Privacy Policy

IEA Automation S.R.L. Data Protection Statement

1. Name and Address of the Data Controller

For the purposes of the General Data Protection Regulation (GDPR), other national data protection laws of the Member States, and other applicable data protection provisions, the Data Controller is:

IEA Automation S.R.L.
Bistrița, Amurgului 17
420078, Bistrița-Năsăud, Romania

The Data Controller has appointed the following person as the Data Protection Officer:

Leontin Catarig
Administrator, IEA Automation S.R.L.
📧 office@ieaelectric.ro

2. General Information on Data Processing

2.1. Scope of Personal Data Processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website, content, and services. Personal data is processed only after obtaining the user’s consent, except in cases where obtaining consent is not feasible for legitimate reasons and data processing is permitted by law.

2.2. Legal Basis for the Processing of Personal Data

The legal basis for processing personal data is as follows:

    • Article 6(1)(a) GDPR – when we obtain the data subject’s consent for processing.

    • Article 6(1)(b) GDPR – when processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures.

    • Article 6(1)(c) GDPR – when processing is required to fulfill legal obligations.

    • Article 6(1)(d) GDPR – when processing is necessary to protect the vital interests of the data subject or another natural person.

    • Article 6(1)(f) GDPR – when processing is necessary to protect our legitimate interests or those of a third party, provided these interests override the data subject’s rights and freedoms.

2.3. Data Deletion and Retention Period

Personal data is deleted or blocked once the purpose of storage has been fulfilled. Longer storage periods are permitted if required by European or national regulations, laws, or other provisions applicable to the Data Controller. Additionally, data is deleted or blocked after the expiration of legal retention periods unless required for contract execution or performance.

The stored data includes, but is not limited to:

    • Log files – retained for a maximum of 14 days.

    • Login databases – retained for the duration of the user account.

2.4. Description and Scope of Data Processing

Each time a user visits our website, our system automatically collects data and information from the accessing computer. The following data is collected:

    • Browser type and version

    • User’s operating system

    • User’s internet service provider

    • User’s IP address

    • Date and time of access

    • Referring website (from which the user was redirected)

    • Websites accessed via our website

    • Duration of the user’s visit

    • User’s country of origin

    • User’s preferred language

    • First and most recent visit timestamps

This data is also stored in log files on our system. However, we do not store this data alongside other personal user data.

2.5. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR, as the processing is necessary for the legitimate interests of the company.

2.6. Purpose of Data Processing

The temporary storage of the user’s IP address by our system is necessary to deliver the website to the user’s computer. Therefore, the IP address must be stored for the duration of the session. The storage of data in log files ensures the proper functioning of our website. Additionally, the data is used to optimize website performance and protect the security of our IT systems. These purposes represent our legitimate interest in processing the data in accordance with Article 6(1)(f) of the GDPR.

2.8. Duration of Storage

Data is deleted as soon as the purpose for which it was collected has been fulfilled. When data is collected for website operation, it is deleted once the session ends. If stored in log files, the data is deleted after a maximum period of 14 days. In certain cases, data may be retained for a longer period. In such instances, IP addresses are either deleted or anonymized (truncated) to ensure they can no longer be linked to the user.

2.9. Right to Object and Contest a Decision

The collection and storage of data for website functionality are essential for its operation. As a result, users cannot object to these data collection and storage processes.

3. Use of Cookies

3.1. Description and Scope of Data Processing

Our website uses cookies—small text files stored in the internet browser or on the user’s device. When a user visits our website, cookies may be placed locally. Each cookie contains a unique identification code that allows the browser to be recognized upon future visits.

We use cookies to enhance website usability. Some website features require browser identification even after the user has left the site.

Cookies store and transmit the following data:

    • Items in a shopping cart

    • Login information

    • Conversation data

    • Cross-site request forgery (XSRF) protection

    • Items in a wish list

    • Google Analytics tracking

    • General Facebook Pixel verification

    • Google Maps integration

    • Universal Messenger data for a personalized website experience

    • YouTube video integration

Our website also uses cookies to analyze user behavior. The following data may be collected:

    • Search terms entered

    • Pages visited

    • Use of website functions

The collected data is pseudonymized to prevent it from being traced back to individual users. Additionally, it is not merged with other personal data.

Upon accessing the website, users are informed about cookie usage through a notification banner, which also provides information on how to disable cookies via browser settings.

3.2. Legal Basis for Data Processing

The processing of data through cookies is based on Article 6(1)(f) of the GDPR, as it serves our legitimate interest in maintaining a functional and optimized website.

3.3. Purpose of Data Processing

The use of strictly necessary cookies aims to enhance website usability. Some website functions may not be available if cookies are disabled, as they rely on recognizing the browser even after the user has left the site.

The use of cookies is essential for the following functionalities:

    • Shopping functions (e.g., shopping cart)

    • Tracking functions (e.g., determining country of origin)

The data collected by strictly necessary cookies is not used to create user profiles. Analytical cookies are exclusively used to improve website quality and content. They provide insights into website usage patterns, helping us optimize our services.

These purposes represent our legitimate interest in processing data in accordance with Article 6(1)(f) of the GDPR.

3.4. Duration of Storage, Right to Object, and Contest a Decision

The user’s computer stores and transmits cookies to our website. This means users have full control over cookie usage. You can disable or restrict cookie transmission by modifying your internet browser settings. Cookies already placed on your device can be deleted at any time, either manually or automatically.

Please note that if cookies are disabled, some website functions may not be available in their full capacity.

4. Newsletter

4.1. Description and Scope of Data Processing

Our website allows users to subscribe to a free newsletter. The data entered in the registration form is transmitted to us.

During registration, the following data is also collected:

    • IP address of the accessing computer

    • Date and time of registration

User consent for data processing is obtained during the registration process, along with a reference to this Data Protection Statement.

If you provide your email address while purchasing goods or services on our website, we may use this information to send newsletters related to similar products or services offered by our company.

No data is shared with third parties as part of newsletter distribution. The data is used solely for sending the newsletter.

We also use newsletter tracking, meaning our emails contain small image files (also known as web beacons or tracking pixels). These are embedded as links rather than directly included in the email. They are downloaded from an external server when the email is opened in a webmail application.

The following data is collected:

    • Email open activity

    • IP address

    • Information about the email client (software) used

4.2. Legal Basis for Data Processing

The legal basis for data processing following the user’s subscription and consent is Article 6(1)(a) of the GDPR.

Newsletter tracking is based on Article 6(1)(f) of the GDPR, as it serves our legitimate interest in analyzing the effectiveness of our newsletters.

4.3. Purpose of Data Processing

We collect users’ email addresses for the sole purpose of sending newsletters.

Newsletter tracking allows for statistical analysis, including:

    • Determining how many emails are opened

    • Identifying frequently accessed links within the newsletter

These analytics do not allow for the identification of individual users. Instead, the data is used to optimize newsletter content and improve compatibility with different email clients.

Additional personal data collected during registration helps prevent misuse of our services and email addresses.

4.4. Duration of Storage

User data is deleted as soon as it is no longer needed for its original purpose.

    • Email addresses are stored as long as the user remains subscribed to the newsletter.

    • Analytics data is deleted after three months.

    • Any additional personal data collected during registration is typically deleted after seven days.

4.5. Right to Object and Contest a Decision

Users may unsubscribe from the newsletter at any time by clicking the unsubscribe link included in each email.

Unsubscribing also revokes consent for storing personal data collected during registration.

Strictly necessary cookies are used to improve website usability. Certain features may not be available if cookies are disabled, as they require browser recognition.

Cookies are essential for the following applications:

    • Shopping functions (e.g., shopping cart)

    • Tracking functions (e.g., determining country of origin)

Strictly necessary cookies do not create user profiles. Analysis cookies, on the other hand, are used solely to improve website quality and content by providing insights into user behavior.

These purposes represent our legitimate interest in processing data in accordance with Article 6(1)(f) of the GDPR.

5. Registration

5.1. Description and Scope of Data Processing

Our website allows users to register by providing their personal data. The data is entered into a form, transmitted to us, and stored securely. No data is shared with third parties, except when required for payment processing in an e-commerce transaction.

During the registration process, the following personal data is collected:

    • (1) First name

    • (2) Last name

    • (3) Email address

    • (4) Password

    • (5) Address

    • (6) Postal code

    • (7) City

    • (8) Date of birth

    • (9) Telephone number

    • (10) Fax number

    • (11) Tax code

    • (12) Company

    • (13) Company website

Additionally, the following technical data is stored:

    • (1) Date and time of registration

    • (2) Date and time of registration confirmation

    • (3) Date and time of consent to the Data Protection Declaration

    • (4) Website where the registration was performed

User consent to the processing of this data is obtained during the registration process. The same data may also be collected during an e-commerce transaction.

5.2. Legal Basis for Data Processing

The legal basis for processing personal data upon user consent is Article 6(1)(a) of the GDPR.

If registration is required to perform a contract or take pre-contractual measures, data processing is additionally based on Article 6(1)(b) of the GDPR.

For e-commerce transactions, data processing is carried out under Article 6(1)(b) of the GDPR.

5.3. Purpose of Data Processing

User registration is required to access specific content and services on our website. Registration may also be necessary to:

    • Perform a contract with the user

    • Take pre-contractual measures before entering into a contract

5.4. Storage Period

Personal data is deleted as soon as it is no longer required for the purpose for which it was collected.

    • For registered users, data is deleted when the user cancels or modifies their registration.

    • For contractual purposes, data may be stored beyond registration if necessary for contract execution or legal obligations.

    • If legal retention requirements apply, IEA Automation S.R.L. will retain the data for the legally mandated period before deletion.

Upon a user’s request to delete their account, all data specified in Section 5.1 will be erased—unless legal obligations require further retention (e.g., tax or commercial law requirements).

5.5. Right to Object and Contest a Decision

Users may cancel their registration at any time. Additionally, they can request:

Data deletion – If the data is required for contract performance or pre-contractual measures, deletion is only possible if it does not conflict with legal retention obligations.

6. Contact Form and Email Communication

6.1. Description and Scope of Data Processing

Our website provides a contact form that allows users to send electronic correspondence. The data entered in the form is transmitted and stored securely. When the form is submitted, the following additional data is also collected:

    • (1) IP address of the user

    • (2) Language and URL of the accessed page

    • (3) Browser and operating system details

    • (4) Referring page (the page the user visited before accessing the contact form)

    • (5) Date and time of contact

Before submitting the form, users must agree to the Data Protection Declaration, ensuring transparency regarding data processing.

Alternatively, users can contact us via email. In this case, any personal data provided in the email will also be stored securely.

No data is disclosed to third parties in this context.

6.2. Legal Basis for Data Processing

The legal basis for processing data submitted via the contact form (with user consent) is Article 6(1)(a) GDPR.

For data transmitted via email, processing is based on Article 6(1)(f) GDPR (legitimate interest in handling inquiries).

If email contact is made for contract-related purposes (e.g., placing an order), processing is also governed by Article 6(1)(b) and (c) GDPR.

The storage of data related to course participants is based on Article 6(1)(f) GDPR (legitimate interest in course management).

6.3. Purpose of Data Processing

We process personal data submitted via the contact form exclusively to handle user inquiries.

    • For email inquiries, processing is necessary for our legitimate interest in responding to user requests.

    • For training course registrations, the submitted data is used to organize and conduct training sessions.

    • Any additional personal data collected during form submission helps prevent misuse and ensures IT security.

6.4. Storage Duration

Personal data is deleted as soon as its processing is no longer necessary:

    • Online Form Data – Not stored on our servers.

    • Email Correspondence – Deleted once the conversation is concluded (i.e., when the request is fully resolved).

    • Reservations – We use a double opt-in process:
        • If the user replies to our confirmation email, data is deleted within 24 hours.

        • If no response is received, the request is stored for two weeks to allow the user to place their order.

6.5. Right to Object and Withdraw Consent

Users may withdraw their consent to data processing at any time.

In case of withdrawal, all related personal data will be deleted, and correspondence will be terminated.

If a user contacts us via email, they can request data deletion at any time.

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

7. Website Analysis Services

7.1. Description and Scope of Data Processing

Our website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies—small text files stored on your device—to analyze your use of our website.

The data collected by these cookies, including information about your website usage, is typically transferred to Google servers in the USA and stored there.

To protect user privacy, our website uses Google Analytics with the extension “_anonymizeIp()”, which ensures that only truncated IP addresses are processed. This means:

    • Your IP address is shortened before transmission within EU member states or other EEA (European Economic Area) signatory countries.

    • Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

7.2. Legal Basis for Data Processing

The processing of personal data through Google Analytics is based on Article 6(1)(f) GDPR, which allows processing for legitimate interests—in this case, website performance and user experience improvement.

7.3. Purpose of Data Processing

The collected data is used to:

  • Analyze user behavior and interactions on the website.
    Generate reports on website traffic and activity.
    Improve website functionality and optimize the user experience.

Google processes this data on behalf of the website operator under a Data Processing Agreement (DPA) in compliance with Article 28 GDPR.

7.4. Storage Duration

Data collected via Google Analytics is deleted once the processing purpose is fulfilled.

7.5. Right to Object and Opt-Out

Your IP address collected via Google Analytics is not combined with other Google data. You have several options to restrict or prevent tracking:

🔹 Disable cookies in your browser settings – This may limit website functionality.
🔹 Use Google’s opt-out browser add-on – This prevents Google Analytics from collecting data about your website activity. Available here: Google Analytics Opt-Out

7.6. Rights of the Data Subject

If your personal data is processed, you are considered a data subject under the GDPR. This grants you several rights, including:

  • Right to access – Know what personal data is being processed.
    Right to rectification – Correct inaccurate personal data.
    Right to erasure (“Right to be forgotten”) – Request deletion of your personal data.
    Right to object – Object to the processing of your data for analytical purposes.
    Right to data portability – Request your data in a structured, commonly used format.

For any data protection inquiries or requests, please contact the website administrator.

8. Rights of the Data Subject

If your personal data is processed, you are considered a data subject under the General Data Protection Regulation (GDPR). This grants you specific rights regarding the handling of your data by the data controller.

8.1. Right of Access

You have the right to request confirmation from the data controller on whether your personal data is being processed.

If your data is being processed, you may request access to the following information:

1️⃣ Purpose of processing – Why your personal data is being processed.
2️⃣ Categories of data – What types of personal data are being processed.
3️⃣ Recipients of data – Who has received or will receive your personal data.
4️⃣ Storage duration – How long your data will be stored, or the criteria for determining this period.
5️⃣ Your rights – The right to request correction, erasure, or restriction of processing, as well as the right to withdraw consent.
6️⃣ Complaints – The right to file a complaint with a supervisory authority.
7️⃣ Data source – If your personal data was not collected directly from you, you have the right to know the source.
8️⃣ Automated decision-making & profiling – If automated decision-making, including profiling (Article 22(1) & (4) GDPR) is used, you have the right to receive meaningful information about:

    • The logic involved

    • The significance and expected consequences for you

Additionally, if your personal data is being transferred to a third country or an international organization, you have the right to be informed about the appropriate safeguards in place under Article 46 GDPR.

8.2. Right to Rectification

You have the right to request correction or completion of your personal data if it is inaccurate or incomplete.

➡ The data controller must correct your data without undue delay.

8.3. Right to Restrict Processing

You can request restriction of your personal data processing if:

  • You contest the accuracy of your data—processing is restricted while its accuracy is verified.
    Processing is unlawful, but instead of erasure, you request restriction of its use.
    The data controller no longer needs your data, but you require it for the establishment, exercise, or defense of legal claims.
    You have objected to data processing (Article 21(1) GDPR), and a decision is pending on whether the controller’s legitimate interests override yours.

🔹 Effects of Restriction:
When data processing is restricted, the data may only be processed (except for storage) under the following conditions:

🔸 With your explicit consent
🔸 For the exercise or defense of legal claims
🔸 To protect the rights of another individual or entity
🔸 For important public interest reasons (EU or Member State level)

If the restriction is lifted, you will be notified in advance.

8.4. Right to Erasure

a) Obligation to Erase Data
You have the right to request that the controller erase your personal data without undue delay, and the controller is obligated to comply, provided that one of the following conditions applies:

    • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

    • You withdraw your consent to the processing of the data under Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing of the data.

    • You object to the processing of the data under Article 21(1) of the GDPR, and there are no overriding legitimate interests for processing the data, or you object to the processing of the data under Article 21(2) of the GDPR.

    • Your personal data have been processed unlawfully.

    • The erasure of your personal data is necessary to comply with a legal obligation under EU or Member State law to which the controller is subject.

    • Your personal data were collected in connection with information society services as per Article 8(1) of the GDPR.

b) Subsequent Notification to Third Parties
If the controller has made your personal data public and is required to erase it under Article 17(1) of the GDPR, the controller shall, within the limits of available technology and cost, take appropriate measures, including technical measures, to inform other data controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, and copies or replications of, those personal data.

c) Exceptions
You do not have the right to request the erasure of your personal data to the extent that processing is necessary:

    • To exercise the right to freedom of expression and information;

    • To comply with a legal obligation that requires the processing of the data under EU law or the law of a Member State to which the data controller is subject, or in the exercise of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

    • For reasons of public interest in the area of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

    • For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1) of the GDPR, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of the processing;

    • For the establishment, exercise, or defense of legal claims.

8.5. Right to Further Notifications

If you have exercised your right to rectify or erase your data, or to restrict the processing of your data, the controller must notify all recipients to whom your personal data have been disclosed about the correction, erasure, or restriction, unless this is impossible or would require disproportionate effort or expense. You also have the right to be informed by the data controller about these recipients of your data.

8.6. Right to Data Portability

You have the right to receive your personal data that you have provided to the data controller in a structured, commonly used, and machine-readable format. You also have the right to transmit these data to another data controller without the intervention of the data controller to whom your personal data were initially provided, provided that:

    • The processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract under Article 6(1)(b) of the GDPR, and

    • The processing is carried out by automated means.

When exercising this right, you also have the right to request that your personal data be transmitted directly from one data controller to another, where technically feasible. This must not prejudice the rights and freedoms of third parties. The right to data portability does not apply to data processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

8.7. Right to Object

You have the right to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, on grounds relating to your particular situation. This also applies to profiling based on the same provisions. The data controller will then no longer process your personal data unless the controller demonstrates compelling legitimate interests for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes. This also applies to profiling related to such direct marketing.

Your personal data will no longer be processed for direct marketing purposes if you object to the processing for those purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right to object by automated processes using technical specifications.

8.8. Right to Revoke Your Declaration of Consent under Data Protection Law

You have the right to revoke any consent previously given under data protection law. The revocation of consent will not affect the lawfulness of the data processing that occurred prior to the revocation.

8.9. Automated Individual Decisions, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

    • Is necessary for entering into, or the performance of, a contract between you and the data controller;
    • Is necessary for entering into, or the performance of, a contract between you and the data controller;

    • Is authorized by Union or Member State law to which the data controller is subject, and that law also provides suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests;

    • Is based on your explicit consent.

However, decisions shall not be based on special categories of personal data under Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies, and suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests are in place. In cases referred to in points 1 and 3, the data controller must implement appropriate measures to protect your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.

8.10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State where you have your habitual residence, place of work, or where the alleged infringement took place, if you believe that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

If you wish to object to the collection, processing, or use of your data by IEA Automation S.R.L. in accordance with this Data Protection Declaration, whether in whole or for specific measures, you may send your objection by e-mail or regular mail to the following contact details:

Data Protection Officer of IEA Automation S.R.L.:

Leontin Catarig
Administrator, IEA Automation S.R.L.