Data protection

Your data is protected

We respect and protect your personal data in accordance with the General Data Protection Regulation (GDPR). Here you will find complete information about what data we collect, why, and how we protect it.

Data protection highlights

GDPR compliant

Full compliance with Regulation (EU) 2016/679

Encrypted data

256-bit SSL, bcrypt encrypted passwords

Your rights

Access, rectification, erasure, portability

Transparency

You know exactly what data we collect and why

Data controller

Who manages your data

Prime Network SRL

CUI: RO40051844

Headquarters

Drm. Maracineni 33B, Bucharest

Data protection contact

contact@primemedical.ro

Last updated

23 February 2026

Data collected

What personal data we collect

Identification data

  • First and last name
  • Email address
  • Phone number
  • Delivery and billing address

Account data

  • Email address (authentication)
  • Password (encrypted bcrypt, 12+ rounds)
  • Communication preferences
  • Order history

Payment data

  • Processed exclusively through Stripe
  • We do not store card data
  • Stripe transaction ID
  • Payment method used

Technical data

  • IP address
  • Browser and device type
  • Cookies (see Cookie Policy)
  • Website navigation data

Legal basis

Why we process your data

Performance of the sales contract

Art. 6(1)(b) GDPR — contractual necessity

Order processing, product delivery, subscription management, invoicing

Legal obligations

Art. 6(1)(c) GDPR — legal obligation

Tax and accounting records, reporting to authorities, ANMDMR compliance

Legitimate interest

Art. 6(1)(f) GDPR — legitimate interest

Fraud prevention, website security, service improvement, customer support

Consent

Art. 6(1)(a) GDPR — consent

Newsletter, marketing cookies, promotional communications

Your rights

Your rights under GDPR

You can exercise any of these rights by contacting us at contact@primemedical.ro. We will respond within 30 days.

Right of access

You can request confirmation that your data is being processed and obtain a copy of it.

Right to rectification

You can request correction of inaccurate data or completion of incomplete data.

Right to erasure

You can request deletion of personal data, subject to legal retention obligations.

Right to restriction

You can request restriction of processing under certain conditions provided by GDPR.

Right to portability

You can receive personal data in a structured, commonly used, and machine-readable format.

Right to object

You can object to data processing for direct marketing purposes at any time.

Data sharing

Who we share data with

We only share data with processors strictly necessary for our services to function.

Stripe

Payment processingEU / USA (SCC)

Payment data (card)

Sameday

Package deliveryRomania

Name, address, phone

SmartBill

Tax invoicingRomania

Name, address, Tax ID (if applicable)

SMTP (Email)

Email communicationsEU

Email address, name

Cloudflare

CDN and securityGlobal (SCC)

IP address, technical data

Data retention

How long we keep data

Active account dataDuration of account existence
Order data10 years (tax obligations)
Invoicing data10 years (accounting obligations)
Marketing dataUntil consent withdrawal
Technical logs90 days
CookiesVariable (see Cookie Policy)

Security

How we protect your data

SSL/TLS encryption

All communications between browser and our servers are encrypted with 256-bit SSL protocol.

Encrypted passwords

Passwords are encrypted with bcrypt (12+ rounds). We never store passwords in plain text.

Restricted access

Data access is limited to authorized personnel, based on the principle of minimization.

Continuous monitoring

We continuously monitor systems for unauthorized access or anomalies.

Supervisory authority

If you believe that the processing of your personal data does not comply with GDPR, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) — www.dataprotection.ro.

Frequently Asked Questions

How can I access or download my personal data?

You can view and modify data from your account on the site (Profile section). For a complete copy of your data, send a request to contact@primemedical.ro. We will respond within 30 days.

How can I request deletion of my data?

Send a deletion request to contact@primemedical.ro or through the contact form. We will process the request within 30 days. Certain data may be retained if we have legal obligations (e.g., tax data — 10 years).

Is my card data stored on your servers?

No. Card data is processed exclusively by Stripe, which is PCI DSS Level 1 certified. We do not have access to your full card number and do not store any sensitive payment information on our servers.

How can I unsubscribe from the newsletter?

Each newsletter email contains an unsubscribe link at the bottom. You can also modify your communication preferences from your account or contact us directly.

Do you transfer my data outside the EU?

Some processors (Stripe, Cloudflare) may process data outside the EU, but exclusively based on Standard Contractual Clauses (SCC) approved by the European Commission, ensuring an adequate level of protection.

This privacy policy complies with Regulation (EU) 2016/679 (GDPR), Law no. 190/2018 on GDPR implementation measures, and Directive 2002/58/EC on the privacy of electronic communications (ePrivacy).

Questions about your data?

Contact us anytime for information about your personal data or to exercise your rights under GDPR.