1. Who we are and how to reach us
The controller of personal data processed through this website is Brandorum SRL, headquartered at Jud. Brașov, Municipiul Brașov, Strada Parcul Mic, Nr. 14, Romania, registered with the Trade Register under no. J202506459700, tax ID 52398325.
For any questions about this policy or to exercise the rights described below, write to office@brandorum.ro or call +40 756 581 422.
2. What data we collect
We only collect what's needed to reply when you reach out and to measure aggregate website traffic:
- Data you send us directly via email, phone, or the website chatbot (when active): name, email address, phone number, message contents, and any other information you choose to include.
- Aggregate technical data: traffic statistics collected via Plausible Analytics (cookieless) — pages visited, traffic source, country, device type. This data is not tied to an individual user and does not allow identification.
- Minimal server logs for security and debugging (IP address, user-agent, timestamp), kept by Vercel as a processor.
We do not collect sensitive data, do not purchase contact lists, and do not profile visitors.
3. Why we process it
| Purpose | Legal basis | |---|---| | Replying to your inquiry | Pre-contractual steps at your request (Art. 6(1)(b) GDPR) | | Delivering contracted services | Performance of a contract (Art. 6(1)(b) GDPR) | | Aggregate traffic stats (Plausible) | Legitimate interest — improving the site (Art. 6(1)(f) GDPR) | | Website security (logs) | Legitimate interest — infrastructure protection (Art. 6(1)(f) GDPR) | | Marketing communications | Your explicit consent (Art. 6(1)(a) GDPR) — clear opt-in |
4. Who we share data with
Your data stays with Brandorum. The only processors we use are strict technical providers needed to run the website:
- Vercel Inc. (website hosting, edge network) — data processed in EU/US infrastructure under the EU-US Data Privacy Framework.
- Plausible Analytics (aggregate analytics, hosted in the EU) — no cookies, no personally identifiable data.
- Chatbot provider (once integrated) — at the time of activation, the list above will be updated with specifics.
We do not sell data to third parties and do not transfer data for marketing purposes without your explicit consent.
5. How long we keep data
- Conversations and emails: up to 36 months from the last contact, for continuity. You can request deletion at any time.
- Contract data: for the duration of the contract plus periods required by Romanian fiscal law (typically 10 years for accounting records).
- Aggregate stats (Plausible): anonymous, no individual retention applies.
- Server logs: up to 30 days.
6. Your rights (GDPR)
As a data subject, you have the following rights:
- Access to the data we process about you
- Rectification of inaccurate or incomplete data
- Erasure ("right to be forgotten")
- Restriction of processing in certain situations
- Portability of data to another controller
- Objection to processing based on legitimate interest
- Withdraw consent at any time, without affecting the lawfulness of prior processing
To exercise any right, write to office@brandorum.ro. We reply within 30 days at most.
If you are unhappy with how we handle your data, you have the right to file a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) — www.dataprotection.ro.
7. Changes to this policy
We reserve the right to update this policy to reflect technical, legal, or service changes. The current version is the one published here, with the last update date shown at the top.
For material changes (for example, when integrating a chatbot), we will give clear notice on the site before the change takes effect.