Privacy Policy

Version 1/2022

This policy is applicable to the operator: DARCHI CONSULTING SRL, a limited liability company, of Romanian nationality, with registered office located in Romania, Bucharest, str. Principatele Unite, nr. 38-40, block 18, ap. 3(R2), sector 4, postal code 040165, registered at the Trade Register Office: J40/20236/2021, unique registration code (CUI) 45241963, (trade name "DARCHI").

  1. General commitment on personal data

1. DARCHI will process personal data in accordance with this Personal Data Protection Policy ("GDPR Policy"), as required by applicable law.

2. The GDPR policy is based on the provisions of Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR"), which entered into force on 25 May 2018, and applicable national law.

3. The GDPR defines personal data as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity".

4. DARCHI is committed to taking all necessary steps to implement the highest standards of confidentiality and transparency with regard to the personal data it processes.

5. Please also refer to the "COOKIES POLICY" as well as the "TERMS AND CONDITIONS" available on the website www.darchi.ro which complements this GDPR policy.

6. Any information regarding the processing of your personal data can be requested in writing to the above-mentioned registered office address or to the e-mail address contact@darchi.ro.

  1. Agreement

Your use of our services is subject to this GDPR Policy. When you use our services, you agree to the terms of this GDPR Policy. The purpose of the GDPR Policy is to inform our customers about how we collect, store and use personal data.

  1. Categories of personal data collected

Personal data that we process as a result of your use of the website may include:

  • details of your visits to our website (in this regard we recommend that you read our Cookies Policy).
  • other information that you submit to us when making a request on the site or as a result of sending it by email or telephone.
  • the data required to emit tax invoices and any other relevant data relating to the contractual relationship.
  1. How we collect your personal data

1. We collect your data mainly following a visit to the www.darchi.ro website, placing an online order or placing a telephone order.

2. We collect and process personal data relating to your first name, last name, e-mail address, telephone number(s) in order to maintain effective correspondence or communication with you. Thus, if you make a request by e-mail or telephone, we will process your data in order to deal with it.

3. In this context, if your situation requires it, we may forward your contact details to financial and governmental institutions, national/international transport companies.

4. We collect your data that comes as a result of a request to be contacted.

5. We collect personal data relating to your first name, last name, email address, telephone number, interest in contracting and which originates from your request to be contacted.

6. If you have expressly consented to the processing of your personal data for marketing purposes by DARCHI, i.e. for sending newsletters, information about products, events, contests organized by us, DARCHI or its representatives will process your data for this purpose.

  1. The purposes for which we process personal data

We may collect and process personal data for the following purposes:

  • offering our products and services;
  • compliance with our legal obligations (such as obligations to keep accounting records and supporting documents);
  • analysing, improving our services and communications to you;
  • protecting security, preventing and detecting security threats, fraud or other criminal or malicious activity;
  • their transmission to third parties, if you have expressly given your consent;
  • marketing campaigns, customer surveys and research, market analysis, sweepstakes, contests or other promotional activities or events where you have given your consent;
  • relations with public authorities, in accordance with the legal rules applicable in civil and criminal matters;
  • for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data has been provided to us.
  1. Direct Marketing

1. We promote our services to you and others. We use customer information to send invitations and communications that promote the products and services we provide.

2. In all cases, you will have the opportunity to unsubscribe from receiving marketing information by accessing the unsubscribe link that you will find within each such communication or by sending a written request to the above-mentioned head office address or e-mail address: contact@darchi.ro

3. Please note that in the case of an unsubscribe request there may be a delay of up to 72 hours in which you may still receive information or marketing communications due to system changes. Unsubscribing from receiving marketing emails does not prevent us from continuing to send you transactional emails through which we can inform you of the status of the transaction we may be completing.

  1. Sharing and transferring your personal data

1. We may provide access to the personal data you provide to us to our authorized persons under contracts to do so, but we will retain control over your personal data and use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data.

2. We may also disclose your personal data when you instruct us or give us permission to do so, or when we are required to do so by applicable law, requests by judicial or official bodies, or to investigate actual or suspected fraudulent or criminal activity.

3. We will not transfer personal data outside the EEA unless one or more specified safeguards or exceptions apply to the transfer, i.e. an adequacy finding, Privacy Shield, binding corporate rules.

4. In the absence of a suitability decision, Privacy Shield membership, binding corporate rules, the transfer of personal data to a third country or international organisation takes place only under the following conditions:

  • the data subject has given his or her explicit consent to the proposed transfer after having been informed of the possible risks of such transfers for the data subject due to the lack of an adequacy decision and appropriate safeguards;
  • the transfer is necessary for the performance of a contract between the data subject and the controller or for the performance of pre-contractual arrangements made at the request of the data subject;
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
  • the transfer is necessary for important reasons of public interest;
  • the transfer is necessary for the establishment, exercise or defence of legal claims.
  1. Personal data security storage

1. Personal data may be kept on our personal data technology systems, those of our contractors or in hard copy format, for 5 years or any other duration as required by applicable legal rules and 10 years for tax documents.

2. The www.darchi.ro website is protected by standard SSL (Secured Socket Layer) encryption. This technology encrypts all your personal data that you transfer to DARCHI.

  1. Your rights

1. We would like to inform you that under the new personal data protection regulations set out in the EU General Data Protection Regulation 679/2016, if we process your personal data, you have the following rights listed below, as well as any other applicable legal rights:

  • the right of access provided for in Article 15 of the GDPR, under which you can ask us, free of charge, to confirm whether or not we are processing personal data about you. You can also ask us for a copy of the data we process about you. Requests must include relevant information to identify you in our database. We will deal with your request within the legal deadline;
  • the right to information which involves informing data subjects in a concise, transparent and easily accessible manner about the data processed;
  • the right to rectification, provided for in Article 16 of the GDPR, which you can exercise by submitting a request asking us to amend the information we already hold about you. You can make such a request when you notice that your data is incomplete or inaccurate;
  • the right to restrict processing, provided for in Article 18 of the GDPR, which you can exercise when you contest the accuracy of the data, consider the processing unlawful or object to the erasure of the data. Following the exercise of this right, we will still be able to store your data, with further processing only possible with your consent, except in cases expressly provided for by law;
  • the right to portability, provided for in Article 20 of the GDPR, which you can exercise only in cases where the processing is based on your consent or contract and only if your data are processed by automated means.
  • the right to object to the processing of data for marketing purposes, provided for in Article 21 of the GDPR. You can exercise this right at any time and we guarantee that your data will no longer be processed for this purpose. However, it may take a reasonable time (up to 72 hours) for your request to be registered and dealt with, during which you may still receive marketing information from us;
  • the right to erasure, provided for in Article 17 of the GDPR, under which we are obliged to erase the personal data we process about you. This right is not an absolute right, applying only in certain situations expressly provided for by law. When making a request for erasure, please bear in mind that erasure can be a complex process.
  • the right to apply to the National Authority for Personal Data Supervision, the public authority in Romania, located at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest 010336, Romania, webpage http://www.dataprotection.ro, which aims to protect the fundamental rights and freedoms of natural persons, in particular their right to private, family and private life, in relation to the processing of personal data and the free movement of such data ("ANSPDCP"), if you report a breach of the GDPR.

2. In order to exercise these rights, please send us a written request to the above-mentioned registered office address or to the e-mail address: contact@darchi.ro, with the subject ˝Request for personal information˝.

Also, if you wish to withdraw your consent to direct marketing purposes, you may use the "unsubscribe" option that is included in each marketing communication.

  1. GDPR Policy Update

We reserve the right to periodically update and amend the GDPR Policy to reflect any changes to the way we process your personal data or any changes to legal requirements. We will subsequently post the amended version of the GDPR Policy on our website www.darchi.ro and/or otherwise make it available.

  1. Contact

For further information on the content of the GDPR Policy, please contact us in writing at the above-mentioned registered office address or e-mail address: contact@darchi.ro.