Privacy Policy

ENGINYRING Europe SRL | rev. 1.3
Updated 04.08.2025

Data protection is a high priority for ENGINYRING. This Privacy Policy informs you of the nature, scope, and purpose of the personal data we collect, use, and process in line with the General Data Protection Regulation (GDPR). By using our services, you acknowledge that you have read and understood this policy.

1. Data Controller

The controller for the purposes of the GDPR is:

ENGINYRING Europe SRL
VAT ID: RO47589108 | ONRC ID: J16/306/2023
Romania
Email: contact [at] enginyring [dot] com
Website: www.enginyring.com

2. Definitions

Our data protection declaration is based on the terms used in the GDPR. Key terms include "personal data," "data subject," "processing," "controller," and "processor."

3. Collection of General Data and Information (Log Files)

Our website and services collect a series of general data and information when a data subject or automated system accesses them (e.g., browser type, operating system, IP address, date, and time). This information is stored in server log files. This data is processed based on our legitimate interest to deliver the content of our website correctly, ensure the long-term viability and security of our systems, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

4. Cookies

Our website uses cookies to provide users with more user-friendly services and to optimize the information and offers on our website. You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used and may thus permanently deny the setting of cookies.

5. Registration and Client Data

5.1 When you register for our services, we collect the personal data you provide (e.g., name, address, email, phone number). You are responsible for providing accurate and up-to-date information. This data is used exclusively for the purpose of providing the services you have requested, for internal administrative purposes, and to fulfill our contractual and legal obligations. By registering, you consent to the storage of your IP address, and the date and time of registration, which serves our legitimate interest in preventing misuse.

5.2 For certain accounts, where we have any suspicion of fake or fraudulent data being submitted, we reserve the right to request a full Know Your Customer (KYC) validation. This process may require you to provide a selfie and a copy of your government-issued ID, which will be processed through Stripe's Identity platform for verification purposes. This processing is necessary for fraud prevention and to ensure the security of our services, which constitutes a legitimate interest.

6. Contact via Website/Email

If you contact us via email or a contact form, the personal data you transmit is automatically stored for the purpose of processing your request or contacting you. This data is not transferred to third parties without your consent, unless required for the resolution of your request.

7. Data Disclosure to Third Parties

To deliver our ordered services or to render the pages on our website, we must share certain personal data with third-party service providers (processors). We only work with third parties that provide sufficient guarantees to implement appropriate technical and organizational measures in a manner that meets the requirements of the GDPR. We are not liable for the data processing practices of these third parties.

Categories of data shared include:

  • Payment Processors (Stripe, PayPal, Banca Transilvania): To process transactions, we share your full contact and billing information, including name, address, email, and payment details.
  • Domain Registrars: To register a domain name on your behalf, we are required to share your name, address, email, and phone number with the relevant domain registry (e.g., EURid, RoTLD).
  • Identity Verification (Stripe Identity): For KYC validation, we share the necessary identification documents and images you provide.
  • Infrastructure & Content Delivery (Google, Fastly): To deliver website content efficiently and securely, your IP address and cookie data may be shared with our CDN and analytics partners.

Your data may be transferred to and stored at a destination outside the European Economic Area ("EEA"). By submitting your personal data, you agree to this transfer, storing or processing.

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access: The right to obtain information about your personal data we process.
  • Right to rectification: The right to obtain the correction of inaccurate personal data.
  • Right to erasure ('right to be forgotten'): The right to have your personal data erased, subject to legal retention obligations.
  • Right to restriction of processing: The right to restrict the processing of your data under certain conditions.
  • Right to data portability: The right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object: The right to object to the processing of your personal data for direct marketing or on grounds relating to your particular situation.
  • Right to withdraw consent: The right to withdraw your consent to processing at any time.
  • Right to lodge a complaint: The right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).

To exercise these rights, you may contact us at any time at the address provided in Section 1.

9. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Art. 6(1)(a) GDPR: Consent, for specific purposes like newsletters.
  • Art. 6(1)(b) GDPR: Necessity for the performance of a contract to which you are a party.
  • Art. 6(1)(c) GDPR: Necessity for compliance with a legal obligation (e.g., tax laws).
  • Art. 6(1)(f) GDPR: Necessity for the purposes of our legitimate interests, such as ensuring network security, preventing fraud, administrative purposes, and improving our services, except where such interests are overridden by your fundamental rights and freedoms.

10. Data Retention Period

We store personal data only for the period necessary to achieve the purpose of storage or as required by law (e.g., statutory retention periods for commercial or tax purposes). After this period, the data is routinely deleted. Data may be retained for longer periods if it is necessary for the establishment, exercise, or defense of legal claims.

11. Provision of Personal Data

The provision of personal data is necessary to enter into a contract with us. Failure to provide the necessary data would result in the contract not being concluded.

12. Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling.