Legal
Privacy policy
Last updated: July 2, 2026
1. Data controller
Your privacy matters to us. This policy explains what personal data we collect through krioft.com and krioft.ro, why we collect it and what rights you have, in accordance with Regulation (EU) 2016/679 (the “GDPR”).
The data controller is:
- KRIOFT TEAM HUB SRL
- Fiscal code (CUI): 43178959
- Trade Registry No.: J21/443/2020
- Email: office@krioft.com
- Phone: 0766 330 697
2. What data we collect
We collect only the data we need in order to respond to you and to understand how the website is used:
- Offer request form data: name, email address, phone number, the services you selected and the message you sent.
- Communication data: the content of the messages you send us by email or phone.
- Technical and usage data: information collected through cookies and similar technologies (IP address, browser type, pages visited, visit duration), only to the extent you have given consent. See the Cookies policy for details.
We do not collect special categories of data (sensitive data) and we do not use your data for automated decisions with legal effects.
3. Purposes and legal bases
- Responding to offer requests β preparing and sending a personalised offer. Legal basis: steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR).
- Communication during an engagement β performing the concluded contract. Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legal obligations such as invoicing (Art. 6(1)(c) GDPR).
- Analytics and website improvement β traffic statistics and measuring advertising campaigns. Legal basis: your consent, given through the cookie banner (Art. 6(1)(a) GDPR).
- Defending our rights β establishing or defending legal claims. Legal basis: our legitimate interest (Art. 6(1)(f) GDPR).
4. How long we keep data
- Offer requests that do not lead to an engagement: a maximum of 3 years from the last communication, after which they are deleted.
- Contract-related data: for the duration of the engagement and afterwards for the periods required by tax and accounting legislation.
- Analytics data (cookies): according to the expiry periods described in the Cookies policy.
5. Who we share data with
We do not sell or rent your personal data. We may share it only with:
- Service providers that help us operate the website and our communication: web and email hosting, Google (Tag Manager, Analytics), LinkedIn (conversion measurement) and website usage analytics tools β each within the limits of your cookie consent;
- Public authorities, where the law requires it.
Some providers (for example Google, LinkedIn) may transfer data outside the European Economic Area; such transfers rely on the safeguards provided by the GDPR (adequacy decisions or standard contractual clauses).
6. Your rights
Under the GDPR you have the following rights regarding your personal data:
- the right of access β to find out what data we process about you;
- the right to rectification β to correct inaccurate or incomplete data;
- the right to erasure (the “right to be forgotten”) β under the conditions of Art. 17 GDPR;
- the right to restriction of processing;
- the right to data portability β to receive your data in a structured format;
- the right to object β to processing based on legitimate interest;
- the right to withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise these rights, write to us at office@krioft.com. We will reply within one month of receiving your request.
7. Complaints (ANSPDCP)
If you consider that the processing of your data infringes the GDPR, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) β dataprotection.ro.
We encourage you, however, to contact us first at office@krioft.com β we will try to resolve any issue directly and quickly.
8. Data security
We apply reasonable technical and organisational measures to protect data against loss, theft, unauthorised access, disclosure, copying or modification: encrypted connections (HTTPS), restricted access to data and continuously updated systems.
9. Changes to this policy
We may update this policy from time to time to reflect legislative or operational changes. The current version, together with the date of the last update, is permanently published on this page.