Privacy Policy Notice on Personal Data Processing

 

1. Operator’s Data

Operator’s contact details: RADUCONS IMPEX SRL

Craiova Municipality, Romania

For any questions related to data protection, please visit the contact page: www.raducons.ro/contact/

The RaduCons brand is owned and managed by RADUCONS IMPEX SRL.

 

2. How the Notice Applies and What It Targets

2.1. The Notice applies and takes effect starting from its publication date: 25.09.2025.

2.2. The Notice applies to the website www.raducons.ro (the domain raducons.ro, its subdomains, and the entire content of the domain or subdomains) and emails belonging to RaduCons, as a commercial company.

2.3. The Notice applies to all devices used for accessing the website www.raducons.ro, such as smartphones or tablets.

2.4. The Notice targets your personal data processed by RaduCons when you are in one or more of the following situations:

– an online activity (accessing and browsing the Site as an unregistered visitor)

– direct provision of personal data, as a site visitor (completing the contact form, requests for quotes, etc.)

 

3. What Types of Personal Data We Process and to Whom They Belong

3.1. RaduCons processes: “non-sensitive” personal data.

3.2. The categories of data subjects for whom RaduCons collects personal data:

3.2.1. Site visitors

3.2.2. Persons completing contact forms or quote requests

 

4. What Are the Legal Bases for Processing Your Personal Data

4.1. The legal bases for processing your “non-sensitive” personal data are:

4.1.1. your consent

4.1.2. a request from you before entering into a contract (such as requests for quotes or product information)

4.1.3. the necessity to comply with a legal obligation to which we are subject

4.1.4. our legitimate interest or the legitimate interest of a third party.

4.2. We process your personal data based on interests that are legitimate, real, and present, while reasonably protecting your rights and freedoms. Our legitimate interests may be overridden by your interests if your fundamental rights and freedoms are threatened.

 

5. From What Sources and by What Means Do We Collect Your Personal Data

5.1. Your personal data is collected directly, provided by you.

5.2. RaduCons collects your personal data through the following means:

5.2.1. electronically, using web forms posted on the Site (such as the contact form)

5.2.2. electronically by storing information on your devices, or accessing information stored on your devices, or reading information emitted by your devices (via tools such as Google Fonts, Google ReCaptcha, Google Tag Manager, and Google Analytics).

5.2.3. by phone, through calls initiated by you or by RaduCons at your request.

 

6. Can You Decide What Types of Personal Data We Process?

6.1. The decision to provide your personal data is:

6.1.1. optional and voluntary for the following freely provided data: the content of messages sent from web forms, technical information about your device.

6.1.2. mandatory due to the necessity to comply with a legal obligation for providing: billing data (if applicable for quotes or contracts).

6.1.3. mandatory to allow the processing of your request (such as name and surname, email address, phone for processing contact or quote requests).

6.2. The mandatory provision of personal data is a legal, contractual requirement or necessary for processing your request.

 

7. How Does Your Decision to Provide or Not Provide Your Personal Data Affect You

7.1. If you fail or do not wish to provide us with your personal data and this provision is optional and voluntary, then this cannot affect the processing of your request or have any other consequences that may affect you.

7.2. If you fail or do not wish to provide us with your personal data and this provision is mandatory, then the consequences may affect you: You will not be able to benefit from the processing of your request (such as obtaining quotes or detailed information), as it requires contact details for communication.

 

8. Purposes and Methods of Processing Your Personal Data

8.1. RaduCons processes your personal data for real, present, and legitimate purposes. RaduCons processes your personal data exclusively for the purposes for which your personal data was initially collected, and in the event that secondary purposes requiring the processing of your data are identified, this processing will not be done without your prior information and consent or without a legitimate interest in this regard and without a legal basis.

8.2. RaduCons collects your email address for processing contact requests or quotes, necessary for communication and providing information about our products (such as sending messages and notifications regarding the status of the request).

8.3. RaduCons collects your name and surname for processing contact requests or quotes, necessary for communication and personalizing responses.

8.4. RaduCons collects your phone number for processing contact requests or quotes, necessary for providing information via phone call or SMS regarding products or requests initiated by you.

8.5. RaduCons collects your address (if provided) for processing quote requests or deliveries, necessary for commercial activities.

8.6. RaduCons collects technical information for statistical purposes, monitoring site activity, and improving Site results, technical information about the visitor’s device – its location, IP address, hardware type, information related to the time interval as well as the date the Site was used, other information resulting from the use of Cookies applications; for more information about cookies, please consult the Cookie Usage Policy available on the website.

8.7. RaduCons collects personal data for evidentiary purposes for the above activities and archiving, for certain categories of data in accordance with legal provisions.

 

9. Use of Automated Profiling Processes and Automated Decisions

9.1. RaduCons uses your “non-sensitive” personal data to perform automated profiling that includes automated evaluation of aspects of your behavior to display relevant content. Automated profiling and fully automated decision-making includes: a possible analysis of your characteristics, possible evaluations regarding your behavior, performed exclusively by computer means and without human involvement.

9.2. RaduCons uses your personal data to make automated decisions about you, based on automated profiling, which may include: “fully automated profiling” of you, performed exclusively by computer means and without human involvement.

9.3. The automated decisions that RaduCons makes and that directly concern you are made using an algorithm that can be described in terms of the objective pursued, as follows: If a visitor accesses certain sections of the site, we will consider that their area of interest is related to those products and will try to personalize, in the future, the display of content based on that analysis.

9.4. Automated decisions do not impact your rights and freedoms and do not have a significant impact on your choices and cannot significantly affect your life.

9.5. The legal basis for processing personal data through automated decisions targeting you is RaduCons’ legitimate interest, which is also in your interest.

 

10. Processing of Minors’ Personal Data

10.1. RaduCons does not conduct commercial, marketing, or personal data processing activities towards minors.

 

11. Duration of Retention of Your Personal Data

11.1. We limit the storage duration of your personal data to what is necessary for our processing purposes.

11.2. We review the need to continue retaining your personal data: Every year we analyze the collected and processed data to filter, sort, and maintain processing only for data where the processing purpose is current.

11.3. We delete your data at the time you request this, except for data whose provision and processing is imposed by a legal provision, which we delete within the timeframe provided by law for this. If the retention of your personal data is necessary for the purposes specified by law, we may continue to retain your personal data. Additionally, the storage of personal data for a longer period of time may be done for statistics, service improvement, research / market studies.

 

12. Disclosure of Your Personal Data

12.1. For the purpose of achieving one or more of the purposes mentioned above, RaduCons may disclose your personal data to other categories of recipients: contractual partners (based on a confidentiality commitment from them) or service providers (processors assisting RaduCons in processing personal data as processors) only with your consent.

12.2. RaduCons’ processors who process your personal data for appropriate purposes and in your interest, following the voluntary expression of consent, are: hosting service providers and Google tools (Fonts, ReCaptcha, Tag Manager, Analytics).

12.3. RaduCons’ processors who store your personal data based on our legitimate interest are: hosting platforms and relevant cloud services.

12.4. In the event that disclosure of your personal data to another recipient is necessary, we will inform you about the time of disclosure and the names of the recipients.

 

13. Transfer of Your Personal Data Outside the European Union or the European Economic Area

13.1. RaduCons does not transfer personal data to countries outside the EU or EEA, or to international organizations. However, Google tools (such as Analytics) may involve transfers to the USA, under the protection of standard contractual clauses or other GDPR-compliant mechanisms.

 

14. Security Measures Regarding Your Personal Data

14.1. RaduCons takes all reasonable and continuous security and confidentiality measures to protect personal data: appropriate technical and organizational measures, security measures at a reasonable level, measures to prevent unauthorized and illegal processing, measures to prevent accidental or illegal loss, measures to prevent accidental or illegal destruction, measures to prevent accidental or illegal damage.

14.2. If we detect a breach of the security of processing your personal data, then:

14.2.1. we investigate the security incident.

14.2.2. we take all reasonable measures to mitigate the immediate risk of harm.

14.2.3. we notify the Supervisory Authority about the security incident if the breach is likely to result in a high risk to your rights and freedoms.

14.2.4. we inform you directly about the security breach if the breach is likely to result in a high risk to your rights and freedoms, as soon as possible, through appropriate contact channels.

14.2.5. we are not required to inform you directly if we have taken the necessary measures to make your personal data incomprehensible to any person who is not authorized to access them or the high risk to your rights and freedoms is no longer likely to occur or would involve disproportionate efforts. In such a case, we will inform you through public networks.

 

15. Your Rights Regarding the Provided Personal Data

15.1. We respect your rights concerning the protection of your personal data.

15.1.1. The right to access your personal data (does not include anonymous data).

15.1.2. The right to obtain confirmation from RaduCons whether it processes (or does not process) your personal data.

15.1.3. The right to data portability. You have the right to receive a copy of the personal data you have provided to RaduCons and which concerns you, in a structured, commonly used, and machine-readable format. These can be used for download or to be transmitted to another Operator. If you request additional copies of your personal data, we may charge a reasonable fee based on the administrative costs necessary to fulfill the request.

15.1.4. The right to rectification of your personal data. We must communicate the rectification of your personal data to the recipients of your personal data (if any). We do not communicate the rectification of your personal data to the recipients of your personal data if communication to the recipient is impossible or involves disproportionate effort.

15.1.5. The right to erasure of your personal data, in certain situations according to the law. We must communicate the erasure of your personal data to the recipients to whom we disclose them (if any). We do not communicate the erasure of your personal data to the recipients to whom we disclose them if communication to the recipient is impossible or involves disproportionate effort.

15.1.6. The right to obtain restriction of the processing of your personal data for a period, in certain situations according to the law. We must communicate the restriction of processing your personal data to the recipients of your personal data (if any). We do not communicate the restriction of processing your personal data to the recipients of your personal data if communication to the recipient is impossible or involves disproportionate effort.

15.1.7. The right to object. You can object to the processing of personal data when they are processed for direct marketing purposes. For example, you have the right to withdraw your consent at any time regarding the use of contact data for sending commercial communications, free of charge, both by sending a written request via the contact page www.raducons.ro/contact/, and through other methods mentioned by RaduCons along with the transmitted communications.

15.1.8. The right not to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning the data subject or similarly significantly affects them. RaduCons does not perform profiling followed by automated decisions with legal or significant effects for its site visitors.

 

16. How Can You Exercise Your Rights?

16.1. You can exercise your rights regarding the protection of your personal data by:

16.1.1. Written requests, as we cannot handle verbal requests immediately without first analyzing the content of the request and without identifying you first.

16.1.1.1. Your request must contain a detailed and precise description of the right you wish to exercise.

16.1.1.2. It may be necessary to provide us with a copy of an identification document to confirm your identity, with personal data used limited to the identity confirmation activity, stored for a limited period, according to the declared purpose, and any other data contained in the copy of the identification document that exceed the data requested by RaduCons, such as a photo or any other personal characteristics, can be masked by you or will be anonymized during processing.

16.1.1.3. You will be informed at the time of identification about the documents or personal data necessary for your verification in our reference system. If you do not agree with the proposed solution and wish to propose alternatives, we will evaluate them on a case-by-case basis.

16.1.1.4. You can send your request regarding the protection of your personal data via the contact page www.raducons.ro/contact/, where they will be taken over by a person responsible for handling your requests related to the protection of your personal data.

16.1.1.5. You will receive our response to your requests concerning the protection of your personal data at the provided / authenticated email address in our system.

16.1.1.6. The timeframe in which we handle your request (through which you exercise your rights) regarding the protection of your personal data: within 30 days from the date of receipt of the request.

 

17. The Right to Lodge a Complaint with a Supervisory Authority

17.1. You can lodge a complaint in your own name or by mandating an organization to: The Supervisory Authority for Personal Data Processing (A.N.S.P.D.C.P.), located at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, in the form of a written address at the institution’s headquarters or by email at anspdcp@dataprotection.ro

17.2. The supervisory authority must inform you within a reasonable timeframe about the progress and outcome of the complaint.

17.3. You have the right to exercise in your own name by mandating an organization, a judicial remedy in the EU and EEA against an operator, processor, and a Supervisory Authority.

 

18. Explanations Regarding the Terms and Expressions Used in This Notice

18.1. Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:

a name an identification number location data an online identifier the physical identity of a natural person the physiological identity of a natural person the genetic identity of a natural person the mental identity of a natural person the economic identity of a natural person the cultural identity of a natural person the social identity of a natural person

18.2. Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as

collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, erasure or destruction etc.

18.3. Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

18.4. Processing purpose means the reason for which the processing of personal data is carried out.

18.5. Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

18.6. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

18.7. Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

18.8. Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

19. Who Is Responsible for Processing Your Personal Data

19.1. RaduCons (RADUCONS IMPEX SRL) – has the status of controller for your personal data and decides for what purpose your personal data is processed, how your personal data is processed, and is responsible for processing your personal data.