Coprus

Legal

Privacy Policy

How COPRUS handles website, enquiry, and business-contact personal data under the GDPR and related EU privacy rules.

Last updated
21 April 2026

This policy explains how COPRUS handles personal data when you visit this website, contact us, or discuss a potential engagement. It is written to reflect the information duties in Articles 13 and 14 GDPR and should be read together with any more specific notice we provide for a particular service or project.

Operator
COPRUS
Contact
contact@coprus.net

Personal data we process

  • technical data needed to deliver the website, such as IP address, browser information, device information, request logs, and security events;
  • contact and business data you provide voluntarily, such as your name, company, role, email address, phone number, and the contents of your enquiry;
  • project and commercial information shared during scoping or proposal discussions;
  • usage and analytics data from measurement tools used to understand traffic, performance, and demand, including Google Analytics where enabled for the deployment.

Why we use your data and our legal bases

We process personal data only where we have a valid legal basis under Article 6 GDPR. Depending on the context, that basis is:

  • pre-contractual steps or contract performance when you ask us to evaluate a project, prepare a proposal, or communicate about a service engagement;
  • legitimate interests when we secure the website, prevent abuse, document business communications, and operate or improve the site in a proportionate way;
  • legal obligations when we must keep records, respond to lawful requests, or comply with tax, accounting, or regulatory duties;
  • consent where EU or local law requires consent for non-essential cookies, similar technologies, or comparable analytics processing.

Where the data comes from

Most personal data comes directly from you. We may also receive limited business-contact information from:

  • your employer or colleagues involved in the same project or enquiry;
  • public company registers, professional profiles, or other sources you use publicly for business communication;
  • hosting, analytics, email, and infrastructure providers that generate operational records about website traffic or service reliability.

Recipients and processors

We share personal data only on a need-to-know basis with:

  • hosting, infrastructure, website security, and email providers;
  • analytics or diagnostics providers used to measure traffic and reliability;
  • professional advisers, auditors, insurers, or public authorities where disclosure is necessary and lawful;
  • service providers that support contract administration, project delivery, or communications under written confidentiality and data-processing obligations where required.

We do not sell personal data.

International transfers

Some providers may process personal data outside the European Economic Area. Where that happens, we use a lawful transfer mechanism, such as an adequacy decision or the European Commission's Standard Contractual Clauses, and apply supplementary safeguards where needed.

Retention

We keep personal data only for as long as necessary for the purpose for which it was collected. In practice:

  • security and server logs are retained only for the period needed to secure, troubleshoot, and defend the website;
  • enquiries and pre-contract records are kept while we assess the opportunity and afterwards for as long as needed to manage follow-up, document decisions, or establish, exercise, or defend legal claims;
  • contract, accounting, and compliance records are retained for the periods required by law or necessary to enforce contractual rights;
  • analytics data is retained according to the settings and retention controls of the relevant analytics tool.

Your rights under the GDPR

Subject to the conditions in applicable law, you may ask us to:

  • confirm whether we process your personal data and provide access to it;
  • correct inaccurate or incomplete data;
  • delete data that is no longer needed or is processed unlawfully;
  • restrict processing in the cases provided by law;
  • provide portable data where the GDPR grants that right;
  • object to processing based on legitimate interests, including profiling based on those interests;
  • withdraw consent at any time where processing relies on consent.

We do not use this website to make decisions based solely on automated processing that produce legal or similarly significant effects for individuals.

Complaints

If you have a privacy concern, contact us first so we can try to resolve it. You also have the right to lodge a complaint with your local supervisory authority. If COPRUS is the controller established in Romania for the relevant processing, complaints may also be filed with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

Changes to this policy

We may update this policy when our services, providers, or legal obligations change. The version published on this page is the current version for this website.