LOGO CFDR small
LOGO CFDR small
menu
Go back
CFDR
Additional Services
Date
07.04.2023

Privacy Policy

Last updated: 5 December 2025

1. Who We Are

This Privacy Policy explains how the Council of Fashion Designers of Romania (“CFDR”, “we”, “us”, “our”) collects, uses, discloses and protects your personal data when you visit our website cfdr.ro, interact with us, or use our services.

CFDR is established in Romania and acts as the data controller for the processing of personal data described in this Policy, in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR); and
  • Romanian data protection legislation, including Law No. 190/2018 on measures implementing the GDPR.

You can contact us regarding data protection matters at: mark@cfdr.ro.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1. Data you provide directly

  • Contact details: name, email address, phone number and any other information you provide when you contact us (for example, via contact forms or email).
  • Membership / project information: professional role, company/brand name, portfolio links and other details you provide when applying for membership, participating in CFDR projects or collaborations.
  • Newsletter subscriptions: your name and email address when you sign up to receive our news and updates.
  • Event registrations: information required to register for events, webinars or other activities organised or supported by CFDR.
  • Account data (if applicable): username, password and profile information for any member or partner area we may provide.
  • Any other information you choose to share: for example in free-text fields, feedback forms or emails.

2.2. Data collected automatically

When you visit our website, we may automatically collect:

  • Technical data: IP address, browser type and version, device type, operating system, language settings, time zone, and approximate location derived from your IP address.
  • Usage data: pages visited, time and date of visits, referring URLs, clicks, scrolls and other interactions with our website.
  • Cookies and similar technologies: identifiers that help us recognise your browser or device and understand how you use our website. For more details, see the section “Cookies and Similar Technologies”.

2.3. Data from third parties

We may receive personal data from third-party partners, such as service providers, event partners, or social networks when you interact with our content there, in accordance with their own privacy policies.

3. Purposes and Legal Bases for Processing

We process your personal data only when a legal basis under the GDPR applies. Depending on the context, we may process your data for the following purposes and on the following legal bases:

3.1. To operate and improve our website

  • Purpose: to provide access to the website, ensure its security, fix technical issues, and improve the user experience.
  • Legal basis: our legitimate interests (Article 6(1)(f) GDPR) in ensuring the proper functioning, security and improvement of our website.

3.2. To respond to your requests and communicate with you

  • Purpose: to respond to your questions, requests for information, collaboration proposals, membership applications or other messages.
  • Legal basis:
    • Legitimate interests (Article 6(1)(f) GDPR) in managing our communications and relationships; and/or
    • Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR), where your request relates to a contract or potential contract with us.

3.3. Membership management, projects and collaborations

  • Purpose: to assess and manage membership or partnership applications, coordinate projects and collaborations, and communicate with members and partners.
  • Legal basis: performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR) and our legitimate interests (Article 6(1)(f) GDPR) in managing our professional community.

3.4. Newsletters and marketing communications

  • Purpose: to send you newsletters, invitations and updates about our activities, projects, events and opportunities that may be relevant to you.
  • Legal basis:
    • Consent (Article 6(1)(a) GDPR), where required by law; or
    • Legitimate interests (Article 6(1)(f) GDPR) in promoting our activities to existing members, partners or contacts, in cases permitted by law.

You may opt out of receiving marketing emails at any time by using the “unsubscribe” link in our emails or by contacting us at mark@cfdr.ro.

3.5. Legal obligations and protection of rights

  • Purpose: to comply with legal obligations (for example, accounting or reporting obligations), and to establish, exercise or defend legal claims.
  • Legal basis:
    • Compliance with a legal obligation (Article 6(1)(c) GDPR); and
    • Legitimate interests (Article 6(1)(f) GDPR) in protecting our rights, property and interests.

4. Cookies and Similar Technologies

Our website may use cookies and similar technologies (such as pixels or local storage) to recognise your browser, store your preferences, and analyse how visitors use our website.

We may use, in particular:

  • Strictly necessary cookies: required for the basic functioning of the website (for example, to load pages or store your cookie preferences).
  • Preference cookies: to remember your settings, such as language preferences.
  • Analytics cookies: to understand how visitors use our website and to improve its content and structure.

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings and, where available, through our cookie banner or cookie settings tool.

5. How We Share Your Personal Data

We do not sell your personal data. We may share your data with:

  • Service providers: such as website hosting providers, IT and security providers, email or newsletter services, event management platforms, and professional advisers (e.g. accountants, lawyers), acting as processors or independent controllers, as applicable.
  • Partners and collaborators: where necessary for the organisation of joint projects, events or initiatives, and only to the extent relevant.
  • Public authorities: where we are required to do so by law, or to protect our rights or the rights of others (for example, supervisory authorities, law enforcement bodies, courts).

When we use processors, we maintain contracts that require them to protect your personal data in accordance with the GDPR and to process it only on our documented instructions.

6. International Data Transfers

Some of our service providers or partners may be located outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we ensure that an appropriate level of protection is provided, for example by:

  • using countries that benefit from an adequacy decision of the European Commission; or
  • entering into contracts including the standard contractual clauses approved by the European Commission, and implementing additional safeguards where necessary.

Further information on such transfers and a copy of the relevant safeguards can be obtained by contacting us at mark@cfdr.ro.

7. Data Retention

We keep your personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying legal, accounting or reporting requirements.

In particular:

  • Contact and correspondence data are typically kept for as long as necessary to handle your request and for a reasonable period thereafter to document our communications.
  • Membership and project data are kept for the duration of the relationship and for a period thereafter as required by law or to protect our legitimate interests.
  • Newsletter subscription data are kept until you unsubscribe or until we decide to stop sending such communications.
  • Technical and analytics data are kept for the periods specified in our cookie settings or, where not specified, for a period that is proportionate to the purpose (generally not longer than a few years).

When data is no longer needed, we will delete it or anonymise it securely.

8. Your Rights Under Data Protection Laws

Under the GDPR and applicable Romanian legislation, you have the following rights in relation to your personal data, subject to certain conditions and limitations:

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of such data, together with information on the processing.
  • Right to rectification: to request the correction of inaccurate or incomplete personal data.
  • Right to erasure: to request the deletion of your personal data, for example when the data are no longer necessary for the purposes for which they were collected or when you withdraw consent (where consent is the legal basis).
  • Right to restriction of processing: to request the restriction of processing in certain situations (for example, while we verify the accuracy of your data or our legitimate interests).
  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Right to object: to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling. You also have an absolute right to object to processing for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

9. How to Exercise Your Rights and Contact the Supervisory Authority

To exercise your rights or if you have any questions or concerns regarding this Privacy Policy or our processing of your personal data, please contact us at:

Email: mark@cfdr.ro

We aim to respond to your request as soon as reasonably possible and within the deadlines provided by law.

You also have the right to lodge a complaint with the Romanian data protection authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP)
Website: www.dataprotection.ro

10. Children’s Privacy

Our website and services are not primarily directed at children. We do not knowingly collect personal data from children under the age required by applicable law without appropriate parental or guardian consent. If you believe that a child has provided us with personal data without such consent, please contact us so that we can take appropriate steps.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices or legal requirements. The updated version will be posted on this page and will indicate the date of the latest revision.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

If you have any questions about this Policy or how we handle your personal data, please contact us at mark@cfdr.ro.

Service request
Become a member