9.5 Right to Data Portability
Receive your data in a structured, machine-readable format.
9.6 Right to Object
Object to processing based on legitimate interest or for marketing purposes.
9.7 Right to Withdraw Consent
Withdraw consent for marketing communications anytime (does not affect prior processing).
9.8 Right to Lodge a Complaint
File a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or your local data protection authority.
How to Exercise Your Rights: – Email: support@helmify.com – Phone: +40 764 987 661 – We will respond within 30 days
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.
Essential Cookies: Required for website functionality (shopping cart, checkout) Analytics Cookies: Help us understand how visitors use our site Marketing Cookies: Used for targeted advertising (with your consent)
You can manage cookie preferences through our cookie banner or browser settings.
11. Third-Party Links
Our website may contain links to third-party websites (e.g., social media, partner sites). We are not responsible for their privacy practices. Please review their privacy policies before providing any information.
12. Children’s Privacy
Our products include children’s helmets (BEAM, SPARK), but our website is not directed at children under 16. We do not knowingly collect data from children. Parents or guardians must place orders on behalf of minors.
If we discover we have collected data from a child without parental consent, we will delete it immediately.
13. Marketing Communications
13.1 Opt-In
We will only send marketing emails if you: – Opt-in during checkout – Subscribe to our newsletter – Are an existing customer (soft opt-in for similar products)
13.2 Opt-Out
You can unsubscribe anytime by: – Clicking “unsubscribe” in any marketing email – Contacting support@helmify.com – Updating preferences in your account
We will process opt-outs within 48 hours.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect: – Changes in our practices – Legal or regulatory requirements – New features or services
Notification: We will post updates on this page with a new “Last Updated” date. For significant changes, we may notify you via email.
Your Responsibility: Please review this policy regularly. Continued use of our website after changes constitutes acceptance.
15. Contact Us
For questions, concerns, or to exercise your rights, contact us:
HELMIFY Data Protection IZED BETAINVEST SRL str. Sarmisegetuza 17-19, Cluj-Napoca, Romania
- Email: support@helmify.com
- Phone: +40 764 987 661
- Hours: Monday through Friday, 9:00 AM to 6:00 PM (Central European Time)
Romanian Data Protection Authority: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) Website: https://www.dataprotection.ro/
By using our website and services, you acknowledge that you have read and understood this Privacy Policy.