www.ciucaaudit.ro (“We”, “Company”, “Ciuca Audit”) respects your privacy and is committed to protecting the personal information you provide to us. This Policy explains how we collect, use, and protect personal data in accordance with Regulation (EU) 2016/679 (“GDPR”).

1. Data Controller

The data controller is:
CIUCA AUDIT S.R.L.
CUI: RO 20604370

Address: str. Regiment 11 Siret, no. 33B, bl. T1, ap.306, Galati, Romania

Email: Această adresă de email este protejată contra spambots. Trebuie să activați JavaScript pentru a o vedea.
Phone: +40 745 636 434
Website: www.ciucaaudit.ro

2. What Data We Collect and Why

We collect the following types of data:

2.1. Data Collected Automatically

• IP address, browser type, visited pages – for improving website experience (basis: legitimate interest).
• Cookies – see the Cookie Policy for details.

2.2. Data Provided Voluntarily

• Contact Forms: Name, surname, email, phone number – to respond to inquiries (basis: consent).
• Offer Forms: Company name, contact person, phone number, email – to provide commercial information (basis: contract or pre-contractual measures).
• Newsletter: Email address – to send information about our services (basis: consent).

2.3. Data from ActiveCampaign

We use ActiveCampaign for customer relationship management and marketing campaigns. Data is stored in compliance with ActiveCampaign's GDPR policy.

3. Legal Basis for Processing

Data is processed based on Article 6 of the GDPR:

• Consent – for newsletter subscriptions.
• Contract – for the provision of audit services.
• Legal obligation – for maintaining financial records.
• Legitimate interest – for improving services and website security.

4. Data Sharing

Data may be shared with:

• IT service providers (ActiveCampaign, Google, DigiStorage, Caseware) – for hosting and marketing.
• Public authorities – to comply with legal obligations.
• Partners – as necessary to perform contractual services.

5. Data Transfers Outside the EU

If data is transferred outside the EU (e.g., ActiveCampaign – USA/Australia), it is protected through standard contractual clauses or other GDPR-compliant mechanisms.

6. Data Retention

• Contact form data: 1 year.
• Offer data: 3 years.
• Newsletter data: Until consent is withdrawn.
• Contract data: In line with legal obligations (10 years).

7. Your Rights

Under GDPR, you have the following rights:

• Right of access – to know what data we process.
• Right to rectification – to request correction of inaccurate data.
• Right to erasure (“right to be forgotten”) – under certain conditions.
• Right to restriction – under certain conditions.
• Right to data portability – to receive data in a structured format.
• Right to object – to processing for marketing purposes.
• Right to withdraw consent – at any time for consent-based processing.

8. How to Exercise Your Rights

You can contact us at:

Address: str. Regiment 11 Siret, no. 33B, bl. T1, ap.306, Galati, Romania

Email: Această adresă de email este protejată contra spambots. Trebuie să activați JavaScript pentru a o vedea.

If you believe data processing violates GDPR, you may file a complaint with:
National Supervisory Authority for Personal Data Processing (ANSPDCP) – www.dataprotection.ro

9. Data Security

We implement technical and organizational measures to protect data, including encryption, firewalls, and security audits.

10. Changes to the Privacy Policy

We reserve the right to update this policy. Any changes will be published on this page with a visible notice.