Loading... WhatsApp
RO EN

Privacy Policy

Information about personal data processing

Last updated: 06.04.2026

1. Data Controller

The personal data controller is:

  • Name: PFA Burlacu Cătălin-Gabriel under the CONTROL DEVELOPMENT brand
  • Tax ID: RO34739378
  • Address: Iași, Romania
  • Email: Loading...

We have not appointed a Data Protection Officer (DPO) as we do not meet the conditions set out in Art. 37 GDPR (we do not carry out large-scale systematic monitoring activities and do not process special categories of data on a large scale). For any questions regarding data protection, you can contact us at the email address indicated above.

2. Data Processed

We process the following categories of personal data:

2.1 Data provided directly by you

Through the contact form on the website, we collect:

  • Full name
  • Email address
  • Phone number (optional)
  • Company name (optional)
  • Content of the message sent

Providing your name, email, and selecting a subject are mandatory for processing your request. Providing a phone number and company name is voluntary.

2.2 Automatically collected data

When accessing the website, the server automatically records:

  • IP address
  • Date and time of access
  • Pages visited
  • Browser type and operating system

This data is necessary for the technical operation of the website and ensuring security.

2.3 Data processed by third-party services

When submitting the contact form, the Cloudflare Turnstile service processes technical data (IP address, browser and device information) for anti-spam security verification.

If you accept non-essential cookies via the consent banner, Google Ads and Google Analytics may collect data about your browsing behavior on the site (pages visited, traffic source, interactions) through cookies and similar technologies.

3. Purposes and Legal Bases for Processing

Purpose Legal Basis (GDPR)
Responding to contact form requests Art. 6(1)(b) — pre-contractual measures
Providing requested services Art. 6(1)(b) — contract performance
Technical operation and website security (including anti-spam protection via Cloudflare Turnstile) Art. 6(1)(f) — legitimate interest (ensuring website security and operation, preventing abuse). Our legitimate interest does not override your rights, as the processing is minimal and necessary exclusively for technical operation.
Advertising and traffic analysis (Google Ads/Analytics) Art. 6(1)(a) — consent (given via the cookie banner, withdrawable at any time)
Compliance with legal obligations (fiscal, accounting) Art. 6(1)(c) — legal obligation

4. Data Retention Period

  • Contact form data: until request completion + 1 year, or for the duration of the contract + legal archiving period
  • Contractual/fiscal data: according to applicable fiscal legislation (minimum 5 years per Romanian Accounting Law no. 82/1991)
  • Server logs: maximum 90 days

5. Data Recipients and Processors

Your personal data is not sold, rented, or shared with third parties for marketing purposes. Data may be accessed by:

  • Cloudflare, Inc. (USA) — CDN services, web security, and anti-spam verification (Cloudflare Turnstile). Cloudflare Privacy Policy
  • Resend, Inc. (USA) — email delivery for contact form notifications. Resend Privacy Policy
  • Google LLC (USA) — advertising services (Google Ads) and traffic analysis (Google Analytics), activated only after your consent via the cookie banner. Google Privacy Policy
  • Hosting provider (Hetzner Online GmbH, Germany/Finland) — for technical website operation
  • Accountant/tax consultant — for legal obligations
  • Public authorities — if there is a legal obligation

6. Data Transfer Outside the EU/EEA

Certain personal data is transferred outside the European Union/European Economic Area, to the USA, through the following processors:

  • Cloudflare, Inc. — the transfer is carried out based on Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-US Data Privacy Framework certification
  • Resend, Inc. — contact form data (name, email, subject, message) is transmitted through Resend's API for email notification delivery. The transfer is carried out based on Standard Contractual Clauses (SCCs)
  • Google LLC — browsing and interaction data collected via Google Ads/Analytics, only with your consent. The transfer is carried out based on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs)

These safeguards ensure an adequate level of data protection in accordance with Art. 46 GDPR.

7. Your Rights

According to the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Art. 15) — you can request confirmation of processing and a copy of your data
  • Right to rectification (Art. 16) — you can request correction of inaccurate data
  • Right to erasure (Art. 17) — you can request deletion of data, under the conditions of the law
  • Right to restriction of processing (Art. 18) — you can request limitation of processing in certain situations (e.g., contesting the accuracy of data)
  • Right to data portability (Art. 20) — you can request to receive data in a structured, commonly used, and machine-readable format
  • Right to object (Art. 21) — you can object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal

To exercise these rights, you can contact us at Loading.... We will respond within a maximum of 30 days from receiving the request. The deadline may be extended by up to 2 months for complex or numerous requests, in which case we will inform you in advance.

8. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with:

National Supervisory Authority for Personal Data Processing (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, 010336, Romania
Phone: +40.318.059.211
www.dataprotection.ro

9. Automated Decision-Making

We do not use fully automated decision-making processes that produce legal effects or similarly significant effects on you, within the meaning of Art. 22 GDPR. The Cloudflare Turnstile anti-spam verification is used exclusively for contact form protection and has no legal effects.

10. Cookies

This website uses the following categories of cookies:

Strictly necessary cookies

Session cookies necessary for the technical operation of the website. These do not require consent according to Art. 5(3) of the ePrivacy Directive (2002/58/EC), transposed through Romanian Law no. 506/2004.

Marketing and analytics cookies (optional)

If you accept via the consent banner, the website activates Google Ads and Google Analytics cookies for:

  • Measuring the effectiveness of advertising campaigns
  • Analyzing traffic and browsing behavior
  • Remarketing (displaying relevant ads on other websites)

These cookies are set only after your explicit consent, through the implementation of Google Consent Mode v2. You may refuse or withdraw consent at any time via the cookie banner. Refusal does not affect website functionality.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, in accordance with Art. 32 GDPR, including:

  • SSL/TLS encrypted connection for all website pages
  • Restricted data access based on the "need-to-know" principle
  • Regular platform security updates
  • Anti-spam protection for the contact form

12. Policy Changes

We reserve the right to update this policy. The date of the last update is displayed at the beginning of the document. We recommend periodically consulting this page.