Romania · RO
Privacy policy for selling to Romania (GDPR/ANSPDCP)
A privacy policy for the Romanian market must describe the real data processing behind the shop: orders, payments, delivery, customer accounts, support, newsletter, cookies, analytics and marketing tools. GDPR applies across the EU, but the document should also reflect Romanian supervisory context and the actual tools used by the shop.
Why the policy must match the shop
An online shop processes personal data through orders, payments, delivery, customer support, accounts, complaints and marketing. The privacy policy must describe these processes clearly and accurately.
A generic GDPR text is not enough if it does not mention the real providers, tools and purposes used by the shop.
GDPR and ANSPDCP
GDPR applies in Romania, and ANSPDCP is the national supervisory authority. The policy should describe data subject rights, complaint routes and how customers can contact the seller about privacy.
Common mistakes
Common mistakes include missing recipient categories, outdated tracking tools, no retention periods, unclear cookie descriptions and no explanation of international transfers.
How ecommerce.legal helps
ecommerce.legal builds the policy from the shop’s real setup: payments, delivery, hosting, newsletter, analytics, tracking, customer accounts and support.
Frequently asked questions
Is a generic GDPR policy enough for Romania?
No. It should describe the actual tools and processing operations used by the shop and be understandable for Romanian customers.
Who is the Romanian data protection authority?
The authority is ANSPDCP, the National Supervisory Authority for Personal Data Processing.
Should cookies be described?
Yes. The privacy policy should match the consent banner and describe necessary, analytics and marketing technologies.