GDPR Compliance
Protecting your data rights under GDPR
Our Commitment to Data Protection
DATARAV is fully committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Romanian data protection laws. As a data center provider, we understand the critical importance of data security and privacy.
Data Security
Enterprise-grade security measures protect your data with encryption, access controls, and continuous monitoring.
Transparency
Clear and accessible information about how we collect, process, and protect your personal data.
Your Rights
Full support for exercising your data subject rights under GDPR, with dedicated response procedures.
Data Processing Roles
Understanding our role in processing your data
As Data Controller
When you visit our website, contact us, or become a customer, DATARAV acts as the data controller. We determine the purposes and means of processing your personal data, such as:
- Customer account information
- Billing and payment data
- Support communications
- Website analytics
As Data Processor
When you use our infrastructure services to store and process your own data, DATARAV acts as a data processor. You remain the controller of your data, and we process it only according to your instructions:
- Colocation services
- Cloud hosting infrastructure
- Backup and storage services
- Managed services
Regulation: EU General Data Protection Regulation (EU) 2016/679
National Law: Romanian Law 190/2018
Last Updated: February 05, 2026
GDPR Principles We Follow
All personal data processing at DATARAV adheres to the core principles of GDPR:
Lawfulness, Fairness, and Transparency
We process data lawfully, fairly, and in a transparent manner, clearly informing you about how your data is used.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.
Data Minimization
We only collect and process data that is adequate, relevant, and limited to what is necessary.
Accuracy
Personal data is kept accurate and up to date, with procedures to rectify or erase inaccurate data.
Storage Limitation
Data is retained only for as long as necessary for the purposes for which it was collected.
Integrity and Confidentiality
Appropriate security measures protect against unauthorized processing, accidental loss, destruction, or damage.
Accountability
We maintain documentation and can demonstrate compliance with all GDPR principles.
Your Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of Access | Obtain confirmation of whether we process your data and request a copy |
| Right to Rectification | Request correction of inaccurate or incomplete personal data |
| Right to Erasure | Request deletion of your personal data under certain circumstances |
| Right to Restrict Processing | Request limitation of processing in specific situations |
| Right to Data Portability | Receive your data in a structured, machine-readable format |
| Right to Object | Object to processing based on legitimate interests or direct marketing |
| Rights Related to Automated Decisions | Not be subject to decisions based solely on automated processing |
To exercise any of these rights, please contact our Data Protection team at [email protected]. We will respond to your request within 30 days.
Technical and Organizational Measures
We implement comprehensive security measures to protect personal data:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Control: Role-based access with multi-factor authentication
- Physical Security: 24/7 monitoring, biometric access, CCTV surveillance
- Network Security: Firewalls, intrusion detection, DDoS protection
- Audit Logging: Comprehensive logging of all data access and modifications
- Employee Training: Regular GDPR and security awareness training
- Vendor Management: Due diligence and DPAs with all sub-processors
- Regular Audits: Internal and external security assessments
Data Processing Agreement (DPA)
For customers using our infrastructure services, we provide a comprehensive Data Processing Agreement that includes:
- Subject matter and duration of processing
- Nature and purpose of processing
- Types of personal data and categories of data subjects
- Obligations and rights of the controller
- Sub-processor engagement terms
- Data transfer mechanisms for international transfers
- Assistance with data subject requests
- Data breach notification procedures
To request a copy of our DPA, please contact [email protected].
Data Breach Procedures
In the event of a personal data breach, DATARAV follows strict procedures in compliance with GDPR Article 33 and 34:
- Detection: Continuous monitoring systems to detect potential breaches
- Assessment: Immediate evaluation of the nature and scope of the breach
- Containment: Swift action to contain and mitigate the breach
- Notification: Notification to supervisory authority within 72 hours where required
- Communication: Notification to affected data subjects when there is high risk
- Documentation: Full documentation of the breach and remediation actions
International Data Transfers
Your data is primarily processed within the European Economic Area (EEA). When transfers outside the EEA are necessary, we ensure appropriate safeguards including:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules where applicable
- Transfer impact assessments
Contact Our Data Protection Team
For any questions about GDPR compliance or to exercise your rights:
Supervisory Authority
You have the right to lodge a complaint with the Romanian supervisory authority:
ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1
010336 Bucharest, Romania
Website: www.dataprotection.ro
Note: This page provides an overview of our GDPR compliance measures. For complete details on how we process your personal data, please refer to our Privacy Policy.
Ready to Get Started?
Join hundreds of businesses that trust DATARAV for their critical infrastructure needs. Let's discuss how we can support your growth.