Privacy Policy

1. Introduction

CARTOLYTIC S.R.L. ("we", "our", "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, in compliance with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

2. Information We Collect

2.1 Personal Data

We may collect the following types of personal information:

• Contact information (name, email address, phone number)
• Company or organization details
• Communication preferences
• Information you provide when requesting our services or submitting inquiries

2.2 Technical Data

We automatically collect certain technical information when you visit our website:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our website
• Referring website addresses
• Cookie data (see our Cookie Policy for details)

3. How We Use Your Information

We process your personal data for the following purposes:

• To provide and maintain our services
• To respond to your inquiries and communicate with you
• To send you technical notices, updates, and support messages
• To analyze and improve our website and services
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations
• To send marketing communications (with your consent)

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal obligation: Processing is necessary to comply with the law
• Legitimate interests: Processing is necessary for our legitimate interests, such as improving our services, provided your interests and fundamental rights do not override those interests

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period varies depending on the type of data and the purpose for which it is processed.

When we no longer need your personal data, we will securely delete or anonymize it. If deletion is not possible (for example, because the data has been stored in backup archives), we will securely store your personal data and isolate it from further processing until deletion is possible.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access: You can request access to your personal data
• Right to rectification: You can request correction of inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data under certain circumstances
• Right to restrict processing: You can request limitation of processing in certain situations
• Right to data portability: You can request your data in a structured, commonly used format
• Right to object: You can object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: You can withdraw consent at any time where processing is based on consent
• Right to lodge a complaint: You can file a complaint with the Romanian supervisory authority (ANSPDCP)

To exercise any of these rights, please contact us at ciocirlie@cartolytic.com. We will respond to your request within one month.

7. Data Sharing and Disclosure

We do not sell or rent your personal data. We may share your information with:

• Service providers: Third-party vendors who perform services on our behalf (e.g., hosting, analytics)
• Legal authorities: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

All third-party service providers are required to maintain appropriate security measures and process personal data only as instructed by us.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or ensuring the recipient is covered by an adequacy decision.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, secure servers, and regular security assessments. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

11. Third-Party Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority: You have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro