top of page


on EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC

UNBOX Management Solutions is in line with Regulation (EU) 2016/679 of the European Parliament and of the Council – on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to in this Plan as the 'Regulation' or 'GDPR') which is applicable from 25 May 2018.

This Policy applies to:

a) UNBOX Management Solutions Departments and Staff

b) Partners, providers and persons working on behalf of UNBOX Management Solutions



a) Operator – entity – in this case, UNBOX Management Solutions or any other legal person, public authority, agency or non-governmental organisation, who processes or determines the purposes and means of processing personal data;

b)Personal data - any information about an identified or identifiable natural person; an identifiable person is that person who can be identified – directly or indirectly, by reference to an identification element: name/first name, address, personal numeric code, e-mail, telephone, income, biometric data, image, IP address or by reference to medical, genetic, ethical or racial origin data, political, religious, philosophical, cultural or trade union beliefs;

c) The person concerned – any natural person whose personal data may be or are processed by the controller;



UNBOX Management Solutions, as a personal data controller, headquartered in Ilfov, Voluntari City, Pipera Blvd., No. 1H, Vila M02, and. 1, about. 1 and working point in Aviator Popisteanu Street, no.14, ap.3, Sector 1, Bucharest, registered in the Trade Register with no. J23/5302/2019, Tax Code No. 41956744, tel: +40. 0722 321 489, email: is responsible for processing the personal data it collects directly from the individuals concerned or from other legal sources.


UNBOX Management Solutions is an operator according to the GDPR regulations. In order for the data of the individuals concerned to be processed securely, we have made every effort to implement reasonable steps to protect their personal information.

When the individual concerned enters into a relationship of any kind with us, he entrusts us with his data and information.


The purpose of this General Privacy Policy is to explain to the individuals concerned what data we process, why we process it and what we do with it, as an operator. We take privacy seriously and never send lists or email addresses. Being fully aware that personal information belongs to each individual, we do our best to store it safely and process it carefully. We do not provide information to third parties without informing data subjects in advance.


According to the legislation, the natural person receiving our services or the person in a relationship of any kind with us, is a "target person", i.e. an identified or identifiable natural person. In order to be fully transparent with regard to data processing and to allow it to easily exercise its rights at any time, we have implemented measures to facilitate communication between us, the data controller and the data subject.



Protecting the personal information of data subjects is very important to us. That is why we are committed to complying with the new Regulation (EU) 2016/679, the relevant national legislation, as well as the following principles:

a) Legality, fairness and transparency:

We process personal data legally and correctly. We are always transparent about the information we use and the person concerned is properly informed.

b) Control belongs to the natural person concerned

Within the limits of the law, we offer it the opportunity to examine, modify, delete the personal data it has shared with us and to exercise its other rights.

c) Data integrity and scope limitation:

We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that your personal data is accurate, complete and up-to-date.

d) Security:

We have implemented reasonable security and encryption measures to best protect information. However, it should be noted that no website, application and internet connection is completely secure.



If there are any questions or concerns about the processing of data from data subjects or they wish to exercise their legal rights in relation to the data we hold, or if there are concerns about how we deal with any privacy issue, any interested data subject can write to us at the e-mail address:

We may change this General Privacy Policy at any time. All updates and changes to this Policy are valid as soon as they are notified, which we will make by posting on the website and/or notification by email.



When data subjects interact in any way with us, they may provide us or obtain from other sources information such as:

a) Name/First name

b) E-mail

c) Telephone

d) Information about purchased products and services



We collect the information of data subjects for specific and legitimate purposes which include, but is not limited to, the following:

a) In order to be able to communicate with the parties concerned

b) In order to carry out actions that are the subject of the activity of our unit

c) To take the right decision to conclude or execute/amend a contract between the data subjects and the

d) To answer the questions and requests of data subjects

e) For marketing purposes, but only if we have the prior consent of the data subject

f) To diagnose or fix technical problems

g) To show unity against cyber attacks

h) For the creation and/ or maintenance of user accounts

i) To comply with the legislation

j) For the finding or claim of a right in court



a) The person concerned has given his consent to the processing of personal data for the purpose of carrying out the specific activities of our unit. It should be noted that the data subject may withdraw his consent at any time by submitting a written request to the e-mail address: 

b) Processing is necessary for the conclusion or performance of a contract between the person concerned and our

c) Processing is necessary in order to fulfil a legal obligation of the

d) Processing is necessary to protect the vital interests of the natural person concerned or of another natural person

e) Processing is necessary for the purposes of our legitimate interests or of another party



We store personal data only for the period necessary to fulfill the purposes, but not more than 10 years after the termination of the contract or the last interaction of the natural person concerned with our unit. After the end of the period, the personal data of the data subjects will be destroyed or deleted from computer systems or converted into anonymous data for use for scientific, historical or statistical research purposes.

It should be noted that in certain expressly regulated situations, we store the data for the period required of us by law.



Our unit confirms that the personal data obtained is securely stored or destroyed, in forming the data processing platforms with our providers in which they have assured us that they comply with the GDPR.


To this end, we may disclose the data of the natural persons concerned, in compliance with the applicable law, to partners or other third parties, such as their own authorities. 

For example, we may provide personal data to other operators such as IT or telecommunications service providers, accounting, legal services, service providers and other third parties with whom we have a contractual relationship. These third parties are selected with special care so that this data is processed only for the purposes we indicate.

Our unit could also share data with individuals concerned to partners or service providers as a result of a joint effort to provide a product or service.

We constantly make reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. With these third parties we have contractual clauses so that the data of the data subject is protected. We assure you that any transfer is legitimate, based on consent or other legal basis.


Personal information may also be provided to the authorities (prosecutor, police, courts, etc.) and other competent bodies of the State, on the basis and within the limits of the legal provisions and following expressly made requests.

Within reasonable limits, our unit will ensure that the data of data subjects does not leave the European Economic Area, but to the extent that it transfers data to non-EEA countries, it shall in all cases ensure that the transfers are legitimate, based on the explicit consent of the data subject or other legal basis.



a) Right to withdraw consent where processing is done on the basis of consent

b) Right to be informed of the processing of personal data

c) Right of access to data

d) Right to rectify inaccurate or incomplete data

e) Right of deletion ("right to be forgotten")

f) Right to restriction of processing

g) Right to transmit the data we have about the person concerned to another controller

h) Right to object to data processing

i) The right not to be the subject of a decision based solely on automatic processing, including the creation of

j) Right to seek justice

k) The right to lodge a complaint with the Supervisory Authority.


In this context, we inform any natural person concerned that:

a) May withdraw its consent to the processing of sensitive data or/and direct marketing at any time by following the unsubscribe instructions in each email/sms or other type of e-mail message.

b) If he wishes to exercise his rights, he may do so by submitting a written, signed and dated request to the e-mail address:


The rights listed above are not absolute. There are exceptions, so each request received will be reviewed so that it can be decided whether it is well founded or not. To the extent that the claim is well founded, our unit will facilitate the exercise of your rights. If the request is unfounded, it rejects it, but informs the data subjects of the reasons for the refusal and of the rights of them to lodge a complaint with the Supervisory Authority and to seek justice.


Our unit will try to respond to the data subject's request within 30 days. However, the time limit may be extended on the basis of various aspects, such as the complexity of the application, the large number of applications received or the inability to identify the person concerned within a good time.

If, although it makes every effort, our unit fails to identify the person concerned and the person does not provide him with additional information in order to be able to identify him, the unit will not be obliged to comply with the request.



If there are any questions or concerns about the processing of the data subject's information or he wishes to exercise his or her legal rights or has any other concerns about confidentiality, we may be contacted at the e-mail address, mail addressed to the Data Protection Officer within the unit.


We inform you that we may change or modify this Policy periodically. This can happen, for example, because of changes in legislation or because of internal reorganization.   

bottom of page