Data Confidentiality

 / Data Confidentiality

Data confidentiality/ Privacy policy 3.0 + cookies


1.Data confidentiality


SUPRO ASSOCIATION with its registered office in: Viesparilor str., No. 36, sector 2, Bucharest, registered with the Bucharest Trade Register, Unique Registration Code 32040712, IBAN Account: RO95RZBR0000060016000967 opened at Raiffeisen Bank, represented by Mr. Balica TiberiuCostel, as president, wishes to inform you about the processing of your personal data in the context of the operation regarding the provision of services/products SUPRO ASSOCIATION to clients, for the purposes specified below.

The contact details of the data protection officer are the SUPRO ASSOCIATION, the legal entity with the registered office in Sirenelor Street no.10-12, Sector 5, Bucharest, with the registration number at the Trade Register J40/3679/2014 and RO32974270.

By the nature and procedures of the services/products provided by the SUPRO ASSOCIATION (“the products” or the “SUPRO ASSOCIATION services”), their users (“Customers” or “Users”) transmit certain personal data used to ensure the provision and the performance according to the legal provisions and procedures own, in optimum conditions and in the safety of the services.

Protecting the personal data of ASPRIATIA SUPRO clients and keeping them safe is one of the important concerns of SUPRO ASSOCIATION and the agents, partners, subcontractors involved in providing the services.

This Statement of Privacy Policy reflects the privacy policy applied to all users of the SUPRO ASSOCIATION services/products so that they are informed and can make informed decisions about how their personal data collected through the use of the service will be used, as well as their rights.



By personal data we mean both non-personal data and personal data – information about an identified or identifiable natural person. An identifiable person is that person who can be identified, directly or indirectly, particularly by reference to an identification element, including, but not limited to:

(i) first name, second name, address, e-mail, telephone (ex. mobile, fax);

(ii) financial information (ex. income, etc.);

(iii) various information required or requested by specific authorities for the provision of services/products;

(iv) information resulted as a result of video/audio monitoring in case the Client visits one of the locations where the SUPRO ASSOCIATION services/products are provided or contact the support services;

(v) signature;

(vi) any other information that derives from these as a result of the processing carried out by SUPRO ASSOCIATION (eg, segmentation of the client according to different criteria, unique identifier generated at the SUPRO ASSOCIATION level for each client, specific information for the services/products offered by the SUPRO ASSOCIATION, etc. ) and any other information that is necessary to carry out the activities of SUPRO ASSOCIATION;

(vii) The iP or the activities performed when you browse our site or use the applications/services SUPRO ASSOCIATION).

The processing of personal data means any operation or set of operations that is carried out on personal data, by automatic or non-automatic means, such as collection, registration, organization, storage, adaptation or modification, extraction, consultation, use, disclosure to third parties by transmission, dissemination or in any other way, joining or combining, blocking, archiving, deleting, destroying etc..



The information is collected in the process of offering services / products to users or potential users. The main sources of information are: 1. the forms used for the provision of services, data provided when using the websites or applications of the SUPRO ASSOCIATION, other means of communication, questionnaires that users or potential users of the services accept (without being obliged to accept) to complete at our request, other documents that users or potential users make available at our request; 2. the transactions that take place between SUPRO ASSOCIATION and its agents / partners and between them and the users of the service; 3. external sources – for the fulfillment of the specific obligations (competent institutions, public registers, electronic databases, information available in social media as well as on the Internet, or third abilities, holders of such information, such as, but without limiting us at the following: The National Trade Register Office, the portal of the Romanian courts administered by the Ministry of Justice, other personal data providers, etc.).


We collect the following data: collects personal data from its users in three ways:

–        directly from the user;

–        traffic data from the users browser;

–        through cookies.


A. Personal data collected directly

 A1. When you access and want to send a message we can ask you for your name, first name and / or email address, as well as other data needed for contracting and billing services.

These data are kept for a period of 3 years from the end of the contract (this being the general prescription period). The invoice data are kept for 10 years (where there is a legal tax obligation).

If you do not give us this data, we will be unable to honor the reservation/purchase of the service you want.


A2. When accessing the support services we can ask you for an email address or phone number. We reserve the right to record any communication made for the support services of services in order to improve our services. We will inform you before the commencement of the communication that it may be registered.


This data is used, for example, for the purpose of contacting you to resolve your complaint / request.

We may also request other data that may constitute personal data only as they are necessary for these purposes.


A3. Also, when you subscribe to our newsletter, please give us an email address to personalize the communication to you.


This data is kept until your consent is revoked or until your activity shows that you are no longer interested in our communication.




B.  Traffic data

When you visit a website, regardless of the device used, you disclose certain information about yourself, such as your IP address, the time of your visit, the place you entered our sites, the pages you visited., like other operators, records this information for a fixed period of time. uses external traffic analysis services, such as Google Analytics.


These data are used exclusively by to improve our site and our services, but also to ensure the security of our site:


– data voluntarily provided by clients at the time of contact

– navigation data (IPs), which are automatically recorded when a user visits the site and are used for the purpose of collecting anonymous statistical information regarding the use of the site, in order to observe the correct functioning in full security;

– cookies – per session and fixed

The purpose of collecting your data is exclusively that of responding efficiently and promptly to your request, at all stages of the procurement procedure of our services.

If you want to receive information about the products and services offered by SUPRO ASSOCIATION through, please subscribe to our newsletter, specifying your e-mail address.



The purposes for which SUPRO ASSOCIATION processes personal data are:


  1. the purpose of collecting personal data is the sale of products and services on (with all related activities such as order processing, delivery, payment, invoicing, etc.), customer relations services and marketing activities for your own needs.;
  2. identification of users/potential users through the means of communication (eg telephone, e-mail, internet, fixed or mobile applications that the Client accesses in order to use the services provided);
  3. identifying the users/potential users in order to fulfill the legal obligations incumbent on the SUPRO ASSOCIATION when providing the services;
  4. monitoring operations and running services and providing support services for users/potential users;
  5. creating or analyzing profiles for improving services and conducting surveys as well as for carrying out any other types of services promotion and/or carrying out general marketing or advertising activities;
  6. analyzing the behavior of any person accessing the SUPRO ASSOCIATION websites, by using cookies, in order to provide content (general and commercial) adapted to the user’s preferences;
  7. conducting internal analyzes (including statistical analyzes) both on services and on the portfolio of users/potential users, for the provision, improvement and development of services, as well as carrying out market studies and analyzes on the specific field;
  8. solving any procedural and/or legal situations related to the provision of services or the interest of the company;
  9. archiving both in physical and electronic format of documents related to the provision of services and/or correspondence with users/potential users;
  10. reporting to state institutions in accordance with the applicable legal regulations SUPRO ASSOCIATION (eg: regulatory authorities and legal authorities).



SUPRO ASSOCIATION processes personal data for the purposes mentioned above, based on the following grounds:

  1. Execution of the contract and preliminary steps for this contract (art. 6 (1) b GDPR) – for the data collected through the order form or the data received as a result of the customer relations services;
  2. Legal obligations (art. 6 (1) c GDPR) for the data required for billing;
  3. Consent (art. 6 (1) of the GDPR) for the data used for marketing for site visitors (e.g. subscription to newsletters, marketing cookies, etc.);
  4. The legitimate interest (art 6 (1) f GDPR for the data used for marketing for the current clients (according to the law 506/2004 art 12 (2)) of, the security of the own site (considering 49 GDPR) and the data used internally to optimize your own site (and anonymised or pseudonymised, as the case may be).



The processing of the personal data requested to the users / potential users by the SUPRO ASSOCIATION in order to provide the services is considered strictly necessary for the provision of the services according to the legal provisions and the SUPRO ASSOCIATION procedures. The refusal to provide such data makes us unable to provide the services. The user may choose not to process their data for direct marketing purposes.



In order to fulfill the aforementioned purposes, the company may transmit the Customer’s data, where strictly necessary, to the following categories of third parties:

  • regulatory authorities and legal authorities
  • contractual partners (eg company agents, auditors, consultants, etc.), some having the capacity of persons empowered by the operator with the processing of personal data.

These contractual partners carry out their commercial activity in Romania as well, and your personal data may be provided to them in order to be used within the limits of their obligations towards the company. The personal data that we disclose to the persons empowered by us with their processing are limited to the minimum necessary of personal data in order to perform the respective services and, at the same time, we ask them not to use the personal data for any other purpose.

We make every effort to ensure that all entities we work with store your personal data in safe and secure conditions. Also, some of them are also operators who carry out their commercial activity in Romania, such as payment service providers as agents.

Some of them are third parties that do not have the role of processing personal data, but may have access to them in order to fulfill their obligations or in their interaction with the company, such as technical maintenance companies, financial auditors or service providers. legal services.

The personal data mentioned above may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions with components in control activities regarding the services, activities or assets of the company, which request its company provide information, based on the legal obligations incumbent on the company; (ii) for the fulfillment of a legal requirement, including those related to the provision of services, or for the protection of the rights and assets of our company or other entities or persons, such as the courts; (iii) third-party acquiring parties, to the extent that the activity of the company would be (totally or partially) transferred, and the personal data held by the data subjects would be part of the assets representing the object of the transaction. Also, for the purpose of the processing regulated above, we can provide your personal data to the companies that are part of the SUPRO ASSOCIATION group, companies that will be subject to the instructions of the company regarding the processing of your personal data. For more information visit:





In the context of the operations described above, the personal data of the Customers can be transferred outside the country, to states from the European Union (“EU”) or from the European Economic Area (“EEA”). Thus, we inform the Customers, by the present, that any transfer made by the company to an EU or EEA Member State will comply with the legal provisions of the General Regulation on data protection no. 2016/679 adopted by the European Parliament (“GDPR”).



We will store the personal data of the Customers only for the period of time necessary to achieve the purposes of the processing, as mentioned above, and in compliance with the legal regulations in force including, but not limited to the provisions regarding archiving.



After the time when the above mentioned processing period expires and the company no longer has legal reasons or a legitimate interest regarding the processing of your personal data, the personal data will be deleted in accordance with the company procedures, which may involve archiving, anonymization , destruction.




The company constantly evaluates and improves the security measures implemented in order to ensure the processing of personal data in safe and secure conditions.

Taken measures to ensure the security of personal data

  1. Users access the personal data only for the fulfillment of the service duties;
  2. the printing of personal data is performed only by the users authorized for this operation and only for the purposes required by the laws in force (invoices, notices accompanying the goods, commercial contracts).

The company headquarters is equipped with an alarm system, and the personal data are stored electronically in secure files, protected by the password. The information on paper is kept in special files, to which only the employees of the company, who have the obligation of confidentiality, have access.



In the context of processing the personal data of the users / potential users, the data subject has the following rights:

  1. Right to information – art. 13 and 14 GDPR. It allows the data subjects to know, even from the moment when the collection is made, how they will use those data, to whom they will be revealed or transferred, what rights have the persons in question regarding the processed data, etc.;
  2. The right of access to the processed personal data – art. 15 GDPR. It allows the person to obtain, from the SUPRO ASSOCIATION, a confirmation whether or not personal data concerning him are processed and, if so, access to the respective data and other useful information;
  3. The right to rectify or delete data – art. 17 GDPR. It allows the person to obtain from the SUPRO ASSOCIATION the deletion / rectification of the personal data concerning him, without undue delay. There are, however, exceptions to this rule, such as: some data are processed to give the public the right to information; the data are processed for statistical or archival purposes; the data are processed for the fulfillment of a legal obligation or are processed for the finding or defense of a right in the court;
  4. The right to request processing restriction – 18 GDPR: you have the right to obtain processing restriction in cases where: (i) you consider that the personal data processed are inaccurate, for a period that allows the operator to verify the accuracy of the personal data; (ii) processing is illegal, but you do not wish to delete your personal data, but to restrict the use of such data; (iii) in case the data operator no longer needs your personal data for the purposes mentioned above, but you need data to establish, exercise or defend a right in court; or (iv) you have opposed the processing, for the period of time in which we check whether the legitimate grounds of the data operator prevail over the rights of the data subject;
  5. The right to data portability – 20 GDPR. It represents the right to receive the personal data you provided the SUPRO ASSOCIATION in a structured form, currently used and which can be read automatically, as well as the right to transfer the respective data to another operator, in case in which the processing is based on your consent or the execution of a contract and is carried out by automatic means;
  6. The right to withdraw your consent for processing, when the processing is based on the consent, without affecting the legality of the processing carried out so far;
  7. The right to oppose the processing of personal data – art 21 GDPR – for reasons related to the particular situation in which you are, when the processing is based on legitimate interest, and to oppose, at any time, the processing data for direct marketing purposes, including profiling;
  8. The right not to be the subject of a decision based exclusively on automated processing, including the creation of profiles, which produces legal effects that affect the person concerned or similarly affect him to a significant extent;
  9. The right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) and the right to address the competent courts.

The data protection policy is based on the following data protection principles:

  • The processing of personal data will be done in a legal, fair and transparent manner;
  • The collection of personal data will be done only for specified, explicit and legitimate purposes and the data will not be further processed in a manner incompatible with those purposes;
  • The collection of personal data will be adequate, relevant and limited to the information necessary for the purpose of processing;
  • The personal data will be correct, and where necessary, updated;
  • All necessary measures will be taken to ensure that incorrect data is deleted or corrected without delay;
  • Personal data will be stored in a form that allows identification of the data subject and for a period no longer than that in which the personal data are processed;
  • All personal data will be kept confidential and stored in a manner that ensures the necessary security;
  • Personal data will not be distributed to third parties unless it is necessary for the purpose of providing services in accordance with the agreements;
  • The data subjects have the right to request the access to the personal data, their rectification and deletion, the opposition or restriction from the processing of the data, as well as from the right of data portability.



SUPRO ASSOCIATION reserves the right to modify this Statement – Privacy Policy without prior notice, in accordance with the legislation in force. To the extent that this Declaration will be modified, the SUPRO ASSOCIATION will publish on the site an updated version. Please review the Statement – Privacy Policy from time to time, either on the SUPRO ASSOCIATION website or in the locations where the services are available, to be up to date with its latest version.

The exercise of the mentioned above rights can be done at any time. In order to exercise these rights, we recommend you to use the forms that can be found on the website or by sending a notification in electronic format to the following address: or a written, dated and signed notification. , at the address: Viesparilor Street, no. 36, Sector 2, Bucharest