This Privacy Policy explains how MF Mezinu collects, uses and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable Dutch and Romanian data-protection law.
1 Who We Are
The data controllers responsible for processing your personal data are:
Netherlands — Registered Office
- Trade name: MF Mezinu
- Address: Elisadonk 148, 4707EJ Roosendaal, Netherlands
- KVK: 88985857
- NIWO License: 42183
- VAT: NL004712424B52
- Email: mfmezinu@gmail.com
- Phone: +31 (0) 6 493 47173
Romania — Operations Office
- Company: MF Mezinu SRL
- Address: Scurta 1, Gramesti, Suceava, Romania
- CUI: RO48029257
- Reg. Com.: J2023000755334
- Email: mfmezinu@gmail.com
Data Protection Officer (DPO)
For all data protection enquiries, you can contact our designated Data Protection Officer:
- Email: privacy@mfmezinu.com
- Alternative: mfmezinu@gmail.com (mark subject: "Data Protection")
- Postal: MF Mezinu — Data Protection, Elisadonk 148, 4707EJ Roosendaal, Netherlands
2 Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Identity data | Full name, company name | Contact form, email, phone |
| Contact data | Email address, phone number, postal address | Contact form, email, phone |
| Shipment data | Origin / destination, cargo type, weight, dimensions | Quote requests, contracts |
| Financial data | Invoice details, payment records | Contracts, accounting system |
| Technical data | IP address, browser type, pages visited, time on site | Cookies, server logs |
| Communication data | Emails, messages, call records | Direct correspondence |
We do not collect special categories of sensitive data (as defined in GDPR Art. 9) unless legally required.
3 Legal Basis for Processing
We process your personal data on one or more of the following legal grounds (GDPR Art. 6):
- Contract performance — processing is necessary to fulfill a transport contract or to take steps at your request before entering into one.
- Legal obligation — processing is required by Dutch and/or Romanian law (e.g., tax records, CMR documentation).
- Legitimate interests — processing is necessary for our legitimate business interests (e.g., fraud prevention, IT security, direct marketing to existing clients), provided these interests are not overridden by your rights.
- Consent — where you have freely given your consent (e.g., analytics and marketing cookies). You may withdraw consent at any time without affecting the lawfulness of prior processing.
4 Purposes of Processing
We process your personal data for the following specific purposes:
- Service delivery: Respond to enquiries, provide freight quotations, and execute transport contracts
- Contract management: Issue invoices, manage payments, and maintain client records
- Legal compliance: Comply with customs, tax, CMR, and transport regulations
- Website analytics: Understand site usage patterns and improve our website (with consent)
- Marketing: Send service-related communications and promotional content (with consent)
- Security: Prevent fraud and ensure the security of our systems and data
- Communication: Respond to customer support requests and service updates
We will never sell, rent or trade your personal data to third parties for their own marketing purposes.
7 Data Retention Periods
We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law. Specific retention periods:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Contract & financial records | 7 years after end of contract | Dutch fiscal law (AWR Art. 52), Romanian Law 82/1991 |
| Transport documents (CMR, invoices) | 5 years | CMR Convention, applicable transport regulations |
| Contact form enquiries | 2 years after last contact | Legitimate interest |
| Marketing consent data | Until withdrawal of consent | GDPR Art. 7(3) |
| Cookie / analytics data | 13–26 months | As defined by cookie provider |
| Server logs (IP addresses) | 90 days | Security / legitimate interest |
After the retention period expires, data is securely deleted or anonymised.
8 Your Rights Under GDPR (Art. 15–22)
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. To exercise any right, contact our Data Protection Officer at privacy@mfmezinu.com.
Right of Access (Art. 15)
You have the right to request a copy of the personal data we hold about you and information about how it is processed.
Right to Rectification (Art. 16)
You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17)
You have the right to request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
Right to Restriction (Art. 18)
You have the right to request that we limit processing of your data in certain circumstances.
Right to Data Portability (Art. 20)
You have the right to receive your data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Automated Decision-Making (Art. 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling. We do not use automated decision-making.
Right to Withdraw Consent (Art. 7)
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
We will respond to your request within 30 days (extendable by 60 days for complex requests). If we refuse your request, we will explain the reasons.
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:
- Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl — Tel: +31 (0)70 888 85 00
- Romanian Data Protection Authority (ANSPDCP): www.dataprotection.ro — Tel: +40 318 059 211
9 Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction. These measures include:
- Encrypted data transmission (HTTPS/TLS)
- Access controls and authentication requirements for internal systems
- Regular security reviews and staff data-protection training
- Data minimisation and pseudonymisation where possible
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required by law.
10 Third-Party Links
Our website may contain links to third-party websites (e.g. Google Maps, social media platforms). We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically. For material changes, we will notify you by email or by a prominent notice on our website.
12 Contact Us / Data Protection Officer
If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or want to report a data protection concern, please contact our Data Protection Officer: