Privacy Policy
This policy explains how Casa Di Arancina processes personal data in connection with the website hlm.ro — an educational and informational website dedicated to the German Shepherd breed — as well as interactions through the contact form, email, phone or social media.
Data Controller
Casa Di Arancina
Owner: Ciprian Gherghe · Natural person
Personal Data Collected
We collect the following categories of personal data:
Identification data
Name, email address, phone number — provided through the contact form or direct communication.
Technical data
IP address, browser type, operating system, pages visited, visit duration — through cookies and analytics tools.
Communication content
Messages sent through the contact form, email or social media (Facebook, Instagram).
Purposes and Legal Bases for Processing
Each category of data is processed for specific purposes, with a clearly defined legal basis under GDPR:
We do not carry out commercial activity and do not process data for contractual, financial or direct marketing purposes.
| Purpose | Legal basis | Data processed |
|---|---|---|
| Responding to informational requests about the breed, care and training | Legitimate interest — Art. 6(1)(f) | Identification, contact, message |
| Website improvement and user experience | Legitimate interest — Art. 6(1)(f) | Technical data, analytics |
| Website security | Legitimate interest — Art. 6(1)(f) | IP, server logs |
Data Recipients
We do not sell or transfer your data. We may involve third parties solely for the technical operation of the website:
Service providers
- Hosting and email providers — limited to what is necessary for delivering technical services
- Google Analytics — anonymized data, for traffic statistics
Social platforms
- Facebook, Instagram — only within the scope of interactions initiated by you on those platforms
Public authorities
- Only if a legal obligation expressly requires it
Transfers Outside the EEA
Certain technical providers (e.g. Google) may process data outside the European Economic Area, based on the EU-US Data Privacy Framework and standard contractual clauses adopted by the European Commission.
Adequacy decisions
EU-US Data Privacy Framework
Standard contractual clauses
SCCs adopted by the European Commission
Additional measures
Appropriate technical and organizational measures
Data Retention Period
We retain data only as long as necessary. After the retention periods expire, data is deleted or anonymized.
| Category | Duration |
|---|---|
| Contact form data | Max. 24 months from last interaction |
| Server logs | 12 months |
| Cookies | Per the cookie policy |
Data Security
We implement technical and organizational measures to protect data against unauthorized access, loss or destruction.
Encrypted connections
HTTPS across the entire website
Restricted access
Role-based and password-protected access
Regular backups
Routine backup copies
Your Rights
Under GDPR, you have the following rights:
Right of access
Obtain a copy of your personal data
Right to rectification
Correction of inaccurate data
Right to erasure
Deletion of personal data
Right to object
Object to processing based on legitimate interest
Data portability
Receive data in a structured format
Restriction of processing
Limit processing under certain conditions
Withdrawal of consent
At any time, without affecting prior processing
How to exercise your rights
We will respond within 30 days of receiving your request.
Complaint to ANSPDCP
You have the right to file a complaint with the National Supervisory Authority for Personal Data Processing:
Website: www.dataprotection.ro
CONTACT
Questions about your data?
Exercising GDPR rights is free. We respond within 30 days.