Privacy Notice regarding the Processing of Personal Data

“Crowe Turcan Mikhailenko” LLC (hereinafter referred to as the “Controller”) treats the protection of personal data with the utmost responsibility and implements appropriate measures to ensure their confidentiality, integrity, and availability. This notice aims to explain, in a concise manner, how the Controller processes the personal data of website visitors and individuals requesting consulting and/or implementation services related to GDPR and personal data protection.

The processing of personal data is carried out in accordance with Law No. 195/2024 on personal data protection, which transposes Regulation (EU) 2016/679 (GDPR).

1. Scope and Situations in which Data is Processed

The Controller processes personal data when accessing the website www.turcan.md, requesting information about services, submitting requests through online forms, contacting via email or telephone, or initiating an interaction for the purpose of obtaining an offer, receiving services, or establishing a contractual relationship.

The Controller collects and uses only the data necessary for specific, explicit, and legitimate purposes, applying the principles of lawfulness, fairness, transparency, data minimization, and storage limitation.

2. Categories of Processed Data

Depending on the nature of the interaction with the Controller, the following categories of personal data may be processed:

2.1 Identification and contact data, such as: first name, last name, phone number, email address, as well as other contact details voluntarily provided by you.

2.2 Data related to your request, such as: the content of the submitted message, the subject of the request, and information necessary for preliminary analysis, quotation, and/or planning of service delivery.

2.3 Technical data and online identifiers, associated with the use of the website, such as: IP address, cookie identifiers, device and browser data, accessed pages, session duration, and interactions with website elements, to the extent permitted by your settings and, where applicable, based on your consent.

The Controller recommends avoiding the submission of excessive or irrelevant data within free-text fields of forms.

3. Purposes of Processing

Personal data is processed, as applicable, for the following purposes:

3.1 Managing requests and communicating with you, including receiving inquiries, clarifying needs, providing responses, sending offers, and scheduling discussions;

3.2 Providing consulting and support services, including assessments, recommendations, preparation/update of documentation, implementation assistance, and related activities necessary for the delivery of requested services;

3.3 Managing contractual and administrative relationships, including record-keeping of interactions and communications, as well as fulfilling internal organizational obligations;

3.4 Ensuring the proper functioning, security, and improvement of the website, including preventing abuse and unauthorized access, technical analysis, optimization, and maintenance;

3.5 Marketing and commercial communications, where applicable and in accordance with the law (e.g., information about services, relevant updates, events). You have the right to object to direct marketing or withdraw your consent at any time, as applicable.

4. Legal Grounds for Processing

The Controller processes personal data exclusively based on one or more of the following legal grounds:

4.1 Performance of a contract and/or taking steps prior to entering into a contract at your request;

4.2 Compliance with a legal obligation applicable to the Controller (e.g., accounting and tax obligations);

4.3 Your consent, where required (e.g., for optional cookies or certain marketing communications);

4.4 The legitimate interests of the Controller (e.g., platform security, incident prevention, defense of legal rights), with due respect for your rights and freedoms.

5. Cookies and Similar Technologies

The website may use cookies and similar technologies to ensure proper functionality and improve user experience. Strictly necessary cookies may be used without consent, as they are essential for the technical operation of the website. Functional, analytics/performance, and marketing cookies are used, where applicable, only based on your consent expressed via the consent mechanism (banner) available on the website.

Cookie settings can be modified at any time through browser settings and/or platform control tools (banner).

6. Recipients and Disclosure of Data

The Controller does not disclose personal data to third parties for their own purposes, except where certain digital services involve specialized providers. Data may be disclosed, strictly to the extent necessary, to:

a) authorized personnel of the Controller, who access data based on job responsibilities and confidentiality obligations;

b) service providers (data processors), who process data on behalf of the Controller and in accordance with its instructions, such as hosting and IT maintenance providers, email and communication services, CRM systems, support services, cookie consent management providers, as well as website analytics services (e.g., Google Analytics) and similar technologies, used in accordance with the user’s consent preferences;

c) competent public authorities, based on legal obligations and/or lawful requests.

Where the use of certain providers involves international data transfers, such transfers will be carried out exclusively under the conditions provided by law and with appropriate safeguards (e.g., standard contractual clauses and additional measures, where applicable).

7. Data Retention Period

Personal data is retained only for as long as necessary to achieve the purposes for which it was collected and in accordance with applicable legal requirements or internal policies.

7.1 Data related to requests is retained for the duration necessary to manage them and thereafter, as required for record-keeping or the exercise/defense of the Controller’s rights;

7.2 Data related to contractual relationships is retained for the duration of the contract and thereafter in accordance with legal obligations (including accounting/tax requirements);

7.3 Data processed for marketing purposes is retained until consent is withdrawn or the right to object is exercised.

8. Data Security

The Controller implements technical and organizational measures appropriate to the level of risk, including access controls, internal confidentiality policies, IT security measures, and procedures for incident prevention and management. Access to data is limited to authorized personnel based on their functional responsibilities.

9. Data Subject Rights

Under applicable law, you have the right to information, access, rectification, erasure (where applicable), restriction of processing, objection (including to direct marketing), data portability (where applicable), and the right to withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your data violates legal provisions.

10. Contact Details

For requests, questions, or the exercise of your data protection rights, you may contact us at:

Email: gdpr@crowe-tm.md
Phone: +(373) 79 027 317
Address: 29 Alexei Șciusev Street, MD-2009, Chișinău, Republic of Moldova