What is GDPR

GDPR has become a standard feature of our activities since 25.05.2018 and is the acronym in English for "General Data Protection Regulation", which refers to the REGULATION (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

In Romania, certain provisions of the GDPR have been implemented through Law 190/2018 and by certain decisions adopted by the National Authority for the Supervision of Personal Data Processing ("ANSPDCP").

The GDPR updates the principles established two decades ago by Directive 95/46/EC, which stopped applying when the GDPR came into force.

Unlike previous legislation, the GDPR focuses on the rights of the person whose data is processed, such as the right to be informed about the operations by which personal data is processed, what data is processed, on what basis it is processed, for how long it is stored and under what conditions it can be accessed/deleted/corrected, etc.

GDPR is not just about "the right to be forgotten". The right to erasure of personal data is not absolute and cannot be exercised at any time, but depends on the exact circumstances under which the data was collected, the purpose of the collection and the basis on which it was collected. More information on how we keep personal data and under what conditions it can be deleted can be found in the sections below.

For us, GDPR is not just an acronym for a piece of legislation, it is also an acronym for our motto: Give Data Proper Respect! Data security and privacy are the pillars behind, and our company is constantly looking to update the platform to implement the latest data security and privacy standards.

GDPR Privacy Policy

The security of your personal data is a priority for us, therefore, we pay the utmost attention to your personal data and its protection and will make every effort to process it in accordance with Regulation (EU) 2016/679 ((General Data Protection Regulation). sau „GDPR”).

We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of any such changes, we will post the amended version of the Privacy Policy on our website, so please check the contents of this Privacy Policy periodically.

Who we are and how to contact us is the website owned by SC ROMARM SA, a legal entity of Romanian nationality, having its working point in Bucharest, Bd. Timisoara, no. 5B, 6 district, 061301, with number in the Trade Register J40/10841/2000, unique tax registration code RO13554423 (hereinafter "" or "we"). In accordance with data protection legislation, we are the operator when processing your personal data.

As we are always open to hearing your views, as well as providing you with any additional information you may need regarding the processing of your data, we encourage you to contact the Data Protection Officer at with the following message: To the attention of Data Protection Officer.

What categories of personal data we process

In most cases, we collect your personal data directly from you, so you have control over the type of information you give us. We receive information from you in this way:

  • When you send us a message on the contact form on the website, please send us: your e-mail address, your name and surname;
  • Când ne trimiteti mesaj pe formularul de transmitere a CV-ului în scopul recrutării, formular existent pe site-ul, ne transmiteți: adresa de e-mail, numele și prenumele, CV;
  • When you register your data (name, surname, email) to subscribe to the ROMARM Newsletter
  • When you use our website,, we may also collect and further process certain information about your behavior while visiting our website in order to personalize your online experience and provide you with offers tailored to your profile. You are invited to learn more about this by consulting the section on processing purposes below.
  • Pe site-ul nostru web putem stoca și colecta informații in cookie-uri și tehnologii similare, conform Politicii de cookie-uri.

We do not collect or otherwise process sensitive data, which are included by the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data from minors who have not reached the age of 18.


What are the purposes and reasons for processing

We will use your personal data for the following purposes:

  1. For marketing purposes - we want to keep you up to date with the best offers for the products/services you are interested in. To this end, we may send you e-mail messages containing:
  • general and specific information on our products;
  • useful information on new blog posts, events we hold, results of our work;
  • information on similar or complementary products to those you have purchased;
  • information regarding offers or promotions;
  • other commercial communications such as market research and surveys;
  • we can display customized recommendations on the website;

In most cases we base our marketing communications on your prior consent. You can change and withdraw your consent at any time by:

  • Access the unsubscribe link displayed within the messages you receive from us;
  • Contact using the contact details described above.
  1. In defense of our legitimate interests

In some cases we may use or transmit information to protect our rights and business. These may include:

  • Measures to protect the website and users of the platform from cyber attacks;
  • Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
  • Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in safeguarding our business, it being understood that we ensure that any measures we take guarantee a balance between our interests and your fundamental rights and freedoms. We also base our processing in certain cases on legal provisions such as the obligation to ensure the security of goods and valuables provided for by the applicable legislation in this matter.

3. În scopul recrutării prin transmiterea CV prin formularul de recrutare existent pe site. CV ROMARM SA prelucrează Datele dumneavoastră cu caracter personal pentru a identifica și evalua candidatura dumneavoastră, a aptitudinilor, calificărilor și intereselor față de poziția disponibilă pentru care ați fost contactat, organizarea și desfășurarea interviurilor și selectarea și recrutarea dumneavoastră precum și pentru efectuarea de verificări, conform cerințelor legislației locale aplicabile.

How long we keep your personal data

As a general rule, cookies are kept for one month and the data you provide via the contact form may be kept as long as we are collaborating. You can ask us to delete certain information at any time and we will comply with these requests.

To whom we transmit your personal data

If we have a legal obligation to do so or if it is necessary to protect a legitimate interest, we may disclose certain personal data to public authorities.

We ensure that access to your data by third parties who are private legal entities is carried out in accordance with the legal provisions on data protection and confidentiality of information, on the basis of contracts concluded with them.

În cazul prelucrării datelor personale din CV, informații care au fost transmise prin formularul de contact online, acestea sunt administrate de departamentul Resurse Umane pentru facilitarea cooperării, comunicării și transferului de candidați în cadrul grupului ROMARM. Datele personale din CV sau Scrisoare de Intentie pot fi transferate unor agenții guvernamentale și de reglementare, case naționale de asigurări sociale, instanțe și alte autorități guvernamentale, conform prevederilor legislației aplicabile, în baza Art. 6(1) (c) GDPR, și consultanților externi cu rol de operatori de date (de exemplu, avocați, contabili, auditori etc.) în baza Art. 6 (1) (f) GDPR.

Perioade de retenție în cazul datelor transmise în scopul recrutării

Datele cu caracter personal prelucrate în scopul angajării vor fi păstrate:

i)    cât este necesar pentru procesul de recrutare sau în vederea evaluării acestui proces, cât și

ii)    ulterior, în cazul respingerii candidatului, în vederea unei posibile recrutări viitoare pentru o altă poziție deschisă precum și în conformitate cu cerințele legale ce stabilesc temene de prescripție specifice anumitor acțiuni, aplicându-se perioada de retenție menționată mai jos.

Dacă se inițiază o măsură legală sau disciplinară, Datele cu caracter personal pot fi păstrate până la finalul acestei acțiuni, inclusiv eventualele perioade de recurs, iar apoi vor fi șterse sau arhivate, conform prevederilor legislației aplicabile.

În principiu, vă vom păstra Datele cu caracter personal pe durata solicitată sau permisă de legislația aplicabilă. Ulterior, vom elimina/șterge Datele dumneavoastră cu caracter personal din sistemele și evidențele noastre și/sau vom lua măsuri pentru a le anonimiza, astfel încât să nu mai puteți fi identificat în baza acestora. Datele cu caracter personal vor fi șterse la 3 ani de la încheierea ultimului proces de recrutare realizat, cu excepția cazului în care deveniți angajat al ROMARM, când se aplică perioada de retenție stabilită potrivit Notei de informare privind prelucrarea datelor cu caracter personal a angajaților.

Cazierul judiciar nu va fi stocat, fiind doar consultat de către persoanele responsabile pentru desfășurarea procesului de recrutare și returnat imediat candidatului.

Drepturile dumneavoastră în cazul transmiterii informațiilor online, în vederea recrutării.

În baza condițiilor prevăzute de legislația aplicabilă (GDPR), aveți următoarele drepturi:

1.    Dreptul de acces: Aveți dreptul de a vi se comunica, la cerere, dacă Datele dumneavoastră cu caracter personal sunt prelucrate, și dacă da, aveți dreptul de a solicita accesarea acestora. Informațiile includ, printre altele, scopul Prelucrării, categoriile de date cu caracter personal afectate și destinatarii sau categoriile de destinatari cărora le-au fost divulgate sau le vor fi divulgate Datele dumneavoastră cu caracter personal.

Aveți dreptul de a obține o copie a Datelor cu caracter personal prelucrate. Pentru copii suplimentare, vă putem percepe o taxă rezonabilă, în baza costurilor administrative.

2.    Dreptul la rectificare: Aveți dreptul de a obține din partea noastră rectificarea Datelor dumneavoastră cu caracter personal incorecte. În funcție de scopul Prelucrării, aveți dreptul de a completa Datele cu caracter personal incomplete, inclusiv prin intermediul unei declarații suplimentare.

3.    Dreptul la ștergere („dreptul de a fi uitat”): Aveți dreptul de a ne solicita să vă ștergem Datele cu caracter personal.

4.    Dreptul la restricționare: Aveți dreptul de a solicita restricționarea Prelucrării Datelor dumneavoastră cu caracter personal. În acest caz, datele respective vor fi marcate și pot fi prelucrate de noi doar în anumite scopuri.

5.    Dreptul la portabilitatea datelor: Aveți dreptul de a primi Datele dumneavoastră cu caracter personal pe care ni le-ați furnizat, în format structurat, comun și care poate fi citit de aparate, și aveți dreptul de a transmite aceste date unei alte entități fără obiecții din partea noastră.

6.    Dreptul de a obiecta:

Aveți dreptul de a obiecta, pe motive legate de situația dumneavoastră, în orice moment, față de Prelucrarea Datelor dumneavoastră cu caracter personal de către noi, și ni se poate solicita să nu vă mai prelucrăm Datele cu caracter personal. Dacă aveți dreptul la obiecție și vi-l exercitați, nu vom mai prelucra Datele dumneavoastră cu caracter personal în scopul respectiv. Exercitarea acestui drept nu presupune niciun cost. Acest drept poate fi invalidat în special dacă Prelucrarea Datelor dumneavoastră cu caracter personal este necesară pentru formalitățile aferente încheierii unui contract sau pentru îndeplinirea unui contract deja încheiat.

To which countries we transfer your personal data

We currently store and process your personal data in Romania.

How we keep your personal data secure

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards. Your data. Is stored on secure servers.

What are your rights

The General Data Protection Regulation gives you a number of rights in relation to your personal data. You can request access to your data, correct any mistakes in our files and/or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to take legal action. Where applicable, you may also benefit from the right to request the erasure of your personal data, the right to restrict the processing of your data and the right to data portability.

To exercise your rights, you can contact us using the contact details above. Please note the following if you wish to exercise these rights:

Identification. We treat seriously the confidentiality of all records containing personal data. For this reason, please send us your requests regarding such records using the e-mail address

Response time. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than one month. We may ask you if you can tell us exactly what you would like to receive or what you are concerned about. This will help us to act more quickly and shorten the response time to your request.

Third party rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.

Rights involved:

You can ask us:

  • to confirm whether we process your personal data;
  • to provide you with a copy of this data;
  • provide you with other information about your personal data, such as what data we hold, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your data, to the extent that the information has not already been provided to you through this notice.


  • You can ask us to rectify or complete your inaccurate or incomplete personal data.
    We may try to verify the accuracy of the data before correcting it.

Deletion of data

  • You can ask us to delete your personal data, but only if:
  • they are no longer needed for the purposes for which they were collected;
  • or you have withdrawn your consent (if data processing is based on consent);
  • or exercise a legal right to contest;
  • or they have been processed illegally;
  • or we have a legal obligation to do so.
  • We are not obliged to comply with your request to delete your personal data if the processing of your personal data is necessary: for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
  • There are certain other circumstances in which we are not obliged to comply with your request to delete data, although these are the two most likely circumstances in which we may refuse your request.

Restricting data processing

  • You can ask us to restrict the processing of personal data, but only if:
  • their accuracy is disputed (see rectification section) to allow us to verify their accuracy;
  • or the processing is unlawful, but you do not want the data to be deleted;
  • or they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court;
  • sau v-ați exercitat dreptul de a vă opune, iar verificarea dacă drepturile noastre prevalează este în desfășurare.
    We may continue to use your personal data following a restriction request if: we have your consent in order to establish, exercise or defend a right in court and to protect the rights of or another natural or legal person.

Data portability

  • You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can ask for it to be "ported" directly to another data controller, but in each case only if:
    the processing is based on your consent or the conclusion or performance of a contract with you; and the processing is carried out by automated means.


  • You may object at any time, for reasons relating to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest.
  • You may also object at any time to the processing of your data for direct marketing purposes (including profiling) without giving any reason, in which case we will stop such processing as soon as possible.

Automatic decision-making

  • You may request not to be subject to a decision based solely on automatic processing, but only where that decision: produces legal effects concerning you; or
    affects you in a similar way and to a significant extent.
    This right does not apply if the decision reached as a result of automated decision making: is necessary for us to enter into or perform a contract with you; is authorized by law and there are adequate safeguards for your rights and freedoms; or is based on your explicit consent.


You have the right to lodge a complaint with the supervisory authority about the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows: National Supervisory Authority for Personal Data Processing, B-dul G-ral. Gheorghe Magheru No. 28-30, District 1, postal code 010336, Bucharest, Romania. Telephone: +40.318.059.211 or +40.318.059.212. E-mail:

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise to make every effort to resolve any issues amicably.

We remind you that you can contact the Data Protection Officer anytime by sending your request by e-mail to: