Privacy Policy
Personal data controller
GW LASER TECHNOLOGY S.R.L., hereinafter Uzinex, with its registered office in Sat Rediu, Comuna Rediu, Strada Împăcării Nr. 2, Iași County, registered with the Trade Register under number J2023003903220, with sole registration code (VAT) RO 49240731 and European Unique Identifier ROONRC.J2023003903220, is the personal data controller within the meaning of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation — GDPR), as well as Law No. 190/2018 on measures implementing that regulation. This policy describes in detail how we collect, use, store, protect and disclose the personal data you provide to us or that we obtain in the course of our commercial relationships, your browsing of the uzinex.ro website or your direct interactions with our team.
Data protection officer
For any request regarding the processing of your personal data, the exercise of your GDPR rights or for further clarifications, you can contact us at info@uzinex.ro or by phone at (+40) 769 081 081. All requests receive a response within a maximum of 30 calendar days, in accordance with Article 12 of the GDPR — a period that may be extended by up to two further months in complex cases, in which case you will be informed of the reasons for the extension.
Categories of data we collect
- —Personal identification data: first name, surname, name of the company/institution represented, position/role held, personal numeric code (only where strictly necessary for specific contracts), tax registration code, Trade Register registration number.
- —Contact data: professional and/or personal email address, landline or mobile phone number, physical correspondence address, equipment delivery address, billing address.
- —Professional and business data: technical project specifications, procurement requirements, order history, technical documentation exchanged, commercial correspondence, acceptance reports, contractual documents.
- —Financial and banking data: bank accounts for invoicing and payment, credit limit information, payment history, data required for financing or leasing approval (strictly with your express consent).
- —Technical browsing data: IP address, browser type and version, operating system, pages visited on uzinex.ro, visit duration, referrer pages, time spent on each section, interactions with contact forms.
- —Communication data: the content of messages sent through the contact forms, commercial and technical emails, recordings of phone calls (only with prior explicit notice), internal notes of technical advisers.
- —Data from public sources: information available in public registers (ONRC, ANAF, SEAP/SICAP, Official Gazette) to verify the legal and financial standing of business partners.
Purposes of processing
- —Providing personalized technical and commercial offers for the requested industrial equipment, including drawing up custom configurations.
- —Performing supply, delivery, installation, commissioning, maintenance and service contracts for Uzinex equipment.
- —Invoicing, payment collection, financial and accounting management, tax reporting to the Romanian authorities (ANAF), archiving of accounting documents as required by law.
- —Participation in public procurement procedures through the SEAP and SICAP platforms, as well as in EU-funded projects (PNRR, POIM, POCU, POC, Horizon Europe).
- —Providing after-sales technical support, the standard 60-month warranty and on-site service interventions.
- —Communicating commercial news, invitations to industrial events, newsletters and direct marketing materials — exclusively to legal entities and only on the basis of your express consent, revocable at any time.
- —Compliance with legal and statutory obligations, including those on anti-money laundering (AML), countering terrorist financing, international sanctions and the control of sensitive technology exports.
- —Managing relationships with suppliers, commercial partners, distributors and subcontractors involved in delivering the technical solutions.
- —Defending the legitimate interests of Uzinex in commercial disputes, claims, arbitration or judicial proceedings.
- —Continuously improving our services, analysing customer satisfaction, developing new products and optimizing the experience on uzinex.ro.
Legal basis for processing
We process personal data on the basis of one or more of the following legal grounds, depending on the specific purpose of the processing: (a) the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract (Art. 6(1)(b) GDPR) — this is the main basis for most commercial relationships; (b) compliance with a legal obligation to which Uzinex is subject (Art. 6(1)(c) GDPR) — for example for invoicing, tax reporting, accounting archiving, participation in public procedures; (c) the legitimate interest of Uzinex or of a third party (Art. 6(1)(f) GDPR) — for example for website security, fraud prevention, defence in disputes, direct marketing to existing customers for similar products; (d) the express consent of the data subject (Art. 6(1)(a) GDPR) — for marketing activities to non-customers, the use of non-essential cookies, sending newsletters. For special categories of data (such as biometric data in the case of military equipment), we apply the additional grounds set out in Article 9 GDPR.
Your rights under the GDPR
- —Right of access (Art. 15) — you can request confirmation that we process your data and a copy of it, together with information about the purposes, categories, recipients, storage period and source of the data.
- —Right to rectification (Art. 16) — you can request the correction of inaccurate data or the completion of incomplete data, without undue delay.
- —Right to erasure — the right to be forgotten (Art. 17) — you can request the deletion of data when it is no longer necessary for the original purpose, you withdraw your consent, you object to the processing, or the data has been processed unlawfully.
- —Right to restriction of processing (Art. 18) — you can request the limitation of processing in certain situations, such as when you contest the accuracy of the data or object to the processing.
- —Right to data portability (Art. 20) — you can receive your personal data in a structured, commonly used and machine-readable format, in order to transmit it to another controller.
- —Right to object (Art. 21) — you can object at any time to the processing of your data for direct marketing purposes, or where the basis of the processing is legitimate interest.
- —Right not to be subject to automated decision-making (Art. 22) — you will not be subject to a decision based solely on automated processing, including profiling, that produces legal effects on you.
- —Right to withdraw consent — where processing is based on consent, you can withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.
- —Right to lodge a complaint — you can lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), based at B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, Bucharest, phone +40 318 059 211, email anspdcp@dataprotection.ro.
Recipients of personal data
Your data may be transmitted, for strictly determined purposes and only to the extent necessary, to the following categories of recipients: (1) authorized and trained Uzinex employees, under confidentiality agreements; (2) courier and oversized-transport service providers, for equipment delivery; (3) accounting, financial audit and tax consultancy firms, under data-processor agreements; (4) financial institutions, banks, leasing partners and insurance companies, for the performance of commercial contracts; (5) specialized technical subcontractors (installation, commissioning, maintenance); (6) lawyers, mediators, courts or arbitration bodies, in the event of disputes; (7) Romanian and European public authorities, when required by law (ANAF, ONRC, SEAP/SICAP, ANSPDCP, criminal investigation bodies); (8) technology platforms used to operate the website (Vercel — hosting and analytics, YouTube — video embeds, transactional email services). Uzinex does not sell, rent or share your personal data with third parties for commercial marketing purposes without your express consent.
International data transfers
In general, your data is processed and stored within the European Economic Area (EEA). Where data is transferred to controllers or processors outside the EEA (for example, cloud services operated in the USA), we apply the safeguards provided by Articles 44-50 GDPR: Standard Contractual Clauses approved by the European Commission, adequacy decisions, recognized certifications (e.g. the EU-US Data Privacy Framework). On request, we make copies of these additional safeguards available to you.
Data storage period
- —Contractual and commercial data: for the entire duration of the contractual relationship, plus 10 years after the end of the contract for accounting and tax archiving obligations (under Accounting Law 82/1991 and the Fiscal Code).
- —Data on non-finalized offers: a maximum of 3 years from the issuance of the offer, then deleted or anonymized.
- —Data for direct marketing: until consent is withdrawn or an objection is raised, with no other time limit.
- —Technical browsing data and cookies: according to the duration of each cookie (from session-only to a maximum of 24 months).
- —Data for disputes or complaints: for the duration of the proceedings plus the statutory limitation period.
- —Data from participation in public procurement: according to the requirements of the contracting authorities, usually a minimum of 5 years after project closure.
Technical and organizational security measures
Uzinex implements appropriate measures to protect personal data against unauthorized access, loss, alteration, destruction or accidental disclosure. These measures include: encryption of data at rest and in transit (TLS 1.3, AES-256), multi-factor authentication for access to critical systems, strict access controls based on the need-to-know principle, logging of operations on data, regular backups in secure locations, periodic internal audits, employee training on the GDPR and information security, confidentiality agreements with all processors, and security incident response plans. In the event of a security breach that could pose a risk to your rights and freedoms, we will notify you within 72 hours, in accordance with Article 34 GDPR.
Cookies and similar technologies
The uzinex.ro website uses cookies and similar technologies for correct operation, to improve the user experience and to analyse traffic. For full details on the types of cookies, their purpose and how you can manage them, please consult the separate Cookie Policy, available in the site footer.
Changes to this policy
We reserve the right to update this policy periodically to reflect changes in legislation, in our processing practices or in the services we offer. The date of the last update is shown at the top of the document. Significant changes will be communicated by email or through a visible notice on uzinex.ro at least 30 days before they take effect, giving you the opportunity to exercise your rights to object or withdraw consent.