Last updated: June 9, 2026

Privacy Policy

This policy explains how Man Andrei-Catalin Persoana Fizica Autorizata processes personal data in connection with the public website, B2B requests, proposals, contracting, and software or IT service delivery.

Data Controller

Man Andrei-Catalin Persoana Fizica Autorizata
Tax Reg. No. (CUI): 48124283
EU VIES VAT: RO48248311
Cluj-Napoca, Cluj Romania
Email: office@manandrei.ro

1. Data controller and scope

The data controller is the entity shown in the legal card on this page. This policy applies to website visitors, business contacts, prospective B2B clients, clients, and contractual partners.

  • The activity is B2B-oriented; the current public flow does not provide consumer services.
  • Professional contact data may be processed for commercial discussions, proposals, contracting, and support.
  • Projects involving processing on behalf of a client may require separate data processing clauses or agreements.

2. Categories of personal data

Depending on the interaction, we may process these categories of data:

  • Identity and contact data: name, email, phone number, role, company.
  • Communication data: messages sent by contact form, email, or agreed channels.
  • Commercial and contractual data: project requirements, proposals, orders, contracts, invoices, and accounting information.
  • Technical and security data: IP address, user agent, requests, logs, anti-abuse signals, and diagnostic information.
  • Google reCAPTCHA-related data when the protected contact form is active.
  • Traffic analytics data through Google Analytics, only if you accept Analytics.
  • Cookie consent preferences.

3. Purposes and legal bases

We process data only for clear purposes and with a legal basis under GDPR Article 6:

  • Pre-contract steps and contract performance: request analysis, proposals, delivery, maintenance, and support.
  • Legal obligations: invoicing, accounting, tax duties, and responses to authorities.
  • Legitimate interest: website security, abuse prevention, form protection, legal claims defense, and reasonable B2B communication.
  • Consent: Google Analytics, non-essential cookies, and optional marketing communications.
  • Consent can be withdrawn at any time, without affecting prior lawful processing.

4. What we do not do with data

We do not sell personal data, do not rent contact lists, and do not transfer data to data brokers. We do not use remarketing, behavioral advertising, or commercial profiling at this time.

5. Data sources

Most data comes directly from you through the contact form, email, meetings, or contractual documents. Sometimes we may use public company information or data provided by contractual partners, within legal limits.

6. Recipients and providers

Data may be shared only with recipients required for the website, security, communication, contracting, or legal obligations:

  • Hosting, infrastructure, email, security, monitoring, and technical service providers.
  • Google reCAPTCHA for contact form protection, when active.
  • Google Analytics for traffic analytics, only after Analytics consent.
  • Accounting, tax or legal advisors, and payment processors where required.
  • Public authorities only where required by law.

7. International transfers

Some providers, including Google for reCAPTCHA or Google Analytics, may process data outside the EEA. Where such transfers occur, we rely on available GDPR safeguards such as Standard Contractual Clauses and appropriate technical or organizational measures.

8. Retention periods

We keep data only as long as necessary for the stated purposes or legal requirements:

  • Contractual, fiscal, and accounting data: according to applicable legal retention periods.
  • Communication and support data: as needed to handle the request and defend rights.
  • Technical and security logs: limited retention proportionate to security purposes.
  • Cookie preferences and Analytics data: according to the Cookie Policy and provider settings.

9. Data security

We apply appropriate technical and organizational measures, including access control, data minimization, logging, infrastructure safeguards, anti-abuse checks, and need-to-know access restrictions.

10. Data subject rights

Under GDPR, you have rights to information, access, rectification, erasure, restriction, objection, portability where applicable, and consent withdrawal. You may also lodge a complaint with ANSPDCP: www.dataprotection.ro.

11. Exercising rights

You can send requests using the contact details published on the website. We generally respond within one month, with possible extensions for complex cases under GDPR.

12. Cookies and similar technologies

Details about cookies, Google Analytics, Google reCAPTCHA, inactive Marketing, and IndexNow are available in the Cookie Policy.

13. Policy updates

We may update this policy for legal, technical, or operational changes. The current version is published on this page with the latest update date.