Legal
GDPR Compliance
Last updated: February 2026
Trinx Solutions SRL
1. Our Commitment to Data Protection
Trinx Solutions SRL is fully committed to protecting the privacy and personal data of our website visitors, clients, partners, and all individuals whose data we process. As a company registered and operating in Romania, a member state of the European Union, we are subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Romanian national data protection legislation, including Law No. 190/2018 implementing certain provisions of the GDPR. We view data protection not merely as a legal obligation, but as a fundamental part of our business ethics and the trust our clients place in us. This page describes the measures we take to ensure compliance with the GDPR and to protect your personal data.
2. Data Processing Principles
In accordance with Article 5 of the GDPR, we adhere to the following core principles when processing personal data:
- Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner. We provide clear and accessible information about how we process your data through our Privacy Policy and this compliance page.
- Purpose limitation: We collect personal data only for specified, explicit, and legitimate purposes. We do not process data in a manner that is incompatible with those purposes.
- Data minimization: We collect only the personal data that is adequate, relevant, and necessary for the purposes for which it is processed. We do not collect more data than we need.
- Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. We encourage individuals to contact us to correct any inaccurate data.
- Storage limitation: We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, after which it is securely deleted or anonymized.
- Integrity and confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Accountability: We are responsible for and able to demonstrate compliance with all of the above principles. We maintain records of our processing activities and regularly review our data protection practices.
- Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner. We provide clear and accessible information about how we process your data through our Privacy Policy and this compliance page.
- Purpose limitation: We collect personal data only for specified, explicit, and legitimate purposes. We do not process data in a manner that is incompatible with those purposes.
- Data minimization: We collect only the personal data that is adequate, relevant, and necessary for the purposes for which it is processed. We do not collect more data than we need.
- Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. We encourage individuals to contact us to correct any inaccurate data.
- Storage limitation: We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, after which it is securely deleted or anonymized.
- Integrity and confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Accountability: We are responsible for and able to demonstrate compliance with all of the above principles. We maintain records of our processing activities and regularly review our data protection practices.
3. Legal Bases for Processing
We process personal data only when we have a valid legal basis under Article 6 of the GDPR. The legal bases we rely on include:
- Consent (Article 6(1)(a)): Where you have given clear and explicit consent for us to process your personal data for a specific purpose, such as when you submit a contact form on our website. You have the right to withdraw your consent at any time.
- Performance of a contract (Article 6(1)(b)): Where the processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request, such as preparing a project proposal.
- Legitimate interest (Article 6(1)(f)): Where the processing is necessary for our legitimate interests or those of a third party, provided that your rights and freedoms do not override those interests. Our legitimate interests include operating and improving our website, ensuring network and information security, and communicating with prospective clients.
- Legal obligation (Article 6(1)(c)): Where the processing is necessary for compliance with a legal obligation to which we are subject under Romanian or EU law, such as tax and accounting obligations.
We document the legal basis for each processing activity in our internal records of processing activities.
- Consent (Article 6(1)(a)): Where you have given clear and explicit consent for us to process your personal data for a specific purpose, such as when you submit a contact form on our website. You have the right to withdraw your consent at any time.
- Performance of a contract (Article 6(1)(b)): Where the processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request, such as preparing a project proposal.
- Legitimate interest (Article 6(1)(f)): Where the processing is necessary for our legitimate interests or those of a third party, provided that your rights and freedoms do not override those interests. Our legitimate interests include operating and improving our website, ensuring network and information security, and communicating with prospective clients.
- Legal obligation (Article 6(1)(c)): Where the processing is necessary for compliance with a legal obligation to which we are subject under Romanian or EU law, such as tax and accounting obligations.
We document the legal basis for each processing activity in our internal records of processing activities.
4. Data Subject Rights
The GDPR grants individuals (data subjects) a comprehensive set of rights regarding their personal data. We respect and facilitate the exercise of these rights:
- Right of access (Article 15): You can request a copy of the personal data we hold about you and information about how we process it.
- Right to rectification (Article 16): You can request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure (Article 17): You can request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or when you withdraw consent.
- Right to restriction of processing (Article 18): You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy.
- Right to data portability (Article 20): You can request to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.
- Right to object (Article 21): You can object to the processing of your personal data where the processing is based on legitimate interest or is carried out for direct marketing.
- Right not to be subject to automated decision-making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not engage in such processing.
To exercise any of these rights, please contact us at privacy@trinxsolutions.com. We will respond to your request within 30 days. If your request is complex or we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will inform you accordingly.
- Right of access (Article 15): You can request a copy of the personal data we hold about you and information about how we process it.
- Right to rectification (Article 16): You can request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure (Article 17): You can request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or when you withdraw consent.
- Right to restriction of processing (Article 18): You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy.
- Right to data portability (Article 20): You can request to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.
- Right to object (Article 21): You can object to the processing of your personal data where the processing is based on legitimate interest or is carried out for direct marketing.
- Right not to be subject to automated decision-making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not engage in such processing.
To exercise any of these rights, please contact us at privacy@trinxsolutions.com. We will respond to your request within 30 days. If your request is complex or we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will inform you accordingly.
5. Data Protection Measures
We implement a combination of technical and organizational measures to ensure the security and protection of personal data, in accordance with Article 32 of the GDPR:
Technical measures:
- Encryption: All data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security) protocols. Sensitive data at rest is encrypted using industry-standard encryption algorithms.
- Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. We use strong authentication mechanisms and role-based access controls.
- Network security: Our infrastructure is protected by firewalls, intrusion detection systems, and other network security measures.
- Regular updates: We keep our software, systems, and security measures up to date with the latest patches and updates.
Organizational measures:
- Data protection policies: We maintain internal data protection policies and procedures that govern how personal data is handled within our organization.
- Employee training: Our team members receive regular training on data protection obligations and best practices.
- Vendor management: We carefully select third-party service providers and ensure they are bound by data processing agreements that comply with Article 28 of the GDPR.
- Data protection by design and by default: We incorporate data protection considerations into the design of our processes and systems from the outset, and we ensure that, by default, only personal data necessary for each specific purpose is processed.
Technical measures:
- Encryption: All data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security) protocols. Sensitive data at rest is encrypted using industry-standard encryption algorithms.
- Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. We use strong authentication mechanisms and role-based access controls.
- Network security: Our infrastructure is protected by firewalls, intrusion detection systems, and other network security measures.
- Regular updates: We keep our software, systems, and security measures up to date with the latest patches and updates.
Organizational measures:
- Data protection policies: We maintain internal data protection policies and procedures that govern how personal data is handled within our organization.
- Employee training: Our team members receive regular training on data protection obligations and best practices.
- Vendor management: We carefully select third-party service providers and ensure they are bound by data processing agreements that comply with Article 28 of the GDPR.
- Data protection by design and by default: We incorporate data protection considerations into the design of our processes and systems from the outset, and we ensure that, by default, only personal data necessary for each specific purpose is processed.
6. International Data Transfers
As a company based in Romania within the European Economic Area (EEA), we primarily process and store personal data within the EEA. However, in certain circumstances, personal data may be transferred to or accessed from countries outside the EEA:
- Google Fonts: Our website uses Google Fonts, which may result in data being transferred to Google's servers, potentially located outside the EEA. Google has implemented appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with relevant data protection frameworks.
Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:
- Transfers to countries that have received an adequacy decision from the European Commission.
- Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) of the GDPR.
- Other appropriate safeguards as permitted under the GDPR.
You may request additional information about the safeguards we apply to international data transfers by contacting us at privacy@trinxsolutions.com.
- Google Fonts: Our website uses Google Fonts, which may result in data being transferred to Google's servers, potentially located outside the EEA. Google has implemented appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with relevant data protection frameworks.
Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:
- Transfers to countries that have received an adequacy decision from the European Commission.
- Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) of the GDPR.
- Other appropriate safeguards as permitted under the GDPR.
You may request additional information about the safeguards we apply to international data transfers by contacting us at privacy@trinxsolutions.com.
7. Data Breach Notification
In accordance with Articles 33 and 34 of the GDPR, we have established procedures for detecting, reporting, and investigating personal data breaches:
- Internal reporting: All employees and contractors are required to report any suspected or actual data breach to our designated data protection point of contact immediately upon becoming aware of it.
- Risk assessment: Upon receiving a breach report, we promptly assess the nature, scope, and potential impact of the breach, including the categories and approximate number of data subjects and personal data records affected.
- Supervisory authority notification: If a breach is likely to result in a risk to the rights and freedoms of data subjects, we will notify the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) without undue delay and, where feasible, within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the likely consequences, the measures taken or proposed to address it, and the contact details of our data protection point of contact.
- Data subject notification: If a breach is likely to result in a high risk to the rights and freedoms of data subjects, we will notify the affected individuals without undue delay, providing clear and plain language information about the nature of the breach, the likely consequences, and the measures they can take to protect themselves.
- Documentation: We maintain a record of all personal data breaches, including the facts relating to the breach, its effects, and the remedial actions taken, regardless of whether the breach is reportable to the supervisory authority.
We regularly review and test our breach response procedures to ensure they remain effective.
- Internal reporting: All employees and contractors are required to report any suspected or actual data breach to our designated data protection point of contact immediately upon becoming aware of it.
- Risk assessment: Upon receiving a breach report, we promptly assess the nature, scope, and potential impact of the breach, including the categories and approximate number of data subjects and personal data records affected.
- Supervisory authority notification: If a breach is likely to result in a risk to the rights and freedoms of data subjects, we will notify the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) without undue delay and, where feasible, within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the likely consequences, the measures taken or proposed to address it, and the contact details of our data protection point of contact.
- Data subject notification: If a breach is likely to result in a high risk to the rights and freedoms of data subjects, we will notify the affected individuals without undue delay, providing clear and plain language information about the nature of the breach, the likely consequences, and the measures they can take to protect themselves.
- Documentation: We maintain a record of all personal data breaches, including the facts relating to the breach, its effects, and the remedial actions taken, regardless of whether the breach is reportable to the supervisory authority.
We regularly review and test our breach response procedures to ensure they remain effective.
8. Records of Processing Activities
In accordance with Article 30 of the GDPR, we maintain comprehensive records of our processing activities. These records include:
- The name and contact details of the data controller (Trinx Solutions SRL).
- The purposes of each processing activity.
- A description of the categories of data subjects and the categories of personal data processed.
- The categories of recipients to whom personal data has been or will be disclosed.
- Information about transfers of personal data to third countries or international organizations, including the safeguards applied.
- The envisaged time limits for the erasure of different categories of data.
- A general description of the technical and organizational security measures implemented.
These records are maintained in written (electronic) form and are made available to the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) upon request.
- The name and contact details of the data controller (Trinx Solutions SRL).
- The purposes of each processing activity.
- A description of the categories of data subjects and the categories of personal data processed.
- The categories of recipients to whom personal data has been or will be disclosed.
- Information about transfers of personal data to third countries or international organizations, including the safeguards applied.
- The envisaged time limits for the erasure of different categories of data.
- A general description of the technical and organizational security measures implemented.
These records are maintained in written (electronic) form and are made available to the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) upon request.
9. Data Protection Contact
While we are not required by Article 37 of the GDPR to appoint a formal Data Protection Officer (DPO) given the nature and scale of our data processing activities, we take our data protection responsibilities seriously and have designated an internal point of contact for all data protection matters.
For any questions, concerns, or requests related to GDPR compliance or data protection, please contact us:
Trinx Solutions SRL
Data Protection Contact
Timisoara, Timis County, Romania
Email: privacy@trinxsolutions.com
You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):
Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucharest, Romania
Website: https://www.dataprotection.ro
Email: anspdcp@dataprotection.ro
For any questions, concerns, or requests related to GDPR compliance or data protection, please contact us:
Trinx Solutions SRL
Data Protection Contact
Timisoara, Timis County, Romania
Email: privacy@trinxsolutions.com
You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):
Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucharest, Romania
Website: https://www.dataprotection.ro
Email: anspdcp@dataprotection.ro
If you have any questions about this document, please contact us at contact@trinxsolutions.com