Privacy Policy
Last updated: [DATE]
1. Data Controller
The controller of your personal data is:
RAELBA S.R.L.
Registered address: [FULL REGISTERED ADDRESS, ROMANIA]
Trade Register number: [J__/____/____]
Fiscal identification code (CUI/CIF): [________]
Email: [EMAIL ADDRESS]
Phone: [PHONE NUMBER]
As our processing activities do not meet the criteria for mandatory Data Protection Officer appointment under Article 37 of the GDPR, we have not designated a DPO. For all data protection inquiries, please contact us using the details above.
2. Scope of This Policy
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit raelba.com ("Website") and use our contact form.
As a company established in the European Union, we process all personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation — "GDPR") and Romanian Law 190/2018 implementing the GDPR. We apply these standards to all visitors regardless of location, ensuring the same level of data protection whether you are based in the EU or elsewhere.
3. Personal Data We Collect
We collect personal data only through our contact form. When you submit an inquiry, we collect:
- Your name — to identify you and personalize our response
- Your email address — to respond to your inquiry
- Your message — which may contain additional personal data you choose to provide
We do not collect any data automatically. We do not use analytics tools, tracking pixels, advertising identifiers, or any technology that monitors your browsing behavior. Our Website uses only essential cookies required for basic functionality (see our Cookie Policy for details).
We do not collect sensitive personal data (also known as special categories of data under Article 9 GDPR), such as data concerning health, political opinions, religious beliefs, or ethnic origin.
4. Purposes of Processing
We process your personal data for the following specific purposes:
- Responding to your inquiry — reading, reviewing, and replying to the message you send through our contact form.
- Providing information about our services — if you request details about our real estate consulting, company formation, residency structuring, or other services.
- Pre-contractual communication — engaging in discussions that may lead to a consulting engagement.
- Record-keeping — maintaining records of communications for accountability and quality purposes.
We do not use your personal data for marketing, profiling, automated decision-making, or any purpose other than those listed above.
5. Legal Basis for Processing
We process your personal data on the following legal grounds under Article 6(1) of the GDPR:
- Article 6(1)(b) — Performance of a contract or pre-contractual measures: When you contact us to inquire about our services, we process your data to take steps at your request prior to potentially entering into a consulting agreement. This is our primary legal basis.
- Article 6(1)(f) — Legitimate interests: We have a legitimate interest in maintaining records of inquiries for business administration, quality assurance, and the establishment or defense of legal claims. This interest does not override your rights and freedoms, given that the data is minimal, voluntarily provided by you, and processed exactly as you would reasonably expect.
Providing your name and email address is necessary for us to respond to your inquiry. If you choose not to provide this data, we will be unable to process or respond to your message.
6. Recipients and Processors
Your personal data may be accessed by the following categories of recipients, all of whom are bound by data processing agreements in accordance with Article 28 GDPR:
| Recipient | Purpose | Location |
|---|---|---|
| [WEB HOSTING PROVIDER NAME] | Website hosting and server infrastructure | [COUNTRY / "EEA"] |
| [EMAIL SERVICE PROVIDER NAME] | Email delivery and storage for responding to inquiries | [COUNTRY] |
We do not sell, rent, or trade your personal data to any third party. We do not share your data with marketing platforms, advertisers, or data brokers.
We may also disclose your personal data if required to do so by law, court order, or a binding request from a competent authority.
7. International Data Transfers
[OPTION A — If all processors are within the EEA:]
Your personal data is processed and stored exclusively within the European Economic Area (EEA). No international data transfers take place.
[OPTION B — If using US-based services (e.g., Google Workspace, Microsoft 365):]
Some of our service providers are established in the United States. These transfers are protected by the following safeguards:
- EU-U.S. Data Privacy Framework (DPF): Our US-based processors are certified under the EU-U.S. Data Privacy Framework, which was declared adequate by the European Commission on July 10, 2023 (Implementing Decision (EU) 2023/1795).
- Standard Contractual Clauses (SCCs): As an additional safeguard, we maintain Standard Contractual Clauses approved by the European Commission with our processors.
You may request a copy of the relevant transfer safeguards by contacting us at [EMAIL ADDRESS].
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period | Justification |
|---|---|---|
| Contact form submissions (no follow-up engagement) | 12 months from submission | Sufficient for the inquiry cycle and any potential follow-up |
| Active communications related to a potential engagement | Duration of communication + 12 months | Maintains context for ongoing discussions |
| Data related to a concluded consulting agreement | Duration of contract + 5 years | Compliance with Romanian fiscal and accounting record-keeping obligations |
After the applicable retention period expires, your personal data will be securely deleted or irreversibly anonymized. We conduct periodic reviews to ensure data is not retained beyond the specified periods.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Article 15) — You may request confirmation of whether we process your data and obtain a copy of it.
- Right to rectification (Article 16) — You may request correction of inaccurate or incomplete data.
- Right to erasure (Article 17) — You may request deletion of your data where there is no compelling reason for its continued processing.
- Right to restriction of processing (Article 18) — You may request that we limit how we use your data in certain circumstances.
- Right to data portability (Article 20) — You may request to receive your data in a structured, commonly used, machine-readable format.
- Right to object (Article 21) — You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent (Article 7(3)) — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
How to exercise your rights: Send your request to [EMAIL ADDRESS]. We will respond within one month of receiving your request, in accordance with Article 12(3) GDPR. In complex cases, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay within the initial one-month period.
We may ask you to verify your identity before processing your request.
10. Right to Lodge a Complaint
If you believe that our processing of your personal data infringes the GDPR or Romanian data protection law, you have the right to lodge a complaint with the supervisory authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral Gheorghe Magheru 28-30, Sector 1, 010336 București, România
Phone: +40.318.059.211
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro
You also have the right to an effective judicial remedy before the competent Romanian courts.
11. Automated Decision-Making
We do not use automated decision-making or profiling as defined under Article 22 of the GDPR. All decisions regarding your inquiries are made by our team.
12. Children's Data
This Website and our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that data promptly.
13. Security Measures
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:
- SSL/TLS encryption for all data transmitted through our Website
- Access controls limiting data access to authorized personnel only
- Secure email communication
- Regular review of our security practices
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
14. Cookies
Our Website uses only strictly necessary cookies for basic functionality. We do not use analytics, marketing, or tracking cookies. For full details, please see our Cookie Policy.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any changes will be posted on this page with an updated "Last updated" date.
We encourage you to review this Privacy Policy periodically.
16. Contact
For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us at:
RAELBA S.R.L.
[FULL REGISTERED ADDRESS]
Email: [EMAIL ADDRESS]
Phone: [PHONE NUMBER]