GDPR Compliance

ControlMax is fully compliant with the General Data Protection Regulation (GDPR)

Our GDPR Commitment

ControlMax takes the protection of personal data with the utmost seriousness. We have implemented all necessary technical and organizational measures to ensure full GDPR compliance and to protect the rights of data subjects.

GDPR Principles We Follow

1. Lawfulness, Fairness and Transparency

We process data lawfully, fairly and transparently. We always inform you about what data we collect and why.

2. Purpose Limitation

We collect data only for specific, explicit and legitimate purposes. We do not use it later in ways incompatible with these purposes.

3. Data Minimization

We collect only data that is adequate, relevant and limited to what is necessary for processing purposes.

4. Accuracy

We keep data accurate and up-to-date. Inaccurate data is deleted or corrected without delay.

5. Storage Limitation

We keep data only as long as necessary for the purposes for which it is processed.

6. Integrity and Confidentiality

We process data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing.

Your GDPR Rights

Right of Access

You have the right to obtain a copy of the personal data we process about you.

Right to Rectification

You can request the correction of inaccurate data or completion of incomplete data.

Right to Erasure ("Right to be Forgotten")

In certain circumstances, you can request the deletion of your personal data.

Right to Restriction of Processing

You can request limitation of how we process your data in certain situations.

Right to Data Portability

You can request your data in a structured, commonly used and machine-readable format.

Right to Object

You can object to processing of data based on legitimate interest or for direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Security Measures

We have implemented robust technical and organizational measures to protect data:

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication available
  • Role-based access control (RBAC) for granular control
  • Continuous monitoring and intrusion detection
  • Complete audit trails for all sensitive operations
  • Encrypted and regularly tested backups
  • Mandatory GDPR training for all staff

International Transfers

Data is stored and processed in the European Union. If we use third-party providers outside the EU, we ensure that appropriate safeguards (standard contractual clauses or Privacy Shield certifications) exist to protect your data.

Data Security Breaches

In the event of a data security breach that poses a risk to your rights and freedoms, we will notify you within 72 hours as required by GDPR. We will also notify the relevant supervisory authorities.

Impact Assessments

We conduct periodic Data Protection Impact Assessments (DPIA) for new features that may present high risks to the rights of data subjects, such as GPS tracking or automated decision processing.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Data Protection Officer (DPO)

Email: dpo@controlmax.ro

Phone: +40 790 827 957

We will respond to your request within 30 days.

Supervisory Authority

If you believe your GDPR rights have been violated, you have the right to file a complaint with the competent supervisory authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP)

Website: www.dataprotection.ro

Email: anspdcp@dataprotection.ro

Phone: +40 21 252 5599