Legal information

Privacy and data protection

How we look after your personal data and what rights you have when working with us.

1. Introduction

VM COMPACT IT & DESIGN S.R.L. respects the privacy of the persons who interact with the vmweb.ro website, with our services and with the VMWeb team. This policy explains what personal data we may process, for what purposes, on what legal grounds, to whom we may disclose it, how long we keep it and what rights you have.

The policy applies to website visitors, persons who fill in forms, persons who contact us by e-mail, phone or social networks, potential clients, clients, representatives of partners, suppliers and other persons with whom we interact in the course of our activity.

2. The data controller

The data controller is VM COMPACT IT & DESIGN S.R.L., a company registered in Romania, with tax identification number (CUI/CIF) 43907187 and Trade Register registration number J52/293/12.03.2021.

Controller name
VM COMPACT IT & DESIGN S.R.L.
CUI / CIF
43907187
Trade Register no.
J52/293/12.03.2021
Registered office
Strada Tineretului, localitatea Giurgiu, judetul Giurgiu
Website
https://vmweb.ro
E-mail for GDPR requests
contact@vmweb.ro
Phone
+40 764 291 123

Where VMWeb processes personal data on behalf of a client, as part of a development, maintenance, marketing, configuration or technical support project for the client's website/platform, our role may be that of a processor. In these situations, the client determines the purposes and means of the processing, and the relationship is governed by a contract, documented instructions and, where applicable, a data processing agreement.

3. Categories of data subjects

We may process data relating to the following categories of persons:

  • website visitors and users of the online forms;
  • potential clients who request information, audits, offers, estimates or appointments;
  • clients, client representatives, technical, marketing or financial contact persons;
  • suppliers, partners, collaborators and subcontractors;
  • persons who subscribe to the newsletter or commercial communications;
  • persons who interact with us through social media, phone, e-mail or other communication channels.

4. What personal data we may process

Depending on how you interact with us, we may process the following categories of data:

  • identification and contact data: first name, last name, e-mail, phone, job title, company, website, billing or correspondence addresses;
  • data submitted through forms: message, request, indicative budget, project type, preferences, objectives, information about the business;
  • commercial and contractual data: offers, orders, contracts, invoices, communications, collaboration history, payment status;
  • technical data: IP address, cookie identifiers, data about the device, browser, operating system, pages visited, session duration, traffic source;
  • project-related data: technical access, administration accounts, files, content, graphic materials, information submitted for implementation or support;
  • marketing data: consents, preferences, unsubscribe history, interactions with newsletters or campaigns;
  • any other data that you decide to provide to us voluntarily through a message, e-mail, phone, documents or collaborative platforms.

Please do not send us special categories of personal data, such as data concerning health, political opinions, religion, biometric data, data concerning sex life or data about criminal convictions, unless this is strictly necessary for your request and there is an adequate legal basis.

5. How we collect the data

The data may be collected directly from you, from your interaction with the website or from legitimate third-party sources. Examples:

  • through the contact form, the newsletter form or other forms published on the website;
  • through e-mail, phone, messaging, social networks or online/offline meetings;
  • through contracts, invoices, offers, orders, briefs, project management platforms or support systems;
  • through cookies, similar technologies, analytics tools and the website's security services;
  • from clients, suppliers, partners, company representatives or other persons who provide us with data in a professional context.

6. The purposes and legal grounds for processing

We process personal data only to the extent necessary and on the basis of an applicable legal ground. The main purposes are:

PurposeData concernedLegal ground
Responding to requests and preparing offers Name, e-mail, phone, company, website, message, project details Pre-contractual steps; legitimate interest
Provision of the contracted services Contact data, commercial data, project materials, technical access Performance of the contract; legitimate interest
Invoicing, accounting and tax obligations Identification data, billing data, payments, accounting documents Legal obligation
Technical support, maintenance and security Contact data, technical data, logs, access data, incident information Performance of the contract; legitimate interest
Commercial communications and newsletter E-mail, name, preferences, consent/unsubscribe history Consent; legitimate interest for existing clients, with the right to object
Website analytics and experience improvement Cookies, IP, browsing data, traffic source, pages visited Consent, where required; legitimate interest for strictly necessary cookies
Protecting rights and resolving disputes Contractual data, communications, supporting documents Legitimate interest; legal obligation

7. To whom we may disclose the data

The data may be transmitted, to the extent necessary, to the following categories of recipients:

  • providers of hosting, server administration, e-mail, security, backup and IT services;
  • providers of analytics, marketing, CRM, newsletter, communication tools and collaborative platforms;
  • payment processors, banking institutions, accountants, auditors, legal and tax consultants;
  • subcontractors or collaborators involved in digital projects, only to the extent necessary for the provision of the services;
  • public authorities, courts, supervisory bodies or other institutions, where there is a legal obligation;
  • social media platforms, when you interact with our pages or campaigns through those platforms.

We do not sell or rent personal data to third parties.

8. International data transfers

Certain services used for hosting, e-mail, analytics, marketing, collaboration or security may involve transfers of data outside the European Economic Area. In such situations, we use providers that offer adequate protection mechanisms, such as adequacy decisions, standard contractual clauses or other safeguards recognized by the applicable legislation.

9. Data retention period

We keep the data only for as long as necessary for the purposes for which it was collected or for as long as the law requires us to keep it. The indicative periods are:

CategoryIndicative period
Requests submitted through a form or e-mail generally up to 12 months from the last interaction, if it does not turn into a contractual relationship
Contractual data and commercial documents for the duration of the contractual relationship and thereafter in accordance with the applicable legal/tax periods and limitation periods
Invoices and accounting documents in accordance with the applicable legal accounting and tax archiving obligations
Newsletter and commercial communications until consent is withdrawn/unsubscription or until the legal basis ceases to apply
Technical data and security logs generally between 6 and 12 months, except in the case of incidents or legal obligations
Cookies in accordance with the periods indicated in the cookie policy and in the consent panel

Upon expiry of the retention periods, the data is deleted, anonymized or archived under restricted access conditions, as applicable.

10. Data security

We apply reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure or destruction. These measures may include restricted access, passwords, two-factor authentication where available, backups, security updates, HTTPS encryption, access rights control and limiting collaborators' access to strictly necessary data.

No method of electronic transmission or storage is completely free of risk. If you suspect a security breach or unauthorized use of the data, please contact us immediately.

11. Rights of data subjects

Under the conditions provided by the data protection legislation, you have the following rights:

  • the right of access to the personal data processed;
  • the right to rectification of inaccurate data or completion of incomplete data;
  • the right to erasure of the data, in the cases provided by law;
  • the right to restriction of processing;
  • the right to data portability, where the processing is based on consent or a contract and is carried out by automated means;
  • the right to object to processing based on legitimate interest or direct marketing;
  • the right to withdraw consent, without affecting the lawfulness of processing carried out before the withdrawal;
  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects.

To exercise your rights, you can contact us at the e-mail address indicated in this policy. To protect the confidentiality of the data, we may request additional information to verify the identity of the requester.

12. Response time for requests

We will respond to valid requests concerning the rights of data subjects within the period provided by the applicable legislation. In the case of complex or numerous requests, the period may be extended in accordance with the law, with notice given to the data subject.

13. Complaints

If you have questions or concerns regarding the way we process personal data, please contact us first so that we can review and remedy the situation.

You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):

Address
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucuresti, Romania
Website
www.dataprotection.ro
E-mail
anspdcp@dataprotection.ro
Phone
+40 318 059 211 · Fax: +40 318 059 602

14. Cookies and similar technologies

vmweb.ro may use cookies that are strictly necessary for the operation of the website, as well as analytics, marketing or personalization cookies, depending on the consent settings available on the website. Details about the types of cookies, purposes, providers and durations are presented in the cookie policy and/or the website's consent panel.

You can manage cookies through your browser settings or through the consent mechanism displayed on the website, where available.

15. Data of minors

The VMWeb website and services are intended primarily for adult individuals and professional company representatives. We do not intentionally collect personal data of minors. If we find that we have accidentally collected data of a minor without an adequate legal basis, we will take reasonable measures to delete it.

16. Data processed for clients

As part of web design, maintenance, online marketing, SEO, technical configuration or web app development services, VMWeb may have access to personal data stored on clients' websites, online stores, CRMs, advertising accounts, analytics tools or platforms.

In such cases, the client is generally the data controller, and VMWeb acts in accordance with the client's instructions and the applicable contract. The client remains responsible for informing its own users, establishing the legal grounds, configuring cookie consent and complying with the GDPR obligations relating to its own website or campaigns.

17. Updates to the policy

We may update this policy to reflect changes to the website, services, providers, internal processes or applicable legislation. The updated version will be published on the website, together with the date of the last update.

18. Contact

For requests regarding personal data or this policy, you can contact us at:

E-mail
contact@vmweb.ro
Phone
+40 764 291 123
Website
https://vmweb.ro

Last updated: 30.05.2026