Privacy policy

1. When does it apply?
2. What is the purpose of this policy?
3. What constitutes personal data?
4. Why do we collect it?
Contractual purposes
Functional purposes
Marketing purposes
5. How do we collect it?
6. What rights do you have?
Right of access
Right to modification and deletion
Right to restriction of processing
Right to data portability (export)
Right not to be subject to automated decisions
Right to file a complaint
7. To whom do we disclose data?
8. How do we ensure data security?
9. What are the retention periods?
10. How do we handle requests from minors?
11. What do we do in case of security incidents?
12. What records do we keep?

1. When does it apply?

The privacy policy applies to the personal data of those who wish to become, are, or have been clients of SC Kolok Design SRL, including data collected, used, or disclosed while using our company’s website, available at www.odu-green-roof.com. When we refer to “Odu”, “we” or “our company” in this statement, we refer to SC Kolok Design SRL.

You can manage your consent regarding the purposes for which personal data will be used by sending an email to office@odu-green-roof.com, or by writing to us at sat Moldovenești, nr. 362, Cluj County.

This policy is effective as of 01.05.2018.

2. What is the purpose?

When you use our website, you entrust us with some of your personal data. We understand this and value it. We strive to protect it and provide you with as much control as possible.

The privacy policy helps you understand what personal data we collect about you, how we use it, and the choices you have regarding its use.

We are committed to maintaining the accuracy, confidentiality, and security of your personal data. To comply with legislative changes or practical realities, we reserve the right to adjust this policy at any time, with changes becoming effective upon publication on the website.

3. What constitutes personal data?

We want you to clearly understand what “personal data” means.

Personal data is information about an identified or identifiable individual. Examples of such data: name, surname, address, phone number, email, ID card data, personal identification number (CNP), bank information, cookies, IP address, mobile device IDs, web browser information (browser type and language), actions on our website, etc.

4. Why do we collect it?

Personal data is collected to carry out business relationships, provide the best services (fast deliveries, electronic payments, etc.), improve website functionality, or provide relevant advertising and promotions.

We limit personal data collection to what is relevant for processing. We do not process your data in ways incompatible with the purposes for which it was collected or later authorized by you.

Contractual data (mandatory) – to initiate a contract and conduct business
Data (name, surname, phone, email, etc.) may be collected to respond to inquiries about our products and services (including via CRM systems), organize order processing and delivery. These are collected through forms such as contact, quote request, online order, consultation request, account, etc. These are called “contractual data.” Without them, your order cannot be processed, invoiced, or delivered. You cannot benefit from our services or products via the website without providing this data.

We may disclose your personal data to third-party processors (couriers, payment processors, etc.) for order processing and delivery according to our instructions. Customers cannot opt out of receiving emails related to order processing and delivery. Legal basis: legitimate interest (Art.6(1)(f) GDPR).

Functional data – for better website experience
Data (name, surname, phone, email, etc.) may be collected to enhance website experience, via forms like price alerts, stock alerts, abandoned carts, review requests, etc. Also includes indirect data (Google Analytics reports, etc.) to improve site structure, navigation flow, and provide the best user experience.

Legal basis: consent (Art.6(1)(a) GDPR).

Marketing data – for targeted ads, social media engagement
Data such as direct (name, surname, phone, email) or indirect (cookies, IP address, location, device IDs) may be collected for newsletter subscriptions or targeted ads (Google Remarketing, Facebook Pixel, etc.). Social media connections (Facebook, LinkedIn, Twitter) may collect IP and visited pages, and a cookie may be set for proper functionality. Legal basis: consent (Art.6(1)(a) GDPR).

5. How do we collect it and manage consent?

You can grant or withdraw consent at any time. Consent may be requested when creating an account, placing an order, submitting a form, or via a control panel for each data category or purpose.

6. What rights do you have?

You have the right to access, correct, or delete your personal data. Requests are processed within 30 days. You also have the right to restrict processing, object to processing, request data portability, not be subject to automated decisions, and file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) or courts.

7. To whom do we disclose your data and where do we transfer it?

We collaborate with couriers, payment processors, and internet companies (Google, Facebook, etc.) to provide the best website experience.

Data may be shared with contracted service providers for order processing/delivery, online store improvement (Google Analytics), marketing, advertising (Google, Facebook, Mailchimp), accounting, legal services, affiliates, and business partners. Disclosure is necessary for business operations. We require confidentiality commitments from all partners. Transfers outside the EEA are protected by adequate safeguards.

Data may also be disclosed for legal compliance, audits, or business transfers (mergers, acquisitions, joint ventures, reorganizations, liquidation).

8. How do we ensure data security?

We take reasonable measures to protect personal data from loss, misuse, unauthorized access, disclosure, modification, and destruction, considering the nature of the data. Measures are regularly verified and updated. We use reputable service providers (hosting, software, marketing) to help maintain security.

9. Retention period

Data is stored according to legal requirements and while you consent. Personal data required for website functionality or promotional activities is stored indefinitely until account deletion.

10. How do we handle requests from minors?

We do NOT provide services or sell products to minors except as legally allowed. Minors under 18 cannot use our data processing services. Those aged 14+ can access services with parental or legal guardian consent.

11. Security incidents

In case of personal data breaches, authorities are notified within 72 hours based on risk. Affected clients or visitors are also informed. We take necessary measures to remediate incidents.