DATA SECURITY

Privacy Policy

Last Updated: April 21, 2026

1. Introduction & Data Controller

EMPIRE GLOBAL SOLUTIONS S.R.L. (Tax ID 47484918, Trade Reg. J23/346/2023), with registered office at DUMBRĂVENI, Str. IASOMIEI, Nr. 8/4, Ilfov County, Romania, is the controller of your personal data within the meaning of Regulation (EU) 2016/679 (GDPR).

This Privacy Policy describes how we collect, process, store, and protect your personal data. By using the empirex.tech platform or our services, you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

We collect exclusively the data necessary for service delivery:

  • Identity Data: Full name, email address, phone number.
  • Company Data: Company name, Tax ID, registered address (for B2B invoicing).
  • Technical Data: IP address, browser type, access logs, device identifier (for security purposes).
  • Financial Data: Billing details, transaction history (processed securely — we do not store card data).
  • Communication Data: Content of messages submitted via site forms or email.

3. Purposes of Processing

Your data is used exclusively for:

  • Providing and managing agreed contractual services.
  • Issuing fiscal invoices and processing payments.
  • Account security, fraud prevention, and unauthorized access monitoring.
  • Essential operational project communications.
  • Compliance with applicable legal and fiscal obligations.

4. Legal Basis for Processing

Your data is processed on one of the following legal bases under Art. 6 GDPR:

  • Contract performance (Art. 6(1)(b)) — for providing contracted services.
  • Legal obligations (Art. 6(1)(c)) — for invoice issuance and fiscal compliance.
  • Legitimate interest (Art. 6(1)(f)) — for system security and fraud prevention.
  • Consent (Art. 6(1)(a)) — for newsletter and marketing communications (withdrawable at any time).

5. Data Recipients

We never sell your data. We share it only in a strictly limited manner with:

  • Payment processors: Stripe Inc. and partner banking institutions (under PCI-DSS certification).
  • Public authorities: tax authorities, courts, supervisory bodies — exclusively upon legal request.
  • Cloud providers: AWS (Amazon), Google Cloud — under GDPR-compliant Data Processing Agreements (DPA).
  • Technical partners: exclusively under strict contractual confidentiality and non-disclosure clauses.

6. Data Security

We apply Enterprise-grade technical and organizational measures:
• Encryption at rest: AES-256.
• Encryption in transit: TLS 1.3.
• Role-based access control: RBAC with multi-factor authentication (MFA).
• Regular security audits and penetration testing.
• Internal access policies based on the least privilege principle.

7. Your Rights Under GDPR

Under Regulation (EU) 2016/679, you have the following rights which you may exercise at any time:

  • Right of access (Art. 15) — to receive a copy of your processed data.
  • Right to rectification (Art. 16) — correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — 'Right to be forgotten', subject to legal conditions.
  • Right to restriction of processing (Art. 18) — temporary blocking of processing.
  • Right to data portability (Art. 20) — receiving your data in a structured format.
  • Right to object (Art. 21) — including against direct marketing processing.

8. Data Retention Period

We retain your data according to these criteria:
Contractual and financial data: for the duration of the contract + 5 years (fiscal and legal compliance).
Technical security data (logs): maximum 90 days.
Marketing data (newsletter): until consent is withdrawn.

Upon expiry of the retention period, data is permanently deleted or irreversibly anonymized.

9. Contact & Data Protection Officer

To exercise your rights or for any questions regarding data processing, contact us at: business@empirex.tech.
We will respond to requests within a maximum of 30 calendar days, as required by GDPR.

You also have the right to file a complaint with the supervisory authority: ANSPDCP, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest 010336, Romania.

10. Policy Updates

We reserve the right to update this policy to reflect legislative or operational changes. The updated version will be published on this page with its effective date. For significant changes, we will notify you by email.