Last updated: 29 June 2026
This policy explains how SMARTMOVE CONDITIONING S.R.L. processes the personal data of visitors to the website smartmovecrossfit.ro, in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018 implementing it.
1. Data controller
SMARTMOVE CONDITIONING S.R.L., registered office at Str. Aleea Clăbucet no. 8, Sc. 2, Et. 5, Ap. 102, Cluj-Napoca, Romania, registered with the Trade Register under no. J12/2420/12.08.2015, VAT ID RO34878309. Contact for any request regarding personal data: E-mail: info@smartmovecrossfit.ro · Phone: +40 759 507 782.
We have not appointed a Data Protection Officer (DPO), as our activity does not require one under Art. 37 GDPR and Art. 10 of Law 190/2018. All data requests should be sent to the contacts above.
2. What data we collect, why, and on what legal basis
| Data category | Purpose | Legal basis |
|---|---|---|
| Contact-form data (name, e-mail, phone, message) | To respond to your enquiries, provide information about our services and arrange a session/consultation | Art. 6(1)(b) – pre-contractual steps at your request / Art. 6(1)(f) – our legitimate interest in replying to you |
| Booking data (via Calendly) | Scheduling a meeting/session | Art. 6(1)(b) / Art. 6(1)(f) |
| Analytics data (pages visited, device type, browsing behaviour), via Google Analytics 4 and Microsoft Clarity | Understanding and improving the website | Art. 6(1)(a) – consent (via the cookie banner) |
| Marketing/remarketing data (Meta Pixel) | Showing relevant ads on Facebook/Instagram | Art. 6(1)(a) – consent |
| Images/video from classes or events | Promoting our activity on the website and social media | Art. 6(1)(f) – legitimate interest / Art. 6(1)(a) – consent, as applicable |
We do not ask you to tick a consent box in order to contact us — submitting the form is your request to be contacted. Analytics and marketing processing only takes place if you accept via the cookie banner.
Where we rely on legitimate interest (Art. 6(1)(f)), including for class/event images, you have the right to object to this processing at any time (see section 7).
3. Cookies
We use three categories of cookies:
- Strictly necessary – for the website to function; no consent required.
- Analytics – help us understand how the site is used (GA4, Clarity).
- Marketing – for relevant ads (Meta Pixel).
Analytics and marketing cookies are disabled by default and are activated only after your consent given through the CookieYes banner (with Google Consent Mode v2). You can accept, reject or customise your choice at any time, from the banner’s preference panel or your browser settings. This processing complies with Art. 6(1)(a) GDPR and Art. 4¹ of Romanian Law no. 506/2004.
4. Who we share data with (processors)
We share data only with providers that help us operate the website and services, acting as processors under contracts compliant with Art. 28 GDPR:
- Google Ireland Ltd. (Google Analytics 4)
- Meta Platforms Ireland Ltd. (Meta/Facebook Pixel)
- Microsoft Ireland Operations Ltd. (Clarity – heatmaps / session analytics)
- Calendly LLC (scheduling)
- Wodify Inc. (contact form / enquiry management)
- CookieYes Ltd. (consent management)
- Internal providers (accounting, legal advice), strictly where necessary, and public authorities where required by law.
We do not sell your data and do not use it for purposes other than those described here.
5. International transfers
Some providers (in the USA) may process data outside the European Economic Area. In such cases, the transfer is protected by the European Commission’s Standard Contractual Clauses (Art. 46 GDPR) and/or the EU-U.S. Data Privacy Framework (Commission adequacy decision, Art. 45 GDPR).
6. How long we keep your data
- Contact/lead data: up to a maximum of 3 years from the last interaction, unless you become a client.
- If you become a client: contractual and financial data are kept per legal terms (e.g. accounting documents 10 years, under Romanian Accounting Law no. 82/1991).
- Analytics data: according to the services’ settings (GA4 ~14 months).
- Consent-based data: until you withdraw your consent.
7. Your rights
Under Art. 15–22 GDPR, you have the right to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection (including to processing based on legitimate interest, Art. 21) and withdrawal of consent at any time, without affecting the lawfulness of prior processing.
To exercise these rights, write to us at info@smartmovecrossfit.ro. We respond within a maximum of 30 days (Art. 12(3) GDPR), extendable by two months for complex requests, in which case we will notify you. To protect your data, we may ask for reasonable information to confirm your identity before acting on a request (Art. 12(6) GDPR). Exercising your rights is free of charge, except for manifestly unfounded or excessive requests.
We do not take automated decisions producing legal or similarly significant effects on you (Art. 22 GDPR).
8. Children’s data
Our services and website are intended for adults. We do not knowingly collect data of children under 16 through this website, and analytics/marketing cookies do not target minors. If a parent/legal guardian believes such information has been provided to us, they may contact us for deletion.
9. Security
We protect data through reasonable technical and organisational measures: secure HTTPS connection, restricted access to contact data, and processing only by authorised persons.
10. Complaints
If you are unhappy with how we process your data, you may contact us directly or the supervisory authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest. E-mail: anspdcp@dataprotection.ro · Tel: +40.318.059.211 · Web: www.dataprotection.ro
You may also bring the matter before the competent courts (Art. 79 GDPR).
11. Changes
We may update this policy from time to time. The version in force is the one published on this page, with the “Last updated” date shown above.
