Privacy Policy

1) Who we are (Data Controller)

The controller of personal data is the administration of the website romcitizen.tr (Romania).

Contact details:

E-mail: [email protected]

Phone: +40 361 228 007

2) What data we collect

We may process the following categories of personal data:

2.1. Data from the application form (lead form):

  • first and last name;
  • phone number;
  • e-mail;
  • content of the inquiry/message (if any).

2.2. Data from the extended questionnaire / form on the website (for preliminary assessment of grounds):

Information you provide to assess the possibility of providing immigration services (for example: citizenship, place of residence, marital status, education/employment, migration purposes and grounds, documents/statuses, etc.).

2.3. Consultation and contract data:

  • information communicated by phone / in correspondence;
  • contract data and data related to the performance of services (terms, history of requests, results of legal analysis).

2.4. Payment data:

  • amount, currency, payment status, transaction identifier;
  • card/account details are usually processed by the payment provider; we receive only confirmations/identifiers (depending on the integration).

2.5. Technical website data:

  • IP address, cookie identifiers, browser/device data, logs, analytics data (if enabled).

3) Purposes and legal grounds for data processing

We process data only where there is a legal basis under the GDPR (eur-lex.europa.eu):

3.1. Processing of an application and communication with you

Purpose: to contact you, clarify your request, and offer a consultation.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) and/or pre-contractual measures taken at your request (Art. 6(1)(b) GDPR).

3.2. Preliminary legal analysis of the questionnaire (assessment of grounds for immigration services)

Purpose: to determine the possibility and format of providing legal services and to prepare a consultation.

Legal basis: pre-contractual measures / contract (Art. 6(1)(b) GDPR).

3.3. Conclusion and performance of a legal services contract

Purpose: contract execution, provision of services, communication, case management.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

3.4. Payments, accounting, and financial reporting

Purpose: to accept payments, issue documents, and maintain accounting records.

Legal basis: legal obligation (Art. 6(1)(c) GDPR) and/or contract (Art. 6(1)(b) GDPR).

3.5. Legal compliance, protection of rights, and claims handling

Purpose: evidence of services rendered, responses to regulators, defense in court.

Legal basis: legal obligation (Art. 6(1)(c)) and/or legitimate interest (Art. 6(1)(f) GDPR).

3.6. Marketing (mailings, messengers, advertising campaigns)

Purpose: sending news/offers.

Legal basis: consent (Art. 6(1)(a) GDPR) — where required; or legitimate interest within permissible limits. For electronic communications and cookies, ePrivacy requirements and Law No. 506/2004 apply.

4) Special categories of data (sensitive data)

In immigration matters, you may disclose information that may potentially fall under special categories (for example, data relating to origin, health, and others). We ask you not to provide such data in forms unless it is necessary.

If such data is required for the provision of services, we will process it only where there is an applicable legal basis under the GDPR (for example, explicit consent, or the establishment, exercise, or defense of legal claims, depending on the situation).

5) To whom we disclose data (recipients)

We may disclose data to:

  • employees and lawyers/attorneys involved in the provision of services (subject to confidentiality obligations);
  • processors: hosting providers, CRM systems, telephony, e-mail services, analytics, call recording services (if any), payment providers;
  • public authorities — where required by law;
  • where necessary — translators/notaries/case partners (only to the extent required for the service).

We enter into data processing agreements (DPAs) with processors in accordance with GDPR requirements.

6) International data transfers

The Data Controller is located in the EU (Romania); however, your data may:

  • be transferred to Turkey (for example, if you are located in Turkey and communicate via local communication/mail providers);
  • be processed by service providers whose servers are located outside the EU.

Where data is transferred outside the EU to a country without an adequacy decision, we use appropriate safeguards (for example, Standard Contractual Clauses (SCCs)) and additional protective measures.

7) Data retention periods

We retain data no longer than necessary:

  • lead applications and correspondence without a concluded contract: usually up to 12 months;
  • contract and service provision data: usually for the term of the contract + 5 years (to protect rights and fulfill obligations);
  • accounting/payment documents: for the periods required by law.

We use cookies/pixels for website operation, security, and (if enabled) analytics/marketing.

Non-essential cookies are set only after your consent via a banner/settings — in accordance with ePrivacy rules and Law No. 506/2004 (dataprotection.ro).

8) Security

We apply organizational and technical security measures, including access control, encryption (where applicable), backups, data minimization, and confidentiality agreements.

9) Your rights

Under the GDPR, you have the right to: information, access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent (where processing is based on consent), and the right to lodge a complaint with a supervisory authority.

10) Where to lodge a complaint (Romania)

The supervisory authority in Romania is: ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal). Contact details (address and e-mail) are published on the regulator’s website.

11) Contacts for data requests

Please send requests (access/erasure/rectification, etc.) to: _____________

We may request reasonable verification of identity before fulfilling the request.

12) Policy changes

We may update this Policy from time to time. The current version is published on the website with the date of the latest update.

  • Bulevardul Ion Mihalache 15-17, București 011171, Romania