// Legal — Privacy

Privacy & dataPrivacy and Security Policy for the Processing of Personal Data

Effective date: June 2026 · Governed by EU GDPR (Reg. 2016/679) & Romanian Law no. 190/2018

The protection of your personal data is very important for Daniela Robu.

Daniela Robu is an individual based in Bucharest, Romania, acting as the data controller for the website danielarobu.com (hereinafter “the Operator”). We want you to be properly informed about the ways and purposes for which the Operator processes your personal data.

01Purpose

The purpose of this Personal Data Protection Policy (or GDPR Policy) is to outline the principles of personal data processing of the Operator and to establish appropriate technical and organizational measures and responsibilities for those tasked with the processing of personal data, in order to guarantee and protect the fundamental rights and freedoms of natural persons — in particular the right to the protection of their personal data during processing.

02Principles of processing

Personal data is processed in good faith, fairly, and transparently, in accordance with the legal provisions in force.
Personal data is collected for well-defined, explicit and legitimate purposes, and is not further processed in a manner incompatible with those purposes.
Personal data is appropriate, relevant and non-excessive in relation to the purpose for which it is collected and processed.
Personal data is not stored for longer than necessary to achieve the purposes for which it was collected.
Appropriate technical and organizational measures are taken to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access.

03Types of data & purpose

The personal data referred to in this policy may include identification information such as first and last name, gender, date and place of birth, age, nationality, telephone/fax, home address/residence, e-mail address, personal identification number, identity card/passport serial number, job, profession, training/diplomas/studies, banking data and/or other data that can serve to identify a natural person.

The Operator collects, uses, processes and provides personal data on a lawful basis for purposes such as contracting professional services, business purposes, marketing, advertising, statistics, organizing events, educational purposes, issuing financial-accounting documents, and concluding contracts or other documents necessary in the Operator’s activity.

Personal data is intended for use by the Operator and is collected by designated persons. Some of this data may be transferred to the contractual partners of the Operator. The collection and processing of personal data of underage persons is performed only with the explicit consent of the parents or other legal representatives.

What this site actually collects: via the contact form — your name, e-mail address and the message you send, used solely to respond to your enquiry; and, only after consent, anonymous analytics data (see the Cookie Policy). The broader list above reflects the full policy template and should be aligned to actual practice by a lawyer.

04General rules

This Policy sets out the technical and organizational measures implemented by the Operator to meet its obligations regarding the confidentiality and security of processing. Minimum security requirements are considered a complex of technical, informational, organizational and logistical measures that ensure a minimum level of processing security, according to all national and European legal frameworks on the matter.

The Operator has adopted appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of illegal processing. Where required, a person responsible for complying with Romanian Law no. 190/2018, GDPR 679/2016 and other relevant regulations is designated on behalf of the Operator — the Data Protection Officer (DPO).

05Specific procedures

User identification & authentication

A “user” is any person acting under the authority of the Operator with a recognized right to access personal data.
To access personal data, users must identify themselves; for automated processing, by authentication with a unique username and password.
Users must maintain the confidentiality of authentication data and are accountable to the Operator in this regard.

Type of access

Users may only access the personal data required to fulfil their assigned tasks.
Developers access personal data under a strict confidentiality agreement, only where required, with each transaction documented.
Technical support may access personal data only to resolve incidents.
The Operator has established strict methods to destroy personal data.

Data collection

Authorized users are designated for the collection, input and processing of personal data.
The information system records who made a change, and the date and time of the change.

Backup, terminals, logs & training

Databases are backed up daily for recovery in case of loss, destruction or malfunction; backups are stored in restricted-access locations.
Access terminals are in restricted-access, lockable areas; idle sessions close automatically.
Access to the personal-data database is recorded in an access log; logs are kept for at least 2 years as evidence for investigations.
Users are trained on national and European legal provisions and on the importance of confidentiality.

Computer use & data printing

Use of software from unsafe sources is forbidden; only licensed, antivirus-protected software is used; users do not have administrative privileges.
Personal data is printed only by designated users and only for specified purposes; access to printers is restricted.

06Your rights

As a data subject, you have the right to: information; access (a free copy of your data and details of processing); rectification of inaccurate data; erasure (“right to be forgotten”) in the cases provided by law; restriction of processing; data portability in a structured, commonly used, machine-readable format; the right to object to processing (including for direct marketing); the right not to be subject to a solely automated decision with legal effect; and the right to appeal to the courts.

You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) — dataprotection.ro.

To exercise these rights, you may send the Operator a written, dated and signed request using the public contact details of the organization (see Contact below). For additional copies, the Operator may charge a reasonable fee to cover administrative costs. The Operator generally responds within 30 days.

07Disclosure to third parties

Collected data is disclosed to third parties only where the Operator is under a legal obligation to do so. In all other cases, any disclosure to third parties is made only with the prior express consent of the data subject.

08Contact

For questions or to exercise your rights, please contact the Operator using the contact form on danielarobu.com.

09Final provisions

This document is supplemented by the full set of security procedures for the processing of personal data approved by the Operator’s management, including the Operator’s Information Security Policy. This Policy may be updated periodically; substantial changes will be posted on the website.