Protecting your personal data is our top priority. In accordance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data (GDPR), we are committed to ensuring confidentiality, integrity and transparency in data processing. This page explains the key GDPR principles and how our company complies with European data protection requirements.
The GDPR applies to all organizations processing personal data of individuals within the European Union, regardless of whether the entity is based inside or outside the EU. It establishes strict rules on how data are collected, used, stored and transferred, including in digital environments. Any company offering goods or services to people in the EU must comply with the GDPR.
“Personal data” means any information that can identify a natural person. Examples include name, email, postal address, phone number, image, voice, IP address, cookies, online behaviour, location data, and more. There are also “special categories of data” (racial origin, political opinions, religious beliefs, genetic data, health information, sexual orientation) which enjoy stricter protection.
The GDPR relies on six main principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality. Data must be processed only for legitimate purposes, kept accurate and up-to-date, retained only as long as necessary and protected through appropriate technical and organizational security measures.
Individuals whose data are processed have a set of guaranteed rights: the right to access, rectify, erase (“right to be forgotten”), restrict processing, object and data portability. They may also request information about the purposes of processing, storage duration, or the legal basis used. In cases of automated decision-making, they have the right to request human intervention.
Any data processing must have a clear legal basis: explicit consent, contract performance, legal obligation, protection of vital interests, performance of a public task, or legitimate interest of the controller. Each processing purpose is documented and limited to the data strictly necessary.
When data are transferred outside the EU, they must be safeguarded through adequate measures, such as European Commission adequacy decisions, standard contractual clauses, binding corporate rules, or explicit consent. The goal is to ensure that data protection travels with the data wherever it goes.
Organizations processing large-scale or sensitive data must appoint a Data Protection Officer (DPO) who monitors GDPR compliance and acts as a contact point between the company, data subjects and authorities. Additionally, Data Protection Impact Assessments (DPIAs) are carried out to identify and mitigate data processing risks.
Personal data protection is ensured through technical measures such as encryption, authentication, regular backups and access control. In the event of a security breach, the competent authority must be notified within 72 hours, and affected individuals must be informed if there is a high risk to their rights.
The GDPR introduces the principle of “accountability” – each controller must demonstrate compliance with the rules. In case of violations, severe penalties may apply: up to €20 million or 4% of global annual turnover. Companies must regularly review internal policies, train employees and document all data-related processes.
Sursă oficială: Europa.eu – GDPR