Privacy Policy


Your privacy is very important to us. This Privacy Policy is intended to explain how we collect, store, use and disclose your personal data each time you use our services, visit our webpage with all its subdomains (“Website“), place a purchase order for any products listed on our Website (each a “Product”) or interact with us in any other manner.

We are aware that the security of your private information is an important concern, the protection of your personal data being a priority for our business.  We pay special attention to the processing of your personal data (hereafter referred to as the “Data“) and we will take all measures to ensure that data is processed in accordance with the principles set out in applicable data protection legislation in Romania, including Regulation (EU) 2016/679 on the protection of natural persons with regard to data processing and the free movement of such data and repealing Directive 95/46 / EC (“GDPR“).

This Privacy Policy should be read in conjunction with our Terms and Conditions and the Cookie Policy


The controller is PLAYEDBY S.R.L., a company incorporated under Romanian law with its corporate seat at Bucharest, 3 Av. Popisteanu St., Building 2, Ap. 24, Romania, registered with the Trade Register under no. J40/6418/2018, sole registration code 39320868, VAT no. RO38235098, phone +40 736 866 853, email: (hereinafter “PlayedBy”, “we” or “us”).


Personal data means any information regarding an identified or identifiable person; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, of his/her physical, physiological, genetic, moral, economic, cultural or social identity.

Obligation to provide data

In the case of data processing carried out for the performance of a contract/ purchase of Products, fulfilling legal obligations or our legitimate interest, the provision of personal data may be mandatory. In the case of processing based on the consent, the consent and provision of personal data is entirely voluntary; for these cases, there are no negative effects for you if you choose not to give your consent or provide personal data. However, there are cases where we needs certain personal data in order to fulfill our obligations, for example when this personal data is needed to process your requests. In these cases, unfortunately, it will not be possible to offer you what you ask without providing relevant personal data.

Please read the “Specific terms and conditions concerning your personal data” in Section 2 below for details on the purposes of data processing and the legal grounds for such processing.

Use of automatic processing means

In our activities, we usually do not use automated decision-making processes within the meaning of Article 22 of the GDPR. If we apply such processes in the future, we will inform the data subjects separately, in accordance with the applicable provisions.

Disclosure of data

Our policy is not to disclose, share, sell or lease personal data to third parties in other manner than that provided in this Privacy Policy.

It may be necessary to disclose personal data (including by providing remote access), only through secured applications, to third parties such as commercial partners of PlayedBy, acting as data processors for and on behalf of PlayedBy. (e.g. hosting, legal and financial advisors, payment processor provider, technical service providers or service providers providing dispatch support), with whom PlayedBy has made the necessary contractual agreements required by EU and national regulations.

We will only disclose data to third parties to the extent necessary to perform the processing for the purposes for which the data was originally collected and will impose appropriate confidentiality obligations.

We may disclose the data in order to comply with our obligations under applicable legal regulations or to comply with an order from a court or other public authority, such as a warrant or summons. We may also disclose your personal data if we believe in good faith that such disclosure is necessary to prevent fraud, combat money laundering or terrorist financing operations, and to protect our legitimate interests.

Data transfer outside the EU / EEA

Your data will not be transferred outside the European Union / European Economic Area (EEA). In the case of a transfer, we will update the information in this Privacy Policy and will provide adequate protection for the transfer of your personal data to recipients in the respective countries by concluding data transfer agreements in the form of standard contractual clauses approved by the European Commission.

Third Party Links

From time to time, our Website or the newsletters may contain links to other websites or resources on the Internet. Please be aware that these other websites or resources are not under PlayedBy’s control and you acknowledge and accept that PlayedBy is, under no circumstances, responsible or liable, directly or indirectly, for the privacy practices or actions of such other sites or their operators. The inclusion of any such link does not imply endorsement by PlayedBy or any association with its operators. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that collects personal Data. The Privacy Policy you are currently reading applies solely to information collected by PlayedBy.

Retention period

Generally, personal data collected and used will be stored as long as we have a legitimate interest in retaining such data or for any longer period provided by law, a record-keeping regulation, or required by public authorities. In the case of lawsuits, we may retain your personal data until the proceedings are completed, including during the course of any appeal before the court.

Immediately after the expiration of the applicable retention period, the data shall be deleted or destroyed safely; or transferred to an archive (unless prohibited by law or applicable record keeping regulation). In any case, your personal data will not be retained in a form that will allow you to identify yourself more than is necessary to fulfill the purposes for which it was collected or processed, or under the relevant legislation in force.


We have taken organizational and technical measures to ensure an adequate level of security against the risks arising from processing, in particular through unauthorized destruction, loss, modification, disclosure, acquiring or access, willful or accidental handling, third party access, erasure or modifying personal data. You shall be notified with respect to a data security breach, within a reasonable period of time following discovery of such breach, unless a law enforcement official determines that notification would impede a criminal investigation or cause damage to national security. In this case, notification shall be delayed as instructed by such law enforcement official. We shall promptly respond to your enquiries relating to such data security breach.

Rights of Data Subjects

As a data subject, you enjoy certain rights, as detailed below:

  • Withdrawal. If you were expressly requested to consent to a specific processing, you can withdraw your consent at any time.
  • Access. You can request access to your personal data. If you send us such a request, we will give you all the information about the purposes of the processing, the categories of data processed, the categories of recipients, data retention period, your rights to rectify, delete or restrict the accessed data, if applicable. As long as such an option is technically available, we will give you the opportunity to access an interactive interface that can give you direct access to your personal data.
  • Portability. You can get a copy of the personal data we have recorded in a compatible format and a structure that allows you to exercise your data portability right.
  • Restriction. You may request a restriction in the following cases: for a period that allows us to verify the accuracy of your personal data if you object to it; if the processing is illegal and you prefer to restrict personal data, and not to delete them; if you want us to keep your personal data when you need this data to defend a right in court. If you objected to the processing, we will verify that there are legitimate processing interests that prevail over the rights you invoke, and we will notify you of the outcome of these verifications.
  • Rectification/erasure. You may request the correction, modification, erasure of any information that is incomplete, expired or incorrect. You may request the deletion of your personal data in the following cases:

– if your personal data is no longer required for the purpose of processing;

– if you withdrew your consent to data processing in the case of consent-based processing;

– if you objected to the processing of data and there are no overriding legitimate grounds for the processing;

– if the data must be deleted to meet a legal obligation.

  • Objection. You may object to the processing of your personal data for reasons relating to your particular circumstances, within the limits and under the conditions laid down by law.
  • Lodging a complaint. You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (

Please contact us immediately if you believe that your personal data was provided without consent, by written and dated request, accompanied by your identity proof, using the contact details in the Controller section of this Privacy Policy.

You may at any time exercise the above rights freely, or you may ask us any further questions about how we process your personal data by written and dated request, accompanied by proof of your identity, using the contact details in the Controller section of this Privacy Policy.

Requests for access, correction, restriction or deletion of processing must be made in writing and subject to legal restrictions in force. We will ensure that all appropriate measures are taken to resolve your request without delay and, in any case, within 30 (thirty) days of receipt of your application. Information will be provided by electronic means if possible, unless you requested in writing otherwise.


From time to time, we may need to update this Privacy Policy. When we do so, we will post those changes on our Website so you can always have access to details about the information we collect, how we use it, and under what circumstances, if any, we disclose it. Any such change, material or otherwise, shall enter into force with immediate effect at the publishing date on our Website.

If at any point we decide to use personal Data in a manner different from that stated at the time it was collected, we will notify you by email. You will have a choice as to whether or not we may use your Data in this different manner. Otherwise, if possible, we will use the Data in accordance with the Privacy Policy under which the Data was collected.


This section describes how we obtain and use your data (the purpose of the processing), the legitimate interest in processing for these purposes, and the specific conditions of such processing. Please read the subsections of interest carefully so that the processing is as clear, transparent and secure as possible.

  1. Information concerning data privacy for our Website Visitors
  2. Information concerning data privacy for Account Owners
  3. Information concerning data privacy for Customers and potential Customers
  4. Information concerning data privacy for Representative, Contact Person, Employee or Other Collaborator of a PlayedBy’s Business Partner


  1. Data Privacy for Website Visitors

You can browse our Website without revealing personal data. However, if you would like to receive our newsletter or contact us to address any questions, comments or suggestions, you will be required to provide certain personal Data.

We use the personal data we collect from you when filling in the form in the Contact section of our Website, for analyzing your request and, if accepted by PlayedBy, for taking all necessary measures to provide an answer or take appropriate action. Refusing to provide the requested information prevents the completion of the application registration process and makes communication between you and PlayedBy impossible. We base this data processing activity on your consent. We will retain your data for a period of 3 years (the general limitation period according to Romanian law), in all cases where, according to your application, the data may be necessary for the establishment, exercise or defense of a right before the court, irrespective of whether it occurs during proceedings before a court or an administrative or extrajudicial procedure. Upon expiration of this period, your data will be erased.

We use the personal data we collect from you when you visit our Website, by using cookie technologies, for making your browsing experience easier, for statistical purposes and for improving our Website, in order monitor the traffic and improve the content of the Website, in accordance with our Cookie Policy. We base this data processing activity on our legitimate interest (in case of functional cookies) in ensuring the proper functioning of our Internet website, as well as its improvement, or on your consent (e.g. in case of tracking cookies).

We may also use your contact details in order to provide to you in electronic form our newsletters on new Products available for purchase on the Website,  marketing communications or invitations to events, but only if you have subscribed and, hence, given your express consent to such processing. For the newsletter dispatch we use the so-called double opt-in process, meaning that we will only send you the newsletter if you have confirmed your registration by accessing the dedicated link in the confirmation e-mail we send after you subscription to our Newsletter. This way, we wish to ensure that only you, as the owner of the specified e-mail address, are able to register for and receive our newsletters. You can withdraw your consent at any time, by clicking the “Unsubscribe” button in each e-mail you receive or by writing us at Your data will be automatically erased from our database when you unsubscribe from our newsletters.

By using our Website together with all of its subdomains you give your acceptance and consent to the practices set forth in this Privacy Policy subsection as well as the Cookie Policy, which is an integral part hereof.


  1. Data Privacy for Account Owners

Please note that placing an Order shall not be conditioned by the registration of an Account on our Website. However, if you already have an Account, your Customer information, including registered addresses, will be used on the checkout page by default.

In case you would like to set up an Account (in My Account section on the Website), you will be required to provide your personal Data during a registration process, such as: full name, phone number, e-mail, shipping address and billing address if different from shipping address, as the case may be.

While we do our best to protect your personal information, we cannot guarantee the security of any information that you disclose to PlayedBy and you are solely responsible for maintaining the secrecy of any passwords or other account information. Your data will be used exclusively in view of registering and operating your Account on our Website, for the sole purpose of granting you the opportunity to effectively manage your Orders.

Refusing to complete the registration process by failing to provide all required, correct and complete Data will prevent your Account registration process from being completed and accessing your activity history on the Website.

Your personal data related to the use of an Account on our Website will only be stored until you opt for closing your Account. No information shall be available to you on our Website after closing an Account.


  1. Data Privacy for Customers and potential Customers

You can use our Website without disclosing your personal data. However, in case you would like to purchase a Product, you will be required to provide your personal Data during a registration process, such as: full name, phone number, e-mail, shipping address and billing address if different from shipping address, as the case may be, in case such Data is necessary for the following processing purposes:

  • processing your purchase Orders for Products listed on the Website, processing of payments and suppling you with the purchased Products (this data processing is made for performance of a contract, or taking measures, at your request, prior to entering into a contract);
  • subscription to services offered by PlayedBy such as services related to promotions, including the use of coupons (we base this data processing activity on your consent);
  • managing your relationship or contract with us and to deal with your enquiries or requests (this data processing is made for performance of a contract);
  • complying with legal obligations to which we are subject, for example mandatory disclosure of personal data to (tax) authorities or as required for audit purposes, keeping of records obligations, preparing and keeping financial accounting documents and, in certain cases, the obligation to know your customer by obtaining proof of your identity to enable us to meet our anti-money laundering obligations (the grounds for processing is a legal obligation).

Your Data shall be used only for the processing purposes for which they were originally collected. The Data may be processed for a legitimate purpose different than the above processing purposes only if such legitimate purpose is closely related. Any processing for other purposes shall be notified to the data subjects.

You are required to provide PlayedBy with accurate and complete Data. Failure to do so shall constitute a breach of the Terms and Conditions and this Privacy Policy, which may result in immediate termination of (a) your account on the Website, (b) your Purchase Order (and subsequently the shipping of any Products you ordered from PlayedBy) or (c) the supply of any services by PlayedBy. Furthermore, you expressly agree to maintain your registration information up to date and to ensure that it is accurate and complete at all times.

It is our policy that this Data will not be disclosed, shared with, sold or rented to third parties other than expressly provided under this Privacy Policy. We may need to disclose your personal data to service providers such as: an external payment processor partner, if you choose to pay on-line for the Products by credit or debit card. In this case, you will be directed automatically to the site of the external payment processor partner. Our partner may require you to provide information on the debit card or credit card solely for the purpose of processing your payment to PlayedBy (as a Seller) in connection with the purchase of the Product(s) you ordered. We recommend consulting the partner’s Data Privacy Policy.

Refusal to complete the registration process by failing to provide all required, correct and complete Data will prevent completion of the placing your purchase Order or, as the case may be, the processing of your payment, resulting immediate termination by PlayedBy of your purchase Order of the supply of any Products you ordered.

All relationships arising between PlayedBy and each Customer using the Website for, on or after placing an Order are subject to the Terms and Conditions and this Privacy Policy.

Personal data collected and used for the supply of Products by PlayedBy will be stored for a period of 3 years after the termination of contractual relations or any other longer period imposed by the law, an applicable records retention regulation or public authorities.


  1. Data Privacy for Representative, Contact Person, Employee or Other Collaborator of a PlayedBy’s Business Partner

We use your relevant personal data for the performance of our business contracts. For instance, we may use the personal data of representatives, contact persons, employees or other collaborators of our Business Partners within the limits of data normally included on business cards (name, surname, position, company, telephone number, e-mail address), to manage the relationship with the Business Partner you represent. We rely in this case on the legitimate interest in the performance of our business contracts and managing the relationship with our Business Partners. Personal data will be stored for a period of 3 years after the termination of contractual relations or any other longer period imposed by the law, an applicable records retention regulation or public authorities.