Last updated: 1 July 2026
This policy explains how Fig. 1507 collects, uses and protects your personal data when you use https://fig-1507.com (the “Site”), book a workshop, create an account, contact us, or subscribe to our newsletter. It also explains the cookies and similar technologies we use. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Romanian law.
1. Who we are (Data Controller)
The controller of your personal data is S.C. WILLDIET S.R.L., trading as Fig. 1507, with its registered office in Bucharest, Romania, Lt. Virgil Lazarovici 28, registered under no. J40/1376/2017, CIF 37024599.
For any privacy question or to exercise your rights, contact us at antonia@fig-1507.com or by post at the address above.
2. What personal data we collect
Depending on how you use the Site, we may collect:
• Account data — name, email address and password (stored encrypted) when you create an account. If you sign in with Google or Apple, we receive basic profile information (such as your name and email) from that provider.
• Booking & order data — the workshops or sessions you book, quantity, dates, order history, invoicing details and, where applicable, billing address.
• Payment data — card payments are processed directly by our payment provider, Stripe. We do not receive or store your full card number; we receive only confirmation of payment and limited transaction details.
• Contact & workshop-request data — the information you submit through our contact and workshop-request forms (for example first name, last name, email, phone number, preferred date, number of people, and your message).
• Newsletter data — your first name and email address if you subscribe to our newsletter (“In the Dark”), which is delivered via Substack.
• Usage & device data — IP address, browser and device type, pages viewed and interactions with the Site, collected through cookies and similar technologies and through our analytics and advertising tools (see Sections 4 and 8).
• Communications — the content of messages and emails you exchange with us.
3. How we use your data and our legal bases
We process your personal data for the following purposes, relying on the legal bases indicated:
• To provide our Services — creating and managing your account, processing and confirming bookings, delivering online (e.g. via Google Meet) and in-person workshops, and providing customer support. Legal basis: performance of a contract.
• To process payments — via Stripe, including fraud prevention. Legal basis: performance of a contract; legitimate interests in preventing fraud.
• To respond to enquiries — handling contact and workshop-request form submissions, including bot protection via Cloudflare Turnstile. Legal basis: taking steps at your request before entering a contract, and our legitimate interest in security and in responding to you.
• To send transactional emails — order and account notifications (e.g. confirmations, password resets). Legal basis: performance of a contract.
• To send our newsletter — only if you have subscribed. Legal basis: consent, which you may withdraw at any time via the unsubscribe link.
• For analytics and advertising — to understand how the Site is used and to measure and improve our marketing (Google Analytics, Google Ads, Meta Pixel, TikTok Pixel). Legal basis: your consent, given through our cookie banner (see Sections 4 and 8).
• To meet legal obligations — such as accounting and tax record-keeping. Legal basis: legal obligation.
• To operate and secure the Site — including strictly necessary cookies. Legal basis: legitimate interests.
4. Analytics and advertising
With your consent, we use analytics and advertising tools to understand how visitors find and use the Site and to measure our campaigns. These tools may set cookies and collect usage and device data, including your IP address and a randomly generated identifier.
• Google Analytics 4 — website statistics and audience insights (Google Ireland Ltd. / Google LLC).
• Google Ads and DoubleClick — measuring ad performance and, where applicable, showing relevant ads (Google).
• Meta (Facebook) Pixel — measuring the performance of our Facebook/Instagram activity (Meta Platforms Ireland Ltd.).
• TikTok Pixel — measuring the performance of our TikTok activity (TikTok Technology Ltd.).
• Server-side tagging via Stape — some of these tags are delivered through a server-side container (stape.net and the subdomain a.fig-1507.com) to make tracking more reliable. This does not change the purposes above.
These tools run only after you accept the relevant category in our cookie banner, and you can change or withdraw your consent at any time (see Section 8). If you do not consent, these cookies are not set.
5. Who we share your data with
We do not sell your personal data. We share it only with trusted service providers (processors) and, for cookies you consent to, with the third parties that operate them. These currently include:
• Web hosting and CDN — hosting the Site and serving assets, including Cloudflare (security and bot protection).
• Stripe — payment processing (Stripe Payments Europe, Ltd.).
• Google — Google Analytics, Google Ads, “Sign in with Google” (optional) and Google Meet for online workshops.
• Meta Platforms — Facebook Pixel and related measurement.
• TikTok — TikTok Pixel and related measurement.
• Stape — server-side tag management.
• Cookiebot (Usercentrics A/S) — our cookie-consent management platform.
• Substack — delivery of our newsletter and the newsletter sign-up embed (Substack, Inc.).
• Apple — “Sign in with Apple” (optional).
• Our email/SMTP provider — sending transactional and account emails.
We may also disclose data where required by law or to protect our legal rights. Each provider processes your data under its own agreement with us and applicable data-protection law.
6. International data transfers
Some of our providers (for example Google, Meta, TikTok, Stripe, Substack and Cloudflare) may process data outside the European Economic Area, including in the United States. Where this happens, the transfer is protected by appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or an adequacy decision (for example, the EU–US Data Privacy Framework).
7. How long we keep your data
We keep your personal data only as long as necessary for the purposes above:
• Account data — for as long as your account is active; you may ask us to delete it at any time.
• Booking, order and invoicing data — for the periods required by Romanian accounting and tax law.
• Contact / workshop-request messages — for as long as needed to handle your enquiry and a reasonable period afterwards.
• Newsletter data — until you unsubscribe or withdraw consent.
• Analytics, advertising and other cookies — for the durations listed in Section 8; consent records are kept for up to one year.
8. Cookies and similar technologies
Cookies are small text files stored on your device when you visit a website. Similar technologies (such as pixels and local storage) work in comparable ways. We use them to make the Site work, to keep your cart and session, to enable secure sign-in and payment, and — only with your consent — for statistics and advertising.
We manage cookies through Cookiebot (Usercentrics). When you first visit the Site, the cookie banner lets you accept or decline each category. Strictly necessary cookies do not require consent because the Site cannot function without them; all statistics and marketing cookies are set only after you consent. The categories below reflect our latest cookie scan (1 July 2026); the live, always-current list is available in the Cookiebot declaration on this page.
Necessary cookies
These are required for core functions such as page navigation, keeping your shopping cart, secure sign-in, bot protection and remembering your cookie choices. They cannot be switched off.
• Fig. 1507 (fig-1507.com): wc_cart_hash_# and wc_fragments_# keep track of your cart (persistent / session); elementor supports the site’s theme and content display (persistent); CookieConsent stores your cookie preferences (1 year); __cf_bm provides bot protection (1 day).
• Cloudflare (challenges.cloudflare.com): cf.turnstile.u distinguishes humans from bots on our forms (persistent).
• Substack (substack.com / antoniateaha.substack.com), used by the newsletter embed: __cf_bm bot protection (1 day), cf_clearance bot protection (1 year), AWSALBTG and AWSALBTGCORS server load-balancing (7 days).
• Google (doubleclick.net): test_cookie checks whether your browser supports cookies (1 day).
Statistics cookies
These help us understand how visitors use the Site, collected with your consent. Set only after you accept the “Statistics” category.
• Google Analytics (fig-1507.com): _ga and _ga_# identify visitors and sessions (2 years); FPID, FPLC and FPAU support first-party and server-side analytics measurement (session).
• Substack (via the newsletter embed): ajs_anonymous_id identifies a visitor for the embed’s analytics (1 year), ab_testing_id supports content testing (1 year), and substack_ref_url records referral/navigation data (persistent).
Marketing cookies
These are used to measure our advertising and to make ads more relevant, collected with your consent. Set only after you accept the “Marketing” category.
• Meta / Facebook (fig-1507.com, stape.net, connect.facebook.net): _fbp identifies your browser for ad delivery (3 months / session); lastExternalReferrer and lastExternalReferrerTime record how you reached the Site (persistent).
• Google Ads / DoubleClick (doubleclick.net, google.com, a.fig-1507.com): IDE (400 days), _gcl_ls (persistent) and the pixels pagead/1p-user-list/# and pagead/viewthroughconversion/# measure ad performance and conversions (session).
• TikTok (fig-1507.com, tiktok.com, analytics.tiktok.com): _ttp (up to 1 year) and tt_appInfo, tt_sessionId, tt_pixel_session_index (session) support TikTok measurement.
• Stape server-side tagging (stape.net): _gtmeec temporarily processes ecommerce interaction data to make event tracking reliable (session).
• WooCommerce SourceBuster (fig-1507.com): sbjs_current, sbjs_current_add, sbjs_first, sbjs_first_add, sbjs_migrations, sbjs_session and sbjs_udata record how visitors arrive, for marketing attribution (session / 1 day).
Unclassified cookies
These are cookies we are still classifying with their providers. Most come from the Substack newsletter embed.
• Fig. 1507 / server-side (fig-1507.com, a.fig-1507.com): _sbp (400 days) and _xsd (persistent).
• Substack (substack.com, antoniateaha.substack.com, substackcdn.com): ab_experiment_sampled, cookie_storage_key, disable_experiments, disable_html_pixels, preferred_language, session_attribution, substack.lli and substack_ref (session to persistent).
Managing your consent
You can change or withdraw your consent at any time using the cookie settings link on the Site (the Cookiebot widget). You can also block or delete cookies through your browser settings; note that disabling strictly necessary cookies may prevent parts of the Site (such as the cart, sign-in or checkout) from working. For more on managing cookies, see aboutcookies.org.
9. How we protect your data
We use appropriate technical and organisational measures to protect your data, including HTTPS encryption across the Site, encrypted storage of passwords, bot protection on forms, and payment handling by a PCI-compliant provider (Stripe). No method of transmission over the internet is completely secure, but we work to protect your data and keep our measures under review.
10. Your rights under the GDPR
You have the right to: access your personal data; request correction of inaccurate data; request erasure (“right to be forgotten”); restrict or object to processing; data portability; and, where processing is based on consent, to withdraw consent at any time (without affecting processing carried out before withdrawal). You can also object to direct marketing at any time.
To exercise any of these rights, email antonia@fig-1507.com. We will respond within the time limits set by the GDPR.
11. Complaints
If you believe we have not handled your data properly, please contact us first so we can help. You also have the right to lodge a complaint with the Romanian supervisory authority, the National Supervisory Authority for Personal Data Processing (ANSPDCP), www.dataprotection.ro.
12. Children
The Site and our Services are intended for adults. We do not knowingly collect personal data from children under 16 without the consent of a parent or guardian. If you believe a child has provided us with personal data, please contact us and we will delete it.
13. Changes to this policy
We may update this Privacy & Cookie Policy from time to time. The latest version will always be published on this page, with the “Last updated” date revised accordingly. Significant changes will be communicated where appropriate.
14. Contact
S.C. WILLDIET S.R.L. (Fig. 1507) · Lt. Virgil Lazarovici 28, Bucharest, Romania · CIF 37024599 · J40/1376/2017 · Email: antonia@fig-1507.com · Tel: +40 742 613 358