This Privacy Policy outlines how personal data collected by GRUP SAPTE from representatives of its contractual partners or individuals in the course of the company’s promotional activities will be processed.

By continuing to use the site, you understand that browsing the web page(s) of GRUP SAPTE and interacting with the company’s services may require you to provide certain personal data. Refusing to provide this data may result in the inability to deliver the requested services.

We offer transparent information about the personal data we collect, how we use it, and inform you about the rights of data subjects and how those rights can be exercised.

Before providing personal data through the website or other communication and transfer methods, you will be asked to consent to some of the personal data processing activities conducted by GRUP SAPTE, in accordance with Article 3 of this Policy.

If you submit a request to access information about the processing of your personal data within our company, please note that due to the ongoing processing of your personal data and the routine established in our systems for deleting processed information under the Data Retention Policy, we strive to keep your data accurate and up-to-date at all times.

This routine processing may involve modifying or deleting personal information after your request has been submitted. In such cases, GRUP SAPTE will provide the information available at the time the request is received.

1. Contact Information for the Entity Performing the Described Processing Activities:

Company GRUP SAPTE S.R.L. ((hereinafter referred to as „GRUP SAPTE” or “the company”).

You can contact us via:

You can contact us via:

Registered office address: Cluj-Napoca, 11th Ceahlau street, Romania;

E-mail: dpo@g7.com.ro

By mail at the address listed above.

2. The Collection, Storage, and Processing of Personal Data

We store and process personal data only when you have voluntarily provided it, such as via telephone in direct contact with one of our employees, by email in the case of our corporate clients or collaborators, or by completing a physical (paper format) or digital form. If we collect any additional personal data or if the purpose or legal basis for processing changes, you will be informed in this Policy or during promotional campaigns or events about the intended use of such data. If required by the General Data Protection Regulation (GDPR), we will obtain your consent before carrying out any data processing activities.

In certain cases, if a client expressly requests GRUP SAPTE to process personal data (in terms of accessing, collecting, or storing such data), the company will implement appropriate technical and organizational measures for each specific case. In any situation, personal data will only be processed within the limits of the instructions provided by our client.

3. GRUP SAPTE collects personal data of representatives of client / partner companies and consultant collaborators in accordance with contracts concluded with these legal entities, for the following purposes:

  • To process your personal data each time you access our services, for the purpose of concluding and executing the framework contract under which the contracted services are provided;
  • To execute, organize or promote campaigns and services of our clients for brand experience, shopper marketing or retail operation activities in the field;
  • To process your personal data when we have obtained your consent, such as for the use of third-party cookies or analytical data extracted from Google Analytics tools to monitor website traffic, or directly from you in the field in the context of a BTL marketing campaign;
  • To maintain contact with our partners (via SMS, email, or phone) regarding the execution of the contract;
  • To respond to any requests related to the provision of services or data processing activities;
  • To share information with our contractual partners for the provision of the contracted services;
  • To ensure client access to platforms where our clients services are available and where customers data is collected and presented or made available;
  • To send offers for the purpose of concluding a contract with GRUP SAPTE;
  • To provide information requested by the public authorities, as required by law, or to internal/external audit companies or consultants;
  • To carry out internal corporate operations within GRUP SAPTE (e.g., creating lists, generating reports, etc.);
  • To participate in a contest or promotional campaign sponsored or organized by GRUP SAPTE or a third party on our behalf or on behalf of our clients.
4. Personal Data We Use and the Legal Basis for Data Processing
  • Identification and contact details of our clients’ customers we interact with directly during BTL campaigns – name and surname, work or personal email, phone number (mobile, landline, or both), and the postal address of the company where customers of our clients work. The legal basis for processing this personal data is the legitimate interest pursued by GRUP SAPTE’s legal entity client, as provided in Article 6(1)(f) of the GDPR, to access our services.
  • Identification and contact details of our employees or collaborators acting as consultants – name and surname, phone number, email address, and any information necessary to conclude and execute the contract between the company and the employee or consultant, or any information requested by our client if the consultant is assigned to one of their projects. The legal basis for processing is provided in Article 6(1)(b) of the GDPR.

In your relationship with GRUP SAPTE, you may be asked to provide specific information. You have the right to refuse to share this information, as it is entirely your decision. However, if the requested information is not provided, we may be unable to deliver the requested services optimally.

5. Principles for Processing Personal Data

We adhere to the principles of data processing and protection, ensuring that your personal data will be:

  • Processed lawfully, fairly, and transparently.
  • Collected only for a valid purpose that we have clearly explained and not used in a way incompatible with that purpose.
  • Relevant to the purpose communicated to you and limited only to those purposes.
  • Accurate and kept up to date.
  • Not retained for longer than necessary for the described purposes.
  • Stored securely.

 6. How We Obtain This Data:

Automatically:

  • Through the use of cookies to collect information as outlined in our Cookie Policy.

Directly from You:

  • Via the website, when you submit a message by completing the predefined fields in the “Contact” section.
  • Following interactions with you by phone or email, for the purpose of sending requests, recommendations, or suggestions.
  • Through direct contact with our employees during a business meeting organized by the company.
7. To Whom We Share Your Personal Data and the Results of Our Processing Activities (Reports, Lists, etc.):
  1. To Our Consultants (Legal Entities)

We disclose/share information about the activities of our corporate clients, which may include personal data of their representatives, with our consulting partners to perform the contracted services. This is done only to the extent authorized by you at the time of contract signing or subsequently, prior to the collection of such data from you (e.g., by granting access to certain platforms or providing data received via email or other direct means).

An updated list of contractual partners with whom GRUP SAPTE processes your personal data can be consulted upon request by sending an email or accessing the “Contact” section available on our website, or submitting a request to dpo@g7.com.ro.    

  • Mandatory Disclosure

If necessary, and while GRUP SAPTE retains personal data, we will share it with third parties to comply with any laws, regulations, legal processes, or requests from public authorities (e.g., as part of law enforcement measures, audits, subpoenas, or court orders). Additionally, we may disclose data if we believe in good faith that it is necessary to enforce our internal policies and rules, investigate potential violations, detect, prevent, or address illegal activities, fraud, or security incidents. Furthermore, data may be shared to exercise our legal rights, defend against claims, or prevent harm to our rights, property, safety, or that of our partners, clients, or third parties. This may include collaboration with law enforcement or ensuring the protection of GRUP SAPTE’s intellectual property and other rights.

  • Business Transfers

We may share information, including personal data of representatives of contracted clients or those involved in our commercial activities, in the event of a corporate transaction (e.g., acquisition of a majority or entire share package, or through a merger). In such cases, affiliated companies or the acquiring company will assume the rights and obligations outlined in this policy.

  • Identifiers

We may share identifiers collected through cookies to operate our business, improve website relevance, and detect potential security incidents or technical issues related to website functionality.

  • Non-Personal Information

We may share aggregated or non-personal data (e.g., automatically generated data from our systems, market research data, or commercial insights) with business partners and other third parties, in accordance with this policy.

8. Legal Basis for Processing Personal Data

GRUP SAPTE is responsible for the processing of your personal data throughout the duration of its storage. We comply with the processing principles established under the General Data Protection Regulation (GDPR) and integrate these principles into our internal processes and business practices.

9. Where Do We Process Your Data?

For the duration of processing at GRUP SAPTE, personal data is handled via email in collaboration with Microsoft (SharePoint) within the European Union, in compliance with the EU Data Boundary. Emails sent to and received from GRUP SAPTE are stored on Google Inc servers located in Ireland, with information managed according to our Retention Policy using Google Drive services. If our service providers process your personal data in countries without sufficient protection of your rights, we carefully evaluate all circumstances and ensure adequate security and confidentiality safeguards are in place, so your rights remain fully protected. We also ensure you have the means to exercise your rights.

10. Processing Candidate Data for Job Openings at GRUP SAPTE

Personal data refers to any information that identifies or could be used to identify you. We process data from candidates applying for available positions at the company for legitimate and voluntary purposes, specifically to establish an employment contract. We ensure that we only process personal data strictly necessary for the stated purpose.

Categories of Personal Data Processed for Recruitment and Selection:

  • Identification Data: Name, surname, address, national insurance number, ID document number, photo, etc.
  • Contact Data: Email address, phone number, address, etc.
  • Professional Data: Employer, experience, position, salary, education, etc.
  • Note: For specific roles involving the management of company assets (e.g., cash handling), we may request a criminal record certificate without storing or archiving its data.
  • Digital Data: Cookies, IP addresses, publicly available information on websites or social media platforms you own or follow. These data are accessed but not stored.
  • Special Categories of Data (Sensitive Data): Data revealing racial or ethnic origin, union membership, or health information required for occupational health checks.

How Do We Collect Data?

Directly from You:

  • Through the selection and recruitment process, or when you submit your CV in response to job postings on our Facebook page, recruitment platforms of our contractual partners, or via recommendations.

From Other Sources:

  • Through recommendations;
  • External companies evaluating candidate suitability during recruitment;
  • Workplace health and safety or security service providers;
  • Previous employers.

How Long Do We Retain Your Data?

As a general rule, personal data is retained only as long as necessary for processing purposes, i.e., throughout the recruitment and selection process. If no employment contract is concluded, data will be retained for up to 3 months. For data retained for other specific purposes, the retention period will be detailed in the Data Retention Policy. Your consent will be required for extending the retention period beyond this initial timeframe. Unsolicited CVs will be destroyed or deleted immediately.

11. Your Rights
  • Identification Requirement: Before exercising your rights, we need to verify your identity to protect your personal data from fraudulent attempts.
  • Response to Requests: Requests concerning personal data processing by GRUP SAPTE will be addressed as soon as possible. Internally, we aim to respond to all inquiries regarding your personal data processing activities within one month. You can submit requests via email to privacy@GRUP SAPTE.net or by phone using the number listed in the “Contact” section of our website.
  • Access to Information: You have the right to know the purposes of personal data processing, the categories, sources, recipients, storage periods, and your rights.
  • No Automated Decision-Making: You have the right to opt out of automated decision-making processes. Currently, GRUP SAPTE does not use automated decision-making.
  • Access to Data: You have the right to access your personal data, including obtaining a copy of the data processed.
  • Data Portability: If you request data transfer, GRUP SAPTE will act as a Data Processor, following the instructions of the contractual partner to whom the data is transferred.
  • Data Updates: If you discover inaccuracies, you can request corrections or updates.
  • Processing Restriction: You can request the restriction of processing. This means your data will be stored but not used for other purposes.
  • Data Deletion: You can request the deletion of your data, subject to legal conditions. Requests will be evaluated, and a written response provided within one month.
  • Complaints: If you believe your rights have been violated, you can contact us or escalate the matter to the National Supervisory Authority for Personal Data Processing (address: Bulevardul General Gheorghe Magheru 28-30, Sector 1, Postal Code 010336, Bucharest, Romania) or a competent court.
12. Cookies

Cookies are text files placed on your computer, smartphone, or tablet to collect standard internet log information and details about your behavior on our website. These details are used, for example, to analyze your use of the site and to compile statistical reports on website activity. You can set your browser to reject cookies. However, some internal cookies are necessary to enable users to access and use the GRUP SAPTE website.

For more information, please visit the Cookie Policy.

13. We Do Not Process Data About Minors

By using the GRUP SAPTE website and interacting with us in any way, you confirm that: (i) If located in Romania, you are at least 18 years old; or, if located elsewhere, you meet the age defined as “children” under applicable laws in your jurisdiction. (ii) You have the full legal capacity to consent to this Privacy Policy If you are under 18, please review the terms of this Privacy Policy with your parents or legal guardians. The services provided by GRUP SAPTE are not directed to or intended for children as defined by applicable laws. We do not knowingly collect or solicit information from children. If we become aware that a user is considered a child under applicable law, we will take steps to immediately delete their personal information. If you are aware or have reason to believe that a child has shared any information with us, please contact us at the email address provided above.

14. How We Protect Your Data

To ensure that your rights and freedoms are not compromised and that compliance with relevant data protection laws and regulations is maintained, we implement appropriate technical and organizational measures to ensure a sufficient level of security in the processing of personal data. These measures include regular training and testing of employees, and, where applicable, our subcontractors, as well as the introduction of relevant policies and processes that are regularly reviewed and updated under the supervision of our Data Protection Officer. Additionally, we carefully evaluate our service providers to ensure they meet adequate standards for protecting your personal data. We enter into data processing agreements with these providers to ensure that each subcontractor operating under our authority and handling your personal data carries out the contracted processing activities securely and in compliance with the applicable data protection laws.

15. Updates

Our Privacy Policy may be modified from time to time (generally to comply with evolving data protection laws and practices). Updated versions will be published on our website.

© GRUP SAPTE – Last updated: December 2025