- Data Controller
Societatea Comerciala GRUP SAPTE S.R.L. (Hereinafter referred to as „GRUP SAPTE” or “the company”)
You can contact us via:
Registered office address: Cluj-Napoca, 11th Ceahlau street, Romania;
E-mail: letstalk@g7.com.ro
By mail at the address listed above.
- General
The need to retain personal data varies depending on the type of data processed within the company. Some data can be deleted immediately, while others must be stored until their future utility is no longer possible. In certain cases, personal data must be retained for a period of limited time, with storage terms settled by applicable national or European Union legal regulations.
In other cases, storage terms must be determined by each organization individually, based on its specific activities, while adhering to the principles of data processing outlined in the EU Regulation 679/2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data (commonly known as “GDPR”).
Since determining data processing and retention terms can be a subjective undertaking, implementing a Retention Policy is essential to ensure that the rules established by the company regarding data storage are consistently applied throughout the organization.
In all cases, the company will comply with the provisions of the GDPR and Law No. 190/2018 on measures to implement the General Data Protection Regulation in its activities related to the storage of personal data.
- Storage Policy
The scope of this Policy covers all company data, including data stored in its information systems, data provided by the company to the media, data leased or obtained through collaborations and contractual partnerships, regardless of the location (company headquarters or branch office) where such data is processed.
The Storage Policy at GRUP SAPTE is a tool that ensures compliance with GDPR requirements and relevant data protection laws and regulations. This Policy primarily addresses the principle of time-limited retention of processed personal data, requiring that such data be stored only for as long as necessary to fulfill the purposes for which it is processed. The Personal Data Storage (Retention) Policy is intended primarily as a beneficial resource for the company’s activities, allocating relevant retention periods across all areas of activity and departments. It facilitates consistent and controlled processes for the deletion/removal of personal data.
- Requests Regarding the Personal Data Storage (Retention) Policy
This Policy applies to natural persons as GRUP SAPTE clients, legal entities as clients, as well as representatives of our contractual partners, both as Data Controllers in relation to GRUP SAPTE and as Processors authorized by the Controller, in accordance with the General Data Protection Regulation (GDPR).
We store and process personal data only in cases where you have voluntarily provided this information, such as by contacting the company through the available communication channels, completing a contact form, subscribing to the company’s newsletter, or purchasing products remotely through the website or in GRUP SAPTE’s physical stores.
If you have any requests or questions regarding the retention periods for your personal data at GRUP SAPTE, please contact the company using the aforementioned contact information.
- Reasons Justifying the Long-Term Retention of Personal Data at GRUP SAPTE
The company does not intend to adopt a “save everything” approach. We believe such a rule is neither practical nor cost-effective and would place an excessive burden on all company staff, particularly the IT department, which would need to manage an increasingly large volume of data.
However, certain data must be retained long-term to protect the company’s interests, preserve evidence regarding the processing or deletion of personal data in compliance with the law and this Policy, if deemed necessary by GRUP SAPTE, and in general, to adhere to good business practices.
Some of the most important reasons for long-term data retention at GRUP SAPTE include:
• Complaints regarding the quality of the company’s products or services;
• Legal disputes;
• Investigation of workplace accidents;
• Inquiry into the occurrence of a security incident;
• Legal regulations;
• Protection of intellectual property rights
- Retention (Storage) Periods
The retention periods for personal data are specified in the table below and apply to all record formats, whether paper and/or electronic, unless explicitly mentioned otherwise in this Policy.
| DEPARTMENT | PROCESSING ACTIVITY | RETENTION PERIOD |
| CUSTOMER RELATIONS | Emails received from suppliers regarding various requests or complaints | 3 years from the date of receipt, both in physical and electronic format. If these emails do not have significant legal or economic impact on the company’s activities, they may be deleted sooner, based on specific decisions made within the organization’s internal hierarchy. |
| CUSTOMER RELATIONS | Emails received from CLIENTS regarding requests related to the company’s commercial activity | 3 years from the date of receipt in electronic format. If these emails do not have significant legal or economic impact on the company’s activities, they may be deleted sooner, based on specific decisions made within the organization’s internal hierarchy. |
| CUSTOMER RELATIONS | Emails received from CLIENTS regarding requests related to personal data processing activities within the company | 3 years from the date of receipt in electronic format. If these emails do not have significant legal or economic impact on the company’s activities, they may be deleted sooner, based on specific decisions made within the organization’s internal hierarchy. |
| CUSTOMER RELATIONS | General data received from clients, including access to certain data and information | Generally, until we are instructed to store this information or until the termination of the contract or the commercial-legal relationship. We do not retain personal data or information after a request for data deletion has been made or after becoming aware that the data has become inactive. |
| LOGISTICS | AWB (Airway Bill) and documents accompanying the shipment of correspondence or documents that certify the provision of services or the established commercial and legal relationship with the client (e.g., delivery note, receipt, fiscal receipt, and other such fiscal documents). | 5 years |
| BUSINESS RELATIONS | Contracts concluded by the company with suppliers and other contractual partners | 10 years from the date of contract termination. |
| BUSINESS RELATIONS | Financial and accounting documents (e.g., invoices) | Minimum 5 years, maximum 10 years from the issuance date of each invoice. |
| BUSINESS RELATIONS | Partnership contracts concluded by the company for commercial promotional events organized by the company | 10 years from the date of contract termination |
| BUSINESS RELATIONS | Business cards collected during business meetings | 1 year from the date of the last contact |
| BUSINESS RELATIONS (B2B) | Personal data such as name, position, and contact details of representatives of partner companies | Until a request for data deletion is made or until it is determined that the data has become inactive |
For information regarding the retention periods for personal data processing activities within the company that are not specified in this Policy, please send your inquiries to the email address dpo@g7.com.ro or use the other communication methods provided in Article 1, considering the conditions outlined in Article 4.
- Retention Plan
The table containing the recommended retention periods for keeping clients’ personal data in the company’s records (systems or physical archives) is provided for each relevant area of activity. The retention period applies by default to all records in the respective category and will be adhered to whenever possible. However, we acknowledge that exceptional circumstances may arise that require documents to be retained for either shorter or longer terms. If individual records or documents require a retention period different from the recommended one, GRUP SAPTE should be contacted to discuss specific storage requirements.
- Data Destruction
Data destruction is an essential component of the rules governing the storage of personal data that is no longer needed for the company’s future activities. Proper data destruction ensures the efficient use of collected data, making data management and retrieval feasible and cost-effective.
When the retention period expires, the company must actively destroy the data covered by this Policy. If an employee (or collaborator) with access to the processed personal data believes that certain data should not be destroyed, they must contact their direct supervisor, the Data Protection Officer, the external consultant overseeing the company’s data processing activities, or, in their absence, the company’s direct management. This will allow the possibility of considering an exception to the rules established in this Policy. Since such a decision has long-term legal implications, exceptions will only be made by one or more members of the company’s management team.
The company expressly advises employees (or collaborators) not to destroy data in violation of this Policy. The destruction of data that an employee (or collaborator) deems harmful to the company or the destruction of data in an attempt to conceal a violation of the law or the provisions of this Policy is explicitly prohibited.
9. Data Deletion Requests
You can request the deletion of personal data by sending an email to dpo@g7.com.ro, including the following details:
– Your contact information for the company’s response/feedback;
– Your name;
– The processing activities through which the data was collected or processed (e.g., marketing campaigns, promotions, etc.);
– The type of data collected or processed that you wish to delete;
– The total number of records to be deleted.;
The response timeframe for your request is 15 days from the date of submission. If the complexity of your request requires an extended response time, it will not exceed 30 business days from the date of submission. In such cases, a company representative will communicate the status of your request.
If your request is resolved with the deletion of your data following its evaluation by GRUP SAPTE, we will send you a document outlining the company’s response and the actions taken, using the agreed communication method.
This document will include at least the following information:
– The purpose(s) for which the data was processed;
– The data that has been deleted/removed/destroyed and the GRUP SAPTE processing activity to which it belonged.
– The number of records deleted.
The physical document sent will be signed by a representative of GRUP SAPTE and stored in both physical and scanned formats for a period of 3 years from the date of notification. After this period, the original document will be destroyed and recycled. If the response is sent via email, it will be stored on the company’s servers for 3 years from the date it is sent to the client’s provided email address, after which it will be deleted.
If you submit a request to access information about the processing of your personal data within our company, please note that due to the ongoing processing of your personal data and the routine established in our systems for deleting processed information in accordance with the Data Retention Policy, we strive to keep your data accurate and up-to-date at all times. This routine processing may involve the modification or deletion of personal information after your request has been submitted. In such cases, GRUP SAPTE will provide the information available at the time the request is received.
10. Continuous Development
The retention periods will be maintained by GRUP SAPTE, which will implement changes, additions, and updates whenever required by legislation, guidelines from the National Authority for the Supervision of Personal Data Processing, or organizational or structural changes within GRUP SAPTE.
11. Updates
Our Personal Data Storage (Retention) Policy is under regular review and may be amended from time to time (generally to comply with data protection laws and practices). Updated versions will be published on our website.
© GRUP SAPTE – Last updated: December 2025