Privacy Policy

1. General information

Bearsto Atelier S.R.L. (“Bearsto Atelier”, “we”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018.

This policy applies to personal data collected through our website, email communications, and professional interactions.

2. Data controller

Data Controller:
Bearsto Atelier S.R.L.
Registered office: Strada Dacilor, nr. 1, Bl. G, ap.13, 307220, Com. Giroc, Sat Giroc, Jud. Timis, Romania
Trade Register: J35/3697/28.09.2023
VAT number: 48862817
Email: office@bearstoatelier.com
Phone: +40 711 947 563

3. What personal data we collect

We may collect and process the following categories of personal data:

  • Identification data: name, surname

  • Contact data: email address, phone number

  • Project-related information: location of project, brief description, budget range (if provided)

  • Professional data: company name, role (where applicable)

  • Technical data: IP address, browser type (via cookies, if enabled)

  • Contractual and billing data, where a professional relationship is established

We do not intentionally collect special categories of personal data (as defined by GDPR Art. 9).

4. How we collect personal data

Personal data is collected when you:

  • Fill in a contact or inquiry form on our website

  • Contact us by email or phone

  • Engage with us as a client, collaborator, or supplier

  • Subscribe to communications (if applicable)

Data is provided directly by you, except where obtained from collaborators strictly for project execution.

5. Purposes and legal basis of processing

We process personal data for the following purposes:

a) Professional communication and inquiries

Legal basis: Art. 6(1)(b) GDPR – steps prior to entering into a contract

b) Contractual performance (architectural services)

Legal basis: Art. 6(1)(b) GDPR – performance of a contract

c) Legal and accounting obligations

Legal basis: Art. 6(1)(c) GDPR – compliance with legal obligations under Romanian law

d) Legitimate business interests

Such as improving services, maintaining professional relationships, and ensuring security
Legal basis: Art. 6(1)(f) GDPR

Where consent is required, it will be requested explicitly.

6. Data recipients and data sharing

Personal data may be shared only with:

  • Professional collaborators (engineers, consultants) involved in a specific project

  • Public authorities, when required by law

  • Service providers (hosting, email, cloud services), acting as data processors under contractual safeguards

We do not sell or rent personal data to third parties.

7. International data transfers

Personal data is generally processed within the European Union.

If data is stored or processed via cloud services outside the EU, we ensure that appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, in accordance with GDPR requirements.

8. Data retention

Personal data is retained only for as long as necessary:

  • Inquiry data: up to 12 months if no contractual relationship is established

  • Client data: for the duration of the contract and thereafter in accordance with legal and accounting obligations

  • Accounting data: as required by Romanian fiscal law

After this period, data is securely deleted or anonymized.

9. Your rights as a data subject

Under GDPR, you have the following rights:

  • Right of access to your personal data

  • Right to rectification of inaccurate data

  • Right to erasure (“right to be forgotten”), where applicable

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing based on legitimate interest

  • Right to withdraw consent at any time (where processing is based on consent)

  • Right to lodge a complaint with the Romanian supervisory authority

10. Supervisory authority

If you believe your rights have been violated, you may contact:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: https://www.dataprotection.ro

11. Data security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

12. Cookies

If cookies are used on this website, a separate Cookie Policy will explain their purpose and allow you to manage your preferences.

13. Changes to this policy

We reserve the right to update this Privacy Policy when necessary. The current version will always be available on our website.

Last updated: 03.01.2026