Legal information
Last updated: June 2025
Thank you for your interest in Square Web and our products and/or services. The protection and confidentiality of personal data is a very important matter for us. When you enter into any kind of relationship with us, you entrust us with your information. The information presented in this document (hereinafter referred to as "Privacy Policy" or "the Document") is important. We recommend that you read it carefully.
The purpose of this Privacy Policy is to explain what data we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can exercise those rights. In collecting this information, we act as Data Controller and, by law, we are obliged to provide you with this information.
Being fully aware that personal information belongs to you, we do our best to store it safely and process it carefully. We do not share information with third parties without informing you in accordance with legal provisions. We do not make solely automated decisions with a significant impact on you.
This Privacy Policy applies to all persons who visit our website www.squareweb.ro, purchase our services or interact with us through any communication channel (email, telephone, social networks, etc.). Please read this document carefully. Square Web — Patrascu Marian PFA acts as data controller within the meaning of the General Data Protection Regulation (GDPR).
1.1. "GDPR" or "the Regulation" means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.2. "Controller" or "We" means Square Web — Patrascu Marian PFA, headquartered at Str. I.C. Bratianu, Târgoviște, 130153, Romania, Unique Identification Code – 44764700.
1.3. "Data subject" means any identified or identifiable natural person whose data is processed by us as controller, such as clients, potential clients or website visitors.
1.4. "Processing" means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.5. "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
1.6. "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Other terms used in this document have the meaning given by the GDPR and other applicable legal provisions.
This Privacy Policy does not cover applications and websites of third parties that you may reach by accessing links on our website. This is beyond our control. We encourage you to review the Privacy Policy of any website and/or application before providing personal data.
Square Web — Patrascu Marian PFA, headquartered at Str. I.C. Bratianu, Târgoviște, 130153, Romania, Unique Identification Code – 44764700, is responsible for the processing of your personal data that we collect directly from you or from other sources.
Under the law, we are a data controller. To ensure your data is processed securely, we have made every effort to implement reasonable and appropriate technical and organisational measures to protect your personal data.
Under the law, you, the natural person benefiting from our services, the representative or contact person of a company that is our client or potential client, the visitor of the website or the person in any kind of relationship with us, are a "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of rights.
The protection of your personal information is very important to us. Therefore, we have committed to comply with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016, also known as the GDPR, and the following principles:
We process your data lawfully and fairly. We are always transparent about the information we use, and you are properly informed.
Within the limits of the law, we give you the ability to examine, modify, delete the personal data you have shared with us and to exercise your other rights.
We use data only for the purposes described at the time of collection or for new purposes compatible with the original ones. We take reasonable steps to ensure that personal data is accurate, complete and up to date.
We have implemented reasonable security measures for the processing of personal data, in order to protect your personal information as well as possible. However, please be aware that no website, application or internet connection is completely secure.
We may change this Privacy Policy at any time. In the event of significant changes, we will make reasonable efforts to notify you in advance (by email or through a prominent notice on the site). We recommend that you periodically consult this page to keep up to date with any updates.
When you browse our website, send us a request by email or contact us for any purpose and through any communication channel, you may provide us with the following personal data:
| Personal data processed | Purpose(s) | Legal basis/bases |
|---|---|---|
| Name, Phone |
To respond to requests and communicate project details. For invoicing. To comply with legislation. For fraud prevention. For direct marketing (only with your prior consent). |
Performance of a contract – Art. 6(1)(b) GDPR. Legal obligation – Art. 6(1)(c) GDPR. Consent – Art. 6(1)(a) – (for direct marketing only). |
|
For project communication and sending quotes. For invoicing. To comply with legislation. For direct marketing (only with your prior consent). |
Performance of a contract – Art. 6(1)(b) GDPR. Consent – Art. 6(1)(a) – (for direct marketing only). Legitimate interest – Art. 6(1)(f) GDPR. |
|
| IP address |
To defend against cyber attacks. For fraud prevention. For network operation. |
Legitimate interest – Art. 6(1)(f) GDPR. |
In addition to the information indicated above, we may also collect the following information, depending on circumstances:
In addition to the purposes listed in the table above, we also process personal data for the following purposes:
(a) Legitimate interest. Where we use legitimate interest, we carry out an analysis (balancing test) through which we weigh our interest and your interests. Where your interests prevail, we will not use legitimate interest.
(b) Consent. We will seek your consent only in situations where we cannot use another legal basis. We currently use consent only for email marketing.
(c) Vital interest. In the unlikely event of a medical emergency or other exceptional event, processing may be necessary to protect your vital interests or those of another natural person.
We store your personal data only for the period necessary to fulfil the purposes, but no longer than 5 years from the termination of the contract or the last interaction with us. After the period expires, personal data will be destroyed or deleted from IT systems or converted into anonymous data.
Please note that in certain expressly regulated situations, we store data for the period imposed on us by law.
We may disclose your data, in compliance with applicable law, to business partners or other third parties. We constantly make reasonable efforts to ensure that these third parties have adequate protection and security measures in place.
We may also provide your personal data to prosecutors, police, courts and other authorised state bodies, based on and within the limits of legal provisions.
Whenever we transfer your personal data outside the EEA, we will ensure that a similar level of protection exists through one of the following mechanisms:
We understand how important the security of personal data is and take the necessary measures to protect our clients from unauthorised access, modification, disclosure or unauthorised destruction of data.
We have implemented the following technical and organisational measures:
In the event of a security breach that may affect your rights and freedoms, we undertake to notify the National Supervisory Authority for Personal Data Processing (ANSPDCP) within 72 hours of discovering the incident, in accordance with Art. 33 of the GDPR. If the breach poses a high risk to your rights, you will also be notified without undue delay.
To the extent that we have obtained your prior consent or you are already a client of the company, we may use direct marketing technologies using information collected about you. We currently send commercial messages by email (email marketing) to persons who have expressed their prior consent to this effect.
Your rights under the GDPR are as follows:
| Authority | Contact details |
|---|---|
| National Supervisory Authority for Personal Data Processing (ANSPDCP) |
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania Phone: +40.318.059.211 or +40.318.059.212 Email: anspdcp@dataprotection.ro |
Please note that:
If you have questions or concerns about the processing of your information or wish to exercise your legal rights, you can contact us at:
Last updated: June 2025