Skip to main content
Maschinenbau Timisoara SRL
(+4) 0723 220 385
Language
Machine Finder
Cart
Legal document

Privacy Policy

Last updated:

1. Data controller

The controller of personal data collected through this website is:

  • Name: MASCHINENBAU TIMISOARA SRL
  • Registered office: Str. Emile Zola nr. 37, 300439 Timisoara, Timis County, Romania
  • Tax ID (CUI): RO18912085
  • Trade Register no.: J35/1242/2002
  • Share capital: 11.000 RON
  • Contact e-mail: office@mbt.ro
  • Phone: (+4) 0723 220 385 / (+4) 0356 451 500

2. Data we collect

Depending on how you interact with the website, we collect the following categories of personal data:

  • Identification and contact details: first name, last name, e-mail, phone, company name, tax ID (CUI / CIF)
  • Address: delivery and/or billing address
  • Order data: order history, products purchased, amount, payment method (we do NOT store card data – this is processed directly by the payment processor)
  • Technical data: IP address, browser type, operating system, pages visited, visit duration, traffic source
  • Communications: messages sent through contact or quotation request (RFQ) forms
  • User account: if you create an account, we link your orders to it
  • Performance of a contract (art. 6(1)(b) GDPR): order processing, delivery, invoicing, after-sales support
  • Legal obligation (art. 6(1)(c) GDPR): issuing tax invoices, ANAF / e-Invoice reporting, retention of accounting records under Law 82/1991
  • Legitimate interest (art. 6(1)(f) GDPR): fraud prevention, site improvement, aggregated statistics
  • Consent (art. 6(1)(a) GDPR): e-mail marketing (newsletter), non-essential cookies, commercial communications

4. Who we share data with (sub-processors)

Your data may be shared only to the extent necessary to perform the contract or comply with legal obligations. Alongside couriers, our accountants and public authorities (ANAF, ANPC, courts), we use the following sub-processors within the meaning of art. 28 GDPR:

Sub-processorPurposeLocationSafeguard
cPanel SMTP (mail.mbt.ro)Transactional e-mail (order confirmations, password resets)EU (Romania)Internal — operated on our own infrastructure
Stripe Payments Europe LtdCard payment processingIreland (EU)EU adequacy + PCI-DSS certification
Google LLC (Gemini API)AI chat assistant on the siteUnited StatesEU Standard Contractual Clauses (SCCs) + EU-U.S. Data Privacy Framework (DPF)
Contabo GmbHVPS hosting (application server + database)Germany (EU)Adequacy
Better-Auth (self-hosted)User authentication (sessions, password hashes)Same serverInternal — operated on our own infrastructure

We do not sell or rent personal data to third parties. We do NOT use Meta Pixel, LinkedIn Insight or any other advertising retargeting tools.

5. International transfers

The only sub-processor located outside the European Economic Area is Google LLC (Gemini API), used to power the AI assistant. The transfer is carried out on the basis of the EU Standard Contractual Clauses approved by the European Commission (Decision 2021/914) and Google’s certification under the EU-U.S. Data Privacy Framework (DPF). All other sub-processors are located within the EU.

6. How long we keep data

  • Orders and invoices: 10 years (under Law 82/1991)
  • User account data: for the lifetime of the account + 3 years after deletion
  • Active shopping cart: retained while your account is active. Abandoned carts (no activity for 12 months) are automatically deleted.
  • Quotation requests (RFQ): 3 years from the last interaction
  • Marketing data (newsletter): until consent is withdrawn
  • Technical logs: 90 days
  • AI chat: the first 200 characters of every prompt are retained in our audit log for 90 days for abuse monitoring and service improvement.

7. Your rights

Under the GDPR (Regulation (EU) 2016/679) and Law 190/2018, you have the following rights:

  • Right of access to your data (art. 15 GDPR)
  • Right to rectification (art. 16 GDPR)
  • Right to erasure – “right to be forgotten” (art. 17 GDPR)
  • Right to restriction of processing (art. 18 GDPR)
  • Right to data portability (art. 20 GDPR)
  • Right to object to processing (art. 21 GDPR)
  • Right not to be subject to automated decision-making (art. 22 GDPR)
  • Right to withdraw consent at any time (art. 7(3) GDPR)
  • Right to lodge a complaint with the supervisory authority (art. 77 GDPR)

To exercise these rights, you can contact us at: office@mbt.ro

Supervisory authority in Romania: National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postcode 010336, Bucharest, www.dataprotection.ro

8. Data security

We implement appropriate technical and organisational measures to protect your data: SSL/TLS encryption, access control, regular backups, firewall, antivirus, staff training.

9. Cookies

For details about cookies, please see the Cookie Policy.

10. Changes

We may update this policy from time to time. The current version is always available on this page, with the date of the last update shown at the top.

Choose which categories to enable. Strictly necessary cookies are always on.

Request a quote

We reply within 24h with price, lead time, and stock status.

Cart cannot mix priced items and quote requests

Your cart already has items of a different type. Keep one bucket and we will continue.