Privacy Policy

Last update: March 11, 2026

S.C. Editura Crimca S.R.L. strictly respects each user's right to privacy and undertakes to process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament (GDPR) and applicable national legislation. This policy describes what data we collect, why, how we use it and what rights you have in relation to it.

By using the edituracrimca.ro, You confirm that you have read, understand and accept the practices described in this policy. If you are under 16, please obtain the consent of your parent or legal guardian before using our services.

1. Who is the Data Operator?

The controller of personal data is S.C. Editura Crimca S.R.L., with registered office at 2, Iancu Flondor Street, Suceava, Romania, registered with the Trade Register under no. J33/XXXX/XXXX/XXXX, CUI ROXXXXXXXXXXXXXXXX.

Our Data Protection Officer (DPO) can be contacted at:

  • Email: dpo@edituracrimca.ro
  • Postal address: Strada Iancu Flondor, Nr. 2, 720224, Suceava, Romania
  • Phone: +40 XXX XXX XXX XXX (Mon-Fri, 08:00-16:00)

2. What Data We Collect and Why?

We collect personal data only when necessary and only for the specified purposes. The types of data and purposes of processing are described below:

2.1. Data collected when placing an order

  • Full name - to identify the customer and issue tax documents.
  • Delivery address - for sending the parcel by courier service.
  • Email address - for order confirmation, delivery communications and after-sales support.
  • Phone number - to contact the courier service for delivery.
  • Billing dates (CNP/CIF for legal entities) - exclusively for tax purposes, according to legal obligations.

The legal basis for this processing is performance of a contract (Art. 6 para. 1 lit. b GDPR).

2.2. Data collected when registering an account

When creating an account on the platform, we collect your email address, your chosen username and password (stored in encrypted form only). This data is processed on the basis of your consent (Art. 6 paragraph 1 lit. a GDPR) and can be deleted at any time upon request.

2.3. Data collected automatically (technical data)

When you visit our platform, our servers may automatically record certain technical data, including: IP address, browser type, operating system, pages visited and session duration. This data is used solely for statistical and security purposes and does not allow direct identification of the individual.

3. How Long Do We Keep Data?

Personal data is kept only for as long as necessary to fulfill the purpose for which it was collected or as required by applicable legal obligations:

  • Order and billing data: 10 years according to Romanian tax legislation.
  • Account details (if there was no activity): 3 years since last login.
  • Newsletter dates: until withdrawal of consent.
  • Technical data (server logs): 90 days rolling.

4. Your rights

As a data subject, you benefit from all the rights conferred by the GDPR. You can exercise them at any time by sending a written request to dpo@edituracrimca.ro. We will respond within 30 calendar days.

4.1. List of GDPR Rights

  • Right of access (Art. 15): You have the right to obtain a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You can ask for any inaccurate or incomplete data to be corrected.
  • Right to erasure (Art. 17): Also known as the „right to be forgotten”, you can request deletion of your data, with some legal exceptions.
  • Right to restrict processing (Art. 18): You can ask us to limit how we use your data.
  • Right to portability (Art. 20): You can receive the data provided in a structured, machine-readable format.
  • Right to object (Art. 21): You can object to data processing for direct marketing purposes or on the basis of our legitimate interests.
  • Right to complain: You have the right to complain to the supervisory authority, ANSPDCP.

5. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction or accidental disclosure. The platform uses security protocols SSL/TLS (HTTPS) for communication encryption. Passwords are stored exclusively as cryptographic hashes and are not available in plaintext to our staff.

Access to personal data is strictly restricted to employees who need access for operational purposes and are bound by contractual confidentiality clauses.