Privacy Policy

What information we collect and for what purposes

For site visitors (without an account):

When you search on the platform, we automatically collect certain technical information necessary for the correct operation of the service and for the general security of the site:

• IP address (the numeric identifier of your device on the network) - used exclusively for security purposes, to prevent unauthorized access and identify suspicious activities
• Access date and time - necessary for generating anonymized statistics and monitoring site performance
• Browser type and operating system used - for optimizing the browsing experience and technical compatibility
• Terms entered in the search bar - used solely for the continuous improvement and optimization of search algorithms to provide more relevant results

For registered users:

If you choose to create an account on Genealogica, we collect and store the following personal information necessary for account management and service provision:

• Your name and e-mail address - used for account identification, service-related communications, and password recovery if you forget it
• Password (stored exclusively in encrypted form, so even site administrators cannot view the password in clear text) - for security and protection of access to your account
• Search history and credits used - for monitoring service usage and providing a personalized experience

For requests sent via the contact form:

When you contact us via the contact form available on the site or by e-mail, we collect your name, e-mail address, and the content of the message sent, strictly for the purpose of responding to your request and resolving any issues or questions.

Legal basis for data processing

We process your personal data based on the following legal grounds provided by GDPR:

• Your explicit consent, expressed at the time of account creation and use of services
• Necessity for the performance of a contract or provision of a service you requested (providing access to the database)
• Our legitimate interest in ensuring platform security, preventing fraud, and continuously improving the quality of services offered

Sharing data with third parties

Your data may be disclosed only in the following strict and limited circumstances:

• Upon express and legally justified request of competent authorities (judicial institutions, police bodies, or other authorities empowered by law), in strict compliance with applicable legislation
• To essential technical service providers (e.g., hosting and infrastructure services), who act exclusively as data processors and are bound by strict contracts to respect data confidentiality and security, without using them for their own purposes

All potential data transfers to third parties are carried out with adequate protection guarantees, in compliance with GDPR requirements and applicable national legislation.

Data retention period

Your personal data is stored for the following periods, depending on the data category and the purpose for which it was collected:

• Active accounts: data is kept as long as your account remains active and you use the platform services
• Inactive accounts: after a period of 24 consecutive months of inactivity (no login), the account may be automatically deleted, but you will be notified in advance by e-mail to have the opportunity to reconfirm your interest
• Security logs (including IP addresses): are kept for a maximum of 12 months, strictly for security and abuse prevention purposes
• Requests sent via contact form: are kept until complete resolution of your request or for a maximum of 24 months, after which they are automatically deleted

Regardless of the periods mentioned above, you can request the deletion of your personal data at any time by exercising the right to erasure ("right to be forgotten"), according to the section below dedicated to your rights.

What are cookies and how we use them

Cookies are small text files stored on your device (computer, phone, tablet) when you visit a website. They are used to remember certain preferences and actions over a period of time, so you don't have to re-enter them every time you return to the site or navigate from one page to another.

The Genealogica Platform exclusively uses cookies strictly necessary for the correct operation of the site and your user experience. We do not use cookies for tracking, advertising, or marketing. The cookies we use are:

• Session cookie: stores information about the current browsing session and is essential for the correct operation of the site, allowing authentication and normal interactions with the platform. This cookie expires automatically when the browser is closed.
• CSRF Cookie (XSRF-TOKEN): provides protection against cross-site request forgery attacks, ensuring that requests received by the server are authentic and actually come from you. It is essential for data security and expires when the session is closed.
• "Remember me" cookie (remember_web_): is activated only if you check the "remember me" option on the login page. It allows maintaining authentication between sessions so you don't need to log in again at every visit. You can control the use of this cookie by unchecking the respective option.

You have the option to accept or refuse the use of cookies through your browser settings. You can also delete existing cookies from the browser at any time. However, please note that completely disabling cookies may affect the normal operation of the site and your browsing experience, as some features may become unavailable.

We also use a first-party security cookie during account registration to help limit automated or repeated signups and to protect welcome-credit offers from abuse.

For this purpose, we may combine the security cookie with a small set of technical signup signals and network-reputation checks, including information supplied by ipapi.is. These measures are used only for security and abuse prevention.

Data security and protection

We take the protection of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, accidental loss, destruction, or unauthorized disclosure:

• Encryption of all user passwords using modern and secure algorithms (bcrypt), so passwords cannot be viewed in clear text even by platform administrators
• Use of secure HTTPS connections for all communications between your browser and our servers, protecting data in transit
• Continuous monitoring of suspicious activities and implementation of automated mechanisms for detecting and blocking unauthorized access attempts
• Regular database backups to prevent accidental information loss
• Strict restriction of access to personal data only to authorized technical personnel who need such access to perform their tasks

However, we must acknowledge that no method of transmission over the internet or method of electronic storage is completely secure or infallible. Although we make every effort to protect your data, we cannot guarantee absolute security. We recommend using strong and unique passwords, not sharing them with anyone, and logging out of your account when using public or shared devices.

Your rights under GDPR

In accordance with the General Data Protection Regulation, you benefit from the following rights regarding your personal data:

• Right of access: you have the right to request and obtain a complete copy of the personal data we hold about you, along with information about how we process it
• Right to rectification: you can request the correction of inaccurate, incomplete, or outdated data in your account
• Right to erasure ("right to be forgotten"): you can request the complete deletion of your personal data, except in situations where there are legal obligations to retain it
• Right to restriction of processing: under certain specific conditions, you can request temporary limitation of how we use your data
• Right to data portability: you have the right to request the transfer of your data to another platform or service, in a structured, commonly used, and machine-readable format
• Right to object: you can object to the processing of your data for certain specific purposes, especially for activities based on legitimate interest
• Right to withdraw consent: for processing based on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of these rights, please contact us at contact@genealogica.ro, clearly specifying the right you wish to exercise and providing sufficient information to verify your identity. We will respond to the request within a maximum of 30 days from receipt, in accordance with GDPR requirements.

You also have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you consider that your data protection rights have been violated. You can contact ANSPDCP through the official website https://www.dataprotection.ro or by e-mail at anspdcp@dataprotection.ro.

Protection of minors

The services offered by the Genealogica platform are not intended for and do not specifically address persons under the age of 16. We do not knowingly and deliberately collect personal data from minors under this age. If we discover that we have inadvertently collected such data from a minor, we will take immediate steps to delete it from our systems. Parents or legal guardians who discover that a minor in their care has provided personal data without their prior consent are asked to contact us so we can proceed with the immediate deletion of that information.

Changes to privacy principles

We reserve the right to modify or update privacy principles at any time to reflect changes in our data processing practices, legislation, or to improve the clarity of the information presented. Any substantial modification will be published on this page, with a clear indication of the date of the last update. We encourage you to periodically review this page to stay informed about how we protect your data.

Contact us

For any questions, clarifications, or requests regarding privacy principles or how we process your personal data, please contact us at the e-mail address contact@genealogica.ro or via the contact form available on the site. We will respond to your requests as soon as possible.