Privacy policy

This notice explains how the COTRACO Group of Companies processes your personal data when you contact us, use one of our services, or are our client, partner, or employee.

Please also read our Cookie Policy for further details.

In this notice, we explain:

  • who we are;

  • how you can contact us;

  • the privacy policy of our website;

  • the purpose and legal basis for processing your personal data;

  • how we obtain your personal data and what data we process;

  • how we use your personal data;

  • the security of personal data processing and the data retention period;

  • whether there are other recipients of your personal data;

  • whether we intend to transfer your data to another country;

  • your rights regarding personal data;

  • updates to this document.

This applies when you use our products and services, as well as our website.

1. WHO ARE WE?

We are COTRACO ROM SRL, a member of the COTRACO Group of Companies. In this Personal Data Processing Notice:
– “we/our”, COTRACO, refers to the COTRACO Group of Companies;
– “third party” means someone other than us or you;
– “COTRACO Group of Companies” means any company or organization in which COTRACO holds at least 50% of the share capital.
Our registered office is located at Sângeorgiu de Mureș, str. Petki David no. 69, Mureș County, postal code 547530, Romania.
We are registered with the Trade Register under no. J26/2061/02.12.2004 as COTRACO ROM SRL.
COTRACO is a registered trademark with OSIM under no. 099355/12.03.2009.

2. HOW CAN YOU CONTACT US?

Our central office phone number is +40-265-318210. You can also contact us via WhatsApp at +40-744-559382, email: office@cotraco.ro, or by using the contact form on our website: www.cotraco.ro.
You can contact the Data Protection Officer (DPO) directly via email at office@cotraco.ro, by post or courier at Sângeorgiu de Mureș, str. Petki David no. 69, Mureș County, Romania, postal code 547530, addressing your correspondence to the Data Protection Officer, or by phone: +40-265-318210.

3. PRIVACY POLICY OF OUR WEBSITE www.cotraco.ro

This website, www.cotraco.ro, is managed by COTRACO ROM SRL through our authorized representative, OptimWP.
When visiting this website, COTRACO ROM SRL may collect personal information about you, either directly (when you are asked to provide it) or indirectly (via cookies).
However, COTRACO ROM SRL will use this personal data in accordance with the purposes specified in this notice and is committed to keeping the collected personal information confidential.
COTRACO ROM SRL may collect and analyze information related to the use of this website, including domain name, number of visits, pages viewed, previously or subsequently visited websites, and session duration. This information may be collected through the use of ‘cookies’. A ‘cookie’ is a small text file placed on your hard drive by the website server. You can decide whether or not to accept cookies by adjusting your browser settings. You can read more about how we use cookies on our Cookies Policy page.
Each user’s and/or client’s personal data is confidential, protected by our authorized representative, and used by the company S.C. COTRACO ROM SRL in accordance with GDPR. Our company commits not to disclose this data to any third party, except in situations regulated and provided for by law.
The purpose and legal basis for processing personal data on our website is to maintain and monitor website performance and to continuously seek improvements in the website and the services we offer our users.
The legal basis we rely on to process personal data on our website is Article 6(1)(f) of the GDPR, which allows us to process personal data when it is necessary for our legitimate interests.

4. PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

The COTRACO Group of Companies respects privacy, security, and compliance with data protection laws.
The purpose of processing your personal data is to carry out the specific activities of the COTRACO Group: production, commerce, or services, and maintaining a high-quality relationship with clients and partners.

Legal basis for processing personal data:
We rely on the following legal bases under GDPR – Regulation (EU) 2016/679:
– (a) The data subject has given consent for one or more specific purposes. Example: consent for commercial offers or cookie usage. Consent can be withdrawn at any time.
– (b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Example: using contact information to conclude and carry out a contract.
– (c) Processing is necessary for compliance with a legal obligation. Example: accounting, tax, or archiving requirements.
– (f) Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party. Example: security, fraud prevention, service improvement.

5. HOW DO WE OBTAIN YOUR PERSONAL DATA AND WHAT DATA DO WE PROCESS?

Most personal information we process is provided directly by you for one of the following reasons:
– You have or intend to enter into a contract with us;
– You want to participate or have participated in an event;
– You applied for employment with us;
– You represent your organization or company;
– You purchase or use our products or services;
– You register on our website for a specific product or service;
– You subscribe to newsletters, alerts, or other services we offer;
– You contact us via various channels or request product/service information;
– You visit or browse our website or other COTRACO Group websites;
– From various open or official sources.

Types of personal data we process:
– Name, address, personal identification number, ID document, phone number(s), date of birth, email address;
– Banking details – necessary for processing payments when purchasing products or services;
– Location data (with your consent) via GPS, mobile networks, Wi-Fi hotspots, or IP address;
– Your preferences for products and services based on direct input or usage behavior;
– Browsing history – if permitted, we collect visited pages to personalize marketing;
– Service quality data – sales rep interaction, deliveries, product/service compliance;
– See the Cookies section for more on cookie-based data collection.

6. HOW DO WE USE YOUR PERSONAL DATA?

We use your personal data for the following purposes:

a) To provide our services:
– To process orders and update you on their status;
– To deliver relevant products/services, including service updates and changes;
– To invoice purchased products/services;
– To contact you if a payment is overdue;
– To respond to questions or concerns about our products/services.

b) To improve our services:
– We collect anonymous or aggregated data to enhance and diversify our offerings.
– We analyze, develop, and improve our services for greater relevance and interest.

c) For marketing and personalization:
– With your consent, we inform you about new products/services, send newsletters, invite you to surveys or events, and send promotional offers. Messages are tailored based on your profile.
– With location or browsing data consent, we personalize marketing further.
– With permission, we may contact you about products from COTRACO, its Group companies, or other relevant third parties.
– Contact may occur via mail, online, or phone, including through authorized partners.
– You can control marketing permissions anytime in the Data Protection Settings section at www.cotraco.ro.

d) Financial and credit checks:
– We may assess your financial standing before entering a contract, using provided or publicly available data.
– Personal data may also be used to verify identity and compliance.

e) Fraud prevention and legal enforcement:
– We may disclose data to protect against fraud, defend our rights, or protect our customers;
– Data may be disclosed to authorities when legally required and only when absolutely necessary.

f) Mergers and acquisitions:
– If we reorganize or sell to another entity, your data may be shared with that entity, which will be required to adhere to this Privacy Policy.

g) Third parties:
– If we work with service providers (e.g. transport or courier companies), they may access your data but only for service delivery and in accordance with our data protection agreements.

h) Employment:
– We use personal data to verify identity, review CVs, and fulfill legal employment obligations (contracts, job descriptions, REVISAL registration, health and safety, medical services, benefits).

7. PERSONAL DATA SECURITY AND DATA RETENTION PERIOD

We will retain your personal data as long as required by law. Unless otherwise specified by legal provisions, we will generally process your data for the duration of the contract between you and COTRACO, plus a period of three years after its termination.

We are continuously committed to protecting your personal data through technical and organizational security measures that minimize risks associated with loss, misuse, unauthorized access, disclosure, alteration, or destruction. Our employees are properly trained, and we have established contractual clauses concerning data protection with our partners.

Please note that some internet communications (such as emails) are not secure unless encrypted. Your communications may pass through several countries before reaching us—this is the nature of the internet. We are not responsible for any unauthorized access or data loss that is beyond our control.

Our website may contain links to third-party websites. We are not responsible for the security or content of those websites.

You may choose to disclose your data through social media plugins (e.g., Google, Facebook, LinkedIn, Instagram, TikTok) or third-party services that allow you to publicly post reviews or other content. Third parties may use such data.

Social media plugins and apps are operated by the respective networks and follow their own privacy and cookie policies. Please make sure you are informed about them and have consented to their data processing terms.

8. ARE THERE OTHER RECIPIENTS OF YOUR PERSONAL DATA?

We do not share your data with third parties for commercial purposes without your consent.

We have contracts with service providers and data processors who will not share your personal data with any other entity. They will securely maintain and store your data for the period agreed upon and in accordance with GDPR regulations.

In some situations, we are legally obliged to share data with third parties—for example, under a court order or when cooperating with legally authorized authorities for complaint or investigation purposes. We may also share data with regulatory bodies to help fulfill their mandates. In all such cases, we ensure a legal basis exists for the transfer and document the decision.

9. DO WE INTEND TO TRANSFER YOUR DATA TO ANOTHER COUNTRY?

Currently, our data is stored in locations within Romania.

If COTRACO transfers your information to a country outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place. We will always have a proper legal agreement covering the transfer, compliant with standards approved by the European Commission.

If the country does not have data protection laws equivalent to EU standards, we will require the third party to sign a legal contract reflecting those standards.

10. YOUR RIGHTS REGARDING PERSONAL DATA

Your rights under GDPR depend on the purpose for which we process your data:

– Right to be informed: You have the right to be informed from the start, including when you visit our website.
– Right of access: You can ask us to:
– Confirm if we process your data;
– Provide a copy of your data;
– Share details like how we use it, how long we keep it, what rights you have, and where we obtained it.
– Right to rectification: You can request correction of inaccurate or incomplete personal data.
– Right to restrict processing: You may request restriction of processing if:
– You contest the data’s accuracy;
– It is no longer needed, but you need it for legal claims;
– You objected, and the legitimacy of our grounds is under review.
– Right to erasure: You may ask us to delete your data in certain circumstances.
– Right to object: You can object to processing based on legitimate interest or for marketing purposes, and we will stop unless we have compelling grounds.
– Right to data portability: If you provided data based on consent or contract and it is processed automatically, you can request it be transferred to another organization.
– Right not to be subject to automated decision-making or profiling: If such processing occurs, you will be informed so you may exercise this right.

To exercise your rights, contact the Data Protection Officer via email at office@cotraco.ro, by mail or courier at Sângeorgiu de Mureș, str. Petki David no. 69, Mureș County, Romania, postal code 547530, or by phone at +40-265-318210.

You will not be charged a fee for exercising your rights. The response time is one month.

**Right to file a complaint**: If you are not satisfied with our response, you may file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP): www.dataprotection.ro

11. DOCUMENT UPDATES

This Personal Data Processing Notice is updated periodically to ensure accuracy and compliance.

Any changes will be posted on our website www.cotraco.ro and communicated to you.

Last updated: September 2025

SC COTRACO ROM SRL
Sângeorgiu de Mureș, Str. Petki David No. 69, 547530, Mureș County
Tel: +40-265-318210 | Fax: +40-265-319750 | WhatsApp: +40-744-559382
www.cotraco.ro | office@cotraco.ro