Confidentiality policy on the use of personal data

NEXIA CRG EXPERT Romanian legal person, with headquarters in Constanta, Traian str.68A, 3rd floor, room 7, postal code 900716, registered with the Trade Register under no. J13 / 2443/2009 unique registration code CUI RO 26196157 and NEXIA CRG AUDIT Romanian legal entity with headquarters in Constanta, 68, Traian str., Floor 3, room 8, postal code 900716, registered with the Trade Register under no. J13 / 2444/2009 CUI RO 26196149, hereinafter referred to as NEXIA CRG“, hereby transmit to you this Privacy Policy to explain how we process and protect your personal data.

  1. To whom this Information Note addresses?

This Information Note applies to:

  • Our contractual partners such as suppliers, customers (“Business Partners”);
  • Visitors and users of our site (“Users”);
  1. What data do we collect from you?

We collect and process your personal data as follows:

  • from the information you provide to us by filling out the contact form on our site;
  • by mailing us, by phone, e-mail or in any other way. The information you provide us may include the name, e-mail address and telephone number, company, and other information as appropriate.

Through our activity on the site, we will not collect or process sensitive personal data related to you (i.e. information about racial or ethnic origin, political opinions, religious confession or philosophical beliefs, health, sexual life, or sexual orientation), unless:


  1. we are obliged to do so by law; and / or
  2. if you have given us your explicit consent separately.

If you voluntarily provide us with personal data (including sensitive personal data) through your interaction with the site or by contacting us by phone, e-mail or in any other way, by our own will and not at our request, we will erase such personal data from our systems unless we consider that processing is necessary for a legitimate purpose of NEXIA CRG, unless you made this data public (for example, in a message forum that is visible to the public), in which case we will delete this data from only if the law so requires or if we do not want to keep it.

Every time you visit, we automatically collect the following data:

  • technical data, for example, this may include the Internet Protocol (IP) Address used to connect your computer to the Internet, connection information, browser type and version, time zone setting, browser plug-ins types and versions, the operating system and platform, device type, and mobile device markup; this data is collected and processed on our behalf through third-party cookies, and you can find more information about it at data about your visit, for example this may include data about the URL, the sequence of clicks to, through and from (including date and time), the information or products you -viewed or searched on the site.

If we obtain your personal data from a third party, we will provide you with all relevant information on processing as soon as possible but no later than one month after you obtained your personal data.

  1. What are the purposes of the processing of personal data and what is the legal basis for the processing?

We can process your personal data in the following cases:

  • when we need to take the necessary steps to conclude a contract with you;
  • when we have to execute a contract that we have concluded with you;
  • when we have to comply with a legal obligation (ie applicable laws in employment, accounting, audit);
  • when it is necessary for our legitimate (or third party) interests and for your interests (i.e. fraud detection and prevention, or IT security and IT security), unless your fundamental rights prevail over of these interests;
  • if it is necessary for the public interest or for official purposes.

We process your personal data for various technical, administrative and operational reasons, such as:

  • to ensure that content is presented in the most effective way for you;
  • to improve the site, including its functionality;
  • for managing the site;
  • for internal operations, including troubleshooting, data analysis, testing, research, statistics and research purposes;
  • to keep the site safe;
  • for advertising and marketing, including for specific marketing purposes, so that we can offer content, including personalized content, that may be of greater interest to you.

In some cases, we will process your personal data only with your consent (i.e., in the case of advertising and marketing). In these cases, we will separately request your consent in a transparent manner when providing your personal information. Subsequently, you may withdraw your consent at any time by sending a request to Withdrawal of consent will not affect the lawfulness of the processing that took place before its withdrawal.

When requesting personal data to comply with legal or contractual obligations, the provision of such personal data by you is required. This means that if such personal data is not provided, we will not be able to manage the contractual relationship or comply with the legal obligations imposed on us. In all other cases, the provision of personal data is optional and you are not required to provide it.

We may process your personal data, such as identification data, contact details and address of residence, for the purpose of the possible exercise of our rights or claims against you in the future. This processing is based on our legitimate interest, and we need to exercise our rights in the event of possible litigation.

Specifically, we will use your personal information as such:

Users and clients:

For the purpose of providing services, delivering goods and making payments based on relevant contracts, we may process your personal data, such as identification data, contact details, bank details.

This processing is based on

  • Execution of a contract to which Users (especially Customers) are part of, or
  • A legal obligation imposed on us.

We may process your personal data so that we can provide you with information about goods or services that we believe you are interested in. If you are an existing customer, we will only contact you by email with information about goods and services similar to those that were previously sold or with information on the major economic and business news as reflected in the mass media through the weekly newsletter.

If you are a new customer, we will contact you electronically only if we have your prior consent. If you do not want us to use your data in this way, check the appropriate box in the form where we collect your contact information form in your user account.

We will not send your personal data to third parties for marketing purposes without your explicit consent to this effect. We may also use your personal data to measure or understand the preferred content linked to our products; and to make suggestions and recommendations to you and other Users of our site about products that may be of interest to you or them. 

Candidates for jobs published by NEXIA GRG:

In connection with your participation in the recruitment and selection process for one or more of the available jobs, within NEXIA CRG EXPERT / AUDIT, we may collect and process your personal data (i.e. the CV data on which you send to us) for the purpose of selecting, evaluating professional competencies for the job (s) you apply for, and communicating with you during the recruitment process.

This processing is based on the legitimate interest of NEXIA CRG.

  1. To whom do we transmit personal data?

NEXIA CRG will not transmit (by selling or renting) any third party your personal information.

Within NEXIA CRG, staff members using your personal data are subject to privacy obligations with respect to personal data. NEXIA CRG staff members have the right to manage their personal data only on the basis of the instructions provided by NEXIA CRG, in connection with their job responsibilities.

Appropriate technical and organizational measures are taken to protect personal data. This site uses security measures against the loss, alteration or misuse of information under our control. NEXIA CRG does not, however, assume responsibility for the loss of information caused by software errors with which the site is designed and hosted. We also do not respond for server security errors that host the site.

Personal data may be communicated to governmental authorities, tax authorities and / or law enforcement agencies if required by applicable law or if necessary for the exercise of our rights, including conditions of use, or for the protection of our legitimate interests (including the legitimate interests of third parties) in accordance with the applicable laws.

Your personal data may also be disclosed to third parties as follows:

  • To business partners, suppliers, and subcontractors for the execution of all the contracts we conclude with you to provide the products and services you require;
  • For pre-order delivery, to courier companies;
  • To service providers providing administrative, professional, and technical support to the Company for IT, security and commercial support;
  • To external consultants (i.e. lawyers, accountants, auditors), for specific purposes, when necessary.

NEXIA CRG performs an appropriate prior assessment of the selection of third party service providers and requires these service providers to maintain adequate technical and organizational security measures to protect personal data and process personal data only in accordance with the instructions specified by NEXIA CRG. Service providers will have the right to use subcontractors in providing services to NEXIA CRG, provided that each subcontractor respects the same data protection obligations as service providers.

  1. What is the period for keeping personal data?

We will retain your personal data for the period necessary to meet the purposes listed in this Policy or for the period required by applicable national law, in accordance with the applicable legal minimum retention periods and / or as necessary to exercise our legitimate rights (and the legitimate rights of others).

If you are a Client, we will keep your personal data in the course of your contractual relationship with you.

If we have a relationship with you as a Partner, we will continue to keep this personal data until the termination of our relationship and the minimum retention period required by law.

If you are subscribed to our weekly newsletter, we will keep your personal information as long as you wish to receive this information.

If we process your personal data under your consent, such personal data will be processed only for the period of your consent, unless you withdraw or limit your consent before the expiration of that period. In such cases, we will cease processing of that personal data for the relevant purposes, subject to any legal obligation to process such personal data and / or our need to process such personal data for the purposes of our legitimate rights (including the legitimate rights of others).

  1. Storing personal data and transferring personal data outside the country

The site is managed and maintained by NEXIA CRG and Bright Agency and hosted by the company’s servers

We intend not to transfer your personal data outside the EEA unless there are adequate safeguards, including:

  • a decision on the appropriateness of the European Commission regarding the country or countries of destination;
  • a “privacy shield” certification;
  • appropriate corporate governance rules;
  • (an approved code of conduct, together with the binding and enforceable commitments of the data controller or person empowered by the data controller in the country outside the EU and the EEA;
  • an approved certification mechanism, together with the binding and enforceable commitment of the data controller or the person empowered by the data controller in a non-EU country and EEA to apply the appropriate safeguards; or
  • EU standard contract clauses approved by the European Commission.
  1. What rights do you have?

You have the following rights according to the relevant legislation:

  • The right to confirm that your personal data is processed by us or to provide you with a copy of your personal data;
  • The right to request the correction or deletion of personal data processed by the website;
  • The right to request the restriction of personal data processing by the website;
  • The right to oppose the processing of personal data by the website (i.e. the use of processing for direct marketing purposes);
  • The right to request portability of personal data;
  • The right to withdraw your consent at any time without affecting the legality of the processing under consent prior to its withdrawal;
  • The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing.

Please be aware that your rights described above may be limited in certain situations and subject to the applicable laws and regulations on the protection of personal data. For example, the right to oppose the processing of your personal data may be limited if we can demonstrate that we have compelling legitimate reasons to process your personal data that outweighs your interests. You will need to prove your identity and give us further details to help us respond to your request.

We will not charge a fee to meet your request unless this is permissible by law and, if such fee is charged, it will be reasonable and proportionate to your request.

In order to exercise one or more of these rights, please contact us at e-mail

  1. Personal data security

We keep your personal data on NEXIA CRG’s servers located in Romania.

We use appropriate technical and organizational measures to protect your personal data and prevent unauthorized access to it. We have entered into contractual relationships with third parties providing hosting services and these contracts include obligations on organizational and technical security of personal data.

You are responsible for preserving the confidentiality of all means of authentication (i.e. username, passwords, etc.) used by you to access parts of the site. Data transmission over the Internet is not entirely secure. While we do our best to protect your data, we can not guarantee 100% the security of your data transmitted to our site; any personal data transmission is at your own risk. Once we receive your data, we will use strict security procedures to try to prevent unauthorized access.

  1. Cookies

The site uses cookies to give you a better experience when browsing our site. This processing is based on your consent expressed on the site or through the settings in your browser. You can find more information about cookies at the Cookies Policy.

  1. Contact

If you have any questions or concerns regarding the processing of your personal data by, if you want to exercise one or more of your rights, you can contact us at e-mail Please do not disclose sensitive personal data (i.e. information about racial or ethnic origin, political opinions, religious or other beliefs, health or membership of a trade union), social security numbers when contacting us.

Last Update: May 24, 2018.

Note: We may periodically update this policy and notify you of any change by posting the new version on

Please consult the Privacy Policy page regularly to keep up with the new changes.

  1. Disclaimer

Nexia CRG is a member firm of the “Nexia International” network. Nexia International is a leading worldwide network of independent accounting and consulting firms, providing a comprehensive portfolio of audit, accountancy, tax and advisory services.

“Nexia International” also refers to the trading name of Nexia International Limited, a company registered in the Isle of Man, which operates the Nexia International network. Company registration number: 53513C. Registered office: 1st floor, Sixty Circular Road, Douglas, Isle of Man, IM1 1SA.

Nexia International Limited does not deliver services in its own name or otherwise. Nexia International Limited and the member firms of the Nexia International network (including those members which trade under a name which includes the word NEXIA) are not part of a worldwide partnership. Nexia International Limited does not accept any responsibility for the commission of any act, or omission to act by, or the liabilities of, any of its members. Each member firm within the Nexia International network is a separate legal entity.

Nexia International Limited does not accept liability for any loss arising from any action taken, or omission, on the basis of the content on this website or any documentation and external links provided.

The trade marks NEXIA INTERNATIONAL, NEXIA and the NEXIA logo are owned by Nexia International Limited and used under licence.

References to Nexia or Nexia International are to Nexia International Limited or to the “Nexia International” network of firms, as the context may dictate.