Legal Document
Privacy Policy
1. Data Controller
TRIPART SERVICII SRL
Tax ID: RO30613888 | Reg. No: J40/7751/2012
Address: Str. Ion Luca Caragiale nr. 20, Bl. 20, Sc. B, Et. 3, Ap. 31, Sector 2, Bucharest, Romania
Email: [email protected]
Phone: +40 726 860 044
Tripart Servicii SRL ("Tripart Digital", "we", "our") acts as data controller within the meaning of the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Romanian Law no. 190/2018.
2. Categories of Personal Data
| Category | Examples | Source |
|---|---|---|
| Identification data | Name, surname, company | Contact forms |
| Contact data | Email, phone | Forms, correspondence |
| Technical data | IP address, browser, OS, screen resolution | Automatic (servers, cookies) |
| Browsing data | Pages visited, visit duration, traffic source | Google Analytics, cookies |
| Contractual data | Project details, billing history | Contractual relationship |
3. Purposes and Legal Basis
We process your personal data based on the following legal grounds (Art. 6 GDPR):
| Purpose | Legal Basis | Retention |
|---|---|---|
| Responding to contact requests | Consent (Art. 6(1)(a)) | 12 months from last contact |
| Providing contracted services | Contract performance (Art. 6(1)(b)) | Contract duration + 3 years |
| Invoicing and accounting | Legal obligation (Art. 6(1)(c)) | 10 years (fiscal legislation) |
| Website traffic analysis | Legitimate interest (Art. 6(1)(f)) | 26 months (Google Analytics) |
| Direct marketing (newsletter) | Consent (Art. 6(1)(a)) | Until consent withdrawal |
| Website security | Legitimate interest (Art. 6(1)(f)) | 90 days (server logs) |
4. Recipients and Third-Party Providers
| Provider | Purpose | Location |
|---|---|---|
| Google LLC (Analytics, Search Console) | Traffic and performance analysis | USA (EU-US Data Privacy Framework) |
| Cloudflare Inc. | CDN, security, DNS | USA (EU-US DPF) |
| Oblio Solutions SRL | Electronic invoicing | Romania |
| Tribut Expert Consult SRL | Accounting services | Romania |
| Hosting: srv2.tripart.ro | Website hosting | Romania (local data center) |
We do not sell, rent, or trade your personal data. Transfers outside the EEA are only carried out with appropriate safeguards (Adequacy Decisions, Standard Contractual Clauses).
5. Your Rights
Under GDPR, you have the following rights:
- Right of access — obtain confirmation of processing and a copy of your data (Art. 15)
- Right to rectification — correct inaccurate data (Art. 16)
- Right to erasure — "right to be forgotten" (Art. 17)
- Right to restriction — limit processing (Art. 18)
- Right to portability — receive data in a structured format (Art. 20)
- Right to object — object to processing based on legitimate interest (Art. 21)
- Right to withdraw consent — at any time, without affecting prior processing
To exercise your rights, contact us at [email protected]. We will respond within 30 days.
6. Data Security
We implement appropriate technical and organizational measures: SSL/TLS encryption, firewall (Cloudflare WAF), restricted access on a "need-to-know" basis, secure backups, and continuous infrastructure monitoring.
7. Supervisory Authority
ANSPDCP — National Supervisory Authority for Personal Data Processing
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
Web: dataprotection.ro
Email: [email protected]
8. Policy Updates
We reserve the right to update this policy. The current version will always be available on this page, with the last update date displayed in the header.