Privacy Policy
Last updated: 2 May 2026
This privacy policy explains how Niponx Technology S.R.L. (referred to as “Niponx”, “we”, “us”, “our”) collects, uses, and protects personal data when you visit knowmycrm.com (the “Site”) or interact with us through our forms.
We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), Law no. 190/2018 (Romanian implementation of GDPR), Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, and applicable supplementary legislation.
1. Data Controller
Niponx Technology S.R.L.
75–77 Buzești Street, 9th Floor, Sector 1
011013 Bucharest, Romania
Trade Register: J2025097283002 · CUI: 53111239 · VAT: RO53111239
Phone: +40 754 324 179
Email: [email protected]
For all data-protection enquiries, requests, or complaints, contact: [email protected].
2. What We Collect
We collect personal data only when you actively provide it through one of our forms, plus a minimum of technical data needed to operate the Site.
2.1 Data You Provide
- Fit Wizard (
/wizard): name, work email, company, role, phone (optional), website (optional), plus your wizard answers (industry, company size, regions, functional needs, integrations, budget, timeline) and the resulting CRM/ERP recommendations — all captured in the KMC Payload. - Book a Call (
/book): name, email, company, phone (optional), website (optional), preferred meeting date, time slot, and timezone. - Checklist Download (
/resources): name, email, company. - Contact page (
/contact): via phone, WhatsApp, or email links provided on the page.
2.2 Data Collected Automatically
- Technical data: IP address (transient, for security and abuse prevention), user-agent, referring URL, page visited, timestamp, language preference.
- Cookies and similar technologies: as described in our Cookie Policy. Non-essential cookies are set only after you grant consent.
- Marketing attribution parameters: utm_source, utm_medium, utm_campaign, utm_term, utm_content — when present in the URL, these are passed alongside any form submission you make.
We do not collect special categories of personal data (Article 9 GDPR), and we do not knowingly collect data from children under 16.
3. Why We Process It (Lawful Bases)
| Purpose | Lawful Basis |
|---|---|
| Responding to a contact, wizard, or booking enquiry you sent us | Art. 6(1)(b) GDPR — pre-contractual measures taken at your request |
| Sending you a follow-up email related to your enquiry; partner matching | Art. 6(1)(b) and 6(1)(f) — legitimate interest in completing the conversation you initiated |
| Operating the website (security, abuse prevention, basic analytics) | Art. 6(1)(f) — legitimate interest in maintaining a secure, functional service |
| Optional analytics and marketing measurement | Art. 6(1)(a) — your consent, given through the cookie banner; withdrawable at any time |
| Compliance with legal obligations (accounting, tax) | Art. 6(1)(c) — legal obligation under Romanian and EU law |
4. Who Receives Your Data
We share personal data only with carefully selected service providers (“processors”) who act on our documented instructions under a written data-processing agreement.
| Processor | Purpose | Country | Safeguards |
|---|---|---|---|
| Salesforce, Inc. | CRM — storing and managing leads submitted via our forms | United States | Standard Contractual Clauses (Art. 46(2)(c) GDPR); EU-U.S. Data Privacy Framework |
| Vercel, Inc. | Website hosting and content delivery | US / EU edge | Standard Contractual Clauses; Data Privacy Framework |
We may also disclose personal data to public authorities or third parties when required to comply with a legal obligation, judicial order, or to defend our legal rights.
We do not sell personal data, and we do not share personal data with advertising networks.
5. International Transfers
Some of our processors are established outside the European Economic Area (primarily in the United States). For each such transfer we rely on:
- Standard Contractual Clauses adopted by the European Commission (Art. 46(2)(c) GDPR), and
- Where applicable, the EU-U.S. Data Privacy Framework adequacy decision (Commission Implementing Decision (EU) 2023/1795).
Copies of the safeguards in place are available on request from [email protected].
6. How Long We Keep It
| Data | Retention Period |
|---|---|
| Lead data from unconverted enquiries | Up to 24 months from last contact, then deleted or anonymised |
| Lead data from converted clients | Duration of the commercial relationship + 10 years (Romanian fiscal record-keeping) |
| Technical access logs | 12 months |
| Cookie consent records | 12 months |
| Records required by tax or accounting law | Statutory minimum (typically 10 years) |
After the applicable period, data is deleted or irreversibly anonymised. Retention periods are subject to periodic review.
7. Your Rights
Subject to the conditions of the GDPR, you have the right to:
- Request access to the personal data we hold about you (Article 15)
- Request rectification of inaccurate or incomplete data (Article 16)
- Request erasure (“right to be forgotten”) in the circumstances described in Article 17
- Request restriction of processing (Article 18)
- Object to processing based on legitimate interest (Article 21)
- Receive your data in a portable format (Article 20)
- Withdraw consent at any time, where processing is based on consent (Article 7(3)); withdrawal does not affect prior lawful processing
- Lodge a complaint with the supervisory authority — see Section 9
To exercise any of these rights, write to [email protected] with enough information for us to identify you. We respond within one month of receipt; we may extend this by two further months for complex requests, in which case we will tell you within the first month.
8. Security
We implement appropriate technical and organisational measures to protect personal data against unlawful or accidental destruction, loss, alteration, unauthorised disclosure or access. These include access control, encryption in transit (TLS), encrypted storage at rest where supported by our processors, role-based access to leads, and security review of processors before engaging them.
If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours and, where required, inform you without undue delay.
9. Right to Lodge a Complaint
You can lodge a complaint with the Romanian supervisory authority at any time:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral Gheorghe Magheru nr. 28-30, Sector 1, 010336 București, România
Website: www.dataprotection.ro
Email: [email protected]
You may also lodge a complaint with the supervisory authority in your EU member state of habitual residence or where the alleged infringement took place.
10. Changes to This Policy
We may update this policy from time to time. We will publish the updated version on this page and amend the “Last updated” date above. Material changes will be highlighted on the homepage for a reasonable period before they take effect.