Privacy Policy

• 01 — Who we are (Data Controller)
• 02 — What data we collect
• 03 — Purposes and legal bases
• 04 — Recipients & processors
• 05 — International transfers
• 06 — Storage duration (retention)
• 07 — Your rights (GDPR)
• 08 — Cookies & similar technologies
• 09 — Security and privacy
• 10 — Newsletter & communications
• 11 — Contact forms, quotes & contracting
• 12 — Client accounts, invoicing & payments
• 13 — Jobs & collaborations (HR)
• 14 — Social media & third-party embeds
• 15 — Profiling & automated decisions
• 16 — Children (minors)
• 17 — Security breaches (notifications)
• 18 — Changes to this policy
• 19 — Contact & complaints (ANSPDCP)

— (the “Controller”), VAT ID: , Trade Registry: , registered office: , e-mail: , phone: .

This policy describes how we process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and related legislation.

DPO / Contact point

• Data Protection Officer (DPO): N/A (not required given current activities).
• GDPR contact point: .
• The Controller determines the purposes and means of processing; for a processor role, we sign a separate DPA.

We collect data only to the extent necessary for our services and legal obligations.

Categories may include:

Common categories

• Identification & contact: name, e-mail, phone, company, position.
• Transactional data: billing address, VAT ID, IBAN (partial), order history.
• Technical data: IP, user agent, pages visited, events (analytics), cookie ID.
• Provided content: briefs, media materials, messages from forms.
• Optional: marketing preferences, feedback, testimonials (with consent).

We process data for specific, legitimate, and transparent purposes.

Legal bases: Art. 6(1) a) consent, b) contract, c) legal obligation, f) legitimate interests; Art. 6(1) e) generally does not apply.

Typical purposes & bases

• Quotations & contracting — legitimate interests / pre-contractual measures / contract performance.
• Invoicing & accounting — legal obligation.
• Support & maintenance — contract / legitimate interests.
• Security & fraud prevention — legitimate interests.
• Direct marketing (newsletter, remarketing) — consent or legitimate interests in accordance with law.
• Service improvement (analytics) — legitimate interests / consent via the CMP for cookies.

We share data with third parties only when necessary or required by law, with appropriate safeguards.

Types of recipients:

Typical processors

• Hosting & infrastructure (hosting, CDN, e-mail).
• Analytics, error & performance tools (analytics/logging).
• Payments & invoicing, CRM, ticketing.
• Consultants (lawyers, accountants), only when necessary and under confidentiality.

Mandatory disclosures

• Public authorities, where required by law.
• Courts of law, to defend our rights.
• Intra-group transfers (if applicable), with adequate safeguards.

If we transfer data outside the EEA, we apply safeguards under Chapter V of the GDPR.

Measures: adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), supplementary assessments.

Transparency

• On request, we indicate the main jurisdictions and safeguards used.
• We avoid transfers without appropriate safeguards.
• We prefer EU storage where possible.

We retain data as long as needed for the purpose or as required by law.

After the purpose expires, we delete or anonymise data, subject to legal exceptions.

Retention examples

• Accounting: 5–10 years (per tax law).
• Contracts and correspondence: for the contract term + limitation periods.
• Cookies: according to the durations in the Cookies Policy.

You have specific rights that we prioritise and respect.

You can exercise them by sending a request to or to our registered postal address.

List of rights

• Access, rectification, erasure (“right to be forgotten”).
• Restriction, objection, portability.
• Withdrawal of consent (with effect for the future).
• Complaint to ANSPDCP (see section 19).

We use cookies, pixel tags, and local storage for functionality, analytics, and marketing.

Consent is managed via a CMP. Technical details and durations: Cookies Policy.

User control

• You can change preferences from the banner or your browser settings.
• Certain essential cookies are necessary for the site to function.
• Disabling them may affect your experience and functionality.

We implement technical and organisational measures appropriate to the risks (SSL/TLS, access control, minimisation, pseudonymisation where possible).

Access to data is granted on a need-to-know basis, with logging and staff training.

Shared responsibility

• Us: security measures, reviews, backups according to the packages.
• You: strong passwords, confidentiality, role-based access, internal policies.
• Periodic assessments and testing where relevant.

We send commercial communications only with an appropriate legal basis (consent or legitimate interests, as permitted by law).

You can unsubscribe at any time from the e-mail or by contacting us.

Preferences & records

• We keep records of consent and proof of unsubscribing.
• We may measure open/click rates (if you have consented to tracking).
• No list selling. No spam.

Form data is used to respond to requests and prepare quotes/contracts.

We retain correspondence for traceability, contractual evidence, and service quality.

Provided content

• Briefs, files, and materials remain confidential (see the Terms).
• Do not upload sensitive information unless necessary or requested.
• We use secure channels for file transfers where appropriate.

We process data to manage accounts, issue invoices, handle payments, and keep accounting records.

We do not store full card details on our servers; processing is performed by authorised providers (PCI DSS).

Compliance

• Invoicing in accordance with Romanian tax law.
• Document retention for statutory periods.
• Audit and financial reconciliation to ensure data accuracy.

If you apply for a role, we will process data from your CV, cover letter, and relevant public profiles.

Typical retention: until the end of recruitment + 6–12 months with consent for future opportunities.

HR transparency

• Interviews, technical tests: strictly as needed for assessment.
• Professional references: only with your consent.
• You may request deletion at any time (subject to legal obligations).

The site may include buttons/plugins (e.g., Facebook, Instagram, LinkedIn, YouTube) or embeds (maps, video, fonts).

These may collect data directly from you under their own policies; we recommend reviewing them separately.

Control & consent

• Some embeds load only after consent (via the CMP).
• You can block third-party cookies in your browser.
• Links to third parties are provided for convenience; we do not control their policies.

We do not make decisions producing legal effects solely by automated means. We may segment audiences for marketing with consent/legitimate interests.

You may object to marketing-related profiling at any time.

Transparency

• Any automated mechanism includes human intervention where needed.
• You can request information about the logic involved and expected consequences.
• We do not sell personal data to third parties.

Our services are not directed to children under 16. We do not knowingly collect data from minors.

If we learn that we have collected a minor’s data, we will delete it without undue delay.

Reporting

• Contact us immediately if you suspect such a situation.
• We may request reasonable proof of age when necessary.
• Exceptions apply only where required by law.

In the event of an incident posing risks to individuals’ rights and freedoms, we notify ANSPDCP within legal deadlines and, where applicable, the data subjects.

We document incidents internally, including causes, impact, and corrective actions.

Cooperation

• We cooperate with processors for investigation and remediation.
• We inform clients to the extent an incident affects them.
• We periodically review measures to prevent recurrence.

We may update this policy for compliance and clarity.

We will display the current version on the site with the last updated date.

Notification

• For significant changes, we may use on-site notices or e-mail (where applicable).
• Continuing to use the site after changes represents acceptance of them.
• Previous versions can be provided upon request.

You can contact us with any questions about personal data at .

If you are not satisfied with our response, you may lodge a complaint with ANSPDCP (the Romanian National Supervisory Authority for Personal Data Processing) — dataprotection.ro.

Company details

• —
• VAT ID: • Trade Registry:
• Registered office:
• E-mail: • Phone: