Privacy Policy
Last updated: 30 April 2025
1. Information about the data controller
AISYSTEMS S.R.L.
CUI: 53323240
ORC No: J2026003293001
Registered office: Strada Pitar Moș, Nr. 27, Etaj 5, Ap. 17, București, Sector 1, Cod Poștal 010452
GDPR Contact: contact@startuprevolution.ro
2. Purpose of this document
This Privacy Policy describes how AISYSTEMS S.R.L., as data controller, collects, uses, stores and protects your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian legislation.
Please read this document carefully before using the website startupkiosk.ro or submitting any personal data to us.
3. Data we collect
3.1 Data provided directly by you
By completing the contact form or by communicating directly with us, we collect:
First and last name
Email address
Telephone number
Content of messages and requests submitted
Any other information voluntarily provided in the course of communications
3.2 Automatically collected data
Simply by visiting the website, we automatically collect:
IP address and approximate geographical location
Type and version of the browser used
Operating system of your device
Pages visited and duration of the visit
Traffic source (how you arrived at our website)
Date and time of access
Browsing behaviour data through Google Analytics 4
3.3 Data we DO NOT collect
We never collect or request:
Financial or banking details
Passwords or authentication details
Sensitive data within the meaning of Art. 9 GDPR (health data, racial or ethnic origin, political opinions, religious beliefs, etc.)
4. Why we collect data — purposes and legal grounds
Purpose Legal Basis Responding to requests submitted via the contact form Consent (Art. 6 para. 1 lit. a GDPR) Sending commercial offers upon express request Consent (Art. 6 para. 1 lit. a GDPR) Performance of a contract or pre-contractual measures Contract (Art. 6 para. 1 lit. b GDPR) Traffic analysis and website improvement Legitimate interest (Art. 6 para. 1 lit. f GDPR) Fraud prevention and website security Legitimate interest (Art. 6 para. 1 lit. f GDPR) Compliance with legal obligations Legal obligation (Art. 6 para. 1 lit. c GDPR)
We will not use your data for any other purpose than those mentioned above without notifying you in advance and, where necessary, obtaining your consent.
5. How long we retain data
Category of data Retention period Contact form data 3 years from the last interaction Contractual data 5 years from the completion of the contract, in accordance with fiscal and accounting obligations Browsing data (Google Analytics) 14 months (Google Analytics 4 default setting) Marketing data with consent Until consent is withdrawn
Upon expiry of the retention period, data is securely deleted or anonymised.
6. To whom we disclose data
6.1 Categories of recipients
Your data may be disclosed to the following recipients, strictly for the purposes mentioned:
Google LLC — through Google Analytics 4 and Google Ads, for traffic analysis and personalised advertising. Google LLC is based in the United States of America. The transfer is carried out on the basis of standard contractual clauses approved by the European Commission. Google's privacy policy: https://policies.google.com/privacy.
Cloud and hosting service providers — for storing and processing data under appropriate security conditions, based on data processing agreements pursuant to Art. 28 GDPR.
Email service providers — for communicating with you, based on data processing agreements.
Public authorities — upon their express request, based on legal obligations (courts of law, law enforcement bodies, tax authorities, etc.).
6.2 What we never do
We do not sell your personal data to third parties
We do not disclose data to third parties for marketing purposes without your explicit consent
We do not transfer data outside the European Economic Area without appropriate safeguards
7. Your rights
In accordance with the GDPR, you benefit from the following rights:
7.1 Right of access (Art. 15 GDPR)
You may request at any time a copy of the personal data we hold about you, as well as information on how it is processed.
7.2 Right to rectification (Art. 16 GDPR)
You may request the correction of inaccurate data or the completion of incomplete data.
7.3 Right to erasure (Art. 17 GDPR)
You may request the erasure of your data in the following situations: the data is no longer necessary for the purpose for which it was collected, you have withdrawn your consent, you object to the processing and there are no overriding legitimate grounds, or the data has been unlawfully processed. This right does not apply where processing is necessary for compliance with legal obligations.
7.4 Right to restriction of processing (Art. 18 GDPR)
You may request the restriction of processing of your data in certain situations, for instance when you contest the accuracy of the data or when the processing is unlawful.
7.5 Right to data portability (Art. 20 GDPR)
You may request to receive the data you have provided in a structured, commonly used and machine-readable format, and to have it transmitted to another controller.
7.6 Right to object (Art. 21 GDPR)
You may object to the processing of your data at any time when the processing is based on the legitimate interest of the controller, including profiling. You may also object at any time to the processing of data for direct marketing purposes.
7.7 Right to withdraw consent
Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out prior to its withdrawal.
7.8 Right to lodge a complaint
You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București
7.9 How to exercise your rights
Send a written request to contact@startupkiosk.ro, indicating your full name, email address and the right you wish to exercise. We will respond within 30 calendar days. In complex cases, this period may be extended by a further 60 days, subject to prior notification.
We reserve the right to verify the identity of the requester before acting on any request.
8. Data security
AISYSTEMS S.R.L. implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or disclosure, including:
Secure HTTPS connections throughout the website
Restricted access to personal data, strictly for authorised personnel
Confidentiality agreements with all service providers processing data on our behalf
In the event of a security incident affecting your data, we will notify the ANSPDCP within 72 hours and inform you directly if the incident poses a high risk to your rights and freedoms.
9. Cookies
The website uses strictly necessary cookies, performance cookies via Google Analytics 4, and marketing cookies via Google Ads. Performance and marketing cookies are used solely based on your active consent, expressed through the cookie banner displayed on your first visit. You can modify or withdraw your consent at any time through the cookie settings available on the site.
For detailed information about the cookies used, please refer to our Cookie Policy.
10. Minors
The website is not intended for persons under the age of 16. We do not knowingly collect personal data from minors. If you have reason to believe that a minor has submitted personal data to us, please contact us at contact@startupkiosk.ro to have it deleted.
11. Amendments to the policy
We reserve the right to amend this Privacy Policy at any time. Significant changes will be communicated by posting a prominent notice on the website and, where possible, via email. The date of the last update is indicated at the beginning of the document. We recommend checking this page periodically.
12. Contact
For any questions, requests or concerns regarding the processing of your personal data:
Email: contact@startuprevolution.ro
Address: Strada Pitar Moș, Nr. 27, Etaj 5, Ap. 17, București, Sector 1, Cod Poștal 010452
We respond within a maximum of 5 working days to any general request, and within 30 calendar days to formal requests regarding the exercise of GDPR rights.