Privacy policy

1. Introduction

This Privacy Policy explains how Upnet IT SRL (hereinafter „Upnet”, „we”, „us”, „we”, "our") collects, uses, stores and protects the personal data of visitors to the website https://upnet.md and customers who benefit from our IT services.

We respect the principles Regulation (EU) 679/2016 (GDPR) and the legislation of the Republic of Moldova on personal data protection. We are committed to processing data lawfully, fairly, transparently and only for the purposes for which it was collected.

2. Data operator

Upnet IT SRL
IDNO: 1025600001504
Moara Roșie 5/1, Chisinau, Moldova
Email: office@upnet.md
Website: https://upnet.md

The company acts as personal data controller for information collected through the website and direct marketing communications.

3. What data we collect

We only collect data that is strictly necessary for the conduct of our business and for communicating with customers. This may include:

1. a) Data provided directly by you:

• Full name
• Function and company
• Professional e-mail address
• Phone number
• Information from messages sent via contact forms or e-mail
• Data included in tender documents, contracts or invoices

1. b) Data collected automatically (by visiting the website):

• IP address and device identifiers
• Browser type and operating system
• Pages visited and session duration
• Cookies and similar technologies (see Cookie Policy)

4. Purposes of processing

Upnet processes personal data for the following purposes:

1. Commercial and contractual communication - to respond to requests for quotation, questions or messages sent through the website.
2. Contract execution - for providing contracted IT and cloud services, customer account management, billing and technical support.
3. Improving services - for website traffic analysis and content optimization (Google Analytics, reCAPTCHA).
4. Legal and tax compliance - for compliance with legal accounting, tax and archiving obligations.
5. IT security and abuse prevention - to protect infrastructure and detect unauthorized or fraudulent activities.

5. Legal basis of processing

We process personal data on the following grounds:

• Consent your voluntary expression (e.g. filling in the contact form).
• Executing a contract or pre-contractual measures (e.g. request for tender, contract signature).
• Legitimate interest of the company (e.g. infrastructure protection, B2B relationship management).
• Legal obligations (e.g. issuing invoices, tax reporting).

6. Duration of data storage

Data is kept only as long as necessary for the purpose for which it was collected:

• Contact form details: up to 12 months since last correspondence.
• Contractual and accounting data: according to accounting legislation (usually 5-10 years).
• Cookie data: according to the duration set in your browser or Cookie Policy.

After those periods, the data are securely erased or anonymized.

7. Disclosure of data to third parties

Upnet does not sell or disclose personal data to third parties for commercial purposes.
Data can only be transmitted to:

• IT and cloud service providers (e.g. Google, Cloudflare) - for infrastructure operation;
• state institutions (e.g. tax authorities, regulators) - as required by law;
• contractual partners offering complementary services (e.g. technical consultancy, accountancy), only on the basis of confidentiality agreements.

All partners are contractually obliged to comply with GDPR rules and ensure data protection.

8. Transfer of data outside the EEA

In certain situations, data may be stored or processed on servers located in other countries (e.g. EU data centers / Google Cloud).
Transfers are only made to providers that comply with GDPR standards and have adequate safeguards in place (e.g. Standard Contractual Clauses).

9. Rights of data subjects

Under GDPR, you have the following rights:

• Right of access - you can request a copy of the data held about you;
• Right to rectification - you can ask for inaccurate or incomplete data to be corrected;
• Right to erasure („right to be forgotten”) - you can request deletion of data when it is no longer needed;
• Right to restriction - you can request restriction of processing in certain situations;
• Right to oppose - you can object to processing based on legitimate interest;
• Right to data portability - you can request the data to be transferred to another controller;
• Right to complain - to the National Authority for Personal Data Protection (CNPDCP).

To exercise these rights, you can contact us at office@upnet.md.
Applications will be processed within a maximum of 30 days.

10. Data security

Upnet IT SRL apply appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration or unintentional disclosure, including:

• limited access to servers and infrastructure;
• TLS/SSL encryption of communications;
• Secure authentication and complex passwords;
• regular back-ups and continuous monitoring of systems;
• internal security and confidentiality policies for staff.

In the event of a security incident, we will promptly notify affected individuals and authorities as required by law.

11. External links

Website upnet.md may contain links to other websites.
Upnet is not responsible for the content or privacy policies of those sites.
We recommend you read each provider's own policies.

12. Changes to this policy

This Privacy Policy may be updated periodically to reflect legislative or technical changes.
The updated version will be published on this page, with the date of last modification.
Your continued use of the site constitutes acceptance of the updated Policy.

13. Contact

For any questions related to the protection of personal data, you can contact us at:
📧 Email: office@upnet.md
🏢 Company: Upnet IT SRL
🌐 Website: https://upnet.md