Privacy Policy
Last updated: 9 April 2026
1. Who we are
The data controller is:
- Company: PIESE ROBOTICA COMPETII SRL
- VAT: RO45585673
- Address: Str Principal 155D, Soimus, Romania
- Email: [email protected]
- Phone: +40 757 155 115
- Website: https://ental.es
2. What data we collect
Depending on how you use the Platform, we may collect the following categories of data:
Data you provide directly:
- Account data: email address, name (optional), password (stored encrypted).
- Billing data: full name or company name, billing address, VAT number (for legal entities).
- Form content: forms you create and the responses collected through them.
Data collected automatically:
- Technical data: IP address, browser type (user agent), operating system, screen resolution.
- Usage data: pages visited, actions taken within the Platform, timestamps.
- Performance data: loading times, errors encountered (to improve the service).
3. Why we collect data (GDPR legal bases)
We process your data based on the following legal grounds provided by Article 6 of Regulation (EU) 2016/679 (GDPR):
| Purpose | Legal basis | Data involved |
|---|---|---|
| Providing the service | Contract performance (Art. 6(1)(b)) | Email, password, forms, responses |
| Processing payments | Contract performance (Art. 6(1)(b)) | Billing data |
| Tax obligations | Legal obligation (Art. 6(1)(c)) | Invoices, billing data |
| Service improvement | Legitimate interest (Art. 6(1)(f)) | Usage data, errors, performance |
| Platform security | Legitimate interest (Art. 6(1)(f)) | IP, user agent, access logs |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Cookies
The Platform uses a minimal number of cookies, strictly necessary for operation:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| session_id | Strictly necessary | Maintaining the authentication session | Session |
| lang | Functional | Language preference | 1 year |
| theme | Functional | Theme preference (light/dark) | 1 year |
We do not use third-party tracking cookies. We do not use Google Analytics, Facebook Pixel or other external tracking tools. Traffic analysis is done through privacy-friendly solutions, without cookies.
5. How long we keep data
- Account data and forms: as long as the account is active. After account deletion, data is retained for 30 days (for recovery), then permanently deleted.
- Form responses: as long as the form exists and the account is active. The User can delete responses at any time.
- Billing data and invoices: 10 years from the date of invoice issuance, in accordance with Romanian accounting and tax law.
- Security logs: maximum 90 days.
- Analytics data: aggregated and anonymized, retained indefinitely (does not contain personal data).
6. Who we share data with
We share your data only with providers strictly necessary for operating the Service:
| Provider | Purpose | Location |
|---|---|---|
| Netopia Payments / Noda | Payment processing (Open Banking, card) | Romania (EU) |
| Stripe | International card payment processing | EU (European servers) |
| Cloudflare | CDN, DDoS protection, DNS | EU (European servers) |
| Railway | Infrastructure hosting | EU/EEA |
| Resend | Transactional email delivery | EU/US (standard contractual clauses) |
We do not sell, rent or transfer your data to third parties for marketing purposes. We do not transfer data outside the European Union / European Economic Area without adequate safeguards.
7. Your rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): you can request a copy of the data we hold about you.
- Right to rectification (Art. 16): you can request the correction of inaccurate data or the completion of incomplete data.
- Right to erasure (Art. 17): you can request the deletion of your data ("right to be forgotten").
- Right to restriction of processing (Art. 18): you can request the limitation of data processing in certain situations.
- Right to data portability (Art. 20): you can request your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21): you can object to the processing of data based on legitimate interest.
- Right to withdraw consent (Art. 7): for consent-based processing, you can withdraw consent at any time, without affecting the lawfulness of prior processing.
8. How to exercise your rights
To exercise any of the rights mentioned above, send an email to:
We will respond within a maximum of 30 days from receiving the request. In complex cases, the deadline may be extended by 60 days, with prior notification.
Exercising your rights is free of charge. In the case of manifestly unfounded or excessive requests (e.g., repetitive), we reserve the right to charge a reasonable fee or refuse the request, in accordance with Art. 12(5) GDPR.
9. Supervisory authority
If you believe that the processing of your data violates GDPR, you have the right to file a complaint with the competent supervisory authority:
- Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
- Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
- Website: www.dataprotection.ro
- Email: [email protected]