Privacy Policy
Last updated: November 2025
1. Data Controller
Company Name: QD Chromatic Design SRL
Trading As: Alien Mods
Company Registration: CUI RO21249633
Address: Str Tepes Voda 99, 021523, Sector 2, Bucharest, Romania
Email: [email protected]
Website: alien-mods.com
QD Chromatic Design SRL is the data controller responsible for your personal data. If you have any questions about this privacy policy or how we handle your data, please contact us at the email address above.
2. What Personal Data We Collect
We collect and process the following personal data when you use our website and services:
2.1 Information You Provide to Us
When you place an order (required for order fulfillment):
- Contact information: Name, email address, phone number
- Billing information: Billing address
- Shipping information: Delivery address
- Order details: Products purchased, order value, order date
When you create an account (optional):
- Username and password (encrypted)
- Order history
- Saved addresses
When you contact us:
- Any information you provide in your messages or support requests
- Email correspondence
2.2 Information We Collect Automatically
Technical data:
- IP address: Collected for security and fraud prevention
- Browser type and version
- Device information: Operating system, device type
- Website usage data: Pages visited, time spent, referring website
Cookies and tracking technologies:
- We use cookies to improve your experience on our website
- Google Analytics for website analytics (with IP anonymization)
- Essential cookies for shopping cart functionality
- See our Cookie Policy section below for more details
2.3 Information We Do NOT Collect
We do NOT collect or store:
- Credit card or payment card details (handled securely by Stripe and PayPal)
- Sensitive personal data (health, religion, political opinions, etc.)
- Biometric data
- Data about children under 16 (our products are not intended for children)
3. Legal Basis for Processing Your Data
Under GDPR, we must have a legal basis to process your personal data. We process your data based on:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling orders | Contract performance: Necessary to fulfill our contract with you |
| Payment processing | Contract performance: Necessary to complete the transaction |
| Shipping and delivery | Contract performance: Necessary to deliver products to you |
| Customer support and communication | Contract performance: Necessary to respond to your inquiries |
| Fraud prevention and security | Legitimate interest: Protecting our business and customers |
| Website analytics | Legitimate interest: Improving our website and services |
| Legal compliance (accounting, taxes) | Legal obligation: Required by Romanian and EU law |
| Account creation | Consent: You choose to create an account |
4. How We Use Your Personal Data
We use your personal data for the following purposes:
4.1 Order Processing and Fulfillment
- Process your orders and payments
- Arrange shipping and delivery
- Send order confirmations and shipping notifications
- Handle returns, refunds, and warranty claims
- Provide customer support
4.2 Account Management (If You Create an Account)
- Maintain your account and login credentials
- Store your order history for your convenience
- Save your addresses for faster checkout
4.3 Communication
- Respond to your inquiries and support requests
- Send transactional emails related to your orders (order confirmations, shipping updates, delivery notifications)
- Communicate about returns, refunds, or warranty issues
Important: We do NOT send marketing emails, newsletters, or promotional communications unless you explicitly request them. All emails you receive from us are order-related and necessary for fulfilling our service.
4.4 Legal and Security
- Comply with legal obligations (tax, accounting, consumer protection laws)
- Prevent fraud and unauthorized transactions
- Protect our website from security threats
- Resolve disputes and enforce our terms and policies
4.5 Website Improvement
- Analyze website usage to improve user experience
- Understand which products are most popular
- Identify and fix technical issues
5. Who We Share Your Data With
We only share your personal data with third parties when necessary to provide our services or comply with legal obligations. We never sell your data to third parties.
5.1 Payment Processors
Stripe and PayPal
- What they receive: Payment information, transaction details, billing address
- Why: To process your payment securely
- Location: These are US-based companies with EU operations, compliant with GDPR
- Note: We do NOT store your credit card details – they are handled entirely by these payment processors
5.2 Shipping Carriers
PostNL and FedEx
- What they receive: Your name, delivery address, phone number, order tracking information
- Why: To deliver your products
- Data minimization: We only share information necessary for delivery
5.3 Analytics Services
Google Analytics
- What they receive: Anonymized website usage data, anonymized IP addresses
- Why: To understand how visitors use our website and improve user experience
- Privacy measure: IP anonymization is enabled to protect your identity
- Location: Google is a US-based company with GDPR-compliant data processing agreements
5.4 Web Hosting Provider
Romanian hosting service
- What they store: Your data is stored on servers located in Romania (within the EU)
- Why: To operate our website and store order information
- Security: Data is stored securely with appropriate technical measures
5.5 Legal Authorities
We may disclose your personal data if required by law, court order, or government regulation, or if necessary to:
- Respond to legal requests from authorities
- Enforce our terms and conditions
- Protect our rights, property, or safety
- Prevent fraud or illegal activity
6. International Data Transfers
Your personal data is primarily stored and processed within the European Union (Romania). However, some of our service providers are based outside the EU:
- Stripe, PayPal, Google Analytics are US companies that may transfer data to the United States
- Safeguards: These companies comply with GDPR requirements through:
- EU-US Data Privacy Framework
- Standard Contractual Clauses (SCCs) approved by the EU Commission
- Appropriate technical and organizational security measures
- Your rights: You have the same privacy rights regardless of where data is processed
7. How Long We Keep Your Data
We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:
| Data Type | Retention Period | Reason |
|---|---|---|
| Order information (name, address, purchase details) | 10 years from order date | Romanian tax and accounting legal requirements |
| Communication records (emails, support tickets) | 3 years from last contact | Customer service and dispute resolution |
| Account information (if you create an account) | Until you delete your account or request deletion | To maintain your account access |
| Website analytics data | 26 months | Google Analytics default retention period |
| IP addresses (for fraud prevention) | 1 year | Security and fraud prevention |
After retention periods expire: Data will be securely deleted or anonymized so it can no longer identify you.
Early deletion: You can request deletion of your data before these periods expire (see Your Rights section below), except where we have a legal obligation to retain it (e.g., accounting records).
8. Your Rights Under GDPR
As an EU resident, you have the following rights regarding your personal data:
8.1 Right of Access
You have the right to request a copy of all personal data we hold about you. We will provide this information free of charge in a commonly used electronic format.
8.2 Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. You can update your account information directly, or contact us to make changes.
8.3 Right to Erasure (“Right to Be Forgotten”)
You can request that we delete your personal data in the following circumstances:
- The data is no longer necessary for the purposes we collected it
- You withdraw your consent (for data processed based on consent)
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
Exceptions: We may not be able to delete data if we need it for:
- Legal obligations (e.g., 10-year accounting records required by Romanian law)
- Establishing, exercising, or defending legal claims
8.4 Right to Restriction of Processing
You can ask us to restrict how we use your data in certain situations, such as when you contest the accuracy of the data or object to processing.
8.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
8.6 Right to Object
You can object to processing of your personal data when it’s based on legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests.
8.7 Right to Withdraw Consent
Where we process data based on your consent (e.g., account creation), you can withdraw that consent at any time. This won’t affect the lawfulness of processing before withdrawal.
8.8 Right to Lodge a Complaint
If you believe we have not handled your data properly, you have the right to lodge a complaint with the Romanian data protection authority:
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Phone: +40 318 059 211
Email: [email protected]
Website: www.dataprotection.ro
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected] with:
- Your full name and email address used for your order
- A description of the right you wish to exercise
- Any relevant order numbers or account information
Response time: We will respond to your request within 30 days as required by GDPR. If we need more time (complex requests), we’ll let you know.
Verification: To protect your privacy, we may need to verify your identity before fulfilling your request.
9. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it:
Security Measures
- Encryption: All data transmitted between your browser and our website is encrypted using SSL/TLS
- Secure hosting: Data is stored on secure servers in Romania with restricted access
- Payment security: We do NOT store credit card details – all payment processing is handled by PCI-DSS compliant payment processors (Stripe, PayPal)
- Password protection: Account passwords are encrypted using industry-standard hashing algorithms
- Access control: Only authorized personnel have access to personal data, on a need-to-know basis
- Regular updates: We keep our website software and security measures up to date
- Monitoring: We monitor for security threats and unauthorized access attempts
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the Romanian data protection authority within 72 hours
- Notify affected individuals without undue delay
- Take immediate action to contain and remediate the breach
Your Responsibility
If you create an account, you are responsible for:
- Keeping your password confidential
- Not sharing your account with others
- Logging out after using shared devices
- Notifying us immediately if you suspect unauthorized account access
10. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to improve your experience and analyze website usage.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you use the site.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality (shopping cart, checkout, login). These cannot be disabled without breaking the site. | Session |
| Analytics Cookies (Google Analytics) |
Help us understand how visitors use our website, which pages are popular, and where we can improve. IP addresses are anonymized. | Up to 26 months |
| Preference Cookies | Remember your settings and preferences (e.g., language, currency) for a better experience. | Up to 1 year |
Managing Cookies
Cookie consent banner: When you first visit our website, you’ll see a cookie consent banner. You can accept all cookies or manage your preferences.
Browser settings: You can control cookies through your browser settings:
- Most browsers allow you to refuse cookies or delete existing cookies
- Disabling essential cookies may affect website functionality
- See your browser’s help section for instructions on managing cookies
Google Analytics opt-out: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Third-Party Cookies
Some cookies on our site are set by third parties (Google Analytics, payment processors). These third parties have their own privacy policies:
11. Children’s Privacy
Our products and services are not intended for children under 16 years of age. We do not knowingly collect personal data from children.
Our sim racing hardware products are designed for adult enthusiasts or supervised use by minors with parental consent. To make a purchase, you must:
- Be at least 18 years old (legal age to hold a payment account)
- Have a valid payment method in your name
If we become aware that we have inadvertently collected data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].
12. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.
When we make changes:
- We will update the “Last updated” date at the top of this policy
- Significant changes will be communicated via email to registered customers
- The updated policy will be posted on our website
Your continued use of our website after changes indicates your acceptance of the updated policy.
We encourage you to review this privacy policy periodically to stay informed about how we protect your data.
13. Contact Us
Questions About Your Privacy?
If you have any questions, concerns, or requests regarding this privacy policy or how we handle your personal data, please contact us:
Email: [email protected]
Company: QD Chromatic Design SRL (Trading as Alien Mods)
Address: Str Tepes Voda 99, 021523, Sector 2, Bucharest, Romania
Company Registration: CUI RO21249633
Response time: We aim to respond to all privacy inquiries within 30 days.
14. Additional Information for EU Residents
Legal Framework
This privacy policy complies with:
- General Data Protection Regulation (GDPR) – EU Regulation 2016/679
- Romanian Law 190/2018 on data protection measures
- ePrivacy Directive – Directive 2002/58/EC (as amended)
Representative for Data Subject Requests
For all data subject requests (access, deletion, rectification, etc.), contact us directly at [email protected]. We handle all requests personally and do not use a third-party representative.
Automated Decision-Making and Profiling
We do NOT use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All order processing and customer service decisions involve human review.
Direct Marketing
We do not send marketing communications. All emails you receive from us are transactional (order confirmations, shipping updates) and necessary for fulfilling our services.
Alien Mods – Mods from another planet
QD Chromatic Design SRL | CUI RO21249633
alien-mods.com | [email protected]
Str Tepes Voda 99, 021523, Sector 2, Bucharest, Romania
This privacy policy was last updated on November 2025 and is compliant with GDPR and Romanian data protection laws.
Follow our social media to find limited use DISCOUNT vouchers!
Keep your eyes on our