Privacy Policy

Last updated: February 2026  |  Controller: GLAB IT SOLUTIONS SRL

1. Data Controller

The data controller for personal data collected through this website is:

2. Data We Collect

We collect personal data only when you voluntarily provide it. This occurs in the following situations:

• Contact form submissions: First name, last name, business email address, company or institution name, approximate ATM count, and any message you choose to send.
• Email correspondence: Any personal information contained in emails you send to [email protected].

We do not collect payment card data, national identification numbers, or other sensitive categories of personal data through this website.

3. How We Use Your Data

We use the personal data you provide for the following purposes:

• Responding to enquiries: To review your requirements and send you a relevant response, proposal, or security assessment offer.
• Pre-sales communication: To follow up on your enquiry and discuss how our services may address your ATM security needs.
• Internal records: To maintain a record of our correspondence and commercial relationships.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined in Article 6 of the GDPR:

• Legitimate interests (Art. 6(1)(f)): Responding to business enquiries and maintaining commercial relationships is a legitimate interest that does not override your rights.
• Contract performance (Art. 6(1)(b)): Where you engage us for services, processing is necessary to perform that contract.
• Consent (Art. 6(1)(a)): Where we send you marketing communications, we will obtain your explicit consent in advance.

5. Data Retention

We retain personal data from contact form submissions for a maximum of 36 months from the date of last contact. Data related to active commercial contracts is retained for the duration of the contract and for up to 7 years thereafter to comply with Romanian and EU accounting and legal obligations.

You may request deletion of your data at any time (see Section 7).

6. Third-Party Processors

Your data may be processed by the following third-party service providers acting as data processors on our behalf:

• Formspree (formspree.io): Contact form submission handling. Data is transmitted securely via HTTPS and stored temporarily before delivery to our inbox. See Formspree Privacy Policy.
• Cloudflare (cloudflare.com): Website hosting and content delivery. Cloudflare processes request metadata (IP address, browser type) for security and performance purposes. See Cloudflare Privacy Policy.

All processors are contractually bound to process data only on our instructions and in accordance with GDPR requirements.

7. Your Rights Under GDPR

As a data subject under EU law, you have the following rights:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
• Right to restriction (Art. 18): Request that we limit how we use your data while a dispute is resolved.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests at any time.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, or with the supervisory authority in your EU member state.

8. Cookies

This website does not use tracking or advertising cookies. We do not deploy Google Analytics, Facebook Pixel, or any behavioural advertising technology. The only cookies that may be set are strictly necessary session or security cookies required for the website to function correctly. No consent is required for these cookies under the ePrivacy Directive.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption for all data in transit, access controls limiting who within our organisation can access contact data, and regular review of our data handling practices. In the unlikely event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

10. International Transfers

GLAB IT SOLUTIONS SRL is based in Romania, an EU member state. Your data is processed within the European Economic Area (EEA). Where any processor operates outside the EEA, we ensure that appropriate safeguards are in place (such as Standard Contractual Clauses) as required by Chapter V of the GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this page periodically.

12. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us: