Privacy Policy

This privacy policy describes how Edge Round Design S.R.L., the owner of the website www.erdesign.ro, and HazeLoft Enterprise S.R.L., the entity that manages and operates the website under a non-exclusive license agreement, collect, use, and protect your personal data.

The website www.erdesign.ro is owned and represented by Edge Round Design S.R.L., with its main headquarters at 141 Văleni Street, Ploiești 107071, Prahova.

HazeLoft Enterprise S.R.L. (hereinafter referred to as "we" or the "Operator") manages the website www.erdesign.ro based on a license agreement and, in this context, acts as a Personal Data Controller within the meaning of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) for data collected through the website. We are committed to respecting the confidentiality of your personal data and clearly presenting the methods of collection, use, storage, and protection.

Data Processing Principles

We commit to processing personal data in accordance with the principles established by the GDPR: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

Collection and Types of Information

We collect personal information that you voluntarily provide to us when using certain features of our website. The primary collection method is through the completion and submission of the contact forms available on the site.

The types of personal information collected through the contact form include:

In addition to the information provided directly, we also collect non-personal information or information about website usage through automated data collection technologies, such as cookies. This information may include:

This non-personal information is primarily used to understand how users interact with our website, to improve its performance, for aggregated statistical analysis, and to ensure website security.

Legal Basis and Purposes of Processing

We process your personal data based on the following legal grounds, according to the GDPR:

  • Consent: We collect and process personal data provided through the contact form based on your explicit consent, expressed by checking the corresponding box in the form. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Legitimate Interest: We may process certain data (such as that collected through non-essential cookies) based on our legitimate interest in improving the website, analyzing traffic, and personalizing the user experience, provided that the interests or fundamental rights and freedoms of the data subjects do not prevail.
  • Execution of a Contract or Pre-contractual Steps: If your request through the contact form concerns an offer or a service that may lead to the conclusion of a contract, we may process the data to respond to the request and initiate the necessary steps.
  • Compliance with a Legal Obligation: We may process data to comply with legal requirements.

The information we collect may be used for the following purposes:

  • Responding to Requests: To contact you and respond to your requests, questions, or inquiries submitted via the contact form.
  • Service Improvement: To analyze how the website is used and to constantly improve it, adapting content and functionalities to user needs.
  • Personalizing the Experience: To personalize your experience on the website, presenting relevant information and content tailored to your interests (this may involve the use of cookies).
  • Marketing Communications (with consent): If you have explicitly opted in to receive marketing communications, we may use your email address or phone number to send you information about our products, services, or promotions. You can withdraw your consent at any time.
  • Website Security: To detect and prevent fraud, unauthorized access, and other illegal activities, as well as to maintain the security and integrity of the website and our systems.

Data Retention Period

We store your personal data only for the period necessary to fulfill the purposes for which they were collected, in accordance with current legislation. The storage period may vary depending on the specific purpose of the processing:

  • Data collected via the contact form will be stored for the period necessary to process your request, plus a reasonable period for archiving or managing any subsequent requests, but no more than 180 days from the last interaction, unless legislation requires a longer period.
  • Data collected through cookies have different lifespans, explained in the dedicated cookies section.
  • In certain situations, we may keep data for a longer period if necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

After the storage period expires, the data will be deleted or irreversibly anonymized, unless there is a legal obligation to keep them for a longer period.

Disclosure to Third Parties

We will not sell, rent, or disclose your personal data to third parties for direct marketing purposes without your explicit consent.

We may disclose your information to the following categories of recipients, strictly for the purposes mentioned in this policy and with the assurance of adequate security measures:

  • HazeLoft Enterprise S.R.L.: As the entity that manages the website and processes data on behalf of Edge Round Design S.R.L., HazeLoft Enterprise S.R.L. has access to the collected data, acting either as a controller or as a processor authorized by the controller.
  • Service Providers: We may share data with third-party service providers who assist us in operating the website, hosting data, sending emails (if you opted for marketing), web analysis, or other support services. These providers have access only to the data necessary to perform their functions and are contractually obligated to maintain data confidentiality and security.
  • Legal and Governmental Authorities: We may disclose information when legally required to do so, following a request from competent authorities or to protect our rights, property, or safety, or that of others.
  • Professional Consultants: We may share data with consultants (e.g., lawyers, accountants) who provide services to us and are professionally bound to maintain confidentiality.

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to third parties as part of the transaction. We will notify you of such a situation and any changes to the applicable privacy policy.

Data Transfer Outside the EEA

In the event that your data is transferred outside the European Economic Area (EEA), we will ensure that the transfer is carried out in accordance with GDPR requirements, using appropriate legal mechanisms, such as:

  • Adequacy decisions of the European Commission (if the destination country offers an adequate level of protection).
  • Standard contractual clauses approved by the European Commission.
  • Binding corporate rules.
  • Codes of conduct or certification mechanisms (if applicable and approved).

Information Protection

We implement advanced technical and organizational security measures to protect your personal information against unauthorized access, loss, destruction, or modification. These measures include:

  • Security in transit: We use the secure HTTPS/TLS 1.3 protocol to guarantee the protection of your data during transmission over the internet against interception.
  • Data encryption: To ensure the confidentiality of stored data, we use strong XChaCha20-Poly1305 encryption, which combines high performance with a high level of cryptographic security.
  • Data integrity assurance: The integrity and authenticity of the data are verified using the BLAKE3 hashing algorithm, known for its speed and resistance against collision attacks.
  • Post-quantum cryptography: Anticipating future threats from quantum computers, we use the Kyber cryptographic algorithm for certain general hashing and advanced cryptography operations, ensuring the long-term resilience of the data.
  • Access control: Access to your information is strictly limited to authorized employees of HazeLoft Enterprise S.R.L. who require access to perform their job duties. These employees hold high-level positions or have specific responsibilities related to data management and have been appropriately trained in personal data protection and information security.
  • Physical and organizational security measures: We implement strict internal procedures, security policies, state-of-the-art IT security solutions (firewalls, intrusion detection systems, constant monitoring), and other physical and organizational measures to prevent unauthorized access and security breaches.

More detailed information about our security policy and the technical and organizational measures implemented is available on the dedicated page: HazeLoft Enterprise - Security.

Use of Cookies

Yes, we use cookies and similar technologies on our website. Cookies are small text files stored on your device (computer, tablet, mobile phone) when you visit the website. They help improve the user experience by allowing the website to remember your actions and preferences (such as login, language, font size, and other display settings) over a period of time, so you don't have to re-enter them every time you return to the site or navigate from one page to another.

We use both first-party cookies (placed by our website) and third-party cookies (placed by external services we use, such as web analysis services).

Cookies can be classified according to their lifespan and the purpose for which they are used:

  • Session cookies: These are temporary and are automatically deleted when you close your browser. They are essential for the proper functioning of the website.
  • Persistent cookies: These remain stored on your device for a longer period (which can vary from a few minutes to several years), allowing the website to recognize you on subsequent visits.
  • Essential/strictly necessary cookies: These are indispensable for the basic operation of the website and cannot be deactivated without affecting site functionality (e.g., remembering cookie preferences, ensuring security). These do not store personally identifiable information.
  • Performance/analysis cookies: These collect information about how users interact with the website (e.g., most visited pages, time spent on site, possible errors). This information is used to improve the performance and design of the website and is aggregated without identifying individual users.
  • Functionality cookies: These allow the website to remember choices you make (such as username, language, or region) and provide enhanced, personalized features.

Managing Cookies: You have the possibility to manage and/or delete cookies as you wish. You can delete all cookies already on your device and set most browsers to block them. However, if you do this, you may need to manually set certain preferences every time you visit the site, and some services and functionalities may not work correctly.

Most web browsers automatically accept cookies, but you can modify your browser settings to refuse cookies or to be notified when a cookie is sent. Instructions for managing cookies vary by browser. Also, for non-essential cookies, we will request your consent via a dedicated banner or pop-up.

Your Rights Under the GDPR

According to the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, access to those data and information on how they are processed.
  • Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you and/or the completion of incomplete data.
  • Right to erasure ("right to be forgotten"): In certain circumstances, you have the right to obtain the erasure of personal data concerning you without undue delay (e.g., if the data are no longer necessary in relation to the purposes for which they were collected, if you have withdrawn your consent, if the data have been processed unlawfully).
  • Right to restriction of processing: In certain circumstances, you have the right to obtain the restriction of processing of your data (e.g., if you contest the accuracy of the data, during the verification period; if the processing is unlawful and you oppose the erasure).
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit those data to another controller if the processing is based on consent or a contract and is carried out by automated means.
  • Right to object: You have the right to object, on grounds relating to your particular situation, to the processing of your data, including profiling, when the processing is based on our legitimate interest. You also have the right to object to the processing of data for direct marketing purposes.
  • Right not to be subject to an automated individual decision: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not use automated decision-making processes on this website.
  • Right to withdraw consent: When processing is based on your consent, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: Without affecting your right to address the courts, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe that the processing of your data violates the GDPR.

Exercising Your Rights

To exercise any of the rights mentioned above or for any questions related to the processing of your personal data, you can contact us using the following contact details:

We will strive to respond to your request within one month of receipt. In complex cases or with a high volume of requests, this period may be extended by two more months, in which case we will inform you of the delay and the reasons for it.

Consent

By completing the contact forms available on this website and checking the specific box for agreement with our privacy policy, you express your explicit consent for the collection and processing of your personal data for the purposes specified in this policy. If you do not agree with the provisions of this policy, please do not use the contact forms and contact us through other means of communication (phone, direct email) to discuss alternatives.

Links to Third-Party Websites

Our website may contain links to third-party websites. These websites have their own privacy policies, for which we assume no responsibility. We encourage you to read the privacy policies of every website you visit.

Minors' Privacy

Our website and services are not intended for persons under the age of 16. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately to request the deletion of this information.

Changes to the Privacy Policy

We reserve the right to update or modify this privacy policy at any time to reflect changes in our data processing practices, legal requirements, or technological changes. Any modification will be published on this page, and the "Last updated" date at the end of the document will be revised. We encourage you to periodically review this policy to stay informed about how we protect your data. Continued use of the website after changes are published constitutes implicit acceptance of those changes.

Contact Information

If you have questions or concerns regarding this privacy policy or the processing of your personal data, please contact us at:

Last updated: May 28, 2025