Book a Call

Privacy Policy

Last updated: 10 January 2025 · Applicable law: EU GDPR and Romanian law

This Privacy Policy explains how BRD Services (“we”, “us”, “our”) collects and processes personal data when you visit brdservices.com (“Website”) or when you contact us in relation to our investment consultation services in Romania.

1. Data controller

The data controller responsible for processing your personal data is:

BRD Services
Calea Victoriei 155, Sector 1, 010072 București, România
Email: contact@brdservices.com
Phone: +40 31 229 0000

2. Categories of personal data

We may process the following categories of personal data:

  • Identification and contact data – name, email address, phone number, country of residence.
  • Communication data – content of your messages, information you provide when you contact us or complete our contact forms.
  • Technical and usage data – IP address, browser type, device information, and similar data collected through cookies or similar technologies (see Cookie Policy).

3. Purposes and legal bases

We process personal data only for specific, explicit and legitimate purposes and based on a valid legal ground under Article 6 GDPR:

  • Responding to enquiries and providing information – when you contact us by email, phone or via forms on the Website. Legal basis: performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR) and our legitimate interest to respond to requests (Art. 6(1)(f) GDPR).
  • Providing our investment consultation services – including scheduling meetings and communicating with you in relation to our services. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations – such as accounting, tax, or rules on prevention of money laundering and terrorist financing, where applicable. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • Website security, statistics and improvement – monitoring traffic and protecting our systems. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). Where we use non‑essential cookies for analytics or marketing, the legal basis is your consent (Art. 6(1)(a) GDPR).

4. Cookies and similar technologies

Our Website may use cookies and similar technologies. Details about the types of cookies we use, their purposes and how you can manage your preferences are provided in our Cookie Policy.

5. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by applicable laws:

  • Contact and enquiry data: normally up to 24 months from our last interaction, unless a longer period is required to establish, exercise or defend legal claims.
  • Contractual data: for the duration of the contractual relationship, plus the limitation period under applicable law (usually 3–5 years) and any additional period required by tax or accounting laws.
  • Technical and analytics data: according to the cookie storage periods described in the Cookie Policy.

6. Disclosure and recipients of data

We do not sell your personal data. We may share personal data only with:

  • Service providers (processors) such as IT hosting providers, email and communication tools, subject to appropriate contractual safeguards.
  • Professional advisors such as lawyers or accountants, where necessary for legitimate business interests and under confidentiality obligations.
  • Public authorities, regulators or law enforcement, where required by applicable law or a binding request.

7. International data transfers

If we transfer personal data outside the European Economic Area, we will ensure that appropriate safeguards are in place, such as adequacy decisions by the European Commission or standard contractual clauses (SCCs) approved by the Commission, and that data subjects continue to benefit from enforceable rights and effective legal remedies.

8. Data security

We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

9. Your rights as a data subject

Under GDPR and applicable Romanian law, you have the following rights (subject to certain conditions and legal limitations):

  • Right of access to your personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests, including profiling.
  • Where processing is based on consent, the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact us at contact@brdservices.com. We may need to verify your identity before responding to your request.

10. Right to lodge a complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) or with another competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, România
Website: www.dataprotection.ro

11. Children’s data

Our services are intended for adults. We do not knowingly collect personal data from persons under 18 years of age. If you are a parent or legal guardian and believe that we have collected data about a child, please contact us to request deletion.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in legislation or in our processing activities. Any updated version will be published on this page and will indicate the date of the last update.

This English language Privacy Policy is provided for transparency to users of brdservices.com. Where required by law, we may also provide a Romanian version. In case of discrepancies, the version applicable under Romanian law shall prevail.