Privacy policy

Privacy Policy

This privacy policy applies to the current website and the personal data collected through it for the realization of the activities that our office carries out.

1.Data operator

In accordance with the definitions and provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR), our office is a personal data controller and, in certain situations, a processor of other personal data controllers.

2. Persons concerned

We provide consultancy services in the elaboration and implementation of investment projects both on European funds and on state aid schemes for our clients, legal entities.

In the case of these services, the data subjects are the representatives, natural persons, of our clients, legal entities.

3. Processing of personal data

3.1. Date personale colectate si prelucrate automat atunci cand navigati in cadrul website-ului nostru

a) Data recorded and stored in the Web server log

How and when to collect

We use a server to host our website. When you access the website, the data corresponding to your navigation within the web platform is recorded and stored in a log file on the server.

Personal data collected

Thus, the IP address you use to access the website is automatically recorded, as well as other information relevant to your navigation on the platform, such as the pages accessed, the date and time of access to the website, the information requested, the date and time of the request, the source of access to our website (for example the URL that directed you to our website), the duration of your visit and the order in which you visit the content of the website (clickstream information), the browser version and operating system used, the name of the mobile network you use (information about the device used).

Purpose and basis of processing

We collect and store this data in web server logs to ensure IT network security. Thus, we analyze the log files to help identify and prevent unauthorized access to our network, distribution of malicious code, prediction of DDOS and other cyber-attacks by detecting unusual or suspicious activity. Unless we are investigating suspicious or potential criminal activity, we make no attempt to identify you based on information collected through server logs. The basis on which we process the data for this purpose is our legitimate interest in protecting our business and ensuring the security of the data we hold.
We also use this data for the purpose of analyzing how users interact with the website in order to improve the structure and content of the website. The basis on which we process personal data for this purpose is our legitimate interest.

Location of personal data

The collected data is stored on the webhosting company’s server, located in Romania.

Duration of processing and storage of personal data

Data is recorded and stored in the server logs for a period of 1 year after which, according to the procedure we have implemented, they are automatically deleted.

b) Use of cookies

How and when to collect

Our website uses cookies. Cookies are small text files sent by a website server to a web browser (web browser: Chrome, IE, Firefox, Opera), RAM memory or hard disk drive at the time of initial access to the website and then stored there.
Personal data collected

A “cookie” records information about your navigation on the website (pages visited, date and time of visit). This information allows the website “to remember information about your preferences and thus improve your browsing experience on the website. If you do not wish to accept the use of cookies, you can change your browser settings to not accept cookies.
For more information on the cookies we use, how to set your preferences when using cookies and how to block cookies, please read our Cookie Policy.

Purpose and basis of processing

We use cookies to improve the website and to personalize the website experience according to the needs of our users. Thus, through them we can automatically distinguish you from other users and provide you with certain functionalities that facilitate navigation and interaction on the website. The basis on which we process this personal data is our legitimate interest in ensuring the proper functioning of our website (for the use of essential cookies) and your consent (for the use of non-essential cookies). For more information on the cookies we use, how to set your preferences when using cookies and how to block cookies, please read our Cookie Policy.
Location of personal data

The collected data is stored on the webhosting company’s server, located in Romania.
Duration of processing and storage of personal data

Cookies are used for as long as you access our website, depending on the preferences initially set on the website and depending on the cookie settings you have set in the web browser you are using.

3.2. Date personale colectate atunci cand ne contactati

a) Contact form integrated in the website
How and when collected
Data is collected when you fill in and submit a contact form on our website.
Personal data collected
We collect your first name, last name, e-mail address and any other information you voluntarily provide in that message.
Purpose and basis of processing
We process this personal data in order to respond to the enquiries and messages we receive based on our legitimate interest to provide quality service and information to people who contact us.

Location of personal data
The data collected are stored on the server of the webhosting company located in Romania.
Duration of processing and storage of personal data
The data is retained for a limited period of time – no more than 1 year – and is periodically deleted.

b) E-mail
How and when collected
Data is collected when you send a message to the e-mail address displayed on our website.
Personal data collected
We collect your e-mail address and any other information you provide in that e-mail (such as your name, your phone number and the information contained in any signature block in the e-mail).
Purpose and basis of processing
We process these personal data in order to respond to the enquiries and messages we receive and to keep a record of correspondence based on our legitimate interest to provide quality service and information to people who contact us.
Location of personal data
The data thus collected is stored on the server of the webhosting company, located in Romania.
Duration of processing and storage of personal data
Data is retained for a limited period – not more than 1 year – and is deleted periodically.

c) Telephone
How and when collected
Data is collected when you call the contact telephone number displayed on our website.
Personal data collected
When you contact us by telephone, we collect your telephone number and any information you provide during your conversation with us. We do not record telephone calls.
Purpose and basis of processing
We process this personal data in order to respond to enquiries and requests for information that we receive based on our legitimate interest to provide quality service and information to people who contact us.
Location of personal data
Information about your call, such as your telephone number and the date and time of your call, is processed by our telephone service provider located in Romania.
Duration of processing and storage of personal data
We do not retain personal data unless it is necessary to respond to your requests at a later date.

4. Transfer of personal data to third parties

4.1 Transfer of data to service providers
We transfer the personal data we process to a number of third parties to provide us with services that are necessary to run our business or to help us run our business and who process your information for us on our behalf. These third parties are generally the following:
Telephone service providers.
E-mail and web hosting service providers.
Analyst/consulting/advertising service providers.
Occasionally, we obtain advice from consultants, such as accountants, financial advisors, attorneys and public relations professionals. We will only share your information with these third parties where it is necessary to allow these third parties to provide us with relevant advice, subject to our privacy clauses.
The data we collect through the website (contact form) or through emails we receive is stored on the webserver of our web hosting and email service provider. The server is located in Romania. The processing performed by it is strictly limited to storing this data on the server.
We transfer personal data in our legitimate interest (ensuring the efficient running of our business).
We ensure (by signing special personal data protection agreements) that the third parties to whom we transfer personal data guarantee, in their turn, the protection and security of this data and use this data only for the agreed purpose.
We do not display the identity of our service providers publicly, for security and competitiveness reasons. If, however, you would like additional information about the identity of service providers, please contact us directly by e-mail and we will provide you with such information if you have a legitimate reason to request it).
4.2 Transfer to public authorities or organizations involved in credit/credit/ debt recovery/ fraud prevention
a) In connection with a legal or potentially legal dispute or proceeding
We may need to use your information if we are involved in a dispute with you or with a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court judgment or similar process.
The basis on which we make this transfer is our legitimate interest in resolving disputes and potential disputes.
To comply with laws, regulations and other legal requirements
We will use and process your information to comply with legal obligations to which we are subject. For example, we may be required to disclose your information pursuant to a court order or subpoena, if we receive one.
The basis on which we make this transfer is our legitimate interest.

5. Personal data retention period
Criteria for determining retention periods
We will only keep your information for as long as necessary, taking into account the following:
the purpose(s) and use of your information both now and in the future (for example, whether it is necessary to continue storing that information in order to continue to fulfill our obligations under a contract with you or to contact you in the future);
whether we have a legal obligation to continue processing your information. (such as any record retention obligations imposed by relevant law or regulation);
if we have any legal basis to continue processing your information (such as your consent);
how valuable your information is to us. (both now and in the future);
any agreed industry practices regarding the length of time we keep your information;
the levels of risk, cost and liability involved in continuing to hold your information;
how difficult it is to ensure that the information can be kept up to date and accurate;
any relevant surrounding circumstances (such as the nature and status of our relationship with you).

6. Technical and organizational measures to secure your data
We take appropriate technical and organizational measures to secure your information and protect it against unauthorized or unlawful use and accidental loss or destruction, including:
sharing and providing access to your data. to the minimum extent necessary, subject to confidentiality restrictions, where appropriate and anonymously whenever possible;
using secure servers to store information;
verifying the identity of any person requesting access to information before granting them access to information;
transferring your data. only through a closed system or encrypted data transfers.
Submitting information to us by e-mail
Submitting information over the internet is not entirely secure and if you submit information to us over the internet (by e-mail, through our website or by any other means), you do so entirely at your own risk.
We cannot be liable for any expenses, losses, reputational damage, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

7. Your rights over your personal data
7.1 Your rights
Subject to certain restrictions on certain rights, you have the following rights in relation to your data which you can exercise by sending an e-mail to :
to request access to your information and information about the use and processing of your information;
You have the right to obtain a confirmation from the company whether your data is being processed.
Individuals have the right to submit an access request to access their personal data and to verify the lawfulness of the processing. If such a request has been made electronically, the information will be provided by the company – also – in a commonly used electronic format.
to request rectification of your data;
Individuals have the right to rectify themselves or to ask the company to rectify inaccurate or incomplete personal data. If the personal data concerned have been transferred to third parties, the firm will also inform them of the rectification request, if possible. Where applicable, the firm will inform the data subject of the third parties to which the data have been transferred.
Requests for rectification will be dealt with within one month; this will be extended by two months if the rectification request is complex.
If no action is taken in response to a request for rectification, the practice will explain the reason to the individual and inform them of their right to complain to the supervisory authority and of the remedies available.
to request erasure of your data (taking into account legal restrictions that do not allow for data erasure);
Individuals have the right to request erasure or deletion of personal data if there are no grounds for further processing. Individuals have the right to request deletion of data in the following situations:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
When the person withdraws their consent;
When they object to the processing and there is no legitimate interest in continuing to process the personal data;
Personal data has been processed unlawfully;
Personal data must be deleted to comply with a legal obligation.
Our office has the right to refuse a request for deletion of personal data if the data is processed for the following reasons:
To comply with a legal obligation;
To exercise or defend legal claims.
If personal data have been transferred to third parties, they will be informed of the request to delete the personal data, unless this is impossible or involves a disproportionate effort.
to request restriction of the use of your data;
Individuals have the right to block or suppress the processing of their personal data by the company. If processing is restricted, the firm will store the personal data, but will not process it further, ensuring that only sufficient information about the individual has been retained to ensure that the restriction is respected in the future.
The Cabinet will restrict the processing of personal data in the following situations:
Where an individual contests the accuracy of the personal data, processing will be restricted until the Practice verifies the accuracy of the data;
Where an individual has objected to the processing and the Practice considers whether the legitimate grounds for the processing are based on the individual’s legitimate grounds;
If the processing is unlawful and the individual objects to deletion and requests restriction instead;
Where the Practice no longer needs the personal data but the individual requests the retention of the data for the establishment, exercise or enforcement of a legal claim.
If the personal data in question have been transferred to third parties, the firm will inform them of the request for restriction of the processing of personal data, unless it is impossible or involves disproportionate efforts to do so.
The Cabinet will inform data subjects when a processing restriction has been lifted.
to receive the information you have provided to us in a structured, commonly used format that can be read by a device (e.g. a CSV file) and the right to transfer that information to another data controller (including a third party data controller);
to object to the processing of your data for certain purposes;
The Cabinet will inform, upon first communication, individuals who have submitted a request for their personal data of their right to object.
Individuals have the right to object to processing based on legitimate interests or processing for direct marketing purposes.
direct marketing;
processing for the purposes of scientific or historical research and statistics.
In the event of such an objection, the practice will cease processing the individual’s personal data, unless the processing is necessary for the establishment, exercise or defense of legal rights and claims or if the practice can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual.
to withdraw your consent to the use of your data at any time at which we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of the use and processing of your data based on your consent prior to the time at which you withdraw your consent.
the right not to be subject to a decision based solely on automated processing, including profiling that produces legal effects on you. or significantly affects you in a similar way.
In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of residence, place of work or an alleged breach of the General Data Protection Regulation. For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro.
7.2 Ensuring your rights
If an individual makes a request relating to any of the rights listed above, our office will consider each such request in accordance with applicable data protection laws and regulations.
Data subjects have the right to obtain, on the basis of a written request addressed to the company, which is directed to the Data Protection Officer, and after successful verification of their identity, the following information about their personal data:
The purposes of the collection, processing, use and storage of their personal data;
The source(s) of personal data, if not obtained directly from the data subject;
The categories of personal data stored about the data subject;
The recipients or categories of recipients to whom the personal data have been or may be transmitted, together with the location of those recipients;
The intended storage period of the personal data or the manner of determining the storage period;
The use of any automated decisions, including profiling, if applicable;
The data subjects’ right.
A copy of the information will be provided to the requester free of charge (there is no administration fee for reviewing and/or honoring such a request). However, the practice may impose a “reasonable fee” to comply with requests for copying and replication of the same information in the case of successive requests from the same person within a given time period. If a request is manifestly unfounded, excessive or repeated, a reasonable fee will also be charged. All fees will be based on the administrative cost of providing the information.
All requests received for access or rectification of personal data will be directed to the Data Protection Officer, who will register each request at the time of receipt. The reply to each request will be provided within 30 days of receipt of the written request from the data subject. In the case of complex requests, the response period will be extended by another month. The natural person will be informed of this extension and will receive an explanation of why the extension is necessary within one month of receipt of the request.
If the Data Protection Officer is not able to fully respond to the request within 30 days, he/she will – nevertheless – provide the following data to the data subject or the legally authorized representative within the specified time limit:
a confirmation of receipt of the application;
all information found up to the time of the request about the data subject;
details of any requested information or changes that will not be provided to the data subject, the reason(s) for refusal and any procedures available for contesting the decision;
an estimated date by which the remaining replies will be provided;
an estimate of any costs to be paid by the data subject (for example, if the request is excessive);
the name and contact details of the representative of the organization that the data subject should contact for further information.
If a request is manifestly unfounded or excessive, the practice has the right to refuse to respond to the request. The natural person will be informed of this decision and the reasoning behind it, as well as the right to apply to the supervisory authority and to use available remedies within one month of the refusal.
It should be mentioned that situations may arise where the provision of the requested information by a data subject would reveal personal data about another person. In such cases, the information should be redacted or withheld as necessary or appropriate to protect the rights of that person.
7.3 Verifying your identity when requesting access to your information.
If you request access to your information, we are required by law to take all reasonable steps to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorized access to your information.
If we have adequate information about you, we will attempt to verify your identity using that information. If it is not possible to identify you on the basis of this information, or if we do not have sufficient information about you, we may request copies or certificates of certain documents in order to verify your identity before we can provide you with access to your data.
We will be able to confirm the exact information we need to verify your identity in your specific circumstances if and when you make such a request.

8. Sensitive Personal Data
“Sensitive Personal Data” is information about an individual that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, health information or information concerning the sex life or sexual orientation of an individual.
We do not knowingly or intentionally collect sensitive personal information from individuals and you should not send us sensitive personal information.
If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be deemed to have explicitly consented to our processing of sensitive personal information in accordance with Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purpose of deleting it.

9. Minors’ Privacy
Because we care about the safety and privacy of children online, we do not knowingly contact or collect information from anyone under the age of 18. The Website is not intended to solicit information of any kind from persons under the age of 18.
We may receive information about persons under the age of 18 through fraud or deception of a third party. If we are notified of this, as soon as we verify the information, where required by law, we will immediately obtain appropriate parental consent to use the information or, if we are unable to obtain parental consent, we will delete the information from our servers. If you wish to notify us of our receipt of information about persons under the age of 18, please do so by sending an e-mail to .

10. Links to third-party websites
Our website may contain links to third-party websites or applications. If you click on one of these references, please note that each will have its own privacy policy. We do not control these websites/applications and are not responsible for these policies. When you leave our platform, we encourage you to read the privacy notice of each website you visit.

11. Complaints
Individuals may submit, in writing, complaints about the processing of their personal data.
An investigation of the complaint will be carried out only to the extent appropriate to the specific case complained about. The Data Protection Officer shall inform the data subject of the progress and outcome of the complaint within a reasonable time.
If the matter cannot be resolved through consultation between the data subject and the company, then the data subject may, at his or her option, seek remedies through mediation, binding arbitration, litigation or by complaint to the ANSPDCP:

Address: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Contact details: Tel. +XXXXXXXXXXXXXXXXXX Fax +XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
e-mail: Website: http://www.dataprotection.ro/ http://www.dataprotection.ro/