Personal Data Processing Policy


SERGIANA GRUP considers data confidentiality to be an essential component in business. Our data protection policy and practices focus on the proper and legal processing, circulation and storage of personal data, while ensuring their confidentiality, integrity and availability.

This Personal Data Processing Policy applies to the companies in the Sergiana group of companies, namely:

The company SERGIANA PRODIMPEX SRL, with registered office in Poiana Mărului, 618 B Sub Masa Mare St., jud. Brașov, registered with the Trade Register Office under no. J08/3570/1994, unique registration code 6981790;

The company ALTIUS SRL, with registered office in Brașov, 18 Lotrului St., jud. Brașov, registered with the Trade Register Office under no. J08/1017/1992, unique registration code 1106353;

The company EUROPIG SA, with registered office in Șercaia, 1 Câmpului St., jud. Brașov, registered with the Trade Register Office under no. J08/814/1999, unique registration code 12477349;

The company SERGIANA SRL with registered office in 339 Poiana Mărului, jud. Brașov, registered with the Trade Register Office under no. J08/1231/1992, unique registration code1098471;

The company DIA-ZAR SRL, with registered office in Brașov, 16 Lotrului St., jud. Brașov, registered with the Trade Register Office under no. J08/684/2010, unique registration code 27071186;

The company BICOR SRL, with registered office in Brașov, 3 Roșiorilor St., jud. Braşov, registered with the Trade Register Office under no. J08/3604/1992, unique registration code 2739370;

The phrase Sergiana Grup refers to the entire group of companies or, as the case may be, to each individual company.

SERGIANA MISSION: We cherish traditions, offering honest, tasty products!

SERGIANA VISION: To always be a brand that is well known for its premium quality, trustworthy products!








This Policy explains why we need some personal data to provide certain services, the types of information we collect, how we use this information, and what rights you have regarding the personal data we process.

Our personal data processing policy is based on the following data protection principles:

 - The processing of personal data is done in a legal, correct and transparent manner;

 - Personal data is collected only for specified, explicit and legitimate purposes, and the data will not be further processed in a manner incompatible with those purposes;

 - The collection of personal data will be appropriate, relevant and limited to the information necessary for the purpose of the processing;

 - Personal data will be accurate and, where necessary, updated; We will take all necessary steps to ensure that incorrect data is deleted or corrected without delay;

 - Personal data will be kept in a form that allows the data subject to be identified strictly for the required period;

 - All personal data will be kept confidential and stored in a manner that ensures the necessary security;

 - Respect for the rights of the data subjects

What is Personal Data

According to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) ( “Personal Data” means any information relating to an identified or identifiable individual (“the data subject”). An identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements of his/her physical, physiological, genetic, psychic, economic, cultural or social identity.

In summary, personal data means data that relates to a living person who can be identified using or starting from this data and using additional information that is or may come into the possession of the data controller.


Those who want to benefit from our services / products / offers and provide us with information can be asked to provide personal data to enable Sergiana to operate and improve services.

We will collect your personal data, for example when:

 - you are or want to enter into a contractual relationship with us

 - you register in a loyalty program;

 - you subscribe to newsletters, alerts, etc.;

 - you contact us through various channels, or ask us for information about a product or service;

 - you participate in a raffle / draw;

 - you visit one of our locations, supervised by camcorders

 - you make card payments in our shops / restaurants

 - in case you are interested in joining our team and send us a CV via any communication channel

 - you visit or browse the websites or


We use cookies. For further details in this respect and how to choose to opt-out, please see the Cookies section on the above mentioned websites.

We collect personal data such as:

∙ identification data (e.g. your first and last name, address, telephone number, date of birth, e-mail address);

 - age, sex, marital status, children, hobbies

 - the nick-name and photo on social networking sites, if you contact us through them

 - your preferences for certain products / services

 - your contact with us, such as a message, an e-mail or a letter sent or other evidence of your contact with us;

 - the image


The Purpose of Processing

We will process your personal data for the following purposes:

 - our day-to-day activities - to manage, grow and develop our business

 - to monitor/ ensure the security of individuals / premises / goods through CCTV cameras

 - marketing, advertising, loyalty, direct marketing communications, promotion of services / products

 - customer care

 - to respond to any claims / complaints

 - to operate the websites and

 - recruitment

 - the conclusion and execution of employment contracts, the professional and personal development of employees

 - providing professional practice

 - financial and accounting

 - legislative and procedural compliance

 - legal protection of the company

 - managing public relations and representing the interests of the company

 - maintaining and developing IT infrastructure and data support to facilitate deployment, development and protection of our activities and our employees

 - physical security

If you have given your consent, we will keep you informed about new products and services, we will send you newsletters or let you know about events, offers, promotions, draws. We personalize these messages so long as you provide us with relevant information

We will contact you by mail, online, by telephone or by push notifications through our applications.

We do not use the data to send marketing communications unless you have consented to or will be explicitly consenting to such communications. Even in such cases, you have an easy option to unsubscribe (withdraw your consent) at any time in the communication itself, in the mobile application or the online account - the Account Settings section, or by contacting us as indicated in the “Contact Information” section of this Personal Data Processing Policy.


The Legal Grounds for the Processing

We will process your personal data based on the following:

1. Our legitimate interests, for example, to manage, grow and develop our business, improve our services, avoid fraud, etc. Whenever we rely on these legal grounds to process your data, we evaluate our commercial interests to ensure that they do not override your rights. In addition, in some cases you have the right to oppose this processing. Additional information is available in the “The Rights of Data Subjects” section of this policy.

2. To execute a contract orto take the necessary steps upon your request before concluding a Contract.

3. In order to fulfill a legal obligation that we have.

4. Your consent, when the processing is not based on other grounds besides those mentioned above. Consent can be withdrawn at any time.


The Security of Data Collected and Processed

We use security methods and technologies along with policies applied to employees. We make all reasonable, commercially grounded efforts to protect your personal data against accidental or unlawful destruction or loss, alteration, disclosure or unauthorized access;  we analyze the new technologies in the field and, when and where applicable, apply them to upgrade our security systems.


Disclosure of Personal Data

Personal data shall not be disclosed to third parties, unless disclosure is required to enable us to provide you with our services. If we have entered into a contract with a service provider or contractor to provide us with services and they may have access to your personal data, they are limited (by law and by contract) in their capacity to use personal information only for the specific purposes we have identified. We will always ensure that the processor to whom we disclose personal data is subject to confidentiality and security obligations in accordance with the contracts signed and applicable laws. We will not disclose personal data to third parties in order to allow them to market their products and services to our customers.

In some situations, we may have to disclose personal data to comply with a legal request when we believe in good faith that disclosure of data is necessary to investigate fraud, protect the rights and safety of our customers or our employees.


The processing period

We will store your data as long as required by law. If there is no legal requirement, we will only store it for as long as necessary. Unless the law provides otherwise, we will usually process your data at most (1) 3 years from the date of submission of the data, or (2) during the period of your relationship with us (e.g. the term of the contract, participation in a loyalty program, the duration of a raffle, etc.) plus a period of three years after its termination.


The Rights of Data Subjects.

The GDPR recognizes 8 important rights of data subjects, and we make sure that they are observed:

The right to be informed - art. 13 and 14 GDPR. It allows you to know how your data will be used, to whom it will be revealed or transferred, what rights you have on the processed data, etc.

The right of access to data - art. 15 GDPR allows you to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data and other useful information.

The right to erasure of data - art. 17 GDPR. It allows you to obtain the erasure of your personal data without undue delay. There are, however, exceptions to this rule, such as that some data is processed to meet a legal obligation or it is processed to establish or defend a right in courts, it is processed for statistical purposes or archiving, etc.

The right to rectification of data - art. 16 GDPR. It allows you to rectify or fill in the inaccurate personal data that concerns you.

The right to restriction of data - art. 18 GDPR. It is a temporary right. In some situations, between the moment when, for example, the controller takes the decision to erase certain data (they no longer need personal data for processing) and the actual erasure of the data, the data subject sends a request whereby he/she opposes the erasure, motivating that he/she needs this data to find, exercise or defend a right in courts. As a result of such a request, data will be “frozen”, stopping the processing thereof for a certain period of time.

The right to data portability - art. 20 GDPR. It is the right to receive personal data concerning you and which you have provided to the controller (which processes it under a contract or consent based on automatic means) in a structured format that is currently used and which can be automatically read and you have the right to send this data to another controller.

The right to object - art. 21 GDPR. You have the right to object, for example, to the processing of your personal data when it is processed for direct marketing purposes.  

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him or her.

The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing.

Contact Information

If you would like to contact us in connection with any of your rights or you have a request to exercise any of them, you may contact the Data Protection Officer directly by e-mail at or by post / courier at Braşov 15 Mihail Kogălniceanu St., Jud. Braşov, 500090, placing your correspondence in the attention of the Data Protection Officer.

We will try to respond to your request within 30 days and we may extend this deadline for specific reasons, related to the complexity of the request. In all cases, if this period is extended, you will be informed of the extension and the reasons that led to it.

We will investigate and attempt to resolve any claim or complaint regarding the use or disclosure of personal data, but if you are not satisfied with the response received, you may lodge a complaint with the National Supervisory Authority for Personal Data Processing, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postcode 010336, Bucharest, Romania. 031.8059.211 /031.8059.212,


In force as of: 25 May 2018