Policy on Personal Data Protection (GDPR)
Effective Date: November 18, 2025
Table of Contents
- 1. Introduction
- 2. Associated Data Controllers
- 3. Data Protection Officer (DPO)
- 4. Categories of Personal Data Processed
- 5. Purposes and Legal Grounds for Processing
- 6. Recipients of Personal Data
- 7. International Data Transfers
- 8. Data Storage Period
- 9. Your Rights
- 10. Security of Personal Data
- 11. Cookies Policy
- 12. Changes to the Privacy Policy
- 13. Contact
- 14. References
1. Introduction
The confidentiality of your personal data represents a fundamental priority for Crystal Logistics Services. This policy describes how we collect, use, transfer, and protect your personal data when you interact with us in connection with our products and services, including through our website.
This policy is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as “GDPR”), as well as applicable national legislation.
2. Associated Data Controllers
| Legal Entity | Registered Office | Registration Number | Contact |
|---|---|---|---|
| Crystal Logistics Services S.R.L. | Bucharest, Sector 1, Strada Dr. Iacob Felix, no. 49, Floor S, Room 9, Romania | J40/4964/2021, CUI 43944517 | Phone: 0040.757.333.184 E-mail: acc@crystal-logistics-services.com |
| Crystal Logistics Services GmbH | Bahnhofstrasse, No. 21, Zug, Switzerland | CHE-217.611.963 | Phone: 0040.757.333.184 E-mail: acc@crystal-logistics-services.com |
3. Data Protection Officer (DPO)
Given the legal obligations and the complexity of our operations, Crystal Logistics Services has appointed a Data Protection Officer (DPO) to oversee compliance with GDPR. For any questions, concerns, or to exercise your rights, please use the general contact details of the company, specifying in your request that it is for the attention of the Data Protection Officer.
Contact details:
• E-mail: acc@crystal-logistics-services.com
• Correspondence address: Bucharest, Sector 1, Strada Dr. Iacob Felix, no. 49, Floor S, Room 9, Romania, for the attention of the Data Protection Officer.
4. Categories of Personal Data Processed
Depending on the nature of your interaction with CLS, we collect different categories of personal data:
a) Clients and Business Partners (natural persons or representatives of legal entities):
• Identification data: Name, surname, position.
• Contact data: E-mail address, telephone number, correspondence/delivery address.
• Transaction data: Details about services, order history, billing data (excluding bank card details), customs information.
• Data collected via the website: IP address, browser type, pages visited (for details, see the Cookies Policy).
b) Data Subjects in the Context of Shipments (shippers, consignees):
• Identification and contact data: Name, surname, full address, telephone number, e-mail.
• Shipment details: Information about the content of the package (to the extent that it may constitute personal data), tracking information, data necessary for customs formalities (including CNP - personal identification number, ID card series and number, where legally required).
c) Employees and Candidates:
• Identification data: Name, surname, CNP, ID card series and number.
• Contact data: Address, phone, e-mail.
• Professional and training data: CV, employment history, diplomas, certifications.
• Financial data: Bank account, salary information.
• Medical data: Only in the context of occupational health obligations.
d) Suppliers and Collaborators (natural persons):
• Identification and contact data: Name, surname, address, phone, e-mail.
• Financial data: Bank account, billing data.
5. Purposes and Legal Grounds for Processing
| Purpose of Processing | Legal Ground (according to Art. 6 GDPR) | Examples of Processing Activities |
|---|---|---|
| Provision of logistics and transport services | Performance of a contract (Art. 6(1)(b)) | Processing and managing transport orders. Tracking shipments. Managing warehousing and distribution operations. Communication with clients and consignees regarding delivery status. |
| Fulfillment of legal obligations | Legal obligation (Art. 6(1)(c)) | Preparation and processing of customs documents (where CNP may be processed). Invoicing and compliance with financial-accounting legislation. Reporting to fiscal authorities and other public institutions. |
| Pre-contractual steps and conclusion of contracts | Performance of a contract (Art. 6(1)(b)) | Collection of necessary data (name, contact, company data) to prepare and send a personalized offer. Processing data to negotiate, conclude, and sign the service provision contract. |
| Management of client and partner relations | Legitimate interest (Art. 6(1)(f)) | Administrative and operational communications essential for service provision. Proactive contact with clients and partners. Handling requests and complaints. Evaluating client satisfaction. |
| Commercial communications and marketing | Legitimate interest (Art. 6(1)(f)) / Consent (Art. 6(1)(a)) | Sending offers, newsletters, and information about CLS services. |
| Recruitment and human resources management | Performance of a contract (Art. 6(1)(b)) / Legal obligation (Art. 6(1)(c)) | Processing applications and organizing interviews. Concluding employment contracts. Payment of salaries and benefits. |
| Physical and IT system security | Legitimate interest (Art. 6(1)(f)) | Monitoring access to the headquarters. Ensuring the security of the network and IT systems. |
| Service improvement and data analysis | Legitimate interest (Art. 6(1)(f)) | Analyzing website traffic data to optimize user experience. Internal reporting. |
6. Recipients of Personal Data
To fulfill our contractual and legal obligations, we may disclose your data to partners, subcontractors, authorities, service providers, and insurers, based on confidentiality and data protection agreements.
7. International Data Transfers
Your data may be transferred outside the European Economic Area (EEA), particularly to Switzerland, where the registered office of Crystal Logistics Services GmbH is located.
Transfers are carried out securely, based on an adequacy decision of the European Commission or Standard Contractual Clauses (SCCs).
8. Data Storage Period
Data is kept only for the period necessary for the collection purposes:
• For the duration of the contract execution;
• 10 years for financial-accounting documents;
• Until consent is withdrawn (for marketing);
• For the duration of the statutory limitation period to defend our legitimate interests.
9. Your Rights
According to GDPR, you benefit from the following rights:
• Right to information and access;
• Right to rectification;
• Right to erasure ('right to be forgotten');
• Right to restriction of processing;
• Right to data portability;
• Right to object;
• Right not to be subject to an automated decision;
• Right to withdraw consent;
• Right to file a complaint with the ANSPDCP (www.dataprotection.ro).
10. Security of Personal Data
Crystal Logistics Services implements technical and organizational measures to protect your data: encryption, access control, staff training, security audits, and incident management.
11. Cookies Policy
Our website uses cookie files to improve the browsing experience, analyze traffic, and for personalized functionalities. Consult the Cookies Policy for details.
12. Changes to the Privacy Policy
We reserve the right to periodically update this policy. Any change will be published on the website and, if necessary, notified via the cookie banner.
13. Contact
For questions or to exercise your rights, you can contact us at:
E-mail: acc@crystal-logistics-services.com
Phone: 0040.757.333.184
Address: Bucharest, Sector 1, Strada Dr. Iacob Felix, no. 49, Floor S, Room 9, Romania
14. References
1. Regulation (EU) 2016/679 (GDPR) - The official text of the regulation;
2. National Supervisory Authority for Personal Data Processing (ANSPDCP) - www.dataprotection.ro;
3. Guidelines and recommendations of the European Data Protection Board (EDPB);
4. Law no. 190/2018 regarding the implementation of GDPR;
5. Commission Decision (EU) 2021/914 on standard contractual clauses;
6. Commission Decision of July 26, 2000 on the adequacy of data protection in Switzerland.