Privacy Policy

Last updated: 12 May 2026

1. Who we are (Data Controller)

The personal data controller is NEDWASH A&G S.R.L., with registered office at Tecuci Street no. 137, Galați, postal code 800636, Romania, registered with the Trade Register under no. J17/1347/2013, with VAT RO32416907.

Contact details:

• Phone: +40 771 542 545
• Email: contact@nedwash.ro

2. Legal framework

This policy complies with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR)
• Romanian Law no. 190/2018 on implementing measures of Regulation (EU) 2016/679
• Romanian Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector

3. What personal data we collect

We only collect data necessary to provide our services. This may include:

Data you provide directly

• Identification data: first name, last name
• Contact data: phone number, email address
• Address data: the address of the premises where the service will be performed
• Request data: type of problem (pests, disinfection, etc.), surface area, other relevant details
• For legal entities (companies): company name, VAT, trade register no., registered office, legal representative

Data collected automatically (cookies, analytics)

• IP address
• Browser type and operating system
• Pages visited, time spent on the site
• Source from which you came to the site (referrer)
• Preferred language

For details, see the Cookies Policy.

4. How we collect data

• Directly from you — when you fill in the contact form, call us, write to us by email or visit our headquarters
• Automatically — through cookies and analytics tools when you browse the site
• From third parties — only in exceptional cases (e.g., when a residential association requests service for tenants)

5. Purposes of data processing

We process your data for the following purposes:

• Providing the requested services — preparing the offer, scheduling the intervention, performing the service, issuing the technical report
• Invoicing and collection of services — issuing fiscal documents in accordance with legislation
• Communication with you — confirmation of appointments, intervention notifications, response to questions
• Compliance with legal obligations — archiving pest control documents according to Romanian Ministry of Health Order 119/2014, ECHA reporting, evidence of biocidal substances
• Direct marketing — information about new services, special offers (ONLY with your explicit consent)
• Website improvement — anonymised traffic analysis for optimisation

6. Legal basis for processing

We process your data on the following legal bases (art. 6 GDPR):

• Contract performance (art. 6(1)(b) GDPR) — to provide the requested services
• Legal obligation (art. 6(1)(c) GDPR) — for issuing invoices, archiving DDD documents, reporting to authorities (DSP, ANSVSA, ANAF)
• Consent (art. 6(1)(a) GDPR) — for marketing communications (you can withdraw consent at any time)
• Legitimate interest (art. 6(1)(f) GDPR) — for service improvement and business protection (e.g., keeping client records for warranty)

7. With whom we share your data

We do NOT sell and do NOT rent your data to third parties. We may share them ONLY with:

• Public authorities — at their request, according to law (DSP Galați, ANSVSA, ANAF, courts of law)
• Service providers — strictly to fulfil the contract (accounting firm, web hosting, payment processing). These providers are contractually obligated to comply with GDPR
• Insurer — in the event of insured damages

We do not transfer data outside the European Union/EEA except under the conditions provided by GDPR (adequate agreement, standard contractual clauses, etc.).

8. How long we keep the data

• Data from contact form (potential clients without contract) — 12 months
• Contractual and invoicing data — 10 years (according to the Romanian Fiscal Code, Law 227/2015)
• Technical pest control reports — 5 years (according to GDPR + industry standard)
• Direct marketing data — until consent is withdrawn
• Analytics cookies data — 14 months (Google Analytics standard)

9. Your rights under GDPR

As a data subject, you have the following rights:

• Right of access (art. 15 GDPR) — to find out what data we process about you
• Right to rectification (art. 16 GDPR) — to correct inaccurate data or complete it
• Right to erasure / "right to be forgotten" (art. 17 GDPR) — to request data deletion (except those we are legally required to keep)
• Right to restriction of processing (art. 18 GDPR) — to limit processing in certain situations
• Right to data portability (art. 20 GDPR) — to receive your data in a structured format and transfer it to another controller
• Right to object (art. 21 GDPR) — to object to processing based on legitimate interest or direct marketing
• Right not to be subject to automated decision-making (art. 22 GDPR) — we do not use decisions based solely on automated processing
• Right to withdraw consent (art. 7 GDPR) — at any time, without affecting the legality of previous processing
• Right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

10. How to exercise your rights

To exercise any of the above rights, you can contact us:

• Email: contact@nedwash.ro (subject: "GDPR Request")
• Phone: +40 771 542 545
• Postal address: NEDWASH A&G S.R.L., Tecuci St. 137, Galați, 800636, Romania

We will respond to your request within a maximum of 30 calendar days from receipt. In complex cases, the term may be extended by an additional 60 days, with prior notification.

11. Data security

We implement appropriate technical and organisational measures to protect your data, including:

• Restricted access only to authorised personnel
• Secure HTTPS connection (SSL certificate) on the site
• Periodic data backups
• Antivirus and firewall on company equipment
• Periodic GDPR training for staff
• Secure data destruction after retention periods expire

12. Minors

Our services are intended for adults (over 18 years old) and legal entities. We do not intentionally collect personal data from minors under 16. If you find that a minor has provided us with personal data, please contact us to delete it.

13. Changes to this policy

We may update this policy periodically to reflect legislative changes or our practices. The current version will always be available on this page, with the date of the last update mentioned above.

14. Supervisory authority

For complaints regarding personal data processing, you can contact the supervisory authority:

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, Bucharest, postal code 010336
Phone: +40.318.059.211 / +40.318.059.212
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

Note: This policy is updated according to the legislation in force at the time of publication. For additional clarifications, contact us directly.