Privacy Policy

Last updated: 2026-01-11

1. Data Controller

NICMAR-DANCI SRL is the data controller for the processing of personal data under this Policy.

2. Categories of Personal Data

• Identity and contact data: name, company, job title, email address, phone number
• Business communication: inquiry details, RFQ content, meeting notes, email correspondence, attachments you submit
• Technical data: IP address, browser/device information, basic security and access logs
• Cookie-related data: analytics data (GA4) only after consent and configured in a privacy-oriented way

3. Sources of Data

• Directly from you (forms, emails, phone calls, meetings, RFQ submissions)
• From your organization (where you act as representative/contact person)
• From our website (technical logs and, if accepted, analytics)

4. Purposes of Processing

• To respond to inquiries, RFQs, and business requests
• To prepare quotations and conduct feasibility/technical reviews related to your request
• To manage B2B communication and follow-up (including supplier onboarding discussions)
• To operate, secure, and improve our website (including preventing abuse and ensuring availability)
• To comply with applicable legal obligations (e.g., accounting, compliance, and audit requirements where relevant)

5. Legal Bases (GDPR)

• Legitimate interests (B2B communication, responding to requests, relationship management, website security, service improvement)
• Contractual necessity (steps prior to entering into a contract and contract performance where applicable)
• Legal obligations (where required by applicable law)
• Consent (only for analytics cookies/GA4, when you accept analytics in the cookie banner)

6. Data Sharing (Recipients)

We do not sell personal data. We may share personal data with trusted service providers strictly as needed for the purposes above (e.g., website hosting, email infrastructure, IT/security services). Where applicable, such providers act as processors under written agreements and appropriate safeguards.

7. International Transfers

If personal data is processed outside the EEA by service providers, we apply GDPR-required safeguards (e.g., Standard Contractual Clauses), as applicable.

8. Retention

We retain personal data only as long as necessary for the purposes described above, or as required by law. RFQ and B2B communication data may be retained for a reasonable period to support ongoing industrial relationships, traceability, and compliance/audit needs.

9. Security

We implement appropriate technical and organizational measures to protect personal data. However, no online transmission is guaranteed to be fully secure.

10. Your Rights

Subject to GDPR and applicable law, you may have the right to:

• Request access to your personal data
• Request rectification (correction) of inaccurate data
• Request erasure (where applicable)
• Request restriction of processing (where applicable)
• Request data portability (where applicable)
• Object to processing based on legitimate interests (where applicable)
• Withdraw consent at any time (only where processing is based on consent, e.g., analytics)

11. Cookies & Analytics

For details about cookies and analytics, please read our Cookie Policy. We load GA4 only after consent and configure it in a privacy-oriented way (IP anonymization and disabled Google Signals / ad personalization signals).

12. Complaints

If you consider that your rights have been violated, you may contact us first. You also have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP) or your local supervisory authority in the EU/EEA, as applicable.

13. Children

This website is intended for business users and is not directed to children. We do not knowingly collect data from children.

14. Updates to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates the most recent revision.

15. Contact

For privacy-related requests, contact: office@nicmardanci.ro