Privacy Policy

This Privacy Policy applies to all activities in which we process personal data: visiting the website www.rotisweb.ro, completing contact forms, communicating via email or phone, initiating and conducting contractual relationships.

By accessing our website and using services, you express your agreement regarding data collection and processing according to this policy.

Rotar David-Alexandru P.F.A. acts as personal data controller according to GDPR, being responsible for how your data is collected and processed.

This policy may also apply to specific situations not explicitly covered but falling within the data operator's scope of activity.

We collect personal data voluntarily, exclusively when you contact us through the website form, direct email, or phone. There is no automatic data collection without your consent.

Types of data collected include: full name, email address, phone number (optional), company name (optional), your message/request, preferences for timeline and budget (optional).

All data is collected based on freely given, specific, informed, and unambiguous consent, according to art. 6 para. (1) lit. a) of GDPR.

We do not collect sensitive data (racial origin, political opinions, religious beliefs, medical data) and do not process data of minors under 16 without parental consent.

The legal basis for data processing is consent for information requests and contract execution for services provided.

Personal data collected is used exclusively for the following legitimate purposes: prompt and complete response to your requests and questions; preparation and transmission of personalized offers for requested services; communication related to ongoing projects and providing progress updates.

We also use data for: improving service quality based on received feedback; complying with legal and fiscal obligations; archiving communications for resolving potential disputes.

We do not use your data for unsolicited direct marketing, automated profiling, or automatic decision-making that significantly affects you.

We do not share, sell, or rent your personal data to third parties for commercial purposes. Any sharing is done only with your explicit consent or in cases provided by law.

Processing takes place in Romania and the European Union. We do not transfer data to third countries without adequate protection guarantees.

We implement technical and organizational security measures adequate and proportional to identified risks: data encryption in transit through SSL/TLS certificate; automated and secure backup systems; access restriction only to authorized personnel.

Organizational measures include: internal security procedures; staff training on data protection; periodic security risk assessments; incident response plans.

In the event of a security breach that could affect your rights, we will notify you within 72 hours, according to GDPR.

We only collaborate with service providers who offer adequate data protection guarantees and with whom we have specific processing contracts.

We conduct regular security audits and constantly update protection measures according to technological evolution and threats.

RIGHT TO INFORMATION: you have the right to receive clear information about how we process your data (this document).

RIGHT TO ACCESS: you can request confirmation that we process your data and receive a copy of it, as well as information about processing purposes, data categories, recipients.

RIGHT TO RECTIFICATION: you can request correction of inaccurate data and completion of incomplete data.

RIGHT TO ERASURE ('right to be forgotten'): under certain conditions, you can request data deletion (e.g., when no longer necessary for collection purposes).

RIGHT TO DATA PORTABILITY: you can receive data in a structured, commonly used, and machine-readable format.

RIGHT TO OBJECT: you can object to data processing in certain situations, including for direct marketing.

RIGHT TO WITHDRAW CONSENT: you can withdraw consent at any time without affecting the legality of previous processing.

To exercise these rights, contact us at privacy@rotisweb.ro. We respond within maximum 30 days.

We keep personal data only for the period strictly necessary to fulfill the purposes for which it was collected, respecting the data minimization principle.

Specific retention periods: for information requests without continuation - maximum 2 years from last communication; for clients with active contracts - throughout the contractual relationship plus 5 years for fiscal and legal obligations; for historical archive (invoices, contracts) - according to Fiscal Code (10 years).

After expiration of legal retention periods, data is permanently and irreversibly deleted from all our systems, including backups.

In exceptional cases (ongoing litigation, legal investigations), retention may be extended only for the period necessary to resolve the respective situation.

If you request data deletion before term expiration, we will proceed immediately, except in situations where law requires us to keep it.

As a general principle, we do not disclose your personal information to third parties without your explicit and prior consent.

Legal exceptions: we are obligated to disclose information to competent authorities in cases provided by law (criminal investigations, fiscal obligations, court orders).

Service providers: we collaborate with trusted providers for technical services (hosting, email, backup). They act as processors on our behalf, according to strict confidentiality contracts.

Mergers or acquisitions: in case of an eventual merger, acquisition, or asset transfer, personal data may be transferred to the new owner, respecting all confidentiality obligations.

All transfers are made with adequate protection guarantees and only to the extent strictly necessary for the pursued purpose.

Our website primarily uses technical cookies essential for proper form functioning and ensuring communication security.

Types of cookies used: session cookies for form functioning; security cookies for CSRF attack protection; technical cookies for language preferences.

We do NOT use cookies for: online behavior tracking; marketing analysis; personalized advertising; commercial profiling; sharing with social networks or other third-party platforms.

Essential technical cookies do not require consent according to legislation, being strictly necessary for the requested service functioning.

You can manage cookies through your browser settings, but disabling them may affect website functionality.

We do not use cross-site tracking technologies, tracking pixels, or other behavioral tracking tools.