Legal Document

Privacy Policy

Transparency in protecting your personal data is a priority for us.

Last updated: 08.03.2026

01Introduction

Bio Pond Tech SRL (hereinafter referred to as "the Company", "we" or "our"), headquartered in Romania, Tax ID RO39531164, is the controller of your personal data.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit or use our website iazurinaturale.ro, in compliance with:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)
Law no. 190/2018 on measures for implementing Regulation (EU) 2016/679
Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector

02Data We Collect

Depending on your interaction with our website, we may collect the following categories of data:

Data provided directly by you

Identification data: first name, last name
Contact data: email address, phone number
Request data: type of service requested, project description, estimated budget, pond area
Communication data: content of messages sent through the contact form

Data collected automatically

Technical data: IP address, browser type, operating system, screen resolution
Browsing data: pages visited, visit duration, referral source
Cookies and similar technologies: in accordance with our Cookie Policy

03Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

Purpose	Legal basis (GDPR Art.)
Responding to contact form inquiries	Art. 6(1)(b) – Performance of a contract or pre-contractual measures
Providing requested services	Art. 6(1)(b) – Performance of a contract
Sending newsletter (with consent)	Art. 6(1)(a) – Consent
Improving the website and services	Art. 6(1)(f) – Legitimate interest
Compliance with legal obligations	Art. 6(1)(c) – Legal obligation
Anonymized statistical analysis	Art. 6(1)(f) – Legitimate interest

04Data Retention Period

Your personal data is stored only for the period necessary to fulfill the purposes for which it was collected:

Contact form data: 2 years from the last interaction
Contractual data: for the duration of the contract + 5 years (as required by tax legislation)
Newsletter data: until consent is withdrawn
Technical and browsing data: maximum 13 months
Accounting and tax data: 10 years (as required by Accounting Law no. 82/1991)

Upon expiration of the storage period, data is securely deleted or anonymized.

05Your Rights

In accordance with GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15) – You may request confirmation that we process data concerning you and obtain a copy thereof.
Right to rectification (Art. 16) – You may request correction of inaccurate data or completion of incomplete data.
Right to erasure ("right to be forgotten") (Art. 17) – You may request deletion of data, under the conditions provided by law.
Right to restriction of processing (Art. 18) – You may request restriction of processing under certain conditions.
Right to data portability (Art. 20) – You may request to receive data in a structured, commonly used, and machine-readable format.
Right to object (Art. 21) – You may object to the processing of data based on legitimate interest.
Right not to be subject to automated decision-making (Art. 22) – We do not use automated decision-making processes, including profiling, that produce legal effects.

To exercise these rights, you may contact us at the email address indicated in the "Contact" section below. We will respond within 30 calendar days of receiving your request.

06Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure, including:

SSL/TLS encryption for all communications with the website
Restricted access to data based on the "need to know" principle
Regular security updates of the platform
Regular secure backups
Monitoring access to IT systems

In the event of a personal data breach that may pose a high risk to your rights and freedoms, we will notify you in accordance with Art. 34 GDPR.

07Data Transfer to Third Parties

We do not sell or rent your personal data. We may share data with:

Hosting and IT infrastructure service providers – for website operation (data processors, based on a processing agreement pursuant to Art. 28 GDPR)
Email service providers – for sending requested communications
Public authorities – when required by law
Professional consultants – lawyers, accountants, in the context of legal obligations

All data transfers comply with the data minimization principle and are subject to appropriate safeguards.

International Transfers

In the event that data is transferred outside the European Economic Area (EEA), we ensure that the transfer is carried out in accordance with Art. 44-49 GDPR, through standard contractual clauses approved by the European Commission or an adequacy decision.

08Cookies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit the website.

Types of cookies used

Essential cookies: Necessary for the website to function. No consent required.
Performance cookies: Help us understand how visitors use the website, in order to improve it.
Functional cookies: Allow the website to remember your preferences (language, region).

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

09Protection of Minors

Our website is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data of a minor without verifiable parental consent, we will take steps to delete this information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at the email address indicated below.

10Changes to the Privacy Policy

We reserve the right to update this Privacy Policy periodically to reflect changes in our data processing practices or applicable legislation.

Any significant changes will be communicated by:

Publishing the updated version on this page
Updating the "Last updated" date at the top of the page
Email notification, if applicable

We recommend that you periodically consult this page to stay informed about how we protect your data.

11Right to Lodge a Complaint

If you believe that the processing of your personal data violates the provisions of GDPR, you have the right to lodge a complaint with:

National Supervisory Authority for Personal Data Processing (ANSPDCP)

Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, Bucharest, postal code 010336
Phone: +40 318 059 211
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

However, we encourage you to contact us first to try to resolve any issue amicably.

12Contact

For any questions or requests regarding this Privacy Policy or the processing of your personal data, you may contact us:

Controller: Bio Pond Tech SRL
Tax ID: RO39531164
Email: contact@iazurinaturale.ro
Contact page: iazurinaturale.ro/contact

Name	Provider	Purpose	Duration
`session`	This site	Maintains user session state across page requests.	Session
`tlz_consent`	This site	Stores your cookie consent preferences.	1 year

Name	Provider	Purpose	Duration
`_ga`	Google Analytics	Distinguishes unique users by assigning a randomly generated identifier.	2 years
`_ga_*`	Google Analytics	Maintains session state with a unique session identifier.	2 years
`_gid`	Google Analytics	Stores a unique value for each page visited to limit data collection.	24 hours
`_gat`	Google Analytics	Throttles the request rate to Google Analytics.	1 minute
`_ga_R8BWJ47PSV`	Google Analytics	Maintains session state with a unique session identifier.	Unknown