As of 25 May 2018, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as “GDPR Regulation” applies.

Please refer to the information in this document as it expresses APLAST’s policy on the processing of personal data.

Within APLAST SRL we process personal data exclusively within the framework of the legal provisions on the protection of personal data.


  • Controller = The controller responsible for data processing for the purposes of the GDPR Regulation is APLAST S.R.L., with registered office in Village Ceptura de Jos, commune Ceptura, Buliding Aplast, Prahova county, registered with the Prahova Trade Register under no. J29/2033/18.07.2022, tax code RO26856598, hereinafter referred to as “the Controller” or “APLAST”.
  • Contact details of the Data Protection Officer (DPO) = Address to which requests for information on the processing of personal data may be sent: in Village Ceptura de Jos, commune Ceptura, Building Aplast, Prahova county, – in attention of the DATA PROTECTION OFFICER or at the e-mail address:
  • Data subject in the sense of the GDPR Regulation = identified or identifiable natural person (who can be identified, directly or indirectly, in particular cases, by reference to an identifier: name, identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity). The data subject may be the applicant for a service offered by the Operator, as well as any other natural person whose personal data is transmitted to the Operator (for example, a client or potential client, a candidate for a specific job vacancy, a user of the Operator’s website, etc.).
  • Categories of data processed = Personal data (first name, surname, date of birth, address, CNP, series and CI/ID card number, telephone number and e-mail address, etc.) are processed by us only when you enter these data in a field on the website or send them to us by e-mail.
  • Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

In accordance with Regulation (EU) 2016/679 and related legislation, the purposes for which we process your personal data strictly relate to the relationship between APLAST and the data subject. The information you provide to us is treated with the utmost confidentiality and exclusively for the purposes for which it was collected.

Please see below for details of the purposes for which we process data and the legal basis:

1.1 Contracting and customer relationship management:

  1. Website access:

Each time a user accesses a page of our offer and each time a file is opened, access data is saved by us and partially by third parties in the form of protocol files. Each set of data includes: the web page from which you access our site, the IP address, the date and time of access, the client’s request, the http response code, the amount of data transferred, information about the browser and the operating system used.

  1. Geographic Location:

By means of geographic location, using the IP address, it is technically possible to estimate the location of the Internet user. To be able to directly view the offers and articles of the nearest APLAST shop, the IP address is stored and used for the purpose of geographic location. After the end of the current session, the IP address is not stored with us for geographic location purposes.

Note: Certain traffic data (such as IP addresses or other identifiers of the devices with which you access our site) may in certain circumstances be personal data and we will treat it as such.

  1. Customer account data in Aplast applications:

When creating a new customer account in Aplast applications, your data will be saved in the APLAST company database. You can request the deletion of your data and your customer account at any time. In case you place an offer request on our website, the data will be processed for the purpose of successful sales process.

  1. Data for placing an order:

The personal data stored will be used for the purpose of carrying out contracts and processing your requests. After the conclusion of the contract or your request, your data is saved taking into account the retention periods according to fiscal and commercial legislation and where applicable for a period necessary to protect the rights of the Operator.

➢ LEGAL GROUNDS: the legitimate interest of the Operator to avoid online fraud and to ensure the general functionality of the website, the performance of a contract and the consent of the data subject, where applicable.

1.2. Recruitment activities:

  • In order to quickly submit your application for one of the positions available within APLAST, you can use our online section created for this purpose.
  • Your data and documents will be used exclusively for the processing of your application, i.e. to identify a suitable vacancy within APLAST. They are stored in our database, are protected against unauthorized access and processed in accordance with the legislation in force on the processing of personal data.

➢ LEGAL ISSUE: consent of the data subject.


2.1. Rights of the data subject and how they can be exercised.

According to the GDPR Regulation, as a data subject you benefit from a combination of rights, namely:

  1. The right to information and access to personal data: the right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, access to that data.
  2. b. Right to rectification: the right to request the Operator and to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or to obtain the completion of personal data that are incomplete, with the proviso that in the case of an online account you can make these changes yourself in the editing section of the account data.
  3. Right to erasure of data (“right to be forgotten”): the right to obtain the erasure of personal data concerning you without undue delay if certain grounds mentioned in the GDPR Regulation apply.
  4. Right to restriction of processing: the right to obtain restriction of processing in certain cases.
  5. The right to data portability: the right to receive personal data concerning you and to transmit them to another controller.
  6. Right to object: the right to object at any time to the processing of personal data concerning you, in accordance with the GDPR Regulation.
  7. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you to a significant extent.
  8. The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you consider that your data has not been processed in accordance with the law.

➢ How can you exercise these rights?

To exercise the above-mentioned rights, please send a written request, dated and signed to the e-mail address:, or to the postal address: Commune Ceptura de Jos, Aplast Building, Prahova County, to the attention of the Data Protection Officer.

➢ How soon do we respond to your requests?

Within a maximum of one month, calculated from receipt of your request, you will be provided with information on the actions taken or, where applicable, on the reasons why the requested measures cannot be taken.

Note: Please note that to comply with a request for access to personal data we will take all reasonable steps to verify the identity of the data subject.

Also, according to the GDPR Regulation, the above-mentioned response time may be extended by up to two months if necessary, taking into account the complexity and number of requests, and we will inform you about this, if necessary.


Recipients processing personal data within the European Union are obliged to comply with the same legal provisions, providing the same level of protection as the Controller.

3.1. Transmission of data for order processing purposes

Personal data stored by APLAST are transmitted to our collaborators for the purpose of order completion/delivery. For example, your data will be transmitted to transport or courier companies, if you opt for delivery of your order with transport.

3.2. Transmission to public institutions, courts of law, and authorities competent to investigate criminal offences. In special cases, when required by law, APLAST may provide the competent institutions with information on personal data.

3.3. Transmission to other third parties

To provide you with the most enjoyable online experience, we are constantly concerned with improving/maintaining the software programs used.

3.4. Transmission of data to organizations outside the EU

Exceptionally, your data may also be transferred to or accessed by entities outside the European Union, including in countries to which the EU does not recognize an adequate level of personal data protection. These situations arise in particular when we are talking about the use of online platforms/programs/tools for order processing, promotion or related IT infrastructure. For example, in the case of the use of Amazon Web Services infrastructure or applications provided by Google or Microsoft, although the infrastructure as such is in the European Union, it can be accessed by parent organizations in the country of origin. In all such situations, APLAST will take the necessary measures to ensure that your data is protected, such as standard contractual clauses issued by European bodies or relevant certifications on the matter and recognized within the European Union.


For even more details you can consult the legal basis:

  • Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (accessible at Regulation_no_679_2016 ).
  • Law No 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.

The top management is committed to ensuring that this privacy policy is respected by all employees by implementing internal procedures specific to the rules on the protection of personal data, in accordance with the legal basis for their processing.