Sari la conținut
Legal

Privacy policy.

Last updated: 2026-04-22. Written to be read, not to confuse.

Questions? Write to us at [email protected] and we'll respond within 24h.

Who we are

NOTSOMARKETING SRL, with its registered office at Str. Verzișori 6, Bl. D, Ap. B118, Sector 4, București, J2025007753005, Tax ID 51233841, is a personal data controller under Regulation (EU) 2016/679 (GDPR).

What data we collect

From site visitors

  • Analytics data through Google Analytics (pages visited, time on page, traffic source) — only with your consent.
  • Contact data provided voluntarily (through forms).
  • Cookies: a technical one that remembers your cookie choice, plus Google Analytics cookies enabled only after consent. Details in the Cookie Policy.

From platform users

  • Account data: name, email, phone, role.
  • Authentication data: hashed passwords (bcrypt), session tokens.
  • Biometric data: WebAuthn credentials stored securely (not the biometric images).
  • Access logs: IP, user agent, timestamp — for audit and security.

Your customers' data (as a sub-processor)

For your customers' data (the natural persons whose orders you manage in notsowms), we act as a sub-processor under your control. The details are in the GDPR document.

Legal basis for processing

  • Performance of the contract (for platform users).
  • Legitimate interest (analytics, security, fraud prevention).
  • Consent (for optional cookies, newsletter).
  • Legal obligation (invoicing, 10-year tax retention).

Who we share data with

The full list of sub-processors is available on the GDPR page, including the purpose and location for each.

We don't sell data. We don't run ads. We don't do retargeting.

How long we keep data

  • Active account data: for the duration of the contract.
  • Closed account data: 30 days for recovery, then permanently deleted.
  • Invoices: 10 years (legal tax obligation).
  • Access logs: 90 days.
  • Analytics data: 13 months.

Your rights

Under the GDPR, you have the following rights, exercisable by email at [email protected]:

  • The right of access to your data
  • The right to rectification
  • The right to erasure ("the right to be forgotten")
  • The right to restriction of processing
  • The right to data portability
  • The right to object
  • The right not to be subject to an automated decision

Cookies and consent

We use Google Analytics for traffic statistics. Analytics cookies are disabled by default (Google Consent Mode v2) and are enabled only after you accept from the cookie banner. You can change your choice at any time from “Cookie settings” in the site footer. The full list of cookies, with purpose and duration, is in the Cookie Policy.

Data security

Each client has its own isolated database, with TLS 1.2+, encrypted backups, complete audit logs and optional two-factor authentication.

Complaints

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP): dataprotection.ro.