1. PURPOSE OF THIS DOCUMENT
This document is intended to inform, in accordance with Article 13 of the General Data Protection Regulation (hereinafter “GDPR”), the data subjects (Partners – unauthorized natural persons, representatives of legal entities) about how their personal data are processed from the perspective of applicable national and European legislation (Law no. 190/2018, Law no. 506/2004, Regulation (EU) 2016/679, Directive 2002/58/EC). STRONG MND CORPORATION S.R.L. (which we may also refer to as “we”) is obliged to administer the personal data provided to it under safe conditions and only for the specified purposes.

This privacy notice applies to our activity carried out on the website. We will be present on www.tyranozaur.ro
, its subdomains, or affiliated websites, which we will refer to as the “site”.

2. ABOUT US

Name / Company name: STRONG MND CORPORATION S.R.L.
Registered office address: Suceava, Sofia Vicoveanca Blvd., No. 107
Tax ID (CIF): RO30852551
Trade Register No. with the Suceava Tribunal: J33/947/2012
E-mail: dpo@tyranozaur.ro

In relation to the data processed on the site from natural persons, we act as a personal data controller and, in this capacity, we are responsible for determining the purposes and means of processing personal data, as well as making every effort to process data in compliance with technical and organizational measures.

3. WHAT PERSONAL DATA DO WE PROCESS?
Assessing your application for available positions within our company.
Data collected: First name, last name, contact details, professional experience, education, skills, other relevant information from your CV.
Legal basis: Your explicit consent expressed by submitting your CV and contractual basis.
Recipients: Human Resources Department and relevant managers within the company.

Storage period: Your data will be kept for the duration of the recruitment and selection process, after which they will be deleted or anonymized, except where you have agreed to their retention for future opportunities.

Managing and resolving your complaints related to our products or services.
Data collected: First name, last name, contact details, complaint details.
Legal basis: The company’s legitimate interest in managing and resolving customer complaints.
Recipients: Customer Relations Department and other relevant departments involved in resolving the complaint.
Storage period: Your data will be stored for the period necessary to resolve the complaint and subsequently for a reasonable period of 6 months, for record-keeping and service improvement purposes.

Assessing your eligibility to become a franchisee and managing the franchise granting process.
Data collected: First name, last name, contact details, information about business experience, financial situation, other relevant information for assessing the application.
Legal basis: Your explicit consent expressed by completing the franchise application form and contractual basis.
Recipients: Company management and other relevant departments involved in the franchise granting process.
Storage period: Your data will be stored for the duration of the assessment process and subsequently for the contractual period if the franchise is granted.

Billing data:
Data collected: e-mail address, phone number;
Legal basis: contractual basis (e-mail – to send the invoice), legitimate interest (phone – contact if the company details are incorrect or the invoice cannot be sent).
Recipients: Accounting department – to send the invoice.
Storage period: one month from the request;

Technical data: IP address, browser type and version, location and time zone settings, browser plug-ins, operating system, and other technologies on the devices used to access the site.

We will not intentionally collect any special categories of personal data, and if you choose to disclose such data through our interactions, we will not record them and we will not take them into account.

4. LEGAL GROUNDS ON WHICH WE PROCESS PERSONAL DATA
The legal basis for data processing, depending on the activity carried out, is described below:

Legal basis – for fiscal information;
Contractual basis – for submitting applications, for initiating the franchising procedure;
Service improvement and complaint handling – legitimate interest;
Consent – by participating in raffles and contests, uploading photos and videos.

5. PURPOSES OF PROCESSING
The purposes for which we process your personal data are the following:

Conclusion of the contract between the parties – we will use the data collected in the form to conclude the contract between the parties (employment contract, franchise contract).
Communications – communicating with you by any means (e.g., email, phone).
Managing our IT systems – managing our communication systems; managing our IT security; performing security audits on our IT networks, issuing reports to competent institutions, or fixing system errors.
Dispute resolution – submitting claims and defenses before public authorities and other entities that resolve disputes.
Handling your requests through suggestions and recommendations.

We will use the collected personal data only for the purposes listed above, unless we consider that there are other reasons compatible with the original purpose. If we need to use the collected data for a purpose other than those listed, we will update this notice and, where possible, we will inform you and request your consent, where required.

6. TO WHOM WILL WE DISCLOSE YOUR DATA?
Categories of recipients:

Contractual partners – such as legal services, accounting services;
Legal entities acting as processors on our behalf in various fields (e.g., IT services, cloud, hosting, etc.);
Any relevant person, institution, agency, or court in Romania or in another country – to the extent necessary for establishing, exercising, or defending a right;
Platforms used – for sending emails, generating questionnaires, video calls.

7. HOW LONG WILL WE STORE YOUR DATA?
We store your personal data only for the period necessary to fulfill the purposes.

After this period ends, personal data will be destroyed or deleted from IT systems or transformed into anonymous data to be used for scientific, historical, or statistical research.

Please note that in certain expressly regulated situations we store data for the period imposed on us by law.

The following table explains the storage period for different categories of records.

PROCESS
PERIOD

Recruitment
three months from the end of the recruitment process, if you were not selected;

Franchising
three months from the end of initiating the recruitment process, if the franchise contract was not concluded;

Complaint resolution
6 months from resolution;

Contact
6 months from resolving requests;

To determine the appropriate retention period for personal data, we consider the value, nature, and sensitivity of the data, the potential risk of harm caused by unauthorized use or disclosure of personal data, and whether we can achieve these purposes through other means.

In certain circumstances, we may anonymize data for statistical or research purposes, in which case we may use the data for an unlimited period of time.

8. SECURITY OF YOUR DATA
We aim to protect the personal data of data subjects from unauthorized or unlawful access to the IT system, alteration of the integrity of IT data, unauthorized transfer of IT data, or other acts criminalized by the Criminal Code and other special laws. In particular, we have implemented the following technical and organizational measures to ensure the security of personal data:

Policies and procedures implemented and reviewed annually.
Data minimization. We continuously ensure that the personal data we process are strictly limited to what is necessary, adequate, and relevant for the purposes declared in this document.
Restricted access to data. We have implemented access control measures to strictly limit access to the personal data we process.
Monitoring internet traffic within the IT system to prevent security breaches.
Implementing secure storage and backup measures for stored data.
Secure transmission of data to you or to other recipients.
Staff training. We continuously train and test employees and collaborators regarding legislation and best practices in personal data processing.
Data anonymization. Where possible, we try to anonymize/pseudonymize the personal data we process so that we can no longer identify the persons to whom they relate.

However, although we make constant efforts to ensure the security of the data you entrust to us, we may still face less fortunate events and security incidents/breaches. In such cases, we will strictly follow the reporting and notification procedure for security incidents and will take all necessary measures to restore normal conditions as soon as possible.

Although we take all reasonable measures to ensure the security of your data, we cannot guarantee the absence of any security breach or the impossibility of penetrating security systems. In the unlikely event that such a breach occurs, we will follow the approved internal procedures to limit its effects and inform the data subjects.

9. YOUR RIGHTS
In short, your rights are as follows:

Right of access to data. You have the right to obtain access to your data that we process or control or copies thereof; you also have the right to obtain information from us regarding the nature, processing, and disclosure of these data.
Right to rectification. You have the right to have inaccuracies in your data that we process or control corrected.
Right to erasure (“right to be forgotten”). You have the right to obtain from us the deletion of your data that we process or control, in certain circumstances, when possible.
Right to restriction of processing. You have the right to restrict the processing of your data that we process or control.
Right to object. You have the right to object to the processing of your data by us or on our behalf.
Right to data portability. You have the right to obtain the transfer of your data that we process or control to another controller.
Right to withdraw consent. Where we process your data based on your consent, you have the right to withdraw your consent; you may do so at any time, at least as easily as you initially gave consent; withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint with the supervisory authority. You have the right to lodge a complaint with the personal data processing supervisory authority regarding the processing of your data by us or on our behalf, at anspdcp@dataprotection.ro
or by mail at: 28-30 General Gheorghe Magheru Blvd., District 1, postal code 010336, Bucharest, Romania.

10. HOW CAN YOU EXERCISE YOUR RIGHTS?
To exercise one or more of the rights mentioned above or to ask any questions about any other aspects of our processing of your data, please send an email to dpo@tyranozaur.ro

The rights listed above are not absolute. There are exceptions, so each request received will be analyzed to determine whether it is justified. To the extent the request is justified, we will facilitate the exercise of your rights. If the request is unjustified, we will reject it, but we will inform you of the reasons for refusal and of your right to lodge a complaint with the Supervisory Authority and to seek judicial remedy.

We will try to respond to your request within one month. However, this period may be extended depending on various aspects, such as the complexity of the request, the large number of requests received, or our inability to identify you in due time.

If, despite all efforts, we cannot identify you and you do not provide additional information to enable identification, we are not obliged to comply with the request.

11. REFUSAL TO PROVIDE PERSONAL DATA
You are not obliged to provide us with the personal data mentioned in this document. However, if you do not provide the data mentioned in this information notice, it will not be possible for us to provide the services you request.

12. NO AUTOMATED DECISION-MAKING
Our respect for your data includes providing the necessary human attention through our staff. Under current conditions, as a user of our services, you will not be subject to a decision based solely on automated processing of your data (including profiling) that produces legal effects concerning you or similarly significantly affects you.

13. INTERNATIONAL TRANSFER
In accordance with Chapter V of Regulation (EU) 2018/1725, transfers of personal data from the EU to countries outside the EU/EEA and to international organizations may take place when:

there is an adequate level of protection of the fundamental right of individuals (data subjects) to data protection in the non-EU/EEA country or in the international organization to which the data are transferred. In the absence of an adequacy decision, personal data may still be transferred under specific conditions.
The contractual partner may provide appropriate safeguards by using transfer tools in accordance with Article 48 of Regulation (EU) 2018/1725, such as standard contractual clauses for transfers, also using transfer tools within the meaning of Article 46 of the GDPR. These conditions apply where the safeguards ensure a level of protection essentially equivalent to that guaranteed in the EU and where individuals have the possibility to exercise their data protection rights and have effective remedies. To ensure such a level of protection, it may be necessary to adopt measures that supplement the relevant safeguards.
The contractual partner wishing to transfer data outside the EU/EEA may—in limited and specific cases—rely on one of the derogations listed in Regulation (EU) 2018/1725, provided that no other transfer tool can be used. Examples of derogations include: a person giving consent for their personal data to be transferred, where the transfer is necessary for the conclusion or performance of a contract, or is necessary for important reasons of public interest, or for the establishment of a defense in judicial proceedings.

14. CHANGES TO THIS INFORMATION NOTICE
We may occasionally update this Information Notice depending on the services and functionalities we introduce on the site. All updates and changes to this notice are valid immediately after publication on the site, which you agree to.

This information notice was drafted on 01.09.2025.