Privacy Policy

This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure for processing and protecting personal data within ARMQU S.R.L., a limited liability company organized and operating in accordance with the provisions of Romanian law (hereinafter "ARMQU S.R.L." or the "Controller"), and establishes procedures aimed at preventing and documenting any breaches of the applicable law regarding personal data.

This Policy has been drafted in accordance with the legislation of Romania and the European Union, in particular with the General Data Protection Regulation (GDPR), adopted by the European Parliament and the Council on April 27, 2016, and any other local law on personal data protection applicable in Romania.

The purpose of this Policy is to explain which personal data we process, why we process it, and what we do with it. Considering that personal information belongs to each user, we do our best to store it securely and process it carefully. We do not provide information to third parties without first fulfilling our obligation to inform.

This data protection policy applies to ARMQU S.R.L. and the company's employees. The data protection policy extends to all processing of personal data. The most recent version of the data protection policy can be accessed along with the information on data confidentiality on the armqu platform.

Data Protection Officer (DPO) – The person responsible for monitoring the application of the GDPR and other applicable laws regarding the protection of data subjects whose personal data is processed.

Personal Data – Any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific elements.

Processing – Any operation or set of operations performed upon personal data or upon sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available.

Controller – The natural or legal person, public authority, agency, or other body which, alone or jointly with others, establishes the purposes and means of the processing of personal data. For the purposes of this Policy, "Controller" means ARMQU SRL.

Processor – The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.

Consent – Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they agree, by a statement or by a clear affirmative action, that the personal data relating to them may be processed.

Personal Data Breach – A security breach that accidentally or unlawfully leads to the destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data that are transmitted, stored, or otherwise processed.

Fairness and Legality – ARMQU S.R.L. protects the individual rights of natural persons during the processing of personal data, with personal data being collected and processed legally and fairly.

Restrictions to a Specific Purpose – Personal data is processed only for the purpose defined before data collection begins. Subsequent changes to the purpose are possible only by way of exception, to a limited extent, and require a justification.

Transparency – The data subject is informed about how their data is processed. When data is collected, the data subject must be aware or be informed of the identity of the Data Controller, the purpose of the data processing, and third parties to which the data might be disclosed.

Data Minimization – Before processing personal data, it must be determined whether and to what extent the processing of personal data is necessary to achieve the purpose for which it is performed.

Accuracy – Personal data must be correct, complete, and, if necessary, up to date. ARMQU SRL takes appropriate measures to ensure that incorrect or incomplete data is deleted, corrected, supplemented, or updated.

Data Confidentiality and Security – Personal data is subject to legal obligations to maintain data secrecy. Each ARMQU SRL employee must treat it as confidential, and appropriate organizational and technical measures are provided to prevent unauthorized access.

Processing Data to Fulfill a Contract – Personal data of contact persons and representatives of customers, suppliers, and partners can be processed to establish, execute, and terminate a contract.

Consent as the Basis for Data Processing – Where the consent of data subjects is required, data may be processed after receiving the consent of the data subject. Consent must be obtained in writing or in electronic format for documentation purposes.

Processing Data Under a Legal Obligation – Processing personal data is also allowed where applicable law so requires, imposes, or permits it.

Processing Data Under Legitimate Interests – Personal data may also be processed if it is necessary for a legitimate interest of ARMQU S.R.L., provided that the data subject's interests requiring protection do not take precedence.

Access to Data – You may ask us to confirm whether we are processing your personal data, provide you with a copy of that data, and give you other information about the personal data.

Rectification – You may request us to supplement/modify your personal data so that it is consistent with reality.

Erasure of Data (Right to be Forgotten) – You may ask us to delete your personal data if it is no longer necessary for the purposes for which it was collected, you have withdrawn your consent, you exercise a legal right to object, or the data was processed illegally.

Restriction of Data Processing – You may ask us to restrict the processing of your personal data in specific cases, such as when you dispute the accuracy of your personal data or processing is unlawful.

Data Portability – You may request us to transmit the personal data concerning you in a structured, commonly used, machine-readable format.

Objection – You have the right to object to processing when the processing is necessary for the fulfillment of a task serving a public interest or for legitimate interests pursued by us.

Automated Decision-Making – You have the right not to be subject to a decision based solely on automated processing, including profiling, with certain limitations as provided by law.

Personal data is considered confidential information and will be treated as such. Any unauthorized collection, processing, or use of this data by employees is prohibited. The processing of personal data is confidential and will be carried out only by persons acting under the authority of ARMQU SRL and only based on its instructions.

Personal data is protected against unauthorized access and against unlawful processing or disclosure, as well as accidental loss, alteration, or destruction. Technical and organizational measures for the protection of personal data are part of the company's information security management and are continuously adapted to technological developments and organizational changes.

All personal data must be handled with the highest level of security and must be kept in a locked room with controlled access, in a locked drawer or cabinet, if computerized, protected by a password in accordance with the requirements of the access control policy, or stored on encrypted computer media in accordance with standards in the field.

All employees are required to immediately inform their supervisor or the Data Protection Officer about any cases of breach of this data protection policy or other regulations regarding personal data (data protection incidents), whether it is a breach of confidentiality, data integrity, or availability. The head of the organizational structure is required to immediately inform the Data Protection Officer about the data protection incidents.

In cases of improper transmission of personal data to third parties, inappropriate access to personal data, or loss, destruction, or alteration of personal data, the head of the relevant organizational structure will urgently draft incident reports so that urgent measures can be taken to limit the harm to the owners of personal data and to comply with the obligations to report and notify incidents to the supervisory authority.

The management of ARMQU S.R.L., as well as its employees and agents, are responsible for the processing of data in their area of responsibility. Therefore, they are obliged to ensure that the legal requirements for data protection and the requirements contained in the data protection policy are met.

Improper processing of personal data or other violations of data protection laws may lead to claims for damages. Violations for which individual employees are responsible may lead to sanctions under labor law.

If you have a complaint regarding the use of your information, we would prefer that you contact us first at privacy@armqu.com so that we can resolve the request amicably. However, you may also contact the National Supervisory Authority for Personal Data Processing for information via the website: www.dataprotection.ro or write to them at the address: 28-30 G-ral. Gheorghe Magheru Blvd, District 1, postal code 010336, Bucharest, Romania.

This Policy comes into effect on 03.01.2026. ARMQU SRL may change or modify this policy periodically. This may happen, for example, due to legislative changes or if ARMQU SRL modifies its business or practices.