Legal

Privacy Policy

Last updated: March 15, 2026  ·  Effective: March 15, 2026

GDPR Compliant
Encrypted Storage
Minimal Data Collection
Never Sold to Third Parties

1. Who We Are

Chermmon is a luxury intimate body care brand operated by SC DIVISION 26 PICTURES SRL, a Romanian company (CUI: 47509869, Registration Number: J29/180/2023, EUID: ROONRC.J29/180/2023), headquartered in Bucharest, Romania. At the international level, Chermmon operates under the umbrella of Arxcade Ventures.

This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website, place a pre-order, or contact us. By using our platform, you agree to the practices described here.

2. Information We Collect

What we collect

  • Name and email address (for orders and communications)
  • Shipping and billing address
  • Payment information (processed by Stripe — we never see your card details)
  • Order history and pre-order reference
  • Messages and feedback you send to us voluntarily
  • Basic analytics (pages visited, device type, browser — anonymised)

What we never collect

  • Biometric or health data
  • Precise GPS location
  • Data from children under 16
  • Social media credentials or passwords
  • Advertising or commercial profiles
  • Any data beyond what is necessary to fulfil your order

3. How We Use Your Data

  • To process and fulfil your pre-order or purchase
  • To communicate order updates, dispatch notifications, and delivery tracking
  • To respond to your enquiries and feedback
  • To improve our products and website experience (using anonymised data only)
  • To comply with legal and regulatory obligations under Romanian and EU law

We do not use your data for advertising profiling, re-marketing, or any automated decision-making that has a legal or similarly significant effect on you.

4. Legal Basis for Processing

Under the GDPR, we process your data on the following legal bases:

  • Contract performance — to process your order and deliver your product
  • Legitimate interest — to improve our service and communicate with customers
  • Legal obligation — to comply with accounting, tax, and consumer protection law
  • Consent — for any optional communications (newsletter, feedback follow-up)

5. Data Sharing & Third Parties

We share your data only where strictly necessary:

  • Stripe — secure payment processing (they are PCI-DSS Level 1 certified)
  • Shipping partners — your name and address for delivery only
  • Email service — to send you order confirmations and notifications
  • Legal authorities — only when required by Romanian or EU law

We never sell, rent, or trade your personal data with any marketing, advertising, or analytics companies.

6. Data Retention

Order data

Retained for 5 years to comply with Romanian accounting and tax law. After that, permanently deleted.

Marketing consent

Until you withdraw consent. You may unsubscribe at any time via any email we send.

Customer service

Correspondence retained for 2 years, then deleted unless an ongoing matter requires it.

Website analytics

Anonymised data only. No individual is identifiable. Retained for up to 26 months.

7. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Restriction — request that we limit the processing of your data in certain circumstances
  • Portability — receive your data in a commonly used, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, email us at privacy@chermmon.com or call +40 723 431 496. We will respond within 30 days.

8. Security

We take the security of your data seriously. All data is transmitted over HTTPS with TLS encryption. Payment processing is handled exclusively by Stripe, which uses AES-256 encryption and is PCI-DSS certified. Access to customer data within our team is strictly limited on a need-to-know basis.

9. Cookies

We use only essential cookies necessary for the website to function (session management, cart state). We do not use advertising, tracking, or third-party analytics cookies without your explicit consent. You may disable non-essential cookies via your browser settings at any time.

10. Contact & Complaints

Our Data Controller

SC DIVISION 26 PICTURES SRL
CUI: 47509869
Bucharest, Romania
privacy@chermmon.com
+40 723 431 496

Supervisory Authority

If you believe your rights have been violated, you may lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.

Terms of ServiceProduct SafetyContact