GDPR Policy

Last updated: February 2026

Vinum Capidava S.R.L. (Crama Darie) respects and protects your rights regarding personal data, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).

This page details your rights as a data subject, the ways to exercise them and our commitments regarding GDPR compliance. For detailed information about what data we collect and how we use it, please consult the Privacy Policy.

1. Data Processing Principles

We are committed to respecting the fundamental principles of GDPR (Art. 5) in all our personal data processing activities:

  • Lawfulness, fairness and transparency - data is processed lawfully, fairly and transparently.
  • Purpose limitation - data is collected for specified, explicit and legitimate purposes.
  • Data minimisation - we collect only data that is adequate, relevant and limited to what is necessary.
  • Accuracy - data is accurate and kept up to date.
  • Storage limitation - data is kept only for as long as necessary for the purposes of processing.
  • Integrity and confidentiality - data is protected through appropriate technical and organisational measures.
  • Accountability - we demonstrate compliance with all the above principles.

2. Legal Bases for Processing

We process your personal data on the basis of the following legal grounds provided by Art. 6 GDPR:

  • Performance of the contract (Art. 6(1)(b)) - for processing orders, delivery and managing your account.
  • Legal obligation (Art. 6(1)(c)) - for compliance with fiscal, accounting and reporting obligations.
  • Consent (Art. 6(1)(a)) - for non-essential cookies, newsletter and marketing communications.
  • Legitimate interest (Art. 6(1)(f)) - for fraud prevention, website security and service improvement.

3. Your Rights Under GDPR

As a data subject, you benefit from the following rights:

3.1. Right of Access (Art. 15)

You have the right to obtain confirmation that your data is being processed, as well as a copy of your personal data and information about the purpose of processing, categories of data, recipients and retention periods.

3.2. Right to Rectification (Art. 16)

You have the right to request the correction of inaccurate data or the completion of incomplete data concerning you.

3.3. Right to Erasure - "Right to be Forgotten" (Art. 17)

You have the right to request the erasure of personal data concerning you, in situations provided by law, such as: data is no longer necessary, you withdraw consent or processing is unlawful. This right does not apply when processing is necessary for compliance with a legal obligation.

3.4. Right to Restriction of Processing (Art. 18)

You have the right to request restriction of processing in certain situations, for example when you contest the accuracy of the data or when processing is unlawful but you do not wish erasure.

3.5. Right to Data Portability (Art. 20)

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller.

3.6. Right to Object (Art. 21)

You have the right to object to the processing of data based on legitimate interest, including profiling. In the case of direct marketing, we will immediately cease processing upon receiving your objection.

3.7. Right Not to be Subject to Automated Individual Decision-Making (Art. 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

4. How to Exercise Your Rights

To exercise any of the above rights, you can contact us through:

  • Email: Office@CramaDarie.Ro
  • Phone: +40 723 046 002
  • Post: Vinum Capidava S.R.L., Sat Topalu, comuna Topalu, str. Dunarii nr. 494 B, jud. Constanta, postal code 907280, Romania

We will confirm receipt of your request and will respond within a maximum of 30 days from receipt, in accordance with Art. 12 GDPR. In complex cases, the deadline may be extended by an additional 60 days, with prior notification to you.

We may ask you to verify your identity before processing your request, to protect your data.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or accidental or unlawful disclosure. These measures include:

  • Encryption - use of SSL/TLS protocols for data transmission.
  • Access control - restricting data access based on the "need to know" principle.
  • Backup and recovery - regular backups of critical data.
  • Monitoring - continuous monitoring of systems for detecting unauthorised access.
  • Internal policies - staff training and documented data protection procedures.

6. Security Breach Notification

In the event of a personal data security breach posing a risk to the rights and freedoms of data subjects, we will notify the supervisory authority (ANSPDCP) within 72 hours of becoming aware, in accordance with Art. 33 GDPR.

If the breach is likely to result in a high risk to your rights and freedoms, we will inform you directly, in accordance with Art. 34 GDPR.

7. Protection of Minors Data

Our website is intended exclusively for persons aged 18 or over, in accordance with legislation on the sale of alcoholic beverages (Law no. 61/1991). We do not knowingly collect or process personal data of persons under 18.

8. Cookies

We use cookies and similar technologies on our website. For detailed information about the types of cookies used, their purposes and how to manage them, please consult the Cookie Policy.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with the competent supervisory authority:

  • National Supervisory Authority for Personal Data Processing (ANSPDCP)
  • Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
  • Website: www.dataprotection.ro

Before lodging a complaint, we encourage you to contact us to try to resolve the situation amicably.

10. Compliance Statement

Vinum Capidava S.R.L. (Crama Darie) declares that the processing of personal data is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian legislation. We are committed to maintaining high standards of data protection and to periodically reviewing our processing practices.

11. Changes

We reserve the right to periodically update this policy. Changes will be published on this page with the date of the last update. We recommend that you periodically consult this page.

12. Contact

For any questions regarding the protection of personal data:

  • Vinum Capidava S.R.L. (Crama Darie)
  • Tax ID: RO18585579 | Trade Reg.: J13/1132/13.04.2006
  • Address: Sat Topalu, comuna Topalu, str. Dunarii nr. 494 B, jud. Constanta, postal code 907280, Romania
  • Email: Office@CramaDarie.Ro
  • Phone: +40 723 046 002
  • Hours: Monday-Friday 9:00-18:00