1. Data controller

The controller of the personal data processed through the Spectrum Water website is SPECTRUM BUSINESS GROUP S.R.L..

Contact details for data protection requests: office@spectrum-water.com, phone +39 366 907 0671.

2. Categories of data processed

Depending on how you interact with the website, we may process the following categories of data:

2.1. Data provided directly by the user

• first and/or last name (if entered in the contact form);
• email address;
• phone number;
• the content of the submitted message;
• any other data you choose to include voluntarily in the message.

2.2. Technical and usage data

• IP address (depending on server/services configuration);
• browser type, operating system, device type;
• pages accessed, visit duration, general interactions on the website;
• data collected through cookies and similar technologies, according to the preferences expressed.

3. Purposes of processing

We process personal data only for specific, explicit, and legitimate purposes. These mainly include:

• managing and responding to requests received via the contact form, email, or phone;
• communicating with potential customers, partners, or distributors, at the data subject’s initiative;
• technical administration, security, and proper operation of the website;
• preventing abusive use of the contact form and attempts of spam/fraud;
• traffic analysis and improving user experience, only to the extent the user has consented to non-essential cookies;
• fulfilling legal obligations or defending a right/legitimate interest in potential proceedings.

4. Legal bases

Depending on the nature of the interaction, processing may be based on one or more legal bases under the GDPR:

• Article 6(1)(b) GDPR – taking steps at the data subject’s request prior to entering into a contract (e.g., quote requests or technical information requests sent via the form);
• Article 6(1)(f) GDPR – the controller’s legitimate interest (e.g., website security, abuse prevention, technical administration, management of professional communications);
• Article 6(1)(a) GDPR – the data subject’s consent (e.g., for analytics cookies / third-party content cookies, where consent is required).

5. Data sources

Processed data may come from the following sources:

• directly from you, by completing the contact form or by communications sent via email/phone;
• automatically, through use of the website and analytics/cookie technologies (depending on consent);
• from subsequent commercial or technical interactions, if initiated by you.

6. Data recipients

We do not sell or rent personal data. Data may be accessed, processed, or stored by service providers contracted by us, strictly to the extent necessary to achieve the purposes above and subject to confidentiality obligations.

• hosting / IT infrastructure provider(s);
• email service provider(s) (for sending/receiving messages from the contact form);
• traffic analytics providers (e.g., Google Analytics / GA4), only if relevant consent has been provided;
• embedded content providers (e.g., YouTube, Google Maps), depending on user interaction and consent settings;
• public authorities/institutions, only where required by law or following legally grounded requests.

7. International transfers

Some service providers used by the website (e.g., global analytics or embedded-content providers) may process data outside the European Economic Area.

In such cases, transfers are carried out based on mechanisms recognized by applicable law (e.g., standard contractual clauses or other applicable legal mechanisms), according to the relevant provider’s documentation.

8. Storage period

We apply the storage limitation principle and keep data only as long as necessary for the purposes for which it was collected or for compliance with legal obligations.

8.1. Messages sent via the contact form

Contact form data is not stored in the website database (according to the current implementation), but is sent by email to the controller.

Email messages may be retained for the time necessary to handle the request, continue commercial/technical dialogue, and maintain records of communications, depending on the nature of the request.

8.2. Cookies and consent preferences

Cookie storage periods vary depending on the cookie type and provider. Consent preferences saved via the cookie banner may be retained, as a guideline, for up to 180 days.

9. Data subject rights

Under the GDPR, you have the following rights, to the extent applicable:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure (“right to be forgotten”);
• the right to restriction of processing;
• the right to data portability;
• the right to object;
• the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal);
• the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP);
• the right to bring proceedings before the competent courts.

10. Exercising your rights

To exercise your rights or for any questions related to data protection, you can contact us at office@spectrum-water.com.

We will review your request and respond within the deadlines set by applicable law. In certain cases, we may request reasonable additional information to verify the requester’s identity, in order to protect personal data.

11. Data security

We implement appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or accidental or unlawful destruction, taking into account the nature of the data and associated risks.

However, no IT system and no data transmission over the Internet can guarantee absolute security.

12. Minors

The Spectrum Water website is intended for a general audience and for commercial/professional communication and is not designed to intentionally collect data from minors.

If you believe a minor has provided us with personal data without a legal representative’s consent, please contact us so we can take appropriate measures.

13. Policy changes

We reserve the right to amend this Privacy Policy to reflect legislative, technical, or operational changes. The updated version will be published on this page together with the date of the latest update.