Last updated: April 2026 · GDPR compliant · Data controller: Vikotti SRL, Romania
This Privacy Policy explains how Vikotti collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Romanian and EU law.
Vikotti SRL is the data controller responsible for your personal data collected through this platform. Our registered address is in Romania, and we operate under applicable EU data protection law including the General Data Protection Regulation (GDPR).
We collect the following categories of data when you register or use the platform: contact information (full name, business email, phone number), company information (company name, VAT number, country, website), account credentials (email address, hashed password), order and transaction data (configurations, size runs, invoices, payment history), platform usage data (pages visited, session duration, browser type), and communication records (support emails, inquiry submissions).
Your data is used to: verify your identity and wholesale eligibility, process and fulfill your orders, generate invoices and manage payments, communicate order status and production updates, improve the platform and catalog, comply with legal and tax obligations, and send relevant commercial communications (with your consent). We do not use your data for automated decision-making that has legal effects on you.
We process your data under the following legal bases: contract performance (to fulfill your orders), legitimate interests (to operate and improve the platform), legal obligation (tax records, GDPR compliance), and consent (marketing communications, which you may withdraw at any time).
We do not sell your personal data. We may share data with: logistics and freight partners (name, address, order reference only), payment processors (Stripe — subject to their privacy policy), accounting and invoicing tools used internally, and legal authorities where required by law. We explicitly do not disclose factory identities or supplier relationships to third parties.
Your data is processed within the EU/EEA. Where data is transferred outside the EU/EEA (e.g. to Stripe's US servers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
We retain your account data for as long as your account is active plus 3 years after closure, unless a longer retention period is required by law (e.g. 7 years for financial records under Romanian accounting law). You may request deletion of your data subject to our legal retention obligations.
Under GDPR, you have the right to: access your personal data, correct inaccurate data, request erasure ("right to be forgotten"), restrict or object to processing, data portability (receive your data in a structured format), and withdraw consent at any time. To exercise any right, contact us at privacy@vikotti.com. We will respond within 30 days.
We implement industry-standard security measures including encrypted data transmission (TLS), hashed password storage, row-level database access controls, and regular security reviews. No system is completely secure; we will notify you of any data breach that poses a risk to your rights within 72 hours of becoming aware of it.
We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email or a prominent notice on the platform. The date of the latest revision is shown below.
For privacy-related inquiries, contact our data protection team at privacy@vikotti.com. You also have the right to lodge a complaint with your national data protection authority (in Romania: ANSPDCP; in other EU countries, contact your local authority).