Coșul meu
Coșul tău este gol!
1. Data Controller
Nedermann Financial Services SRL
Registered office: Bulevardul Eroilor, Nr. 42, Etaj 1, Ap. 9 Cluj-Napoca, Romania
VAT No.: RO54642492
Email: info@ronpay.eu
2. Data Protection Officer (DPO)
At present, Nedermann Financial Services SRL has not appointed a DPO, as the conditions requiring such appointment under Article 37 GDPR do not apply.
For any matter concerning the processing of personal data, you may contact the Data Controller using the details above.
3. Categories of personal data processed
Common data: identification, contact, company, contractual, and payment-related data (through certified external processors), as well as browsing data.
Special categories of data: processed only where strictly necessary and subject to explicit consent (Article 9 GDPR).
4. Purposes and legal basis of processing
Contractual purposes: performance of a contract / provision of services (Article 6(1)(b) GDPR) – mandatory data provision.
Legal purposes: compliance with legal obligations (Article 6(1)(c) GDPR) – mandatory data provision.
Direct marketing: commercial communications/newsletters (legitimate interest for existing customers; consent for new contacts) – you may object at any time.
Profiling and analysis: service personalization/market research (consent – Article 6(1)(a) GDPR) – optional.
Security: protection of systems/fraud prevention (legitimate interest – Article 6(1)(f) GDPR).
5. Processing methods
Processing is carried out using IT tools and, where necessary, paper-based means, with appropriate security measures pursuant to Article 32 GDPR (pseudonymization/encryption, integrity, availability, resilience, restoration, periodic testing).
6. Data retention period
Contractual and accounting/tax data: 10 years from termination of the relationship (tax/accounting obligations).
Marketing data: 24 months from the last contact for active customers; until consent is withdrawn.
Browsing data: 12 months.
Special categories of data: for the time strictly necessary and in any case no longer than the termination of the relationship.
7. Recipients of personal data
Internal recipients: employees/collaborators; directors and shareholders (within the limits of the purposes).
Data processors: IT/hosting; banks and intermediaries; consultants; audit/control; couriers; electronic communications providers.
Recipients required by law: judicial authorities/law enforcement; Romanian Revenue Authority (ANAF); supervisory/control bodies; other recipients as required by law.
The full list of Data Processors is available at the Data Controller's registered office.
8. Transfers to third countries
Data are stored on servers located in the EU; some Data Processors may be located in third countries.
Transfers take place only where an adequacy decision applies or where appropriate safeguards are in place (Article 46 GDPR: SCCs, BCRs, certifications). Information on the safeguards adopted is available upon request.
9. Data subject rights
Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), withdrawal of consent, and the right to lodge a complaint with the Data Protection Authority.
10. How to exercise your rights
Email: info@ronpay.eu
Registered adress: Bulevardul Eroilor, Nr. 42, Etaj 1, Ap. 9 Cluj-Napoca, Romania
The request should include full identification details, an ID document, the right you wish to exercise, and (where relevant) an address for the reply.
We will respond within 30 days (extendable by 60 days in complex cases, with reasons provided).
11. Automated decision-making and profiling
Profiling may be carried out for service personalization, targeted marketing communications, and analysis of preferences and behaviours.
You have the right not to be subject to decisions based solely on automated processing, to obtain meaningful information about the logic involved, to request human intervention, to express your point of view, and to contest the decision.
12. Data security
Appropriate technical and organizational measures are adopted, including encryption, access/authentication controls, backup and disaster recovery, staff training, periodic audits, and incident management.
13. Personal data breaches (Data breach)
Where required, notification to the Data Protection Authority will be made within 72 hours of becoming aware of the breach; affected data subjects will be informed without undue delay where the risk is high; breaches and remediation measures will be documented.
14. Changes to this notice
This notice may be updated due to new laws, changes in processing activities, or security improvements.
Material changes will be communicated at least 30 days in advance via the website, email, or the reserved area.
15. Contacts and information
Nedermann Financial Services SRL – Bulevardul Eroilor, Nr. 42, Etaj 1, Ap. 9 Cluj-Napoca, Romania
Email: info@ronpay.eu