Privacy Policy 

  1. The operator of the processing of personal data

EWAS MANAGEMENT SOLUTIONS SRL (“Company”), registered with the Trade Register under no. J23 / 1462/2010, fiscal registration code RO 26935853, with its registered office in Bragadiru, str. Rahovei, no.31, Ilfov county, as an Operator, processes personal data in accordance with the legal provisions in the field of data protection with personal character, as well as with the provisions of this Privacy Policy.

The company is the data operator regarding the processing of personal data, within the meaning of Regulation (EU) no. 679/2016 regarding the protection of natural persons with regard to the processing of personal data and regarding the free movement of these data (hereinafter referred to as “the Regulation” or “GDPR”).

Ensuring the confidentiality and security of personal data is one of the Company’s main concerns. EWAS MANAGEMENT SOLUTIONS SRL offers professional, personalized services, committing itself at the same time to respect the provisions of the Regulation and to protect, through appropriate technical and organizational measures, the confidentiality and security of your information.

  1. Application of the privacy policy

The Privacy Policy (“Policy”) describes the types of personal data we collect, the purposes and legal basis of the processing, the recipients who have access to this data, the rights and options that the data subjects have regarding the data processing. with personal character as well as the way of exercising these rights.

within this Policy and in accordance with the provisions of the Regulation, “personal data” means any information regarding an identified or identifiable natural person (“data subject”).

“Data processing” means any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modification, extraction, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction.

This Policy applies to personal data processed in connection with the activities and services offered by EWAS MANAGEMENT SOLUTIONS SRL, or from other interactions with which a connection or reference is regulated through this Policy.

By using web pages and / or by sending personal data to us, you express the agreement for the processing of your personal data, in the manner presented in the present Policy.

If you do not agree with this Policy, please do not use the services and / or provide your Company with your personal data.

  1. Purpose and legal basis of processing

The company processes the personal data it collects for the following purposes:

– for the promotion of products / goods and / or services through the site;

– to understand how the services offered by the Company are used, so that they can be improved;

– to be able to offer assistance services and to solve the demands or the complaints;

The collected data are processed for:

  • managing the Company’s relations with the clients / data subjects, including but not limited to the transmission of information and offers regarding the Company’s services and / or products (if the clients have agreed to this purpose) as well as for the development of the Company’s activity and services, according to with applicable legal provisions (such as identifying customer needs, improving service provision, maintenance or security information);
  • statistical purposes subject to the implementation of the appropriate technical and organizational measures provided for in the Regulation;
  • offering, transmitting or communicating from the Company details of the products offered, promotions or campaigns carried out (processing for marketing purposes, including direct marketing, and advertising).
  • to allow suppliers and subcontractors to perform services, provided they comply with the obligation of confidentiality.

The processing of personal data by the Company is based on the provisions of Regulation (EU) 2016/679, as well as on the national legislation regarding the protection of personal data.

The legal basis for the processing of personal data, related to each purpose separately, is represented by:

– the legitimate interests pursued by the operator or by a third party (for example to promote the Company’s products and services as well as to improve the relevance of the communications and services provided / promoted) (Article 6 paragraph (1) letter f) of the Regulation);


–  the express free consent of the data subject (art. 6 paragraph (1) letter (a) of the Regulation);

– fulfillment of some legal obligations incumbent on the operator (art. 6 paragraph (1) letter c) of the Regulation).

  1. Details regarding the processing of data based on consent

The transmission of personal data for processing by the Company for the purpose of information, advertising, marketing and advertising is voluntary and their processing is carried out on the basis of the specific, informed and freely expressed consent of the persons concerned. When the data processing is based on art. 6 paragraph (1) lit. (a) from the Regulation, the data subject has the right to withdraw his consent at any time, without affecting the legality of the processing carried out on the basis of the consent before his withdrawal. Thus, the data subject can modify or withdraw the consent at any time, and we will act immediately accordingly, unless there is a legal reason or a legitimate interest in not doing so.

Refusal to provide consent for data processing for these purposes will have no consequences for the data subject or the contracts to which he is a party.

  1. Collection and use of personal data. Categories of people and categories of data

We will process only the personal data that are adequate, relevant and limited to what is necessary in relation to the purposes mentioned in section (3), in accordance with the legal provisions, with the establishment of adequate guarantees for the fundamental rights and interests of the data subject.

Personal data is processed only when it is relevant to the interaction between you and us, to provide you with any of the goods or services agreed upon, offered based on your options and / or the contract concluded with the Company.

The categories of data subjects whose data are collected and processed by EWAS MANAGEMENT SOLUTIONS SRL are: customers, potential customers, representatives of the contractual partners, as well as users and visitors of the site.

Depending on the purpose of the processing, we collect several types of data from and about customers / users, respectively:

  • information we collect when browsing our site, including IP addresses and other parameters, cookies and web beacons;
  • other personal data communicated by the data subject or necessary for the fulfillment of the purposes (such as personal identification data (name, first name, billing address, delivery address, personal or professional email address, telephone number, etc.).

We collect information in the following ways:

  • Information that you provide us directly in the context of the interaction in any way that results from the use of the site;
  • Information we obtain when using the services. We collect information about the services you use and how you use them. This information includes:
  • Device Information – We collect device information (such as hardware model, operating system version, and mobile network information, including phone number).
  • Log information – When you use our services, we automatically collect and store certain information in the logs on the server. These include:
  • details about how you used our service
  • cookies that can uniquely identify your browser or your Account
  • Cookies and similar technologies

Purpose of the use of cookies through the site

  • Cookies are used to provide website users with a better browsing experience and services tailored to the needs and interests of each individual user. Namely for:
  • Customizing certain settings such as the language in which a site is viewed, the currency in which the prices and rates are expressed, keeping options for various products / services.
  • improving the use of the websites, including by identifying certain errors that occur during the users’ visit / use.
  • Anticipation of certain goods / services that will be made available to users in the future through these web pages.

How long is the life of cookies?

The lifetime of a cookie may vary, depending on the purpose for which they were placed, being influenced by the category to which it belongs, as follows:

  • Session cookies – these are automatically deleted when the user closes their browser.
  • Persistent / fixed cookies – these are stored in the user’s terminal until they reach a certain expiration date or until the respective cookies are deleted by the user, at any time, through the browser settings.

How can I stop cookies?

You can set your browser to block all cookies or to indicate when we place a cookie. However, it is important to remember that many of our services may not work properly if you have disabled cookies.

  1. Categories of recipients

The Company will only use the personal data in a correct and legal manner, in accordance with the contract concluded with the persons concerned, for one or more purposes identified in the contract and within the necessary limit. The company will not sell, sell or rent personal data to third parties.

Depending on the purposes mentioned in Section 3 of this Policy, the recipients of personal data may be: employees of the Company with strictly regulated attributions, service providers, persons empowered by the Company who under the direct authority of the operator are involved in the management of the contracts.

Any parties to whom we disclose personal data are limited (by law and / or contract) in their ability to use this data only for the purposes specifically identified by us, being kept in compliance with the GDPR Regulation and the confidentiality obligations expressly stipulated in this sense in the basic contract and / or the additional documents to it. We will always ensure that any parties to whom we disclose personal data are subject to the obligations of confidentiality and security, in accordance with the provisions of the Regulation and with the specific legislation applicable.

The company does not transfer personal data outside the space of the European Union or to international organizations.

  1. Duration of storage

The company keeps the personal data according to the principles of legality, proportionality and necessity, and in any case only for a period that does not exceed the period necessary to fulfill the purposes for which they are processed, and subsequently, either after the cessation of the collaboration relationship or at the expiration of the legal obligation. of the archive that belongs to the Company under the applicable law, the data will be deleted.

  1. Data operator and responsible employees

Within SC EWAS MANAGEMENT SOLUTIONS SRL personal data are processed only by employees who have such responsibilities, who have strict contractual obligations of confidentiality and can be held legally liable if they do not fulfill these obligations. These employees are persons responsible for the processing of personal data under the control of the data operator. Personal data are considered confidential, any unauthorized collection or processing by employees is prohibited. Any processing of personal data by an employee who has not been authorized to perform it, as part of his legitimate duties, is unauthorized. Employees have access to personal data according to the principle of “need to know”, only as appropriate, according to the duties and responsibilities set out in the job description. Employees are prohibited from collecting and / or using personal service data for any other private or commercial purpose, to disclose it to unauthorized persons or to make it available in any other way. This obligation remains in force even after the end of the employment period.

Compliance with the Privacy Policy and the applicable data protection legislation is regularly verified through data protection audits and other controls.

  1. The rights of the data subjects and the mode of exercise

in connection with the processing of personal data, based on the conditions specified in the GDPR Regulation, the Company guarantees to the data subjects the exercise of any of the following rights:

(1) The right to information and access to personal data allows the data subject to be informed about the processing of personal data, to obtain a confirmation of whether or not they process personal data concerning it and how such data is processed.

(2) The right to rectification implies the right to request the rectification or updating of inaccurate or incomplete personal data concerning you or their completion, when they are incomplete.

(3) The right to delete the data or the “right to be forgotten” implies the right to request the erasure of personal data concerning the data subject, in certain circumstances, such as (i) personal data are no longer necessary for the purpose for which they have were collected or processed, (ii) the data were processed illegally, (iii) the data processing took place based on the consent of the data subject, and it was withdrawn.

(4) The right of withdrawal of consent. It may be withdrawn at any time, when the processing of personal data has been carried out based on the consent of the data subject. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent before its withdrawal. The assumption of withdrawal of consent is not applicable in cases where the basis of processing is not consent.

(5) The right to restrict the processing implies the right to request and obtain the restriction of the processing of personal data, in certain circumstances, such as (i) the data subject contests the accuracy of the data, during the period that allows the operator to verify the accuracy of those data, (ii) ) the data have been processed illegally, and the data subject opposes their deletion, requesting the restriction of their use, (iii) the operator no longer needs personal data for the purpose of processing, but the data subject requests them to find, exercise or defend a right in court; or (iv) the data subject objected to the processing in accordance with art. 21 paragraph (1) of the Regulation and there are no legitimate reasons to prevail in terms of processing, for the time interval in which it is verified that the legitimate rights of the operator prevail over those of the data subject

(6) The right to data portability. The data subject has the right to receive the personal data concerning him and provided to the operator in a structured format, currently used and which can be read automatically and has the right to transmit this data to another operator, without obstacles from the operator to whom the personal data were provided, if:

  1. a) processing is based on consent under art. 6 paragraph (1) lit. (a) or of art. 9 paragraph (2) lit. (a) or on a contract pursuant to art. 6 paragraph (1) lit. (B); and
  2. b) processing is carried out by automatic means.

(7) The right to opposition presupposes that, at any time, the data subject has the right to oppose, for reasons related to his particular situation, the processing of personal data in certain circumstances, such as (i) the processing was carried out in the legitimate interest. of the operator or (ii) the processing is aimed at direct marketing, including the creation of profiles based on those provisions.

(8) The right not to be the subject of a decision based exclusively on the automatic processing of the data of the data subject, including the creation of profiles that produce legal effects or that significantly affect it. It implies that the data subject has the right to request human intervention from the Operator, to express his point of view and to challenge the decision.

For the exercise of these rights as well as for additional information, the data subject can address the Person in charge of the Protection of Personal Data by e-mail to the address or by mail to the address SC EWAS MANAGEMENT SOLUTIONS SRL, Bragadiru, str. Rahovei, no. 31, Ilfov county. Everyone has the right to ask questions about his rights and to obtain an answer within the time period provided by law, free of charge.

Also, the data subject has the right to file a complaint with the National Supervisory Authority for Personal Data Processing, G-ral Boulevard. Gheorghe Magheru 28-30, Sector 1, Bucharest as well as the right to address justice.

  1. Consequences of refusing to provide personal data

Insofar as you have opted for the purchase of a certain product and / or service, the provision of personal data is a necessity, from the perspective of the legal requirements and / or of the contractual legal relationship, because this information is necessary, and in the absence of this data we do not we will be able to honor the obligations towards you.

The refusal to transmit to the Company the personal data and / or to allow the processing by the Company of the personal data leads to the impossibility of providing services / supply of goods related to the activity of the Company, as well as of other related services, including use of online applications / services.

For the transmission of commercial communications for direct marketing purposes related to the Company’s activities, the communication of your personal data is voluntary. The lack of your consent for this purpose will have absolutely no consequence on the conclusion of the contract. The obligatory or optional nature of expressing consent will be specified by us at the time of data collection. You have the right at any time to withdraw your consent for the processing of personal data. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent before its withdrawal.


in certain cases, especially when you wish to delete or cease processing your personal data, this may mean that we will no longer be able to provide the services to you.

  1. Confidentiality regarding minors

The website is intended for use by persons over 16 years of age. We are not seeking to collect information about minors.

According to the legal provisions in force, information should not be transmitted or displayed on websites by minors under the age of 16 years. if a minor transmits personal information through our web site, we will delete this information as soon as we are informed about his age and starting with that time we will not use them for any purpose.

Updating the privacy policy

It is possible that the present policy will be subject to periodic updates that we will communicate to the data subjects whenever necessary. To be informed of any major changes that may have an impact on the processing of your personal data, please consult the Company’s web page periodically.