PRIVACY POLICY

Last Updated: June 23, 2025
Effective Date: June 23, 2025

1. CONTROLLER INFORMATION

Data Controller:
MICRO DIGITAL ELECTRONICS CORP S.R.L.
Registration Number: 50047468
Address: Splaiul Unirii nr. 16, office 705, Bucharest, Sector 4, Romania
Email: vp@vendor.energy

Data Protection Contact:
Vitaly Peretyachenko
Email: vp@vendor.energy

2. SCOPE AND APPLICATION

This Privacy Policy applies to the processing of personal data through our website https://vendor.energy (the “Website”) and related services. This policy describes how we collect, use, store, and protect your personal information in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”)
  • Law No. 190/2018 on implementing measures for the GDPR in Romania
  • Romanian Law No. 506/2004 on personal data processing
  • Other applicable data protection laws

3. PERSONAL DATA WE COLLECT

3.1 Information You Provide Directly

We collect personal data that you voluntarily provide to us through:

Contact Forms:

  • Full name
  • Email address
  • Phone number
  • LinkedIn profile URL
  • Message content
  • Company information (if provided)

Newsletter Subscriptions:

  • Email address
  • Name (optional)
  • Subscription preferences

Investor Inquiries:

  • Contact information
  • Investment interests
  • Professional background information

3.2 Information We Collect Automatically

Technical Data:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Referring website URLs
  • Pages visited and time spent
  • Click-through rates
  • Date and time of visits

Cookies and Tracking Technologies:

  • Analytics cookies (Google Analytics)
  • Functional cookies
  • Session cookies
  • Persistent cookies

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

4.1 Legitimate Interest (Article 6(1)(f))

  • Website analytics and performance optimization
  • Security monitoring and fraud prevention
  • Business communication and relationship management
  • Marketing to existing contacts (where consent not required)

4.2 Consent (Article 6(1)(a))

  • Newsletter subscriptions
  • Marketing communications to new contacts
  • Non-essential cookies

4.3 Contract Performance (Article 6(1)(b))

  • Responding to your inquiries
  • Providing requested information about our project

4.4 Legal Obligation (Article 6(1)(c))

  • Compliance with legal and regulatory requirements
  • Record keeping obligations

5. PURPOSES OF PROCESSING

We process your personal data for the following purposes:

5.1 Primary Purposes

  • Responding to your inquiries and requests
  • Providing information about the VENDOR project
  • Facilitating investor communications
  • Maintaining and improving our Website
  • Ensuring Website security and preventing fraud

5.2 Secondary Purposes

  • Sending newsletters and project updates (with consent)
  • Marketing communications (with consent or legitimate interest)
  • Analytics and Website optimization
  • Legal compliance and record keeping

6. DATA SHARING AND DISCLOSURE

6.1 We May Share Your Data With:

Service Providers:

  • Web hosting providers (EU-based)
  • Email service providers (EU-based or adequacy decision jurisdictions)
  • Analytics providers (Google Analytics – see Section 6.2)
  • IT support and maintenance providers

Legal Requirements:

  • Law enforcement or regulatory authorities when required by law
  • Legal advisors and auditors
  • Courts and tribunals as required

6.2 International Transfers

Google Analytics: We use Google Analytics, which may transfer data to the United States. This transfer is based on:

  • Google’s compliance with EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable

Safeguards: All international transfers are protected by appropriate safeguards including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes

6.3 We Will Never:

  • Sell your personal data to third parties
  • Share your data for others’ marketing purposes without explicit consent
  • Transfer data to countries without adequate protection

7. DATA RETENTION

We retain your personal data only for as long as necessary for the purposes outlined in this policy:

Contact Form Data: 3 years from last contact or until you request deletion Newsletter Subscriptions: Until you unsubscribe or request deletion Investor Inquiries: 7 years for legal and business purposes Website Analytics: 26 months (Google Analytics default) Cookies: As specified in our Cookie Policy Legal Compliance: As required by applicable law

8. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

Request confirmation of processing and a copy of your personal data.

8.2 Right of Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

8.3 Right of Erasure (Article 17)

Request deletion of your personal data in certain circumstances.

8.4 Right to Restrict Processing (Article 18)

Request limitation of processing in certain circumstances.

8.5 Right to Data Portability (Article 20)

Request transfer of your data to another controller in structured format.

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

8.7 Right to Withdraw Consent (Article 7)

Withdraw consent at any time where processing is based on consent.

8.8 Right to Lodge a Complaint

File a complaint with:

  • Romanian Supervisory Authority: ANSPDCP (anspdcp.ro)
  • Your local EU supervisory authority

9. EXERCISING YOUR RIGHTS

To exercise your rights:

Contact Us:

  • Email: vp@vendor.energy
  • Written request to: MICRO DIGITAL ELECTRONICS CORP S.R.L., Splaiul Unirii nr. 16, office 705, Bucharest, Sector 4, Romania

Response Time: We will respond within 1 month (extendable to 3 months for complex requests)

Verification: We may request identity verification to protect your data

Free of Charge: Exercising your rights is generally free, unless requests are manifestly unfounded or excessive

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

  • SSL/TLS encryption for data transmission
  • Secure hosting infrastructure
  • Regular security updates and patches
  • Access controls and authentication
  • Data backup and recovery procedures

Organizational Measures:

  • Staff training on data protection
  • Data processing agreements with service providers
  • Regular security assessments
  • Incident response procedures
  • Privacy by design and default principles

11. COOKIES AND TRACKING

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

Essential Cookies: Required for Website functionality 
Analytics Cookies: Google Analytics (with consent) 
Functional Cookies: Enhance user experience 
Marketing Cookies: Only with explicit consent

12. CHILDREN’S PRIVACY

Our Website is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

13. THIRD-PARTY LINKS

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. DATA BREACH NOTIFICATION

In the event of a personal data breach likely to result in high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

15. PRIVACY BY DESIGN

We implement privacy by design principles:

  • Proactive data protection measures
  • Privacy as the default setting
  • Full functionality with privacy protection
  • End-to-end security
  • Visibility and transparency
  • Respect for user privacy

16. UPDATES TO THIS POLICY

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will:

  • Post the updated policy on our Website
  • Update the “Last Updated” date
  • Notify you of material changes via email (if you have subscribed)
  • Obtain consent for material changes where required

17. CONTACT INFORMATION

For any questions or concerns about this Privacy Policy or our data processing practices:

Data Controller:
MICRO DIGITAL ELECTRONICS CORP S.R.L.
Splaiul Unirii nr. 16, office 705
Bucharest, Sector 4, Romania
Email: vp@vendor.energy

Data Protection Contact:
Vitaly Peretyachenko
Email: vp@vendor.energy

Romanian Supervisory Authority:
ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Website: anspdcp.ro
Email: anspdcp@dataprotection.ro

This Privacy Policy is governed by Romanian law and EU regulations. Any disputes will be resolved in the competent courts of Bucharest, Romania.