Home

Privacy Policy

1. Introduction

At S.C. CYREX GROUP S.R.L., headquartered at Str. Stefan Octavian Iosif, Bl. 1C, Sc. 1, Ap. 1, 332021, Petroșani, Hunedoara, România, Tax Identification Number (CUI) 49342723, we are committed to protecting the confidentiality and security of your personal data. This policy explains in clear terms what information we collect, how we use it, with whom we share it, the safeguards we apply when transferring it outside the EEA, and your rights under the GDPR and national legislation. The domain cyrexgrp.com, along with any subdomains, is operated by CYREX GROUP.

2. Data We Collect

We collect your full name, email address, phone number, and company name when you fill out the contact form. Automatically, through our analytics services and server logs, we record your IP address, browser type, operating system, pages accessed, and session duration. All financial transactions are processed through authorized payment processors, and card details are not stored locally. If you create an account in our applications, we retain preferences, uploaded photos, invoice history, email address, phone number, date of birth, address, location, and the company you represent, if applicable. For security purposes, we retain access logs and security monitoring events for a maximum of six months.

3. Purposes of Processing and Legal Bases

We collect and use personal data to provide and personalize the services you request (software development, technical support, billing for services, use of the services offered by the company), with the legal basis being the performance of the contract. For sending marketing materials, information about new products and services, and promotional offers, we request your explicit consent, which you may withdraw at any time. Technical and usage data are used based on legitimate interest for analysis, experience optimization, and fraud prevention. Additionally, we process financial and billing data to comply with our legal and tax obligations.

4. With Whom We Share Data

Your data may be made available to the following categories of partners, acting as data processors, and only for the specified purposes:

  • Hosting and Website Maintenance Providers: For partners whose websites are hosted on our servers, we provide only the technical infrastructure and maintenance. The processing of user data for these websites is the exclusive responsibility of the partners, and their privacy policy applies. Although we own the technical infrastructure and have administrative access to the servers, we do not access partner data except in the following cases:

    • For Technical Maintenance: Only with the partner’s prior approval and strictly to resolve identified issues.
    • At the Partner’s Explicit Request: For assistance in data management.
    • For Security: In the event of suspected security breaches or fraudulent activity.
    • Technical access to servers does not constitute processing or use of partner data.
    • We respect the integrity and confidentiality of your data and that of your customers.
  • Infrastructure and Hosting Providers: For maintaining and securing our servers.
  • Cloud and Email Service Providers: For cloud storage of application data and managing electronic communications.
  • Payment Processors: For secure transactions.
  • Financial and Billing Service Providers: For issuing, archiving, and electronically managing invoices.
  • Public Authorities: Only upon valid legal request.

5. International Data Transfers

If your data is transferred outside the European Economic Area, we ensure that processors outside the EEA apply adequate safeguards, such as Standard Contractual Clauses or Binding Corporate Rules, so that the level of protection is equivalent to that guaranteed by EU legislation.

6. Retention Periods

Data is retained only as long as necessary for the purpose for which it was collected, but no longer than the following maximum periods (except where legislation requires a longer duration):

  • Contact form data: Up to 1 year from the last interaction;
  • Account and user profile data: For the duration of the account’s existence and up to 5 years after closure;
  • Tax documents and issued contracts: 5 years;
  • Technical and security logs: Up to 6 months;
  • Traffic analytics data: Up to 14 months;

Once the purpose for collection is fulfilled and/or legal deadlines expire, data is irreversibly deleted or anonymized.

7. Security Measures

To protect personal data, we have implemented SSL/TLS encryption for all connections, encryption of sensitive data at the storage level, periodic backups, and restoration procedures in case of incidents. Internal access is role- and permission-based, with two-factor authentication, and staff are regularly trained on security best practices and incident response procedures.

8. Your Rights

Under the GDPR, you have the right to request access to your personal data, rectification of incorrect information, deletion (if no legal retention obligations exist), restriction of processing, objection to processing (including marketing), data portability, and withdrawal of consent for promotional, marketing, new product/service communications, or cookies. To exercise these rights, submit a request to [email protected] or via the contact form. We respond within 30 days, without requesting identity verification unless there are reasonable doubts about the request’s legitimacy.

9. Protection of Minors

We do not intentionally collect data from individuals under 16. If we discover that we have processed such data without parental consent, we will delete it immediately.

10. Cookies and Similar Technologies

We use strictly necessary cookies for basic functionalities and analytical/marketing cookies only after obtaining your consent via the banner. Preferences can be modified at any time in your browser settings or the cookie management page for the relevant domain and subdomains where these cookies are present.

Our website and applications use the following types of cookies:

  1. Strictly Necessary Cookies

    These are essential for basic functionality and do not require consent:

    • csrftoken: Used for protection against CSRF (Cross-Site Request Forgery) attacks. Expires when the browser is closed.
    • lang: Stores the user’s selected language preference. Expires after 1 year.
    • sessionid: Maintains the user’s authentication session. Expires when the browser is closed.

  2. Performance and Analytics Cookies

    These are activated only with your consent via the displayed banner:

    • Google Analytics:

      • _ga: Identifies unique users (duration: 2 years).
      • _gat: Limits request rate (duration: 1 minute).
      • _gid: Identifies the current session (duration: 24 hours).

  3. How to Manage Cookies

    • Initial Consent: On your first visit, you may choose to accept or reject non-essential cookies via the banner on pages where these cookies are present.

    • Modify Preferences:

      • Change settings at any time on our cookie management page.
      • Block or delete cookies via browser settings (e.g., Chrome > Settings > Privacy).

  4. Similar Technologies

    We also use local storage to store temporary preferences (e.g., website color theme), which are automatically cleared when the cache is emptied.

11. External Links

Our website may contain links to third-party sites. We are not responsible for their content or privacy policies and recommend reviewing them before providing data.

12. Policy Changes

Updates will be notified via a visible banner on the website for 7 calendar days from publication. After this period, the banner will be removed, and the updated policy remains accessible in the dedicated section.

13. Contact

For questions or requests related to data protection, contact our DPO at [email protected] or via the contact form.