Redbox

Privacy Policy

Last updated: 10.06.2026

This page explains what personal data we collect through redbox.md, why we use it, and what rights you have over it. We've tried to keep it plain. If anything is unclear, get in touch — contact details are below.

1. Who we are (the data controller)

The controller of your personal data is:

  • Company name: «GARM INC» SRL
  • IDNO / registration number: 1017600028014
  • Registered address: MD-2043, mun. Chișinău, bd. Traian 2, of. 135
  • Email for data requests: redbox@info.md
  • Phone: +373 79 28 55 55
  • Website: redbox.md

We're a web development and digital marketing agency, established for over 10 years, working with clients in Moldova and abroad.

2. What data we collect

We only collect what we need to reply to you and deliver the service you ask for. Data category — source — purpose — lawful basis:

  • Name — you enter it in the form — to address you and handle your request — consent / pre-contractual steps
  • Email — you enter it in the form — to reply and send a proposal — consent / pre-contractual steps
  • Phone — you enter it in the form — to reach you quickly (optional) — consent
  • Company — you enter it in the form (optional) — context for the proposal — consent
  • Message / project details — you enter it in the form — to understand your request — consent / pre-contractual steps
  • IP address — logged automatically on submission — security, spam prevention, technical logs — legitimate interest
  • Newsletter data (email) — you enter it if you subscribe — to send you news and offers — consent

We don't collect special categories of data (health, beliefs, biometrics, etc.) and don't ask for them in our forms.

3. Why we process this data (purposes and lawful basis)

  • To answer your enquiry and prepare a proposal — basis: your consent and/or steps taken at your request before entering into a contract (Art. 6(1)(a) and (b) GDPR; Art. 5 Law 133/2011).
  • To send you our newsletter (if you subscribed) — basis: consent, which you can withdraw at any time.
  • To keep the site secure and prevent abuse (IP, logs, anti-spam check) — basis: legitimate interest.

We don't make automated decisions with legal effects on you, and we don't use profiling.

4. Who we share data with

We don't sell your data. We share it only with providers that help the site run, strictly for the purposes above:

  • Cloudflare, Inc. — spam protection (Cloudflare Turnstile) and site delivery. When a form is verified, Cloudflare may process your IP address and technical session data.
  • Hosting provider / server infrastructure — servers in the European Union (Germany); CDN, protection and anti-spam — Cloudflare Inc. (USA), transfer covered by Standard Contractual Clauses (SCC).
  • Public authorities — only when legally required.

The provider list may change; we keep the same level of protection.

5. Where we store data and international transfers

Data is stored on servers in the European Union (Germany). Some services (e.g. Cloudflare) may process data on servers outside Moldova and the EU. In those cases we make sure the transfer has appropriate safeguards (standard contractual clauses or equivalent mechanisms under GDPR and Law 133/2011). Cloudflare Inc. (USA) — CDN, protection and anti-spam (Turnstile); international transfer covered by Standard Contractual Clauses.

6. How long we keep data

  • Contact / brief / lead form messages: up to 24 months after the last interaction, then deleted or anonymised.
  • Newsletter subscription data: until you unsubscribe or withdraw consent.
  • Technical logs and IP: usually up to 12 months.

If our contact with you leads to a contract, we may keep the related data for the periods required by law (accounting, tax).

7. Your rights

Under Law 133/2011 and the GDPR, you have the right to:

  • access — find out what data we hold about you;
  • rectification — correct inaccurate data;
  • erasure ("right to be forgotten");
  • restriction of processing;
  • object to processing based on legitimate interest;
  • data portability — receive your data in a structured format;
  • withdraw consent at any time (this doesn't affect processing before the withdrawal).

To exercise any of these, email us at redbox@info.md. We reply within 30 days at most.

8. Complaint to a supervisory authority

If you believe we've breached your rights, you can lodge a complaint with the National Center for Personal Data Protection (CNPDCP):

  • Address: mun. Chișinău, str. Serghei Lazo 48, MD-2004, Republic of Moldova
  • Web: cnpdcp.md

If you're in the EU, you can also contact the supervisory authority in your country.

9. Cookies

The site uses cookies and similar technologies. Details and preference management are available via the "Cookie settings" link in the site footer.

10. Changes to this policy

We may update this policy. For significant changes, we'll show a notice on the site and update the date at the top. We recommend revisiting it from time to time.

11. Contact

For any question about your data: redbox@info.md / +373 79 28 55 55.