Your data is protected
We respect and protect your personal data in accordance with the General Data Protection Regulation (GDPR). Here you will find complete information about what data we collect, why, and how we protect it.
Data protection highlights
GDPR compliant
Full compliance with Regulation (EU) 2016/679
Encrypted data
256-bit SSL, bcrypt encrypted passwords
Your rights
Access, rectification, erasure, portability
Transparency
You know exactly what data we collect and why
Data controller
Who manages your data
Prime Network SRL
CUI: RO40051844
Headquarters
Drm. Maracineni 33B, Bucharest
Data protection contact
contact@primemedical.ro
Last updated
23 February 2026
Data collected
What personal data we collect
Identification data
- First and last name
- Email address
- Phone number
- Delivery and billing address
Account data
- Email address (authentication)
- Password (encrypted bcrypt, 12+ rounds)
- Communication preferences
- Order history
Payment data
- Processed exclusively through Stripe
- We do not store card data
- Stripe transaction ID
- Payment method used
Technical data
- IP address
- Browser and device type
- Cookies (see Cookie Policy)
- Website navigation data
Legal basis
Why we process your data
| Purpose | Legal basis | Examples |
|---|---|---|
| Performance of the sales contract | Art. 6(1)(b) GDPR — contractual necessity | Order processing, product delivery, subscription management, invoicing |
| Legal obligations | Art. 6(1)(c) GDPR — legal obligation | Tax and accounting records, reporting to authorities, ANMDMR compliance |
| Legitimate interest | Art. 6(1)(f) GDPR — legitimate interest | Fraud prevention, website security, service improvement, customer support |
| Consent | Art. 6(1)(a) GDPR — consent | Newsletter, marketing cookies, promotional communications |
Performance of the sales contract
Art. 6(1)(b) GDPR — contractual necessity
Order processing, product delivery, subscription management, invoicing
Legal obligations
Art. 6(1)(c) GDPR — legal obligation
Tax and accounting records, reporting to authorities, ANMDMR compliance
Legitimate interest
Art. 6(1)(f) GDPR — legitimate interest
Fraud prevention, website security, service improvement, customer support
Consent
Art. 6(1)(a) GDPR — consent
Newsletter, marketing cookies, promotional communications
Your rights
Your rights under GDPR
You can exercise any of these rights by contacting us at contact@primemedical.ro. We will respond within 30 days.
Right of access
You can request confirmation that your data is being processed and obtain a copy of it.
Right to rectification
You can request correction of inaccurate data or completion of incomplete data.
Right to erasure
You can request deletion of personal data, subject to legal retention obligations.
Right to restriction
You can request restriction of processing under certain conditions provided by GDPR.
Right to portability
You can receive personal data in a structured, commonly used, and machine-readable format.
Right to object
You can object to data processing for direct marketing purposes at any time.
Data sharing
Who we share data with
We only share data with processors strictly necessary for our services to function.
| Processor | Purpose | Shared data | Location |
|---|---|---|---|
| Stripe | Payment processing | Payment data (card) | EU / USA (SCC) |
| Sameday | Package delivery | Name, address, phone | Romania |
| SmartBill | Tax invoicing | Name, address, Tax ID (if applicable) | Romania |
| SMTP (Email) | Email communications | Email address, name | EU |
| Cloudflare | CDN and security | IP address, technical data | Global (SCC) |
Stripe
Payment processing — EU / USA (SCC)
Payment data (card)
Sameday
Package delivery — Romania
Name, address, phone
SmartBill
Tax invoicing — Romania
Name, address, Tax ID (if applicable)
SMTP (Email)
Email communications — EU
Email address, name
Cloudflare
CDN and security — Global (SCC)
IP address, technical data
Data retention
How long we keep data
Security
How we protect your data
SSL/TLS encryption
All communications between browser and our servers are encrypted with 256-bit SSL protocol.
Encrypted passwords
Passwords are encrypted with bcrypt (12+ rounds). We never store passwords in plain text.
Restricted access
Data access is limited to authorized personnel, based on the principle of minimization.
Continuous monitoring
We continuously monitor systems for unauthorized access or anomalies.
Supervisory authority
If you believe that the processing of your personal data does not comply with GDPR, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) — www.dataprotection.ro.
Frequently Asked Questions
How can I access or download my personal data?
You can view and modify data from your account on the site (Profile section). For a complete copy of your data, send a request to contact@primemedical.ro. We will respond within 30 days.
How can I request deletion of my data?
Send a deletion request to contact@primemedical.ro or through the contact form. We will process the request within 30 days. Certain data may be retained if we have legal obligations (e.g., tax data — 10 years).
Is my card data stored on your servers?
No. Card data is processed exclusively by Stripe, which is PCI DSS Level 1 certified. We do not have access to your full card number and do not store any sensitive payment information on our servers.
How can I unsubscribe from the newsletter?
Each newsletter email contains an unsubscribe link at the bottom. You can also modify your communication preferences from your account or contact us directly.
Do you transfer my data outside the EU?
Some processors (Stripe, Cloudflare) may process data outside the EU, but exclusively based on Standard Contractual Clauses (SCC) approved by the European Commission, ensuring an adequate level of protection.
This privacy policy complies with Regulation (EU) 2016/679 (GDPR), Law no. 190/2018 on GDPR implementation measures, and Directive 2002/58/EC on the privacy of electronic communications (ePrivacy).
Questions about your data?
Contact us anytime for information about your personal data or to exercise your rights under GDPR.