Privacy Policy
Last updated: April 27, 2026
1. Data Controller
The data controller is Digital Leadership S.R.L., Tax ID (CUI) 38585123, Reg. No. J2017006715126, registered in Cluj-Napoca, Romania. You can reach us at razvan@generativa.ro or by phone at +40 757 532 054.
2. Personal Data Collected
We collect and process the following personal data:
2.1. At order and invoicing
- Full name (or company name)
- Email address
- Phone number
- Billing details (Tax ID, address, IBAN where applicable)
We do not collect or store payment card data. Payments go through bank transfer - directly between your bank and ours. We never sit in the middle of your financial data.
2.2. At remote deployment
- The email associated with your VRM (Victron Remote Management) account
- VRM Site ID
- Temporary “Installer” access to your Cerbo GX, granted by you
Access is used exclusively to deploy your package and to push later updates. We can revoke access on request, at any time.
2.3. When browsing the site
- IP address (anonymized)
- Browser and device type
- Pages visited and visit duration
- Essential cookies and, with consent, analytics cookies (see Cookie Policy)
2.4. When contacting support
- Name and email address
- Content of messages sent
2.5. Technical data from product use
VenusLogic packages run locally on your device (Cerbo GX). We do not continuously collect data from your solar system. The VRM access you grant is used only at deployment time and during planned updates, announced in advance.
3. Purpose of Processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Order processing, invoicing, and bank-transfer settlement | Art. 6(1)(b) - Performance of contract |
| Remote deployment on the Buyer's system | Art. 6(1)(b) - Performance of contract |
| Product update notifications | Art. 6(1)(f) - Legitimate interest |
| Tax and accounting obligations (invoice, ledger) | Art. 6(1)(c) - Legal obligation |
| Anonymized site traffic analysis | Art. 6(1)(a) - Consent |
| Support request responses | Art. 6(1)(f) - Legitimate interest |
4. Data Retention and Automatic Deletion
- Order form submissions: data submitted via the order form is not stored in a database we own. It transits Vercel servers (logs auto-expire within 24h on the current plan) and Resend (logs auto-expire within 30 days per their policy), then reaches our email inbox. We keep it there for at most 12 months from your last interaction. Inquiries with no activity for 12 months are removed from the inbox.
- Order and invoicing data (after invoice issuance): 10 years from transaction date - fiscal obligation under Romanian Accounting Law 82/1991. Only data strictly required for the invoice (name/company, Tax ID, address, amount), not free-form messages.
- Browsing data: 26 months
- Support data: 2 years from last interaction
- VRM access: revoked immediately after deployment; reactivated only for planned updates, with your consent
Automatic deletion is enforced by a combination of: (a) no proprietary database for form submissions, (b) limited retention by sub-processors (Vercel, Resend), (c) a 12-month inbox cleanup rule on our side. For immediate deletion (“right to be forgotten”, Art. 17 GDPR), see Section 7.
5. Sub-processors
Personal data may be shared with the following sub-processors:
| Sub-processor | Purpose | Data location | DPA |
|---|---|---|---|
| Vercel, Inc. | Website hosting, CDN | EU (Frankfurt, Germany) | Yes |
| Seller's bank | Bank-transfer settlement | EU (Romania) | Per banking agreement |
| Victron Energy B.V. (VRM) | Remote access to Cerbo GX for deployment | EU (Netherlands) | Privacy Policy |
We do not sell, rent, or share personal data with third parties for marketing purposes.
6. International Data Transfers
All our main sub-processors process data within the European Union. We do not perform intentional transfers outside the EU/EEA. Should an exception arise, the transfer would be carried out under the European Commission's Standard Contractual Clauses (SCCs) or another mechanism recognized by GDPR (Art. 46).
7. Your Rights
Under Regulation (EU) 2016/679 (GDPR), you have the following rights:
- Right of access (Art. 15) - request a copy of your personal data
- Right to rectification (Art. 16) - request correction of inaccurate data
- Right to erasure (Art. 17) - request deletion (“right to be forgotten”)
- Right to restriction (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent (Art. 7) - without affecting the lawfulness of prior processing
- Right not to be subject to automated decision-making (Art. 22) - we do not use automated decision-making
To exercise these rights, contact us at razvan@generativa.ro. We will confirm receipt within 48 hours and respond within 30 calendar days.
8. Right to Lodge a Complaint
If you believe the processing of your personal data violates GDPR, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):
- Website: dataprotection.ro
- Email: anspdcp@dataprotection.ro
EU residents may also contact their local Data Protection Authority.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- HTTPS/TLS encryption for all site communications
- Restricted access to accounting documents (invoices, order ledger)
- Multi-factor authentication for administrative systems
- Minimum-required VRM access, revoked after deployment
- Periodic software dependency audits
10. Cookies
We use essential cookies for site functionality. Analytics cookies are only activated with your explicit consent. For full details, see our Cookie Policy.
11. Children
Our site and products are not intended for persons under 18. We do not knowingly collect personal data from minors. If you discover a minor has provided us with personal data, please contact us for deletion.
12. Changes
We reserve the right to update this policy. Any significant change will be communicated by email or via a notice on the site. The current version is always available on this page.
13. Applicable Law
This policy complies with Regulation (EU) 2016/679 (GDPR), Romanian Law 190/2018 implementing GDPR, and Directive 2002/58/EC (ePrivacy).