• Lawfulness, fairness, and transparency – data is processed based on legal grounds and with clear information for data subjects.
• Purpose limitation – data is collected only for specific, legitimate, and defined purposes.
• Data minimization – we collect only the data strictly necessary for RoAdevar activities.
• Accuracy – data must be accurate and up to date.
• Storage limitation – data is kept only as long as necessary for the purpose declared or as required by law.
• Integrity and confidentiality – security measures are implemented to protect data from unauthorized access or loss.
• Accountability – RoAdevar is obliged to demonstrate compliance with these principles (Art. 5 GDPR).

RoAdevar processes data in compliance with GDPR and Law no. 190/2018 on the implementation measures of the Regulation. Since May 25, 2018, operators are no longer required to notify or register with ANSPDCP (National Supervisory Authority for Personal Data Processing), but the obligation to fully comply with GDPR remains. Legal grounds for processing may include: explicit consent of the data subject (Art. 6(1)(a)), legal obligations (Art. 6(1)(c)), legitimate interest (Art. 6(1)(f)), or other grounds specified in the Regulation.

• Right of access – to know what data is processed and for what purpose.
• Right to rectification – to correct inaccurate data or complete incomplete data.
• Right to erasure ("right to be forgotten") – to delete data when there is no legal basis for processing.
• Right to restriction – to limit data processing in certain situations.
• Right to data portability – to transfer data to you or another operator.
• Right to object – to object to processing, especially for direct marketing purposes.
• Rights related to automated decision-making and profiling – to not be subject to a decision based solely on automated processing.
• Right to lodge a complaint – with ANSPDCP or the competent courts.

In Romania, the competent authority is ANSPDCP (National Supervisory Authority for Personal Data Processing). Its role is to monitor the application of GDPR and it can impose sanctions for violations.

Violation of GDPR can lead to administrative fines of up to 20 million EUR or 4% of the global annual turnover (Art. 83 GDPR). RoAdevar is obligated to implement appropriate policies and technical measures to prevent such situations and demonstrate compliance.

This GDPR policy may be updated periodically to reflect legislative changes or recommendations from supervisory authorities. Any updates will be published on the website, and registered users will be notified via email in case of significant changes.