Privacy Policy

Last updated: December 20, 2025

1. Introduction and Operator Information

1.1. Who We Are

The privacy of visitors and users of the website www.dailydriven.ro is very important to us and we are committed to protecting it. This policy explains how we collect, use, store, and protect your personal data.

Personal Data Controller:

Name: S.C. DailyDriven United S.R.L.
Registered Office: Bucharest, Sector 3, Strada Meșter Manole nr. 4, Camera 1, Bloc D10, Scara 2, Floor 1, Apartment 27
Tax ID (CUI): 45984232
Trade Registry No.: J40/7371/19.04.2022
Email: [email protected]

1.2. Scope of Application

This policy applies to all services offered through the DailyDriven.ro platform, including:

News and automotive articles website (blog)
Vehicle and auto parts marketplace
Tuning and automotive optimization services
Steering rack refurbishment services
Turbocharger refurbishment services
Electric charging station installation services
Community forum and Q&A section
Editorial reviews and owner opinions

1.3. Legal Framework

Personal data processing is carried out in accordance with:

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR)
Law no. 190/2018 on measures for the implementation of GDPR
Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector
Other applicable regulations in the field of data protection

2. Types of Personal Data Collected

2.1. Data Provided Directly by You

Identification and Contact Data:

First and last name
Email address
Phone number
Correspondence address (county, locality)

Authentication Data:

Username
Password (stored encrypted)
Authentication data through third-party services (Google, Facebook, Apple)

Marketplace Data:

Information about vehicles listed for sale (make, model, year of manufacture, technical specifications, price)
Photos of vehicles or parts
Descriptions and characteristics of listings
Dealer data (company name, Tax ID, professional contact details)

Service Data:

Vehicle information (for tuning, refurbishment requests, etc.)
Preferences and options selected in request forms
Messages and communications sent through contact forms

User-Generated Content:

Comments and reviews
Forum questions and answers
Vehicle opinions (user reviews)
Uploaded images

2.2. Automatically Collected Data

Technical Data:

IP address
Browser type and version
Operating system
Screen resolution and device type
Unique device identifiers

Navigation Data:

Pages visited and order of access
Time spent on each page
Traffic source (where you came from to the site)
Actions performed on the site (clicks, scrolls, interactions)
Searches performed on the platform

Geolocation Data:

Country and region of access (determined based on IP address)
Preferred browser language

2.3. Data from Third-Party Sources

Profile data from social authentication services (Google, Facebook, Apple)
Data from analytics and advertising services (in aggregated/anonymized form)

3. Purposes and Legal Bases for Processing

3.1. Service Provision (Contract Performance - Art. 6(1)(b) GDPR)

Creating and managing the user account
Publishing and managing marketplace listings
Processing service requests (tuning, refurbishment, etc.)
Facilitating communication between sellers and buyers
Providing access to forum and community features
Delivering requested content and articles

3.2. Legitimate Interests (Art. 6(1)(f) GDPR)

Improving and optimizing our platform and services
Preventing fraud and ensuring platform security
Statistical analysis of site usage (in aggregated form)
Personalizing user experience
Communications regarding important service updates

3.3. Legal Obligations (Art. 6(1)(c) GDPR)

Keeping accounting and tax documents
Responding to requests from competent authorities
Compliance with e-commerce regulations

3.4. Consent (Art. 6(1)(a) GDPR)

Sending commercial communications and newsletters
Displaying personalized advertisements
Using non-essential cookies
Collecting data for research and detailed statistics

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

4. Recipients of Personal Data

4.1. Internal Sharing

Your data may be accessed by DailyDriven employees and collaborators who need this information to fulfill their duties (customer service, marketing, technical, etc.).

4.2. Service Providers (Data Processors)

We work with service providers who process data on our behalf:

Hosting and Infrastructure Services:

Cloud and hosting service providers

Payment Services:

Payment processors for secure transactions

Marketing and Analytics Services:

Google Analytics - traffic analysis
Google Ads - online advertising
Facebook/Meta - advertising and analytics
Email marketing services

Communication Services:

Email service providers
Push notification services

4.3. Independent Third Parties

In the marketplace context:

Buyers can view seller contact details (according to listing settings)
Dealers display their commercial data publicly

Authorities and Institutions:

Tax and regulatory authorities
Courts and law enforcement agencies (upon legal request)

4.4. Transfers Outside the EEA

Some of our providers may process data outside the European Economic Area. In such cases, we ensure that adequate safeguards exist:

European Commission adequacy decisions
Standard contractual clauses approved by the EC
Other approved transfer mechanisms

5. Data Retention Period

5.1. User Accounts

Active accounts: Data is retained for the duration of the account's existence
Inactive accounts: After 3 years of inactivity, you will receive a notification regarding possible deletion
After account closure: Data necessary for legal purposes is retained according to legal deadlines

5.2. Listings and Content

Active listings: For the duration of publication
Expired/deleted listings: Archived for 1 year for potential disputes, then deleted
Comments and reviews: For the duration of account existence or until voluntary deletion

5.3. Service Data

Service requests: 5 years from service completion (for warranty and tax compliance)
Correspondence: 3 years from the last communication

5.4. Analytics Data

Navigation and analytics data: Maximum 26 months
Anonymized/aggregated data: May be retained indefinitely

5.5. Legal Obligations

Accounting and tax documents: 10 years according to tax legislation
Data for litigation: For the duration of applicable limitation periods

6. Your Rights

As a data subject, you have the following rights:

6.1. Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation that we process personal data concerning you and, if so, access to the data and information about the processing.

6.2. Right to Rectification (Art. 16 GDPR)

You have the right to obtain rectification of inaccurate personal data concerning you without undue delay.

6.3. Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You have the right to obtain erasure of personal data concerning you in certain circumstances:

The data is no longer necessary for the purposes of collection
You withdraw consent and there is no other legal basis
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

6.4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain restriction of processing in certain cases:

You contest the accuracy of the data
The processing is unlawful, but you do not want erasure
We need the data for establishing/exercising a right in court

6.5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

6.6. Right to Object (Art. 21 GDPR)

You have the right to object to the processing of personal data concerning you:

At any time, for direct marketing
When processing is based on legitimate interests, on grounds relating to your particular situation

6.7. Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

6.8. Exercising Your Rights

To exercise any right, you may contact us:

Email: [email protected]
Subject: "GDPR Request - [Right Requested]"

We will respond within a maximum of 30 days from receiving the request. In complex cases, the deadline may be extended by an additional 60 days, with prior notification.

6.9. Right to Lodge a Complaint

If you believe that the processing of your data violates GDPR, you have the right to lodge a complaint with the supervisory authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP)

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211
Email: [email protected]
Website: www.dataprotection.ro

7. Data Security

7.1. Technical Measures

SSL/TLS encryption for all communications
Password encryption using modern algorithms (bcrypt)
Firewall and intrusion detection systems
Regular data backups
Secure servers with restricted access
Continuous security monitoring

7.2. Organizational Measures

Data access based on the "need-to-know" principle
Periodic staff training on data protection
Security incident response procedures
Periodic security audits
Confidentiality agreements with employees and collaborators

7.3. Security Breach Notification

In the event of a security breach that may pose a risk to your rights and freedoms, we will notify ANSPDCP within 72 hours and inform you directly if the risk is high.

8. Cookies and Similar Technologies

8.1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help us provide you with a better experience.

8.2. Types of Cookies Used

Strictly Necessary Cookies:

Authentication and session
Security and fraud prevention
Basic site functionality

Performance Cookies:

Analytics and statistics (Google Analytics)
Site performance monitoring

Functionality Cookies:

Your preferences (language, region)
Interface personalization

Marketing Cookies:

Personalized advertising (Google Ads, Facebook Pixel)
Remarketing and retargeting

8.3. Managing Cookies

You can manage your cookie preferences:

Through browser settings
Through the "Cookie Settings" button in the site footer
Disabling essential cookies may affect site functionality

For detailed information about cookies, please see the dedicated page.

9. Minors

Our services are not intended for persons under 16 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected data from a minor without parental consent, we will take steps to delete such data.

Parents or legal guardians who discover that a minor has provided personal data are requested to contact us at [email protected].

10. Links to Third-Party Sites

Our site may contain links to sites operated by third parties. We are not responsible for the privacy practices of these sites. We recommend reading the privacy policies of each site visited.

11. Changes to the Privacy Policy

11.1. Updates

We reserve the right to update this policy periodically. Changes take effect on the date of publication on the site.

11.2. Notifications

For significant changes, we will notify you through:

Email (if you have an account and have provided an email address)
Site notification
Message in your account

11.3. History

The date of the last modification is displayed at the beginning of this document. Previous versions may be requested upon request.

12. Contact

For any questions or requests related to the processing of your personal data, you may contact us:

DailyDriven United S.R.L.

Email: [email protected]

We will make every effort to respond to your requests as soon as possible.

This privacy policy has been updated to reflect the requirements of Regulation (EU) 2016/679 (GDPR) and DailyDriven's current data processing practices.