GDPR
Privacy Policy
Last updated: 07.06.2026
This English translation is provided for convenience only. In the event of any discrepancy or conflict of interpretation, the Romanian language version prevails.
1. Data controller and contact
The iotferma.ro platform is owned and operated directly by NORDIC SILVA S.R.L., a Romanian legal entity with its registered office in Borșa, Maramureș County. For any matters, requests or clarifications related to the processing of personal data, you can contact our representative at the dedicated e-mail address: dpo@iotferma.ro.
2. Categories of data processed
We collect and process only those personal data that are technically and functionally indispensable for providing the SaaS application. NORDIC SILVA S.R.L. does NOT collect, store or process special categories of data (medical or biometric data, religious beliefs), nor the Romanian Personal Identification Number (CNP). The data processed include:
- Account and user data: first name, last name, business e-mail address, contact phone number and the secure hashes of the login password.
- Technical and usage data: server connection logs, public IP addresses, unique session identifiers, in-platform activity history and necessary technical cookies.
- Operational data: farm names, the coordinates and geographical boundaries of parcels, the map location of LoRaWAN gateways and sensors, as well as the raw telemetry readings transmitted by the devices (soil moisture at crop-specific depths, temperature).
3. Purposes and legal basis
Data processing is carried out in full compliance with Art. 6 of the GDPR, based on the following clear purposes and legal grounds:
- Provision and administration of the Service: creating, configuring and administering access accounts, running the mathematical models for determining the FAO-56 indices and sending operational alarms — Legal basis: performance of the B2B contract or subscription [Art. 6(1)(b) GDPR].
- Security and fraud prevention: monitoring API traffic, limiting scraping-type abuse, preventing DDoS cyber-attacks and ensuring the stability of the entire infrastructure — Legal basis: the Provider's legitimate interest in protecting its software platform [Art. 6(1)(f) GDPR].
- Invoicing and tax obligations: issuing legal fiscal invoices for the services provided and maintaining the mandatory accounting records — Legal basis: compliance with legal obligations imposed by the Romanian Fiscal Code and the Accounting Law [Art. 6(1)(c) GDPR].
- Marketing communications: sending technology updates, major feature announcements or commercial offers — Legal basis: explicit consent given by ticking the dedicated option [Art. 6(1)(a) GDPR], which can be withdrawn at any time.
4. Role as processor
It is important to note that for all personal data that our clients enter into the platform regarding the auxiliary users assigned to their farms, iotferma.ro acts strictly as a Processor, with primary control resting with the Client, who holds the role of Controller. This processing relationship is governed by the Data Processing Agreement (DPA) accompanying the Terms and Conditions.
5. Sub-processors and recipients
The data collected may be shared, under strict security and confidentiality clauses, with the following recipients: Hetzner Online GmbH (which provides secure hosting of the platform on dedicated servers in the EU), authorised electronic payment processors and the Romanian state tax authorities (through the integrated RO e-Factura/ANAF system).
6. International transfers
All operational and personal data processed through iotferma.ro are stored, processed and backed up in systems located exclusively within the European Union and the European Economic Area (EEA). No data transfers to third countries take place.
7. Retention period
The data associated with the user account and the farm configuration are actively stored for the entire duration of the commercial subscription and will be irreversibly deleted from the system within a maximum of 30 days after the official termination of the contract. Data recorded in financial documents and fiscal invoices will be retained for a period of 10 years, as required by mandatory Romanian financial-accounting legislation.
8. Rights of data subjects
Users benefit from all the rights conferred by the GDPR: the right of access, rectification, erasure (“the right to be forgotten”), restriction of processing, data portability and the right to object. Any official request should be sent by e-mail to dpo@iotferma.ro. The identity of the requester will be validated through confirmation sent from the unique e-mail address associated with the account. A response will be provided within 30 days. Users also have the right to lodge a complaint directly with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) via the official website www.dataprotection.ro.
9. Cookies and similar technologies
The platform uses only technical cookies that are strictly necessary from an operational standpoint (maintaining the active authentication session, storing dashboard display settings and correctly running the service worker for the PWA mobile application). These are legally exempt from the requirement of prior consent (under Romanian Law no. 506/2004). We do not use advertising tracking scripts or cookies from third-party marketing networks.
10. Data security
NORDIC SILVA S.R.L. applies advanced protection measures: full encryption of data in transit using HTTPS and TLS 1.2 or higher, logical client-level data segregation at the application layer (isolation enforced server-side through RBAC permissions), strict credential control and daily backups stored on secured secondary servers.
11. Notification of security breaches
In the event of a cyber incident affecting the security of personal data, the company will report the situation to ANSPDCP within 72 hours of identification and will send a transparent notification to the affected users without undue delay, in compliance with Art. 33 and 34 of the GDPR.
12. Changes to this policy
This Privacy Policy may be updated periodically to reflect legislative changes or technical optimisations of the platform. The date of the last security update is: 07.06.2026.