In order for you to be informed and to understand how your personal data provided to is processed , we recommend that you carefully read this Privacy Policy.

Please be advised that we may update and amend this Personal Data Protection Policy (“Policy”) from time to time without the need to ask for your prior consent and without being subject to any individual or special notice of changes. In the event of any such changes, we will post the updated version of the Personal Data Protection Policy on the site and it is up to you to check the content of this Policy whenever you access the site to ensure that you are up to date with the latest version.

  1. Regulatory framework

Personal data will be collected and processed by Balazs Bela Istvan Authorized Natural Person only to the extent permitted by the European Regulation No 679/2016 on the protection of individuals with regard to the protection of personal data and on the free movement of such data and by any other legislation applicable in Romania.

Terms within the meaning of European Regulation No 679/2016:

personal data – any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;

processing of personal data – any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination or otherwise, alignment, combination, blocking, erasure or destruction.

  1. Data controller status

Balazs Bela Istvan is an Authorized Natural Person as Personal Data Controller, with registered office in Salonta, str. Constantin Dobrogeanu Gherea,nr.5, jud. Bihor, registered at the Trade Register Office Bistrita No. F5/1790/2019, Unique Registration Code: 41766405, e-mail, tel. +40 (0) 755.952.476 (hereinafter Webist)

III. Processed data

The personal data we process are:

  • names,
  • first name,
  • address,
  • email address,
  • phone number,
  • bank account details,
  • IP.

Address and bank account details are processed for billing and payment purposes only for people who choose to subscribe to our services.

When you visit
, we automatically collect certain information about your device, such as browser information, IP address, time zone and some cookies installed on your device.

Please also refer to the Cookie Policy section on the main page of our website.

We use Google Analytics and Facebook pixel to help us understand how our customers use our site – you can read more about how Google uses your information. staff here: You can also opt out of Google Analytics here: You can read more about Facebook pixel here:

We do not collect and process sensitive data as defined by the European Regulation 679/2016. We also do not want to collect or process data from minors. Please do not create an account on our website and do not provide us with any information if you are under 18 years of age.

  1. Purpose of data collection

The purpose of data collection is: registration of user accounts on, informing users/customers (Buyers) about their account status on, to carry out the contractual relationship between users/customers and Balazs Bela Istvan Authorized Natural Person, namely for the subscription, validation, processing and invoicing of the requested services, to ensure the payment of the amounts related to the offered services, to inform users/customers about the evolution and status of their orders, to evaluate the offered products and services, to provide answers to the complaints placed, commercial activities, promotion of products and services, marketing, advertising, media, administrative, development, market research, statistics, tracking and monitoring of sales and consumer behavior.

Webist may notify users/customers of current offers via the weekly newsletter, and may send greetings, gift vouchers or other special messages if you have consented to this by ticking the relevant boxes.

  1. Processing grounds

The operator has the right to process personal data for the purposes set out below:

  • because the processing of data is necessary to make possible the creation of the account, the functioning of the website and access to the services offered on (conclusion of the distance selling contract), the payment of the costs related to the services and the provision of answers to complaints, if any,
  • because you have given your express consent by ticking the relevant boxes (if applicable)

If the data processing is not necessary for the conclusion and performance of our legal relations, we will not process personal data for any of the above purposes unless we have your consent to do so by ticking the appropriate boxes.

  1. Duration of storage and processing of personal data

We process and store personal data for as long as necessary to fulfil the purposes for which the data was collected and in any case for as long as required by applicable legal regulations.

We aim to review and update our database on a regular basis (in principle every 12 months) so that we do not store data that is no longer needed for the purposes for which it was collected.

VII. Transmission of data to other persons

Webist may provide your personal data to other companies with which it has a partnership relationship, but only on the basis of a confidentiality undertaking from them, guaranteeing that this data is kept secure and that this personal information is provided in accordance with the legislation in force, as follows: courier service providers, banking services, etc., other companies with which we may develop joint programmes to market our products and services.

Your personal information may also be provided to the Public Prosecutor’s Office, the Police, the Courts and other authorised state bodies, on the basis and within the limits of the legal provisions and following specific requests.

Your personal data may be transferred abroad to countries in the European Union (“EU“) or the European Economic Area (“EEA“). Thus, we inform you that any transfer made by the Operator to an EU or EEA Member State will comply with the legal provisions of the General Data Protection Regulation 2016/679 adopted by the European Parliament (“GDPR“).

The personal data referred to in this information notice are not transferred to states that do not ensure adequate protection for the processing of personal data.

VIII. Data security measures

This site takes all necessary security measures to protect the personal information of our users. When filling in personal data on our website, the information will be protected both offline and online. All personal information will be processed through secure pages using SSL encryption, marked with a small box symbol at the bottom of the Microsoft Internet Explorer browser window.

We organise training for our employees on the importance of protecting personal data and we make every effort to ensure that our partners also manage appropriate measures for the processing of personal data that may come to them in the course of our contractual relationships.

Also, payments made via, strictly for the payment of services accessed via, are made in secure conditions, according to the security policies implemented by the providers of this service, namely EuPlătesc. To find out more about this operator’s privacy policy you can access the following link:

  1. Your rights in relation to the personal data you provide to us

On the basis of a written, dated and signed request, sent by email to, you can exercise the following rights free of charge:

Right to information – you can request information and details of personal data processing activities. By email at or by phone +40 (0) 755.952.476 (normal rate number)

We are careful to ensure your right to receive clear, transparent, understandable and accessible information about how we process your data, including details of your rights in this regard, which are also set out in this document.

Right to rectification – if you find that your personal data that we process is incorrect, incomplete, inaccurate, you can rectify or complete it by simply sending a request for rectification to

Right to erasure of data (“right to be forgotten”) – if the data processing was not lawful or in other cases provided for by law, you can delete them yourself or have them deleted by sending a request to The deletion of data will take place within 30 days from the date of the request and the collected data will be removed from the backup files 30 days after the date of deletion. Data deletion can occur in any of the following situations:

  1. a) we no longer need the personal data for any of the purposes for which we have previously processed it;
  2. b) you withdraw your consent on the basis of which we have previously processed you and there is no other legal basis on which we can base further processing;
  3. c) object to the processing of data when we process data for direct marketing purposes (including profiling for direct marketing purposes),
  4. d) you object to the processing of your data based on our legitimate interest and we cannot demonstrate that we have legitimate grounds justifying the processing which override your interests, rights and freedoms;
  5. e) personal data are processed unlawfully;
  6. f) personal data must be deleted in order to comply with our legal obligations.

We may reject your request to delete data if:

(a) we must comply with legal obligations to retain data;

(b) if the data is necessary for us to establish, exercise or defend our rights in the courts.

Right to restrict processing – you can request restriction of processing in cases where:

  1. a) challenge the accuracy of the data for a period that allows us to verify the accuracy of the data;
  2. b) the processing is unlawful, but you object to the deletion of the personal data and request restriction instead;
  3. c) if the Operator no longer needs the personal data for processing purposes, but you request them from us for the establishment, exercise or defence of a right in court or before arbitration bodies;
  4. d) if you have objected to the processing, for the period of time during which it is verified whether our legitimate rights prevail over your rights.

Right to object – you can object in particular to data processing based on our legitimate interest.

The right to data portability – you can receive, under certain conditions, the personal data you have provided to us, they will be sent to you in JSON format by email within 30 days of your request or you can request that those data be sent to another controller.

Right to lodge a complaint – you can lodge a complaint about the way your personal data is processed with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

Contact details and information about the ANSPDCP can be found at

Right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time.

Withdrawal of consent will only be effective for the future, the processing carried out prior to the withdrawal will remain valid.

The right not to be subject to automated decisions or further profiling related to automated decisions: you can ask for and obtain human intervention with regard to such processing or express your own point of view on such processing