Privacy Policy

Privacy Policy

Last updated: March 31, 2025

This privacy policy is intended for visitors of the website https://b2b-gifts.com. The website is operated by Gifts Service SRL, a Romania-based company that processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and Romanian data protection laws.

Website nature: B2B

Our website is primarily intended to provide information and services for companies (B2B). Any contact information (name, business email address, phone number) is processed exclusively for business communication purposes. We store such data based on legitimate interest, do not share it with third parties, and delete it upon request. We do not operate an online store; WooCommerce is used for product presentation only. Therefore, no user accounts or payment data are collected.

  1. Data Controller Information

Company name: Gifts Service SRL
Registration number: J30/751/2012
VAT number: RO30759496
Registered address: Aleea Milcov Nr.2 Bl.T4 Ap.38, 440192 Satu Mare, Romania
Email: sales@b2b-gifts.com
Phone / WhatsApp: +40 767 134 156

  1. Hosting Provider Details

Company name: 3 in 1 Hosting Bt.
Registration number: 13-06-055290
VAT number: HU22206118
Address: 2310 Szigetszentmiklós, Dévai utca 10/A, Hungary
Website: https://megacp.com/

  1. Applicable Legislation:
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
  • Romania: Law no. 190/2018 regarding measures to implement Regulation (EU) 2016/679
  • Hungary: Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (if applicable to Hungarian data subjects)
  1. Data Processing Principles

Data provided on our websites is processed according to the following principles:

  • Transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  1. Types of Data Processed

Our website does not function as a classic online store, thus:

  • we do not store user accounts,
  • we do not request bank card information,
  • we do not handle online purchases.

The following data may be processed:

  • Contact details: name, email address, phone number
  • When requesting a quote, optionally: name, job title, company name, VAT number, billing address, shipping address, comment
  • Technical website usage data: IP address, visit data, page visit statistics (via cookies)

This data is used exclusively for business communication, providing quotes, or preparing contracts. Optional data is also subject to GDPR, even if no contract is ultimately concluded.

  1. Legal Grounds for Data Processing
  • Contact: Based on inquiries and quote requests – legitimate interest
  • Contract preparation: e.g., quote requests or appointment scheduling
  • Legitimate interest: e.g., managing existing business relationships
  • Legal obligation: e.g., retention of accounting documents
  • Newsletter subscription / consent: marketing communication (future functionality)
  • Statistical and security purposeslegitimate interest
  1. Communication Channels, External Services and Plugins (from a GDPR perspective)

Our website uses several external services and WordPress plugins. Some serve technical or security purposes, while others support business communication, quote requests, or appointment scheduling. Below is a summary of the data they may process, why we use them, and how they ensure GDPR compliance.

Contact, Quote Requests, Appointments

Contact Form 7
– Simple contact and quote request form. Processed data: name, email, phone, company data, shipping address, comment.
– Data submitted via the forms is used exclusively for business communication.
Contact Form 7 Privacy Policy

YouCanBookMe
– Appointment scheduling system for consultations.
– Processed data: name, email, optionally phone number, comment.
– Used only for scheduling purposes.
– Provider: YouCanBook.Me Ltd., United Kingdom
Privacy Policy

Email / Phone / WhatsApp
– Communication may also take place through these channels, and data is used solely for business communication and contract preparation.
– These channels are not used for automated data collection.

Payment and Invoicing

Wise.com
– Enables international transfers and card payments via a secure website link.
– Payments are processed on Wise’s secure, encrypted platform; the website does not see or store payment data.
Wise Privacy Policy

Oblio.eu
– Electronic invoicing for Romanian and international clients.
– Processes billing data in compliance with legal obligations.
Oblio GDPR Page

Technical Operation and Security

3 in 1 Hosting Bt.
– Hosting provider of the website, responsible for data storage and availability.
– Provides the infrastructure required for data processing.
Contact and Company Info

WP Mail SMTP
– Ensures technical delivery of emails submitted through forms.
– Processes the provided email address to ensure proper delivery.
WP Mail SMTP Privacy Policy

Wordfence Security
– Security plugin that logs IP addresses, login attempts, and protects against malicious attacks.
Wordfence GDPR Info

Statistical and Marketing Data Processing

Google Site Kit / Google Analytics
– Analyzes visitor behavior based on anonymous, aggregated data.
– Data is collected via cookies, which require visitor consent.
Google Privacy Policy

Meta (Facebook Pixel)
– Currently not active. If activated, it is used to measure ad campaign effectiveness.
Meta Privacy Center

Cookie Management

CookieYes | GDPR Cookie Consent
– Manages cookie consent and visitor preferences.
– Allows users to disable non-essential cookies based on their decision.
CookieYes Privacy Policy

WooCommerce + Google for WooCommerce

– WooCommerce is not used as a traditional online store: there is no purchase, cart, checkout, or user account.
– Product pages contain quote request forms.
– Therefore, WooCommerce does not handle personal or financial data.
–  WooCommerce GDPR Guide

  1. Data Subject Rights
  • Right to access personal data
  • Right to rectification or deletion
  • Right to data portability
  • Right to restrict or erase processing
  • In case of orders, some data (e.g., invoicing data) may be exempt from deletion due to legal retention requirements
  • Right to withdraw consent (where applicable)
  • Right to file a complaint with the supervisory authority (ANSPDCP or relevant authority)

Enforcement:

Romania:
National Authority for the Supervision of Personal Data Processing (ANSPDCP)
https://www.dataprotection.ro/

Hungary (if Hungarian data subjects are affected):
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
https://www.naih.hu/

Complaints from other EU countries
Data subjects from other EU member states may also file a complaint with their national data protection authority if they believe their data has been processed in violation of the GDPR.
https://edpb.europa.eu/about-edpb/board/members_en

Relevant Legislation:

  1. GDPR Article 1 – Subject-matter and Objectives
    • Defines protection of natural persons with regard to personal data and free movement of such data within the EU
    • EU-wide, mandatory in all member states
  2. GDPR Article 4 – Definitions
    • Includes the definition of “personal data”: “any information relating to an identified or identifiable natural person…”
  3. GDPR Article 77 – Right to lodge a complaint
    • Data subjects have the right to lodge a complaint with a supervisory authority in their country of residence, place of work, or place of infringement
  1. Law no. 190/2018 (Romania)
    • Romanian law implementing the GDPR
    • Clarifies the application of GDPR in the Romanian legal context
  1. Act CXII of 2011 (Hungary)
    • Hungarian law on the right to information and data protection
    • Complements GDPR in areas requiring national regulation
  1. Data Processors and Data Transfers

We only transfer data for the following purposes and partners, where necessary for service delivery:

    • if legally required (e.g., accountant, tax authority)
    • if acting as service providers (e.g., hosting, email delivery, YouCanBookMe, Google Analytics)
  1. Data Retention
  • Quote request data: primarily used for business communication. If no business relationship results, the legal basis (e.g., contract preparation) expires. We do not automate deletion but actively manage data and regularly review, archive, or delete outdated inquiries upon request.
  • Contractual data: retained according to legal requirements (e.g., invoices – 5 to 10 years)
  • Marketing data: until consent is withdrawn.