Privacy Policy

How we collect, use, and protect your personal data

Last updated: May 2026

1. Who We Are

This Privacy Policy applies to TMGCODE S.R.L., a company registered under Romanian law, operating the website https://tmgcode.com and providing the Convertix Checkout Magento 2 extension ("we", "us", "our").

We are the data controller for the personal data described in this policy. For any privacy-related questions, contact us at contact@tmgcode.com.

2. What Data We Collect

We may collect the following categories of personal data:

  • Account data: name, email address, and password (hashed) when you register.
  • Purchase data: billing name, email, payment transaction ID (via PayPal — we do not store card numbers).
  • License data: domain name associated with your license key, for validation purposes.
  • Support data: name, email, and the content of messages you send via our support form.
  • Technical data: IP address, browser type, pages visited, and session identifiers (via server logs and cookies).

3. How We Use Your Data

We use your personal data to:

  • Create and manage your account and purchases.
  • Validate and activate software licenses.
  • Send transactional emails (order confirmation, license key delivery, support replies).
  • Respond to support requests.
  • Comply with legal and tax obligations under Romanian and EU law.
  • Detect and prevent fraud or abuse of our services.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

  • Contract performance: to deliver the purchased software and license.
  • Legitimate interest: to protect our systems, prevent abuse, and improve our services.
  • Legal obligation: to comply with applicable Romanian and EU law (e.g., invoicing, tax records).
  • Consent: where explicitly provided (e.g., marketing communications, if applicable).

5. Cookies

We use strictly necessary cookies to maintain your session (login state). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

You can disable cookies in your browser settings, but this may affect the functionality of your account and the checkout process.

6. Third-Party Services

We use the following third-party services that may process your data:

  • PayPal: payment processing. Your payment data is handled directly by PayPal under their own Privacy Policy.
  • Google reCAPTCHA v3: used on forms to prevent bot submissions. Subject to Google's Privacy Policy.
  • Adobe Commerce Marketplace: if you purchased through the Marketplace, Adobe's terms and privacy policy also apply.

7. Data Retention

We retain your personal data for as long as:

  • Your account is active, or
  • Necessary to fulfill the purposes described above, or
  • Required by Romanian or EU law (e.g., 10 years for financial documents under Romanian accounting law).

Support messages are retained for up to 3 years after ticket closure.

8. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"), subject to legal retention obligations.
  • Restrict or object to certain processing activities.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with the Romanian supervisory authority: ANSPDCP (dataprotection.ro).

To exercise any of these rights, email us at contact@tmgcode.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • HTTPS encryption for all data in transit.
  • Hashed passwords (never stored in plain text).
  • Access controls limiting who can access personal data.
  • Regular security reviews of our infrastructure.

10. International Transfers

Your data is stored on servers located in the EU. If any data is transferred outside the EU (e.g., via PayPal or Google services), such transfers occur under appropriate safeguards (Standard Contractual Clauses or adequacy decisions) as required by GDPR.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect any changes. Continued use of our services after changes are posted constitutes acceptance of the updated policy. For significant changes, we will notify registered users by email.

13. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

© 2026 TMGCODE S.R.L. All rights reserved.

Contact & Support