Skip to main content

GDPR Compliance

Last updated: January 7, 2026

1. Introduction

At Bigdan Web, we are committed to protecting and respecting your privacy in compliance with the EU General Data Protection Regulation (GDPR). This GDPR Compliance Policy outlines how we collect, use, and protect your personal data.

We have implemented appropriate technical and organizational measures to ensure that your data is processed in accordance with the GDPR principles. This page explains your rights under the GDPR and how you can exercise them.

2. Data Controller

Bigdan Web acts as the Data Controller for personal data collected through our website and services. As the Data Controller, we determine the purposes and means of processing your personal data.

Our contact details are:

  • Company Name: Bigdan Web
  • Legal Form: [Legal Form - To be completed]
  • Registered Address:
    [Street Address - To be completed], Sibiu, Sibiu County
    Romania
    [Postal Code - To be completed]
    [Street Address, Postal Code - To be completed]
  • Company Registration Number: [Company Registration Number - To be completed]
  • VAT Number (CUI/CIF): [VAT Number - To be completed if applicable]
  • Email: bigdanweb@gmail.com
  • Phone: +40 727 892 022

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: First name, last name, username, or similar identifier
  • Contact Data: Email address, telephone numbers, postal address
  • Technical Data: IP address, browser type and version, time zone setting, operating system, and platform
  • Usage Data: Information about how you use our website and services

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

Contract Performance

Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract:

  • To provide our web development and application services
  • To manage our relationship with you
  • To process and deliver your order

Legitimate Interests

Processing necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests:

  • To improve our services and develop new features
  • To analyze the use of our website
  • To protect our business against fraud and other illegal activities

Consent

Processing based on your consent:

  • To send you marketing communications
  • To use cookies for non-essential purposes

Legal Obligation

Processing necessary to comply with our legal obligations:

  • To maintain business records for tax purposes
  • To respond to requests from regulatory authorities

5. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

The right to request copies of your personal data that we hold

Right to Rectification

The right to request that we correct any inaccurate or incomplete personal data

Right to Erasure

The right to request that we delete your personal data in certain circumstances

Right to Restriction

The right to request that we restrict the processing of your personal data

Right to Data Portability

The right to request that we transfer your personal data to another organization or to you

Right to Object

The right to object to the processing of your personal data in certain circumstances

To exercise any of these rights, please contact us using the details provided in Section 9. We will respond to your request within one month. In certain circumstances, we may need to extend this period or charge a reasonable fee if your request is manifestly unfounded or excessive.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the GDPR.

National Authority for the Supervision of Personal Data Processing (ANSPDCP)

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, Romania

Website: www.dataprotection.ro

6. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Our security measures include:

  • Encryption of personal data where appropriate
  • Regular security assessments of our systems and services
  • Restricted access to personal data on a need-to-know basis
  • Regular testing of the effectiveness of our security measures
  • Staff training on data protection and security practices

While we make every effort to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

7. International Transfers

We operate primarily within the European Economic Area (EEA). However, in some cases, your personal data may be transferred to, stored, or processed in countries outside the EEA where necessary for the provision of our services or other legitimate purposes.

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, such as:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
  • Implementing appropriate supplementary measures where necessary

Third-Party Services Processing Data Outside the EEA

The following third-party services may process your personal data outside the EEA:

  • Google Analytics & Google Tag Manager
    Provider: Google LLC (United States)
    Data Processing Agreement: Google Data Processing Amendment
    Safeguards: Standard Contractual Clauses (SCCs) approved by the European Commission
  • Vercel (Hosting Provider)
    Provider: Vercel Inc. (United States)
    Data Processing Agreement: Vercel Data Processing Agreement
    Safeguards: Standard Contractual Clauses (SCCs) and Data Processing Agreement

All data processors have signed Data Processing Agreements (DPAs) with us, ensuring compliance with GDPR requirements for international data transfers.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Legal, regulatory, and contractual requirements

In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Specific Data Retention Periods

  • Contact Form Data: Retained for 2 years from the date of last contact, unless a longer retention period is required by law or for legitimate business purposes.
  • Email Communications: Retained for 3 years from the date of last communication, unless required longer for legal or contractual purposes.
  • Analytics Data: Google Analytics data is retained according to Google's data retention settings (default: 14 months). We may configure longer retention periods up to 50 months for aggregated analytics.
  • Cookie Consent Data: Retained for 1 year from the date of consent, after which consent will be requested again.
  • Legal and Accounting Records: Retained for 7 years as required by Romanian tax and accounting laws.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

Our notification will include:

  • A description of the nature of the breach
  • The categories and approximate number of individuals concerned
  • The likely consequences of the breach
  • The measures we have taken or propose to take to address the breach
  • Recommendations for you to mitigate potential adverse effects

We will notify you via email using the contact information you have provided, or through a prominent notice on our website if email notification is not possible.

10. Data Protection Officer

Bigdan Web does not currently have a designated Data Protection Officer (DPO) as we are not required to appoint one under GDPR Article 37. However, if you have any questions or concerns about data protection, please contact us using the information provided in Section 11.

If we are required to appoint a DPO in the future due to changes in our operations or legal requirements, we will update this section accordingly.

11. Contact Us

If you have any questions about this GDPR Compliance Policy or our data practices, or if you wish to exercise any of your rights under the GDPR, please contact us at:

📧bigdanweb@gmail.com

📱+40 727 892 022

12. Complaints

If you have a concern about our privacy practices, including the way we have handled your personal data, you can report it to us using the contact details above.

You also have the right to lodge a complaint with your local data protection authority. In Romania, this is the ANSPDCP (National Authority for Supervision of Personal Data Processing)the Supervision of Personal Data Processing (ANSPDCP).

National Authority for the Supervision of Personal Data Processing

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București

Website: www.dataprotection.ro

← Return to Home

We value your privacy

We use cookies and similar technologies to enhance your browsing experience, analyze our traffic, and display personalized content and ads. By clicking "Accept All", you consent to our use of cookies. See our Cookie Policy