Privacy Policy

1) Introduction & Purpose

Protecting your personal data is a priority for SC CRIDEM IMPEX SRL. We process data only under the lawful bases of GDPR (EU) 2016/679 and applicable law.
Where no clear legal basis applies, we request your consent (Art. 6(1)(a) GDPR).

This Policy explains what we collect, why, for how long, with whom we share it, and your rights.

2) Data Controller

SC CRIDEM IMPEX SRL
Address: Șos. Borșului 58, 410605 Oradea, Romania
Reg. No.: J05/1384/1997 • VAT: RO9774048
Website: www.cridem.ro • Email: cridem@cridem.ro

3) Key Definitions (short)

Personal data; data subject; processing; controller; processor; consent (freely given, specific, informed, unambiguous).

4) Data We Process

Provided by you: account/checkout data (name, email, phone, billing & shipping address), messages.
Collected automatically (logs): browser & OS, referrer, pages visited, date/time, IP, technical identifiers.
Device/location: approximate location via IP; precise GPS only if enabled by you.

5) Purposes & Legal Bases

• Contract (Art. 6(b)): account, orders, payments, delivery, returns/warranty.

• Legal obligation (Art. 6(c)): invoicing, tax & archiving.

• Legitimate interest (Art. 6(f)): security, anti-fraud, service optimization, anonymized stats.

• Consent (Art. 6(a)): marketing, non-essential cookies, advertising profiling.

6) Registration

Optional. Used to provide services (orders, delivery, history). You may update/delete your data and request information at any time.

7) Cookies & Third-Party Tools

• Google Analytics (with anonymizeIp) – traffic & performance (opt-out: https://tools.google.com/dlpage/gaoptout).

• Google Ads / Remarketing – interest-based ads (settings: http://www.google.ro/settings/ads).

• YouTube embeds (Google).

• Facebook plugins (social features).
  Non-essential cookies run only with your consent. Manage cookies in your browser.

8) Recipients

Couriers, payment processors, IT/hosting, analytics/marketing providers — under confidentiality & data-processing agreements.
Authorities only when required by law. We do not sell personal data.

9) International Transfers

Some services (Google/Meta) may store/process outside the EEA. We rely on EU Standard Contractual Clauses or other valid safeguards.

10) Security

We apply technical & organizational measures (access control, encryption in transit, retention policies). No internet transmission is 100% secure.

11) Retention

Kept only as long as necessary: legal duties, contract duration/warranty, or until consent is withdrawn (where applicable). Then deleted or anonymized.

12) Your GDPR Rights

Access, information, rectification, erasure, restriction, portability, objection (including to direct marketing), and withdrawal of consent.
Contact: cridem@cridem.ro (response typically within 30 days). You may lodge a complaint with a Supervisory Authority.

13) Recruitment

Applicant data used solely for hiring; deleted ~2 months after decision if no contract is concluded (unless a longer legal interest applies).

14) Automated Decisions

We do not make automated decisions with legal effects. Any marketing profiling runs only with consent and can be disabled.

15) Data Provision

Some data is mandatory (contract/legal). If not provided, we may be unable to process your order. Other data is optional (consent-based).

16) Updates

We may update this Policy periodically. The current version is published on our website and applies upon posting.
Last updated: [November 8, 2025]