Docodex - websites, applications and digital systems for business.


Legal document

Privacy policy

1. The data operator

The personal data operator is Docodex S.R.L., based in Romania, Bihor county, Cihei village, Str. Violinists no. 7, CUI RO48346026, No. Trade Register J05/1587/2023. For any request regarding personal data, you can contact us at office@docodex.com.

2. What data we collect

We can collect the following categories of data: name, surname, email, telephone, company, position, CUI, address, message, desired service, estimated budget, desired term, documents uploaded to the portal, tax data for clients and affiliates, bank data/IBAN for affiliates, data about projects, tickets, invoices, contracts and commercial communications.

For security, GDPR audit, abuse prevention and request source measurement, we can collect IP, user-agent, accessed URL, lead source, UTMs, referral/affiliate code, timestamp and consent preferences.

3. Purposes of processing

We use data to respond to requests, prepare offers, schedule consultations, deliver projects, manage client accounts, administer documents, invoices, contracts, tickets, maintenance, affiliation, commissions, payments, security, audit, fiscal obligations and operational communications.

The data can also be used for analytics or marketing only depending on the consent expressed for cookies and similar technologies.

4. Legal grounds

We process data based on pre-contractual steps, contract execution, legal obligations, legitimate interest for security and the administration of the commercial relationship, consent for non-essential/marketing cookies and, as the case may be, the defense of legal rights.

5. Suppliers and agents

We can use technical providers for hosting, domains, email, billing, payments, analytics, advertising, backup, security, support and operational tools. Examples may include IONOS for hosting/domains, SmartBill for billing, Google for analytics/search/ads, Meta for advertising, TikTok for advertising and possible payment processors such as Stripe or other approved providers.

Providers may process data according to their own policies and applicable contracts. We do not sell personal data to third parties.

6. International transfers

Some technical services may involve data transfers outside Romania or the European Economic Area. In these cases, we use legally accepted mechanisms, such as standard contractual clauses, privacy settings and reasonable security measures.

7. Retention periods

Leads are usually kept for 365 days. Contact messages are usually kept for 365 days. Support tickets are usually kept for 730 days. Customer account data and project history can be kept for the duration of the collaboration and subsequently as long as necessary for support, defense of legal rights and obligations.

Invoices, contracts, fiscal documents and data related to payments are kept according to the applicable legal, fiscal and accounting obligations. The data of affiliates, commissions and payments are kept for the duration of the affiliate program and thereafter according to fiscal and audit obligations.

8. Security

We apply reasonable technical and organizational measures: restricted access, authentication, form validations, CSRF protection, rate limiting, upload validation, private files downloaded via protected routes, auditing and logging for important events.

9. Your rights

You have the right of access, rectification, deletion, restriction, portability, opposition and withdrawal of consent, within the limits of the law. To exercise your rights, write to us at office@docodex.com. We may ask for additional information for identity verification.

If you are not satisfied with the answer, you can contact the National Supervisory Authority for the Processing of Personal Data.

  • Docodex support
Legal Docodex GDPR Confidentiality Cookies Transparent
Terms Personal data Consent Security Docodex