GDPR Policy

Last updated: October 2025

GENERAL

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on 27 April 2016, its provisions being directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thereby replacing the provisions of Law no. 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons located within the territory of the European Union. From a material point of view, the Regulation applies to all controllers that process personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, undertakings with legal personality, including the name and legal form and the contact details of the legal person.

Personal data is defined as any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

CONTROLLER’S IDENTITY

Considering Article 4 point 7 of the Regulation, which defines the term “controller” as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, the controller processing personal data through this website is Palamaru Mihaela Cristina Persoană Fizică Autorizată, with registered office on Strada Nucului, Brașov, registered with the Trade Registry F2024017705008, having VAT ID (CUI) RO51617745, legally represented by Palamaru Mihaela Cristina, contact details: cris.palamaru@gmail.com, 0040731523206.

COLLECTION OF PERSONAL DATA

What personal data is collected

The controller of this website collects, stores and processes the following personal data about / relating to you:

First and last name
Contact details (such as email, phone, fax)
IP

OBTAINING CONSENT

General

For the processing of personal data to be lawful, the GDPR provides that it must be carried out on the basis of a legitimate ground, such as the performance or conclusion of a contract, compliance with a legal obligation, or based on the valid consent previously expressed by the data subject. In the latter case, the controller is required to be able to demonstrate that the person concerned has given consent for the respective processing. Consent expressed under Directive 95/46/EC remains valid if it meets the conditions laid down by the GDPR.

Consent must be given by a statement or by a clear affirmative action that constitutes a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of their personal data. If the data subject’s consent is given in the context of a statement, in electronic or written form, which also refers to other matters, the request for consent must be presented in a form which is clearly distinguishable from the other matters and may be made by ticking a box. For processing to be lawful, the GDPR provides that it must be carried out on the basis of a legitimate ground, such as the performance or conclusion of a contract, compliance with a legal obligation, or based on the valid consent previously expressed by the data subject. In the latter case, the controller is required to be able to demonstrate that the person concerned has given consent for the respective processing. Consent expressed under Directive 95/46/EC remains valid if it meets the conditions laid down by the GDPR.

Consent Management Platform

This website uses a consent management platform – Cookie Script – thus empowering us to obtain, manage and document your consent given as a user.

Your consent is collected lawfully, in compliance with all legal requirements (contained in the GDPR, the case law guidelines of the Court of Justice of the European Union, the IAB Europe Transparency and Consent Framework), and through the platform consent is optimised at the moment of browsing this website.

The consent management platform – Cookie Script – complies with European requirements in the field; the processing of visitors’ and users’ personal data is carried out only to the extent necessary for the website’s functionality and content optimisation. The processing of users’ personal data is based on the users’ specific, informed and freely expressed consent obtained in accordance with Article 6(1)(a) of the Regulation. For more details, you can access the Privacy Policy available here https://cookie-script.com/legal/privacy-policy

Contact form

If you send us questions via the contact form, we will collect the data entered in the form, including the contact details you provide, in order to respond to your inquiry and any follow-up questions. We do not transmit this information without your permission. Therefore, we will process all data that you enter into the contact form only with your consent [in accordance with Article 6(1)(a) GDPR]. You can revoke your consent at any time, and an informal email to this effect is sufficient. Data processed before we receive your request may be processed lawfully. We will retain the data you provide via the contact form until:

you request deletion of the data;
you revoke your consent to its storage; or
the purpose for storing it is no longer valid.

Any mandatory legal provisions, in particular those regarding mandatory data retention periods, are not affected by the above.

Contact by email, phone

If you contact us by email, phone or fax, your request, including all personal data you provide, will be stored and processed by us for the purpose of handling your request, based on your expressed consent.

Accordingly, we will process all data you provide under the following legal provisions of the GDPR:

only with your consent – in accordance with Article 6(1)(a) GDPR
for the performance of a contract or at the pre-contractual stage – in accordance with Article 6(1)(b) GDPR
to achieve the purpose and legitimate interest we pursue, namely the efficient processing of requests sent by you – in accordance with Article 6(1)(f) GDPR.

We will retain the data you provide in this way until:

you request the deletion of the data;
you revoke your consent to its storage; or
the purpose for storing it is no longer valid, in all cases except for mandatory data retention periods.

Comments section

By accessing the Comments section, certain personal data (such as, but not limited to, email address, username, IP address) will be processed and stored, some of which are necessary for the prevention of illegal actions or defamatory content.

There is also the possibility to register/subscribe on this site in order to receive comments via the email provided, so that:

Your email address may be verified via a confirmation email;
You can unsubscribe at any time by accessing the link within the emails, and the data you provided will be deleted immediately, except for data provided as a result of accessing other sections (for example, upon subscribing to the newsletter) which will remain stored;

PURPOSE OF COLLECTED DATA

Some of the data collected on this site is used for:

Providing the services we offer for your benefit (for example, to solve problems of any kind related to our products and services, to provide support services, etc.)
Online advertising and promotion activities. You can request at any time, through the means described in this document, that we stop processing your personal data for marketing purposes, and we will comply with your request as soon as possible.
Periodic information of users – We want to keep you informed about our offers. In this regard, we may send you any type of message containing general and thematic information, information regarding offers or promotions, as well as other commercial communications such as market research and opinion surveys. For such communications, our legal basis is the consent previously obtained from you. You can change your mind and withdraw your consent at any time by sending an email to cris.palamaru@gmail.com.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based both on the data subject’s consent and on reasons of proper performance of contracts or on the controller’s legitimate interests (except where the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, prevail, especially when the data subject is a child).

USERS’ RIGHTS

Your rights regarding personal data and the means of exercising them are: Right to be informed, Right of access, Right to rectification, Right to erasure (“right to be forgotten”), Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated processing, Right to lodge a complaint and to address the courts, Right to withdraw consent.

Right to be informed – you can request information about the processing activities of your personal data, about the identity of the controller and its representative, or about the recipients of your data;
Right of access – you can obtain from the controller confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the right to request from the controller rectification or erasure of personal data or restriction of processing or the right to object to processing, etc.
Right to rectification – you can rectify inaccurate personal data or complete it;
Right to erasure – you can obtain the deletion of data where its processing was unlawful or in other cases provided for by law;
Right to restriction of processing – you can request restriction of processing where you contest the accuracy of the data, as well as in other cases provided by law;
Right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a structured, commonly used and machine-readable format, or you can request that those data be transmitted to another controller;
Right to object – you can object in particular to processing based on the controller’s legitimate interest;
Right not to be subject to a decision based solely on automated processing – you can request and obtain human intervention with respect to such processing or you can express your own point of view regarding this type of processing;
Right to lodge a complaint and to address the courts – you can lodge a complaint regarding the processing of personal data with the National Supervisory Authority for Personal Data Processing and/or you can address the courts to enforce your rights;
Right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time, by sending an email to cris.palamaru@gmail.com. Withdrawal of consent will only have effects for the future; processing carried out prior to withdrawal remains valid.

CONTROLLER’S OBLIGATIONS

Hosting

The personal data recorded on this website is stored on Hostico servers. The processing of the data provided and stored complies with the following legal provisions:

Art. 6(1)(a) GDPR – the processing of data by Hostico is carried out on the basis of your consent, obtained after correct and complete information;
Art. 6(1)(b) GDPR – the processing of data by Hostico takes place for the purpose of fulfilling contractual obligations undertaken;
Art. 6(1)(f) GDPR – the processing of data by Hostico is carried out for the purposes of the controller’s legitimate interests.

Regardless of the purpose for which personal data is processed, the principles of lawfulness, fairness and transparency are respected, as well as the principle that personal data processed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

For more information regarding the processing of personal data by Hostico, please visit https://hostico.ro/politica-confidentialitate/

We have a contract/convention/legal act (including the possibility of including and agreeing to the clauses in the website’s Terms and Conditions) concluded with Hostico to ensure the processing of personal data in accordance with the legal regulations in the field. We comply with the obligations incumbent on us under Article 28 of the GDPR, by choosing an external service provider that offers sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the Regulation and ensures the protection of your rights.

Data encryption

This site uses SSL encryption for security reasons and for the protection of the transmission of confidential information. You can recognise this encryption by the lock icon that appears in the browser bar and by the change from http:// to https:// in the browser’s address. Once this type of encryption is activated, the data transmitted or transferred cannot be seen by third parties.

According to the GDPR, if the breach of personal data security is likely to result in a high risk to your rights and freedoms, the controller of this website will inform you without undue delay of such a breach, unless the complementary provisions of the same Regulation (Art. 34(3)) become applicable.

Data Protection Officer

The GDPR provisions regarding the obligation to appoint a Data Protection Officer are not applicable (Art. 37(1) – according to which the controller and the processor shall designate a data protection officer in any case where:

the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or
the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10)

For any information or clarifications regarding the operation of this website, please contact us at the following details:

Name: Palamaru Mihaela Cristina
Email: cris.palamaru@gmail.com
Phone: 0040731523206
Mailing address: Str. Nucului, Brașov

Records of processing activities

According to the GDPR, the controller or the processor should maintain, for a reasonable period, records of processing activities under its responsibility. Such records shall contain the following information:

the name and contact details of the controller
the purposes of the processing;
a description of the categories of data subjects and of the categories of personal data;
the categories of recipients to whom the personal data have been or will be disclosed;
where applicable:
- transfers of personal data
- the envisaged time limits for erasure of the different categories of data
- a general description of the technical and organisational security measures

The detailed obligation above does not apply to an enterprise or organisation employing fewer than 250 persons, unless the processing carried out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Appropriate technical and organisational measures

Taking into account the state of the art, the context and purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the controller implements appropriate technical and organisational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed.

Notification of the supervisory authority in case of a personal data breach

Pursuant to Article 33(1) GDPR, in the event of a personal data breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Informing the data subject regarding a personal data breach

Under Article 34 GDPR, where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the personal data breach to the data subject without undue delay, except where:

appropriate technical and organisational protection measures have been implemented, and those measures were applied to the personal data affected by the personal data breach, in particular measures that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
subsequent measures have been taken which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
it would involve disproportionate effort. In such a case, a public communication or similar measure is carried out whereby the data subjects are informed in an equally effective manner.

SOCIAL MEDIA

Facebook Plug-ins (Like & Share Button)

This service uses social plug-ins (“plugins”) operated by the social network facebook.com. The plugins can be identified by a Facebook logo (a white “f” on a blue tile or a “thumbs up” sign) or are labelled by adding the phrase “Facebook Social Plugin.” The list and appearance of Facebook plugins can be viewed here: https://developers.facebook.com/docs/plugins/. Insofar as you use the Like extension, you will like our website’s Facebook page without needing to leave it. Insofar as you use the Share extension, you will share our website or certain content from it on your personal Facebook page, without needing to leave the site.

Through the plugin, Facebook receives the information that you access on our site. If you are also logged into Facebook at the same time, Facebook can attribute the actions performed on the page to your account and, implicitly, to you personally. When you interact with the plugins, for example by clicking the Like button or sharing certain content from the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, there is still the possibility that the social network may obtain and store your IP address.

By clicking one of these buttons, you agree to the use of this plugin and, therefore, to the transfer of personal data to Facebook. We do not have control over the nature and purpose of these data transmitted or over the subsequent processing thereof. Regarding the purpose and scope of data collection, the processing and subsequent use of data by Facebook, as well as permissions and settings for protecting privacy.

If you do not want Facebook to associate your visit to this site with the information in your Facebook account, you have the option not to authenticate.

Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCCs). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the EEA. It has also issued one set of clauses for data transfers from EU controllers to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Facebook uses Standard Contractual Clauses as an adequate data protection guarantee, in line with the level of protection guaranteed by the GDPR.

For more details, visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

Instagram plug-in

This service uses social plug-ins (“plugins”) operated by the social network Instagram, with functions provided by Instagram Inc., located at 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins can be identified by an Instagram logo or are labelled by adding the phrase “Instagram Social Plugin.”

Through the plugin, Instagram is informed about the actions you take on our page. If you are also logged into your personal social network account at the same time, it can attribute the actions performed on the page to your Instagram account and, implicitly, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not an Instagram member, there is still the possibility that it may obtain and store your IP address.

By clicking one of these buttons, you agree to the use of this plugin and, therefore, to the transfer of personal data to Instagram. We do not have control over the nature and purpose of these data transmitted or over the subsequent processing thereof. Regarding the purpose and scope of data collection, the processing and subsequent use of data by Instagram, as well as permissions and settings for protecting users’ privacy, you can consult Instagram’s privacy policies at: https://help.instagram.com/519522125107875.

If you are a member of Instagram and do not want it to collect your data via the plugin and link it to data already stored on Instagram, you must log out of the social network before visiting this site.

Instagram uses Standard Contractual Clauses as an adequate data protection guarantee, in line with the level of protection guaranteed by the GDPR.

For more details, visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

To receive a newsletter, it is necessary to provide a valid email address, along with specific information that can identify the holder of that address. Your consent for sending the newsletter is also required, and therefore we inform you that any other personal data will be collected and stored only with your consent. The data thus collected is processed solely for the purpose of sending the newsletter and will not be transmitted to third parties.

Accordingly, we will process any data you enter in the contact form only with your consent, in accordance with Article 6(1)(a) GDPR.

MailerLite

This site uses MailerLite services to send the newsletter, as MailerLite is a service that can be implemented to organise and analyse the sending of newsletters.

As an operating method, when you enter data for the purpose of subscribing to the newsletter, the information is stored on MailerLite’s servers.

Moreover, MailerLite can be used to analyse the performance of newsletter campaigns and to compile statistical data on these campaigns for the purpose of adaptation and efficiency. Thus, if you open an email sent via MailerLite, a file integrated into the email (a so-called web beacon) connects to MailerLite’s servers. As a result, it can be determined whether a newsletter has been opened and which link was subsequently accessed. Technical information is also recorded at that time (for example, time of access, IP address, browser type and operating system).

Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCCs). For more information, please see MailerLite’s legal pages and privacy documentation available here: https://www.mailerlite.com/legal.

PLUGINS & TOOLS

YouTube

Our website uses plugins from the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you visit a page on our site in which a YouTube plugin has been integrated, a connection to YouTube’s servers will be created. Consequently, the YouTube server will be notified which of our pages you have visited.

In addition, YouTube may place various cookies through which information about our website visitors can be obtained. Among other things, this information will be used to generate video statistics to improve the user-friendliness of the site and to prevent fraud attempts.

If you are logged into your YouTube account while visiting our site, you allow YouTube to directly assign your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

The use of YouTube is based on our interest in presenting online content in an attractive manner. Under Article 6(1)(f) GDPR, this is a legitimate interest.

Considering the Judgment of 16 July 2020 (in Case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the Court of Justice of the European Union held that the protection afforded by the EU–US Privacy Shield is not adequate. Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) should be based on the European Commission’s Standard Contractual Clauses (SCCs).

For more information about how YouTube handles user data, please consult YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en.

Google Web Fonts

This site uses Web Fonts provided by Google to ensure the uniform use of fonts on this site.

When you access a page on this website, your browser will load the required web fonts for the correct display of text and fonts as a result of establishing a connection to Google’s servers.

The use of Google Web Fonts is based on Article 6(1)(f) GDPR, there being a legitimate interest in the uniform presentation of the font on this website. If consent has been expressed in this regard, the data will be processed exclusively on the basis of Article 6(1)(a) GDPR.

For more information about how Google Web Fonts handles user data, please consult the Privacy Policy available at: https://policies.google.com/privacy?hl=en. More details on GDPR compliance through the use of Google Web Fonts can be found in the Google statement of 18 November 2022.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our site. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether data entered on our website (for example, information entered into a contact form) is provided by a human user or by an automated program. For this analysis, reCAPTCHA evaluates a variety of data (for example, IP address, the time the website visitor spent on the site, or cursor movements initiated by the user). The data tracked during these analyses is transmitted to Google. reCAPTCHA analyses run entirely in the background. Data is processed based on Article 6(1)(f) GDPR (legitimate interest in preventing abuse and SPAM).

Considering the Judgment of 16 July 2020 (in Case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the Court of Justice of the European Union held that the protection afforded by the EU–US Privacy Shield is not adequate. Therefore, transfers rely on the European Commission’s Standard Contractual Clauses (SCCs). More information: Google Privacy Policy and Google Terms.

Online Chat

Facebook Messenger

We use Facebook Messenger on this website to provide quick assistance and allow interaction with us, including tracking purchases, receiving notifications and initiating conversations with customer service. The legal basis is Article 6(1)(f) GDPR (legitimate interest). Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

Transfers outside the EEA rely on SCCs. More info: Facebook Privacy and EU Data Transfer Addendum.

We use WhatsApp (operated in the EEA by WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) to ensure efficient communication with customers. The legal basis is Article 6(1)(f) GDPR (legitimate interest). See policy: WhatsApp Privacy Policy. Transfers rely on SCCs.

Audio-Video Communications

We use online conferencing tools to communicate with clients. If you choose to communicate with us via such tools, your personal data will be collected and processed by both us and the respective provider.

Legal bases: Article 6(1)(b) GDPR (contract/performance) and 6(1)(f) GDPR (legitimate interest in efficient communication). Where consent is requested by the provider, processing will be based on your consent until withdrawn.

Zoom

Zoom Communications Inc., 55 Almaden Blvd, 6th Floor, San Jose, CA 95113, USA. Privacy: https://zoom.us/en-us/privacy.html. Transfers rely on SCCs.

Google Meet

Provided in the EEA by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy: https://policies.google.com/privacy.

ADVERTISING & ANALYTICS

Google Analytics

This site uses Google Analytics. Cookies generate information about your use of the site and are usually transferred to a Google server in the United States. We use IP anonymisation. The storage of Google Analytics cookies and use of the tool is based on Article 6(1)(a) GDPR (consent).

Google Analytics Remarketing

We use Google Analytics Remarketing with Google Ads/DoubleClick. With your consent, Google may connect browsing across devices via your Google account to display personalised ads. You can disable personalised ads here: https://www.google.com/settings/ads/onweb/.

Google Ads and Google Conversion Tracking

We use Google Ads with Conversion Tracking. If you click an ad, a conversion cookie (30 days) may be set. You can opt out by disabling conversion cookies in your browser settings. More: Google Privacy.

Facebook Pixel

We use Facebook Pixel for conversion measurement and remarketing. Data is anonymous to us but may be used by Facebook for its own purposes under its policies. You can disable “Custom Audiences” in your Facebook ad settings: Ad Preferences. If you do not have a Facebook account, you can opt out via: Your Online Choices.

Microsoft Clarity

This website uses Microsoft Clarity for session recordings, heatmaps and insights. Data processed may include IP address, location, browser info, screen resolution, language, visited pages, date/time. Statement: Microsoft Privacy Statement.

E-COMMERCE & PAYMENT METHODS

E-commerce

We process personal data to the extent necessary to conclude or modify a contractual relationship, under Article 6(1)(b) GDPR. We process personal data only to facilitate access to our products/services and/or to collect their value.

Data retention for customers: customer account and order data are retained for 2 years after the last interaction (or longer where legal obligations apply), after which they are deleted or anonymised.

Online payments (Stripe)

During the purchase process, your banking data is protected. We use secure encryption; data is transmitted over secure connections to financial institutions. Payment data you provide is not transmitted to third parties beyond the payment processor and is not stored on our servers.

Other payment methods

According to Stripe’s Privacy Policy, Stripe provides appropriate measures for protecting users’ personal data and the transactions they perform. Processing may rely on consent (Art. 6(1)(a)), contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)).

COOKIES

This website uses cookies. These do not damage your computer and do not contain viruses; they contribute to an easier, more efficient, and safer use of the site. They are small text files that are saved on your computer and stored by the browser used to access the site.

Many of the cookies used are “session cookies,” which are automatically deleted after visiting this site. Others remain in your computer’s memory until you delete them; these make it possible to recognize your browser on a subsequent visit.

You can configure your browser to inform you about the use of cookies, so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions, to always reject them, or to automatically delete cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you wish to use are stored in accordance with Article 6(1)(f) GDPR (legitimate interests). Other cookies (analytics, marketing, personalization) are stored only with your explicit consent, in accordance with Article 6(1)(a) GDPR and Article 5(3) of the ePrivacy Directive.

Cookie consent and management

You can adjust or withdraw your consent at any time by clicking the “Cookie Settings” link in the website footer. Your preferences are stored for 12 months unless you delete your cookies sooner. Records of cookie consents are retained for 12 months to demonstrate compliance with GDPR requirements.

Cookie categories

First-Party Cookies: set by this site for functional/statistical purposes.
Third-Party Cookies: set by external domains integrated into our pages (e.g., YouTube, Google, Meta).
Session Cookies: deleted when you close your browser.
Persistent Cookies: remain for a defined period and can be deleted by you at any time.
Data Security Cookies: used only over HTTPS to support secure transactions.

Cookies used on this website

Name	Provider	Purpose	Expiration	Legal Basis
PHPSESSID	Website	Maintains user session	Session	Necessary (Art. 6(1)(f))
rememberme	Website	Keeps login credentials	1 month	Necessary (Art. 6(1)(f))
_grecaptcha (local storage)	Google	Security / bot protection	—	Necessary (Art. 6(1)(f))
elementor (session/local)	Website	Saves editor / page preferences	Session / persistent	Necessary (Art. 6(1)(f))
wpEmojiSettingsSupports	Website	Displays emojis properly	Session	Necessary (Art. 6(1)(f))
_GRECAPTCHA	Google	Security / bot protection	≈ 6 months	Necessary (Art. 6(1)(f))
CookieScriptConsent	CookieScript	Stores cookie-banner preferences	1 month	Consent (Art. 6(1)(a))
_ga	Google Analytics	Statistics on user interactions	13 months	Consent (Art. 6(1)(a))
_fbp, _fbc	Meta (Facebook)	Advertising / remarketing	3 months	Consent (Art. 6(1)(a))
_gcl_au	Google Ads	Conversion tracking	3 months	Consent (Art. 6(1)(a))

For more information about how these providers process data, see their privacy policies:
• Google Privacy Policy
• Meta (Facebook) Privacy Policy
• CookieScript Privacy Policy

CONCLUSION

This personal data processing policy is generated in accordance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as other applicable national legal provisions.

We reserve the right to make any additions or modifications to this policy. We recommend reviewing the Policy regularly for correct and up-to-date information regarding the processing of personal data.

For more details regarding this GDPR Policy, as well as for exercising any of the rights mentioned above, a written notification may be sent to the contact details indicated above.