1. Introduction
ControlMax respects the confidentiality of your personal data and is committed to protecting the information we collect and process in accordance with the General Data Protection Regulation (GDPR) and applicable Romanian legislation.
This policy describes what data we collect, how we use it, how we protect it and what your rights are.
2. Data Collected
We collect the following categories of personal data:
- Identification data: name, surname, email address, phone number
- Company data: name, tax ID, address, contact details
- Authentication data: username, encrypted password
- Usage data: access logs, IP addresses, browser type, device
- Location data: GPS coordinates for vehicle tracking and time tracking (only with explicit consent)
- Financial data: payment and billing information (processed through PCI DSS certified third-party processors)
3. Purpose of Processing
We use collected data for the following purposes:
- Providing ControlMax platform services
- Account management and user authentication
- Payment processing and invoice issuance
- Customer communication and technical support
- Service improvement and optimization
- Compliance with legal obligations
- Fraud prevention and security assurance
4. Legal Basis for Processing
We process your data on the following legal bases:
- Contract execution: to provide requested services
- Consent: for certain optional features (e.g., GPS tracking)
- Legal obligation: to comply with tax and legal requirements
- Legitimate interest: for service improvement and fraud prevention
5. Data Sharing
We do not sell, rent or share your personal data with third parties for marketing purposes. We may share data only in the following circumstances:
- Service providers: payment processors, cloud hosting services, email services (all comply with GDPR)
- Legal obligations: public authorities when required by law
- Explicit consent: when you have given consent for sharing
6. Data Security
We implement technical and organizational measures to protect data:
- SSL/TLS encryption for data transmission
- Database encryption
- Two-factor authentication (2FA) available
- Continuous monitoring and security logs
- Restricted data access only for authorized personnel
- Regular backups and disaster recovery plan
7. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected or in accordance with legal obligations (e.g., 10 years for tax documents). After account termination, data is deleted within 90 days, except what is necessary to comply with legal obligations.
8. Your Rights
Under GDPR, you have the following rights:
- Right of access: to obtain a copy of processed data
- Right to rectification: to correct inaccurate or incomplete data
- Right to erasure: to request data deletion ("right to be forgotten")
- Right to restriction: to limit processing under certain conditions
- Right to portability: to receive data in a structured format
- Right to object: to object to processing based on legitimate interest
- Right to withdraw consent: at any time for consent-based processing
To exercise these rights, contact us at contact@controlmax.ro.
9. Cookies
We use essential cookies for platform operation (authentication, preferences). We do not use marketing cookies without your explicit consent.
10. Policy Changes
We reserve the right to update this policy. We will notify you via email of any significant changes 30 days before implementation.
11. DPO Contact
Data Protection Officer (DPO):
Email: dpo@controlmax.ro
Phone: +40 790 827 957