Netcraft Digital
Netcraft

Privacy Policy

Personal data protection in accordance with GDPR and Romanian legislation

1. General Information and Data Controller Identity

1.1. Data Controller: NETCRAFT DIGITAL SRL, a commercial company registered in Romania, with registered office in Cluj-Napoca, Cluj County, registered with the Trade Register under no. J12/XXXX/2024, unique registration code RO XXXXXXXX (hereinafter referred to as "Controller", "Netcraft Digital", "we" or "Provider"), is a personal data controller within the meaning of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Law no. 190/2018 on measures to implement GDPR.

1.2. Contact Details for Data Protection:

Email: privacy@netcraft.digital | contact@netcraft.digital

Postal Address: Cluj-Napoca, Cluj County, Romania

Website: https://netcraft.digital

1.3. Purpose of the Policy: This Privacy Policy explains how Netcraft Digital collects, uses, stores, protects and processes personal data of:

  • (a) Visitors to the website https://netcraft.digital (referred to as "Visitors");
  • (b) Clients who use our Website as a Service (referred to as "Clients");
  • (c) Representatives of legal entities entering into contractual relationships with us;
  • (d) Contact persons, partners and suppliers;
  • (e) End users of websites developed for Clients (when we act as data processor).

1.4. Our Commitment: Netcraft Digital is dedicated to protecting the privacy and security of your personal data. We commit to processing data in accordance with GDPR principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

2. Categories of Personal Data Collected

Depending on the nature of your interaction with Netcraft Digital, we collect the following categories of personal data:

2.1. Identification and Contact Data

  • First and last name (natural person) or company name (legal entity)
  • Email address
  • Phone number
  • Postal address (registered office or domicile)
  • Position/role within organization (for legal entity representatives)

2.2. Browsing and Technical Data (Website Visitors)

  • IP address
  • Browser type and version
  • Operating system
  • Internet Service Provider (ISP)
  • Date and time of access
  • Pages visited and visit duration
  • Referrer URL
  • Country and approximate geographic location (city level)
  • Data from cookies and similar technologies

2.3. Transaction and Billing Data

  • Payment and billing history
  • Payment method used (without complete card details)
  • Order and subscription data
  • Commercial communications and correspondence

2.4. Content and Data Provided by Client

  • Website content (texts, images, documents provided by Client)
  • Data submitted through contact forms
  • Communications via email, phone or ticketing system
  • Feedback, reviews and ratings
  • Messages and technical support requests

Important Note: We do not collect sensitive data within the meaning of art. 9 GDPR (data about racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health, sex life) except where you have a separate explicit agreement with us in this regard and you provide us with explicit consent.

3. Purposes of Personal Data Processing

We process your personal data for the following legitimate and lawful purposes:

3.1. Contract Performance (art. 6(1)(b) GDPR)

  • Providing Website as a Service according to the concluded Agreement
  • Website development, implementation and maintenance
  • Hosting, security and technical support
  • Communication with Clients regarding services
  • Managing Client account and platform access
  • Payment processing and invoicing
  • Performance reporting and analytics

3.2. Compliance with Legal Obligations (art. 6(1)(c) GDPR)

  • Fulfillment of accounting and tax obligations (keeping invoices, records according to Tax Code)
  • Responses to requests from competent authorities (tax authority, data protection authority, courts)
  • Prevention of fraud and money laundering
  • Archiving in the public interest, scientific research or statistics

3.3. Legitimate Interests (art. 6(1)(f) GDPR)

  • Improvement and optimization of services and platform
  • Security and integrity of IT systems
  • Prevention of fraudulent or illegal use of services
  • Market analysis and research, anonymized statistics
  • Managing pre-sales inquiries and quotations
  • Protection of Netcraft Digital's rights and property
  • Detection and prevention of technical abuse (spam, DDoS attacks)

3.4. Explicit Consent (art. 6(1)(a) GDPR)

  • Direct marketing (newsletter, promotional offers, information about new products)
  • Personalization of content and ads based on preferences
  • Use of non-essential cookies and tracking technologies
  • Sharing data with third-party partners for marketing purposes (with explicit opt-in)
  • Collection of feedback and public testimonials

Note: Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal can be done via email to privacy@netcraft.digital or through the unsubscribe link in emails.

4. Legal Basis for Data Processing

The processing of your personal data is based on the following legal grounds, according to art. 6 GDPR:

Art. 6(1)(a) GDPR - Consent: You have given consent for processing data for one or more specific purposes (e.g., marketing, non-essential cookies).

Art. 6(1)(b) GDPR - Contract Performance: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.

Art. 6(1)(c) GDPR - Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax, accounting obligations, responses to authority requests).

Art. 6(1)(f) GDPR - Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by us or by a third party, provided that your interests or fundamental rights and freedoms do not prevail.

Balancing of Interests (art. 6(1)(f)): When we rely on legitimate interests, we perform a Legitimate Interest Assessment (LIA) to ensure that your rights are not unduly affected. You have the right to object to processing based on legitimate interests.

5. Data Retention Period

We retain your personal data only for the period necessary to fulfill the purposes for which it was collected, respecting the following periods:

5.1. Active Client Data: Throughout the duration of the contractual relationship plus the period necessary to fulfill post-contractual obligations.

5.2. Inactive Client Data: 10 years from the termination of the Agreement (according to tax and accounting obligations - Tax Code and Accounting Law no. 82/1991).

5.3. Financial Data and Invoices: 10 years from issuance (according to Law no. 82/1991 on accounting and Tax Code).

5.4. Browsing Data and Cookies: Maximum 2 years from collection, except essential cookies (session) which expire when browser is closed.

5.5. Marketing Data: Until consent withdrawal or maximum 3 years from last active interaction (email opening, click, website visit).

5.6. Unaccepted Quote Requests: 2 years from request date, for possible follow-ups or statistics.

5.7. Technical Support Data: 3 years from last interaction, for future references and service improvement.

5.8. Security Logs: 6 months, for detection and investigation of security incidents.

5.9. Backups: 30 days for current backups; for archive according to periods mentioned above.

Automatic Deletion: We implement automated data deletion procedures upon expiration of the mentioned periods, except for data that must be retained according to legal obligations or for defense of our rights in court.

6. Your Rights as Data Subject

According to GDPR, you benefit from the following rights regarding your personal data:

6.1. Right of Access (art. 15 GDPR)

You have the right to obtain confirmation from us whether we process your data and, if so, access to this data and information about: processing purposes, data categories, recipients, retention period, your rights.

6.2. Right to Rectification (art. 16 GDPR)

You have the right to obtain rectification of inaccurate data or completion of incomplete data. Please inform us promptly about any changes to your data.

6.3. Right to Erasure - "Right to be Forgotten" (art. 17 GDPR)

You have the right to request deletion of your data in the following situations:

  • Data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed
  • Data must be erased for compliance with a legal obligation

Exception: We cannot delete data if we are legally required to keep it (e.g., tax obligations) or for establishment, exercise or defense of legal claims in court.

6.4. Right to Restriction of Processing (art. 18 GDPR)

You have the right to request restriction of processing in the following cases:

  • You contest data accuracy (for the period of verification)
  • Processing is unlawful but you prefer restriction instead of erasure
  • We no longer need the data but you request it for defense of rights
  • You have objected to processing based on legitimate interests (pending verification)

6.5. Right to Data Portability (art. 20 GDPR)

You have the right to receive personal data you provided to us in a structured, commonly used and machine-readable format and to request transmission of this data to another controller, where technically feasible.

This right applies only to processing based on consent or contract and performed by automated means.

6.6. Right to Object (art. 21 GDPR)

You have the right to object at any time to processing of your data based on legitimate interests (art. 6(1)(f)) or for direct marketing. In case of marketing, we will immediately cease processing. For other cases, we will cease processing except where we demonstrate compelling legitimate grounds that prevail.

6.7. Right Not to be Subject to Automated Decision-Making (art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Note: We currently do not use automated processing for making decisions that significantly affect you.

6.8. Right to Lodge a Complaint

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):

ANSPDCP

B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, Bucharest, Romania

Tel: +40.318.059.211 | +40.318.059.212

Email: anspdcp@dataprotection.ro

Website: www.dataprotection.ro

How to Exercise These Rights:

To exercise any of these rights, please contact us at:

  • Email: privacy@netcraft.digital or contact@netcraft.digital
  • Email Subject: "Exercise GDPR Rights - [Type of Right]"
  • Required Information: Full name, email, description of request

Response Time: We will respond to your request within maximum 30 days of receipt (extendable by another 60 days in complex cases, with prior information).

Free of Charge: Exercising rights is free, except for manifestly unfounded or excessive requests (especially repetitive in nature).

12. Contact and Policy Changes

12.1. Contact Details:

NETCRAFT DIGITAL SRL

Personal Data Controller

Registered Office: Cluj-Napoca, Cluj County, Romania

Trade Register: J12/XXXX/2024

Tax ID: RO XXXXXXXX

Data Protection Email: privacy@netcraft.digital

General Email: contact@netcraft.digital

Website: https://netcraft.digital

Business Hours: Monday - Friday, 09:00 - 17:00 (EET/EEST)

12.2. Privacy Policy Changes:

Netcraft Digital reserves the right to modify this Privacy Policy at any time to reflect changes in data processing practices, legal requirements or service improvements. Any substantial changes will be communicated through:

  • Email notification to active Clients (at least 30 days in advance)
  • Visible banner on website for Visitors
  • Publication of updated version with highlighted changes
  • Update of "Last Updated" date in document footer

We recommend periodically consulting this Privacy Policy to stay informed about how we protect your data.

12.3. Acceptance and Consent:

By using Netcraft Digital services, you confirm that you have read, understood and agree to the terms of this Privacy Policy. For processing based on consent, we will request your explicit separate agreement.

This Privacy Policy is compliant with:Regulation (EU) 2016/679 - GDPRLaw no. 190/2018 on GDPR implementation in RomaniaLaw no. 365/2002 on electronic commerceLast Updated: October 24, 2025Version: 1.0© 2024-2025 Netcraft Digital SRL. All Rights Reserved.

Privacy Policy | Netcraft Digital - GDPR Data Protection