Privacy Policy

1. Introduction

Digital Cemetery is committed to protecting the privacy of your personal data. This Privacy Policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller is Digital Cemetery. For any questions regarding data processing, you can contact us at: contact@cimitiruldigital.ro

3. Personal Data We Collect

3.1 Data Provided by Users

• Account data: name, email address, password (encrypted)
• Billing data: full name, address, tax ID (if applicable)
• Memorial data: information about commemorated persons, photos, biographies
• Contact messages: name, email, message content

3.2 Automatically Collected Data

• IP address
• Browser type and version
• Pages visited and time spent on site
• Cookies and similar technologies

4. Purposes of Processing

We process your personal data for the following purposes:

• Providing and managing our services
• Processing payments and issuing invoices
• Communicating with you about your account and memorials
• Improving the platform and user experience
• Complying with legal obligations

5. Legal Basis for Processing

• Contract performance: for providing requested services
• Consent: for marketing communications (if applicable)
• Legitimate interest: for improving services and platform security
• Legal obligation: for maintaining tax records

6. Data Sharing

We may share your data with:

• Payment processors: Revolut for transaction processing
• Service providers: hosting, email, backups (all in EU or with standard contractual clauses)
• Authorities: when required by law

We do not sell or rent your personal data to third parties.

7. Data Retention Period

• Account data: until account deletion + 30 days
• Billing data: 10 years (per tax legislation)
• Memorial data: permanent (nature of service)
• Contact messages: 2 years or until request resolution
• Access logs: 90 days

8. Your Rights

Under GDPR, you have the following rights:

• Right of access: to obtain a copy of your data
• Right to rectification: to correct inaccurate data
• Right to erasure: to request data deletion (with certain exceptions)
• Right to restriction: to limit processing under certain conditions
• Right to portability: to receive data in a structured format
• Right to object: to object to processing in certain situations

To exercise your rights, contact us at contact@cimitiruldigital.ro. We will respond within 30 days.

9. Cookies

We use the following types of cookies:

• Essential cookies: necessary for site operation (session, authentication)
• Performance cookies: for analysis and site improvement

You can control cookies through your browser settings.

10. Data Security

We implement technical and organizational measures to protect your data:

• SSL/TLS encryption for all data transmissions
• Encrypted password storage (bcrypt hash)
• Regular encrypted backups
• Role-based data access restrictions
• Access monitoring and logging

11. International Transfers

Your data is stored on servers located in the European Union. If a transfer outside the EU is necessary, we ensure adequate safeguards exist (standard contractual clauses, adequacy decisions).

12. Children's Data

We do not knowingly collect personal data from individuals under 16 years of age. If we learn that we have collected such data, we will delete it promptly.

13. Policy Changes

We may update this policy periodically. The current version will always be available on this page. For significant changes, we will notify users via email.

14. Supervisory Authority

If you believe that the processing of your data violates GDPR, you have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):

• Website: www.dataprotection.ro
• Email: anspdcp@dataprotection.ro

15. Contact

For any questions related to this policy or your personal data, you can contact us at contact@cimitiruldigital.ro.