Privacy Policy

General information

This Privacy Policy explains how IDODO CORBEANCA S.R.L., a Romanian legal entity, with its registered office in Voluntari, Bld. Pipera no. 1/VI Hyperion Towers, Tower 1, 9th floor, Room II, office 4, Ilfov county, registered with the Trade Registry attached to the Ilfov Tribunal under no. J23/3411/2020, having Tax ID 36327861 (hereinafter the "Company"), uses cookies and other similar technologies on the website (hereinafter the "Website").

The Company acts as a personal data controller, within the meaning of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter the "GDPR").

By accessing and using the Website, the User confirms that they have read, understood and agree with this Privacy Policy, as well as with the processing and storage of their personal data by IDODO CORBEANCA S.R.L., for the purposes and under the conditions described in this section.

Categories of data subjects

This policy applies to the following categories of persons:

visitors of the Website https://denyalake.ro

persons who contact the Company through the contact form, e-mail or telephone;

potential clients and business partners.

Principles of data processing

The Company complies with the fundamental principles of personal data processing, provided by art. 5 GDPR:

lawfulness, fairness and transparency – data is processed lawfully, fairly and transparently towards data subjects;

purpose limitation – data is collected for specific, explicit and legitimate purposes;

data minimization – only data strictly necessary for the purpose of processing is collected;

accuracy – the Company makes every effort to ensure that data is correct and up to date;

storage limitation – data is kept only for the time necessary to fulfill the declared purposes;

integrity and confidentiality – data is protected against unauthorized access, loss or destruction;

accountability – the Company can demonstrate compliance with these principles.

Types of data collected

Depending on the User's interaction with the Website, the Company may collect the following data:

Data provided directly: first name, last name, e-mail address, phone number, data contained in messages transmitted through the contact form or e-mail,

Data collected automatically: IP addresses, browser type, operating system, visit duration, pages viewed, browsing behavior, through cookies and statistical analysis tools (e.g.: Google Analytics).

The Company does not request and does not process sensitive data (ethnic origin, political opinions, religious beliefs, medical data, etc.).

Purposes of data processing

Personal data is processed for the following legitimate purposes:

responding to requests, quote requests or questions transmitted through the Website;

communications regarding the Company's services, only if the data subject has given their consent;

ensuring the operation and security of the Website;

anonymous statistical analysis of traffic and improvement of the Website's content.

The Company does not use the collected data for direct marketing, remarketing or automated profiling purposes.

Legal grounds for processing

The Company processes personal data based on one or more legal grounds provided by GDPR:

art. 6(1)(a) – the consent of the data subject, for the processing of data transmitted through the contact form or by e-mail, as well as for optional cookies (analytics, marketing);

art. 6(1)(f) – the legitimate interest of the Company to ensure the safe and efficient operation of the Website, the improvement of services and the general analysis of traffic (essentially anonymously).

Data storage duration

Personal data is kept only for the period necessary to fulfill the purposes for which it was collected or in accordance with applicable legal obligations.

data from contact forms: maximum 12 months from the last interaction;

technical data (cookies, logs): according to the cookie policy, generally between 6 and 26 months;

relevant commercial correspondence may be kept up to 3 years, for any legal archiving obligations.

After the expiration of the periods mentioned above, the stored data is permanently deleted.

Recipients and data transfers

The Company does not sell, rent or disclose personal data to third parties, except in the following limited situations:

IT service providers (hosting, maintenance, e-mail), who act as processors and have contractual confidentiality obligations;

public authorities, based on a legal obligation and an express request;

providers of statistical analysis services (e.g. Google Analytics), in accordance with their privacy policy.

Data may be stored on servers located within the European Economic Area (EEA). If transfers are made outside the EEA, these are made only to states ensuring an adequate level of protection, in accordance with the decisions of the European Commission.

Data security

The Company applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration or disclosure:

encryption of communications through SSL protocol;

access control and secure passwords;

periodic back-up and antivirus protection;

training of personnel regarding confidentiality.

Rights of data subjects

According to GDPR, data subjects benefit from the following rights:

the right to access their own data;

the right to rectify inaccurate or incomplete data;

the right to erasure ("right to be forgotten");

the right to restriction of processing;

the right to data portability;

the right to object to processing, under the conditions of art. 21 GDPR;

the right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal;

the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

To exercise these rights, data subjects may send a written request to the electronic correspondence address office@danya-cebus.ro.

The Company undertakes to respond to any request regarding the exercise of the rights mentioned above within a maximum of 30 (thirty) calendar days from receipt of the request.

In exceptional situations involving complex or multiple requests, this period may be extended by an additional maximum of 60 days, in which case the data subject will be informed about the reasons for the delay and the new estimated response deadline, in accordance with the provisions of the GDPR Regulation.

Responses will be provided, as far as possible, by electronic means, in compliance with the principle of transparency and the protection of personal data.

Withdrawal of consent

Data subjects may withdraw their consent for data processing at any time, by sending an e-mail to office@danya-cebus.ro.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

Modification of the policy

The Company reserves the right to update this Privacy Policy, to reflect legislative or organizational changes.

The updated version will be published on the Website and will enter into force from the date of display.

Contact

For questions regarding the protection of personal data, please contact us at the electronic correspondence address office@danya-cebus.ro.

Date of last update: 11.02.2026.