2026-07-08T11:33:40+03:00

1. Data Controller

Nedermann Financial Services SRL

Registered office: Bulevardul Eroilor, Nr. 42, Etaj 1, Ap. 9 Cluj-Napoca, Romania

VAT No.: RO54642492

Email: info@ronpay.eu


2. Data Protection Officer (DPO)

At present, Nedermann Financial Services SRL has not appointed a DPO, as the conditions requiring such appointment under Article 37 GDPR do not apply.

For any matter concerning the processing of personal data, you may contact the Data Controller using the details above.


3. Categories of personal data processed

Common data: identification, contact, company, contractual, and payment-related data (through certified external processors), as well as browsing data.


Special categories of data: processed only where strictly necessary and subject to explicit consent (Article 9 GDPR).


4. Purposes and legal basis of processing

Contractual purposes: performance of a contract / provision of services (Article 6(1)(b) GDPR) – mandatory data provision.


Legal purposes: compliance with legal obligations (Article 6(1)(c) GDPR) – mandatory data provision.


Direct marketing: commercial communications/newsletters (legitimate interest for existing customers; consent for new contacts) – you may object at any time.


Profiling and analysis: service personalization/market research (consent – Article 6(1)(a) GDPR) – optional.


Security: protection of systems/fraud prevention (legitimate interest – Article 6(1)(f) GDPR).


5. Processing methods

Processing is carried out using IT tools and, where necessary, paper-based means, with appropriate security measures pursuant to Article 32 GDPR (pseudonymization/encryption, integrity, availability, resilience, restoration, periodic testing).


6. Data retention period

Contractual and accounting/tax data: 10 years from termination of the relationship (tax/accounting obligations).


Marketing data: 24 months from the last contact for active customers; until consent is withdrawn.


Browsing data: 12 months.


Special categories of data: for the time strictly necessary and in any case no longer than the termination of the relationship.


7. Recipients of personal data

Internal recipients: employees/collaborators; directors and shareholders (within the limits of the purposes).


Data processors: IT/hosting; banks and intermediaries; consultants; audit/control; couriers; electronic communications providers.


Recipients required by law: judicial authorities/law enforcement; Romanian Revenue Authority (ANAF); supervisory/control bodies; other recipients as required by law.

The full list of Data Processors is available at the Data Controller's registered office.


8. Transfers to third countries

Data are stored on servers located in the EU; some Data Processors may be located in third countries.

Transfers take place only where an adequacy decision applies or where appropriate safeguards are in place (Article 46 GDPR: SCCs, BCRs, certifications). Information on the safeguards adopted is available upon request.


9. Data subject rights

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), withdrawal of consent, and the right to lodge a complaint with the Data Protection Authority.


10. How to exercise your rights

Email: info@ronpay.eu

Registered adress: Bulevardul Eroilor, Nr. 42, Etaj 1, Ap. 9 Cluj-Napoca, Romania

The request should include full identification details, an ID document, the right you wish to exercise, and (where relevant) an address for the reply.

We will respond within 30 days (extendable by 60 days in complex cases, with reasons provided).


11. Automated decision-making and profiling

Profiling may be carried out for service personalization, targeted marketing communications, and analysis of preferences and behaviours.

You have the right not to be subject to decisions based solely on automated processing, to obtain meaningful information about the logic involved, to request human intervention, to express your point of view, and to contest the decision.


12. Data security

Appropriate technical and organizational measures are adopted, including encryption, access/authentication controls, backup and disaster recovery, staff training, periodic audits, and incident management.


13. Personal data breaches (Data breach)

Where required, notification to the Data Protection Authority will be made within 72 hours of becoming aware of the breach; affected data subjects will be informed without undue delay where the risk is high; breaches and remediation measures will be documented.


14. Changes to this notice

This notice may be updated due to new laws, changes in processing activities, or security improvements.

Material changes will be communicated at least 30 days in advance via the website, email, or the reserved area.


15. Contacts and information

Nedermann Financial Services SRL – Bulevardul Eroilor, Nr. 42, Etaj 1, Ap. 9 Cluj-Napoca, Romania

Email: info@ronpay.eu

 

Folosim cookie-uri pentru a ne asigura că site-ul nostru web funcționează bine pentru dvs., respectând toate regulile și bunele practici pentru confidențialitatea datelor dumneavoastră personale. Consultați Politica noastră de confidențialitate