Your data, our duty.

Who we are

Cranesy is an independent news publication covering the global crane and lifting equipment industry. The website is published from Romania (European Union) by its owner and editor, Elian Ionescu, acting as data controller within the meaning of the EU General Data Protection Regulation.

Where this policy refers to "we", "us" or "Cranesy", it means the publication and its data controller jointly. The contact details for any data-protection question appear at the bottom of this page.

What data we collect

The data we process depends on how you use Cranesy.

Form submissions

When you send an advertising inquiry or submit a story we collect: your name, company, work email, phone (if provided), country, and the content of your message. The advertising form additionally records your campaign type and budget bracket. The news-submission form additionally records story title, type, region, brand, source URL and the images you upload. We also log your IP address, user agent and the referrer URL at the moment you submit.

Comments

If commenting is enabled on a story, your name, email and comment body are stored alongside the article.

Server logs

Our hosting provider keeps standard access logs — IP address, requested URL, response code and timestamp — for security and abuse prevention. Logs are retained for thirty days.

Cookies

See Cookies below.

We do not knowingly collect data from anyone under sixteen. Cranesy is written for adult industry professionals and is not directed at children.

Why we collect it

Under the GDPR, every processing activity needs a lawful basis. Ours are:

• Contract — when you send an advertising inquiry, we process your details to respond to your request and, if applicable, to set up an advertising contract.
• Legitimate interest — when you submit news, we process your content and contact details to evaluate, edit and publish stories of legitimate interest to the lifting industry. Editorial archiving is also a legitimate interest of the publication and its readers.
• Consent — newsletter subscription requires explicit opt-in. You can withdraw your consent at any time using the unsubscribe link in every newsletter.
• Legal obligation — we keep records that we are legally required to keep, for example tax records of advertising contracts under Romanian and EU law.

Cookies

We use only the cookies strictly necessary to operate the site:

• WordPress session cookies, set when an editor logs in to the admin area.
• A cross-site request forgery (CSRF) token, set by the form pages so that submissions cannot be forged from other sites.

We do not use third-party advertising trackers and we do not share your visit data with ad networks. If we add basic privacy-friendly analytics in the future (for example Plausible or Fathom, which do not use cross-site cookies), we will update this policy in advance.

Third-party services we rely on

• Hosting — Hosterion, a Romanian provider. All site data is stored on EU-located servers.
• Stripe — payments for Cranesy Premium and supporter contributions are processed by Stripe Payments Europe, Ltd. (Ireland). When you complete checkout, Stripe collects the data needed for the transaction (name, email, billing country, card details, the amount paid) and shares with Cranesy only the limited customer record we need to grant access (email, country, last-four card digits, subscription status). Cranesy never sees, stores or transmits your full card details. Stripe acts as an independent data controller for the data it collects to comply with payment regulations and fraud prevention; see stripe.com/privacy for their full terms.
• Google AdSense — non-Premium pages may display ads served by Google. Google sets cookies and uses your IP address to serve and measure ads. Premium subscribers see no AdSense code at all.
• Google Analytics 4 — we use GA4 to count page views, referral sources and broad audience demographics. IP addresses are anonymised by Google before storage.
• Google Fonts — typography is served from fonts.googleapis.com. When your browser loads a page on Cranesy it requests the font files from Google directly, which means your IP address is briefly visible to Google. You can avoid this entirely by blocking third-party fonts in your browser; the site remains usable in a system fallback typeface.
• Social-share buttons — the share links on each article are plain links. They do not load any tracking scripts on Cranesy itself; clicking one opens the relevant share URL in a new tab on the social network.

How long we keep data

• Advertising inquiries — twenty-four months from receipt, after which they are deleted unless an active commercial relationship requires continued retention.
• News submissions — published submissions are retained as part of the editorial archive. Rejected submissions and their attached images are deleted within ninety days.
• Server logs — thirty days.
• Newsletter subscribers — until you unsubscribe.
• Subscription & payment records — for the duration of an active subscription, plus seven years thereafter to comply with Romanian and EU tax-record requirements. Stripe retains its own copy of payment records under its own retention policies.

Your rights

You have the following rights in respect of the personal data we hold about you, under GDPR Articles 15–22:

• Access — request a copy of your data.
• Rectification — correct inaccurate data.
• Erasure — request deletion ("right to be forgotten").
• Restriction — restrict how we process your data.
• Objection — object to processing based on our legitimate interest.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent — at any time, where processing relies on consent.
• Lodge a complaint — with the Romanian Data Protection Authority (ANSPDCP, www.dataprotection.ro) or your local supervisory authority.

To exercise any of these rights, write to us using the contact details below. We respond within thirty days.

Data transfers outside the EU

Cranesy itself is hosted in Romania (EU). Some of the third-party services we rely on (notably Google Fonts) may transfer data to the United States or other jurisdictions outside the European Economic Area, under their own legal frameworks (typically Standard Contractual Clauses). You can opt out of this transfer by blocking third-party fonts in your browser; the site remains fully readable.

How we protect your data

• All connections to Cranesy use HTTPS.
• Form submissions are protected against cross-site request forgery, validated server-side, and rate-limited per IP address.
• Image uploads are validated for size, MIME type and file structure before they are accepted.
• Editorial admin access is restricted to authenticated users with the minimum permissions required for their role.
• We follow the principle of least privilege across all systems.

No internet system is perfectly secure. If you become aware of a security issue affecting Cranesy, please report it to us at the address below.

Changes to this policy

When we change this policy we update the "Last updated" date at the top of the page. For material changes (for example new categories of data, or new third-party processors) we additionally post a notice in the next newsletter and at the top of the homepage for at least seven days.

Contact

For any data-protection question, including a request to exercise your rights under the GDPR, write to us using the email button below. We aim to respond within seventy-two hours and always within the thirty-day window required by the Regulation.