GDPR Policy
GDPR / Privacy Policy
This policy describes how NET SEO MEDIA SRL collects and processes personal data on the website www.cs-cart.ro .
1. Introduction and legal framework
This policy establishes how NET SEO MEDIA SRL collects and processes personal data.
The relevant European regulation is Regulation (EU) 2016/679 , known as GDPR.
NET SEO MEDIA SRL, J40/3328/2012, CUI RO29957449.
For GDPR requests: contact@cs-cart.ro
2. Purpose of data collection and processing
We collect and process data for quotations, order processing, service provision, technical support, billing and customer communication.
We do not use data for marketing purposes unless the user has expressed consent.
The customer can unsubscribe from marketing communications at any time or request deletion of data, within the limits of the law.
3. Categories of data processed
The data collected may include: name , phone number , email address , shipping address , billing information , order history , and other voluntarily submitted information.
We only collect data necessary for the stated purposes.
4. What we use the data for
4.1 Order processing and service provision
We use the data for order management, delivery, billing, support and communications necessary for the execution of the contract.
4.2 Site operation and security
We use technologies such as cookies for the proper functioning of the site, security and to improve the experience.
4.3 Marketing communications
We send commercial communications only based on consent. Unsubscribing is available at any time.
5. Legal basis GDPR
| Scope | Legal basis | Examples |
|---|---|---|
| Order processing, delivery, support | Contract execution | account, order, delivery, customer support |
| Billing and accounting | Legal obligation | invoices, tax documents, accounting records |
| Site security and operation | Legitimate interest | logs, protection, optimization |
| Newsletter and marketing | Consent | subscription, promotional communications, unsubscribe |
6. Security measures
- Mapping data flows and limiting data access.
- Storage procedures and access levels.
- Physical and logical protection measures for IT infrastructure.
- Protection against unauthorized access and cyber attacks.
- Staff training and monitoring of data protection processes.
7. Rights of data subjects
- The right of access to processed personal data.
- The right to rectification of inaccurate or incomplete data.
- The right to erasure , within the limits of legal obligations.
- The right to restriction of processing.
- The right to object to certain processing.
- The right to portability , where applicable.
You have the right to file a complaint with the ANSPDCP if you believe that your rights have been violated.
8. Recipients and proxies
We may share strictly necessary data with trusted suppliers and partners: payment processors, couriers, hosting/IT providers, email services, accounting or other services necessary to provide the activity.
9. Transfers outside the EEA
If we use providers who process data outside the European Economic Area, we ensure that there are appropriate safeguards, such as confidentiality clauses.standard traction.
10. Data storage duration
Data is retained only for the period necessary to fulfill the stated purposes or in accordance with legal obligations, including tax and accounting obligations.
11. Policy updates
We may update this policy from time to time. Any changes will be posted on this page.
Last update: 05.02.2026