AcasaHome Legal GDPRGDPR
Document legal Legal document

Conformitate GDPR.Compliance GDPR.

Ultima actualizare: 30 Aprilie 2026 Last updated: April 30, 2026
Document sablon. Informatii suplimentare despre conformitatea GDPR. Detaliile specifice trebuie validate de un consultant juridic / DPO autorizat.

01Angajamentul nostru GDPROur GDPR commitment

Ecco Group respecta integral Regulamentul (UE) 2016/679 privind protectia persoanelor fizice in ceea ce priveste prelucrarea datelor cu caracter personal (GDPR), aplicabil din 25 mai 2018.Ecco Group fully complies with Regulation (EU) 2016/679 on the protection of natural persons regarding personal data processing (GDPR), applicable since May 25, 2018.

Acest document complementar Politicii de Confidentialitate detaliaza cadrul GDPR si rolurile noastre.This document, complementary to the Privacy Policy, details the GDPR framework and our roles.

02Operator vs ImputernicitController vs Processor

In raport cu datele clientilor finali (utilizatori ai aplicatiilor partenere care folosesc platforma noastra), Ecco Group actioneaza ca:In relation to end-customer data (users of partner apps using our platform), Ecco Group acts as:

  • Imputernicit al partenerului care detine relatia cu utilizatorulProcessor on behalf of the partner who holds the user relationship
  • Operator pentru datele tranzactionale necesare procesarii (in nume propriu, conform reglementarilor financiare)Controller for transactional data needed for processing (on own behalf, per financial regulations)

Pentru fiecare partener integrat se semneaza un Acord de Prelucrare a Datelor (DPA) care reglementeaza in detaliu rolurile, scopurile si masurile tehnico-organizatorice.For each integrated partner, a Data Processing Agreement (DPA) is signed, regulating in detail the roles, purposes and technical-organizational measures.

03Principiile prelucrariiProcessing principles

Toate operatiunile de prelucrare a datelor respecta principiile GDPR:All data processing operations respect GDPR principles:

  • Legalitate, echitate, transparentaLawfulness, fairness, transparency
  • Limitarea scopului — datele sunt colectate doar in scopuri determinatePurpose limitation — data is collected only for specified purposes
  • Minimizarea datelor — colectam strict ce e necesarData minimization — we collect strictly what is necessary
  • Exactitate — datele incorecte sunt corectate sau sterseAccuracy — incorrect data is corrected or deleted
  • Limitarea stocarii — datele sunt sterse cand nu mai sunt necesareStorage limitation — data is deleted when no longer needed
  • Integritate si confidentialitate — securitate prin designIntegrity and confidentiality — security by design
  • Responsabilitate — putem demonstra conformitatea oricandAccountability — we can demonstrate compliance at any time

04Masuri tehnice si organizationaleTechnical and organizational measures

Masuri tehniceTechnical measures

  • Criptare TLS 1.3 in tranzitTLS 1.3 encryption in transit
  • Criptare AES-256 in stocareAES-256 encryption at rest
  • Backup-uri regulate cu retentie controlataRegular backups with controlled retention
  • Monitorizare 24/7 si alerte de securitate24/7 monitoring and security alerts
  • Penetration testing periodicPeriodic penetration testing
  • Multi-factor authentication pentru acces administrativMulti-factor authentication for admin access

Masuri organizationaleOrganizational measures

  • Politici interne de acces (need-to-know basis)Internal access policies (need-to-know basis)
  • Training GDPR pentru toti angajatiiGDPR training for all employees
  • Acorduri de confidentialitate cu personalulConfidentiality agreements with personnel
  • Registru al activitatilor de prelucrare (Art. 30 GDPR)Record of processing activities (GDPR Art. 30)
  • Procedura de raspuns la breach in maxim 72 oreBreach response procedure within 72 hours

05CertificariCertifications

  • ISO 27001Sistem de Management al Securitatii InformatieiInformation Security Management System
  • ISO 9001Sistem de Management al CalitatiiQuality Management System

06Transfer international de dateInternational data transfer

Datele sunt stocate in centre de date din Uniunea Europeana. Transferurile catre tari terte (in afara SEE) se fac doar cu garantii adecvate — clauze contractuale standard aprobate de Comisia Europeana sau decizii de conformitate.Data is stored in EU data centers. Transfers to third countries (outside EEA) are only made with adequate safeguards — standard contractual clauses approved by the European Commission or adequacy decisions.

07Notificarea breach-urilorBreach notification

In cazul unei brese de securitate care implica date cu caracter personal, vom notifica:In case of a security breach involving personal data, we will notify:

  • ANSPDCP in maxim 72 oreANSPDCP within 72 hours
  • Persoanele afectate fara intarziere nejustificata, daca riscul este ridicatAffected persons without undue delay, if risk is high
  • Partenerii contractuali conform DPA-urilor in vigoareContractual partners according to active DPAs

08Responsabil cu Protectia Datelor (DPO)Data Protection Officer (DPO)

Pentru orice solicitare legata de prelucrarea datelor sau exercitarea drepturilor GDPR:For any request related to data processing or GDPR rights:

  • Email: office@epin.ro (subject: GDPR)Email: office@epin.ro (subject: GDPR)
  • Adresa: Strada Magura Vulturului 58, etaj 1, sector 2, BucurestiAddress: Magura Vulturului 58, 1st floor, district 2, Bucharest

09Resurse externeExternal resources