Who is the data operator
The personal data operator (controller) is Echipa De Tocilari SRL (Tax ID/CUI 47591744, Trade Register J40/2298/2023, Str. Arh. Alexandru Zagoritz nr. 12, Sector 2, București, Romania), the funeral house operating under the name sobru.ro. It determines the purposes and means of the data processing described in this policy.
For any personal data request (GDPR rights), contact us at dpo@sobru.ro or by phone (see /contact/).
What data we collect
- Family personal data: name, phone, email, address (for delivery/contact)
- Deceased data: name, ID number, birth date, death date, cause of death, place of death
- ID documents (copies) — for obtaining official documents
- Pension stub — for CNPP funeral aid file
- Financial details — for invoicing and payment (bank account, amounts)
- Ceremony details: church, cemetery, priest, date, guests
- Communications with our team (calls, WhatsApp messages, email)
How we use data
- To deliver contracted funeral services (transport, formalities, ceremony)
- To issue official documents (death certificate, sanitary clearance) on family's behalf
- To submit funeral aid file to CNPP (via assignment)
- To issue invoices and collect payment
- To coordinate with necessary third parties (church, cemetery, crematorium, DSP)
- For post-ceremony assistance (if family contacts us with questions)
- For legal obligations (Tax Code, Law 102/2014, ANPC)
Legal basis for processing
We process your data on the following Art. 6 GDPR legal bases:
- Performance of a contract (Art. 6(1)(b)) — delivering funeral services, issuing documents, organizing the ceremony
- Legal obligation (Art. 6(1)(c)) — invoicing and tax reporting (Tax Code), the CNPP funeral aid file, records required by Law 102/2014
- Legitimate interest (Art. 6(1)(f)) — operational communications about the case and post-ceremony assistance
- Consent (Art. 6(1)(a)) — marketing communications, only where you explicitly grant it; you may withdraw it anytime
Whom we share data with
Data is shared only with parties strictly necessary for service delivery:
- Romanian National Pension House (CNPP) — for funeral aid
- Romanian Public Health Directorate (DSP) — for sanitary clearance
- Civil Status office — for official death certificate
- Church chosen by family — for service organization
- Cemetery or crematorium — for ceremony scheduling
- Service suppliers (catering, florist, monuments) — only relevant elements
- Our banks — for payment collection
- Tax authorities — on request, per Tax Code
How long we keep data
Financial data (invoices, payments) — 10 years, per Romanian Tax Code.
Contract data (funeral services contract) — 5 years from contract closure.
Marketing data (newsletter, promotional messages, if consented) — until consent withdrawal.
Communication data (calls, WhatsApp, email) — 2 years from last communication.
After these periods, data is deleted or irreversibly anonymized.
Your rights
- Right of access — you may request a copy of data we have about you
- Right of rectification — correcting incorrect or incomplete data
- Right of erasure („right to be forgotten”) — under certain conditions
- Right to restrict processing — in certain cases
- Right of portability — receiving data in a structured format
- Right to object to direct marketing
- Right to lodge complaint with Romanian National Authority for Personal Data Protection (ANSPDCP)
Cookies and similar technologies
The site uses one technical cookie (to remember the chosen language). For analytics we use Vercel Analytics and Speed Insights, which work without cookies. Full details at /cookies/.