Privacy Policy

Last update: July 16th, 2024

This personal data privacy policy ("Privacy Policy") sets out how Build21 collects, uses, and discloses your personal information when you visit our website (the "Site").

This notice informs you about the information we process about you in relation to our organisation. In collecting this information, we act as a controller and are required by law to provide you with information about us, why and how we use your data and what rights you have over your data.

By visiting the website and accepting this Privacy Policy you expressly consent to the collection and processing of personal data in the computer system, both manually and automatically, in accordance with Regulation No 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter "GDPR").

This Privacy Policy does not cover other third-party applications and websites that you may reach by accessing links on our website. This is beyond our control. When you click on those links, third parties may collect or transmit data about you. We do not control these third-party sites, nor are we responsible for their processing, privacy and security policies. When you leave our site, we encourage you to review the Privacy Policy of any site and/or application before providing any personal data.

Each data subject, at his/her own option, provides some of his/her personal data in order to benefit from the service offered by us. Refusal to provide certain data may lead to the impossibility to access the service. 

Who are we?

According to the law, our company is a personal data controller. In order for your data to be processed securely, we have made every effort to implement reasonable measures to protect your personal information. Below you will also find our identification data:

Registered office: Bucureşti, Sectorul 2, Şoseaua MIHAI BRAVU, Nr. 192, Bloc 204, Scara A, Etaj 8, Ap. 31
Sole registration code: 49803517
Company registration number: J40/6063/21.03.2024
E-mail address: [email protected]

Who are you?

According to the law, you, the natural person receiving our services or the person in any kind of relationship with our company, are a "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller, and you, the data subject.

Our commitment

Protecting your personal data is very important to us. That is why we are committed to comply with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016 described above, also known as GDPR and the following principles:

a. Lawfulness, fairness and transparency - We process your data lawfully and fairly. We are always transparent about the information we use, and you are properly informed.

b. Your control - Within the limits of the law, we give you the ability to review, amend, delete personal data you have shared with us and exercise your other rights.

c. Data integrity and purpose limitation - We use data only for the purposes described at the time of collection or for new purposes consistent with the original purpose. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.

d. Security - We have implemented reasonable security and encryption measures to protect your information to the best of our ability. However, please note that no website, no application and no internet connection is completely secure.

We ensure that the personal data we process is limited to that which is necessary, appropriate and relevant for the purposes stated in this policy.

We try to restrict access to the personal data we process as far as possible to the minimum necessary: employees, collaborators and other persons who need to access this data in order to process it and carry out a service. Our partners and collaborators are subject to strict confidentiality obligations (either statutory or legal).

We use technologies to ensure the security of our customers, always striving to implement the most optimal data protection solutions. We also make regular back-ups of data in order to be able to recover it in the event of an incident and have regular audit procedures in place regarding the security of the equipment used.

Sometimes we may ask you to confirm the accuracy or timeliness of your data to make sure that it reflects reality.

Where we can, we try as far as possible to anonymise/pseudo-anonymise the personal data we process so that we can no longer identify the individuals to whom it relates.

Data collection

We collect personal information from you when you register in forms available on our website, subscribe to our newsletter, or when you send a message via our contact form. The personal information we collect may include your name, email address, phone number, the name of the company you represent, and your role in the company you represent.

Use of data

We use your personal information to provide you with the services you request, to send you information about our products and services, to contact you about your account, and to keep you up to date with news from the Build21 community.

We also use data: to respond to your questions and requests; for marketing or other purposes expressly requested or agreed, but only where we have your prior consent; to provide and improve the services and products we offer; to diagnose or fix technical problems; to provide you with advertising and personalized content; to defend against cyber attacks; to comply with legislation; to establish or assert a right in court; to draw up legal documents for financial-accounting and anti-money laundering purposes.

Basis of data collection

The legal basis for processing may be as follows:
    a. You have given your consent to the processing of personal data. Please note that you can withdraw your consent at any time by following the unsubscribe instructions ("unsubscribe") in each email or by sending a written request to the email address [email protected];
    b. The processing is necessary for the conclusion or performance of the contract concluded with us;
    c. The processing is necessary for the fulfilment of a legal obligation;
    d. The processing is necessary to protect your vital interests or those of another natural person;
    e. The processing is necessary for the purposes of our or another party's legitimate interests.

Data Disclosure

We may disclose your data, subject to applicable law, to business partners or other third parties. We always make reasonable efforts to ensure that these third parties have appropriate safeguards and security measures in place. We have contractual clauses with these third parties so that your data is protected. We will inform you of the identity of these companies prior to transmission or within a reasonable time and ensure that any transfer is lawful based on your consent or other legal basis.

For example, we may provide your data to other companies, such as IT or telecommunications service providers, accountants, legal services and other third parties with whom we have a contractual relationship.

These third parties are selected with great care so that your data is only processed for the purposes we indicate.

We may also share your data with business partners as part of a joint effort to provide a product or service.
Although unlikely, we may in the future sell the business or a part of the business, which will include transferring your data.

We may also transfer data to other parties with your consent or as instructed by you.

We may also provide your personal information to prosecutors, police, courts and other authorised state bodies, based on and within the limits of legal provisions and following specific requests.

We will ensure, within reasonable limits, that your data does not leave the European Economic Area, but to the extent that we transfer data to non-EEA countries, we will in all cases ensure that transfers are lawful, based on your explicit consent or other lawful basis.

Third parties to whom we disclose your personal data may only use it for the purposes specifically indicated by us. We will always ensure that any third parties to whom we disclose your personal information are subject to confidentiality and security obligations in accordance with the contracts signed with them and applicable laws. However, for the avoidance of doubt, this may not be applicable where disclosure is not our decision.

Except as expressly detailed above, we will never disclose, sell or rent your personal information to a third party without notifying you and, if applicable, obtaining your consent.

Your rights

Your rights under the GDPR Regulation are as follows:
a. Right to withdraw consent – Art. 7 GDPR;
b. The right to be informed about the processing of your data - Art. 13 and 14 GDPR;
c. Right of access to data - art. 15 GDPR;
d. The right to rectify inaccurate or incomplete data - art. 16 GDPR;
e. Right to erasure ("right to be forgotten") - Art. 17 GDPR;
f. Right to restrict processing - Art. 18 GDPR;
g. Right to data portability - Art. 20 GDPR;
h. Right to object to data processing - art. 21 GDPR;
I. Right not to be subject to a decision based solely on automated processing, including profiling - Art. 22 GDPR;
j. The right to seek legal redress;
k. The right to lodge a complaint with a Supervisory Authority (B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania. +40.318.059.211 / +40.318.059.212, [email protected]).

You may withdraw your consent to direct marketing at any time by following the unsubscribe instructions in each email/sms or other electronic message, if applicable.

The rights listed above are not absolute. There are exceptions, therefore each request received will be reviewed to decide whether it is justified or not. To the extent that your request is justified, we will facilitate the exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the rejection. You have the right to lodge a complaint with the Supervisory Authority and to take legal action.

To exercise these rights, please contact us at [email protected].

Data security

We use a range of technical and organizational measures to help protect your data from unauthorized access, use, disclosure, alteration, or destruction under applicable data protection legislation.

How long we keep your data

We will retain your data under our data retention policy for as long as your relationship with Build21 continues or if we need to retain your data to manage the relationship we have with you.
Personal data for the newsletter will be kept for the duration of the newsletter subscription.
After you are no longer a member of the community or after the termination of a business relationship with Build21, we may retain your data for one of these reasons:

  • To answer any questions or complaints.
  • To prove to you that we have treated you fairly.
  • To keep records according to the rules that apply to our business.

In some cases, we may also keep your data for 10 years or more, if the law requires and/or permits it.

Accessing your data

You can access your data held by us by sending us an e-mail to: [email protected] or by writing to us at Build21, 56, Strada Levănțica, sector 3, Bucharest, for the attention of the Data Protection Officer.

Notifying us if your data is incorrect

You have the right to question any data we have about you that you believe is wrong or incomplete. Please contact us if you wish to do so. If you do so, we will take reasonable steps to verify the accuracy of the claim and correct the data.

What happens if you want us to stop using your data?

If you do not agree with our use of your data, you have the right to object. This right is known as the "right to object" and "right to erasure" or "right to be forgotten".

These rights are not absolute and there may be legal or other reasons why we need to retain or process your data. However, please let us know if you think we should not use them.

Sometimes we may be able to restrict the use of your data. This means that your data may only be used for certain things, such as legal action or exercising legal rights. In this situation, we will not use or share your data in other ways as long as it is subject to restrictions.


This privacy policy may be changed at any time. Please check this policy periodically to be aware of any changes.


If you have any questions or requests regarding our privacy policy, please contact us at [email protected].

We will try to respond to any request made in relation to this Privacy Policy within 30 days. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the impossibility of identifying you within a reasonable time.

If, despite our best efforts, we are unable to identify you and you do not provide us with additional information to identify you, we are not obliged to process your request.