GDPR Policy

GDPR / Privacy Policy

This policy describes how NET SEO MEDIA SRL collects and processes personal data on the website www.cs-cart.ro .

1. Introduction and legal framework

This policy establishes how NET SEO MEDIA SRL collects and processes personal data.

The relevant European regulation is Regulation (EU) 2016/679 , known as GDPR.

Data controller:
NET SEO MEDIA SRL, J40/3328/2012, CUI RO29957449.
For GDPR requests: contact@cs-cart.ro

2. Purpose of data collection and processing

We collect and process data for quotations, order processing, service provision, technical support, billing and customer communication.

We do not use data for marketing purposes unless the user has expressed consent.

The customer can unsubscribe from marketing communications at any time or request deletion of data, within the limits of the law.

3. Categories of data processed

The data collected may include: name , phone number , email address , shipping address , billing information , order history , and other voluntarily submitted information.

Data minimization:
We only collect data necessary for the stated purposes.

4. What we use the data for

4.1 Order processing and service provision

We use the data for order management, delivery, billing, support and communications necessary for the execution of the contract.

4.2 Site operation and security

We use technologies such as cookies for the proper functioning of the site, security and to improve the experience.

4.3 Marketing communications

We send commercial communications only based on consent. Unsubscribing is available at any time.

5. Legal basis GDPR

Scope Legal basis Examples
Order processing, delivery, support Contract execution account, order, delivery, customer support
Billing and accounting Legal obligation invoices, tax documents, accounting records
Site security and operation Legitimate interest logs, protection, optimization
Newsletter and marketing Consent subscription, promotional communications, unsubscribe

6. Security measures

  • Mapping data flows and limiting data access.
  • Storage procedures and access levels.
  • Physical and logical protection measures for IT infrastructure.
  • Protection against unauthorized access and cyber attacks.
  • Staff training and monitoring of data protection processes.

7. Rights of data subjects

  • The right of access to processed personal data.
  • The right to rectification of inaccurate or incomplete data.
  • The right to erasure , within the limits of legal obligations.
  • The right to restriction of processing.
  • The right to object to certain processing.
  • The right to portability , where applicable.
Complaints:
You have the right to file a complaint with the ANSPDCP if you believe that your rights have been violated.

8. Recipients and proxies

We may share strictly necessary data with trusted suppliers and partners: payment processors, couriers, hosting/IT providers, email services, accounting or other services necessary to provide the activity.

9. Transfers outside the EEA

If we use providers who process data outside the European Economic Area, we ensure that there are appropriate safeguards, such as confidentiality clauses.standard traction.

10. Data storage duration

Data is retained only for the period necessary to fulfill the stated purposes or in accordance with legal obligations, including tax and accounting obligations.

11. Policy updates

We may update this policy from time to time. Any changes will be posted on this page.

Last update: 05.02.2026