Privacy & Data Protection
This notice explains what personal data IT & Automation collects through this website, the C-ERP license checkout, and support channels — and your rights under the EU General Data Protection Regulation (GDPR) and Romanian Law 190/2018.
Who we are
IT & Automation is a solo engineering practice based in Romania, developing industrial automation solutions, IT infrastructure services, and the C-ERP business management software. As controller, we determine why and how your personal data is processed.
Data we collect
We collect only what is necessary for the services we provide. No special-category data is processed.
- First name, last name
- Email address
- Phone number (optional)
- Company name & CUI (tax ID)
- Message content (support)
- Machine ID (hardware fingerprint)
- C-ERP application version
- License key
- Activation timestamp
- Company name & CUI for invoicing
- Order reference
- Payment is processed by a third-party provider — we do not store card data
- Download counts (aggregated, no IP)
- Page visit timestamps
- Browser/OS type (if analytics enabled)
- Theme & consent preference (localStorage)
Why we process it & legal basis
How long we keep it
- 10 years Invoices, fiscal records, and transaction data — required by Romanian accounting law (Legea 82/1991).
- Lifetime License data (machine ID, key, version) — retained as long as the license is valid to support re-issue requests.
- 3 years Support correspondence and contact-form messages — retained to resolve follow-up enquiries.
- 90 days Aggregated download counters and visit timestamps — rolling window; no personal identifiers stored.
-
Session
Theme preference and cookie consent — stored in browser
localStorage; cleared when you clear site data.
Who we share it with
We do not sell personal data. We share only what is necessary with the following processors and authorities:
- Payment processor Handles card transactions for license purchases. We receive an order reference; card data never touches our servers. Subject to their own privacy policy.
- Email / SMTP provider Used to deliver license files and respond to contact enquiries. Your email address and message content transit through their servers.
- Hosting provider The web server and database are hosted with a provider operating under GDPR-compliant data-processing agreements.
- ANAF (Romanian Tax Authority) CUI (company tax ID) validation is performed via the public ANAF REST API. Only the CUI number is sent; no response data is stored beyond the session.
International transfers
All data is primarily processed within the EU/EEA. If any service provider (e.g. SMTP relay) operates outside the EEA, transfers are protected by the EU Standard Contractual Clauses (SCCs) or an adequacy decision. We will not transfer your data to a third country without an appropriate safeguard in place.
Your rights
Under the GDPR and Romanian Law 190/2018, you have the following rights regarding your personal data:
Request a copy of all personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your data where there is no overriding legal basis.
Ask us to suspend processing while a dispute is resolved.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interest.
Withdraw cookie/analytics consent at any time without affecting prior processing.
Lodge a complaint with the ANSPDCP (Romanian supervisory authority).
Email info@itsoftwareautomation.com with your request. We will respond within one calendar month. We may ask for identity verification before fulfilling access or erasure requests.
Cookies & local storage
This site does not use third-party tracking or advertising cookies. We use browser localStorage for the items below:
| Key | Purpose | Type | Duration |
|---|---|---|---|
| theme | Remembers your dark / light mode preference | Essential | Persistent (until cleared) |
| itauto_gdpr_consent | Records your cookie consent choice so the banner does not reappear | Essential | Persistent (until cleared) |
| Analytics cookies | Optional — loaded only if you click "Accept all". None are currently active. | Optional | Per provider policy |
Security
We take reasonable technical and organisational measures to protect your personal data:
- HTTPS / TLS All data in transit is encrypted via HTTPS. HTTP requests are redirected to HTTPS automatically.
- Access control Server access is restricted to authorised personnel only. Administrative interfaces are not publicly exposed.
- C-ERP: offline-first The C-ERP desktop application is 100% offline — no personal data leaves the machine during normal operation. The license is hardware-locked and cannot be transferred.
- Minimal retention We collect the minimum data needed. Aggregated counters contain no personal identifiers.
If you discover a security vulnerability, please report it responsibly to info@itsoftwareautomation.com.
Changes & contact
We may update this notice when our practices change. The "Last updated" date at the top of the page will reflect the most recent revision. Significant changes will be communicated through the website.
For any privacy-related questions, data-subject requests, or concerns:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, 010336 București
www.dataprotection.ro