Privacy Policy

Data Controller

1. Data controller and scope

The data controller is the entity operating this website and related services. This Policy applies to website visitors, prospective clients, and individual clients.

• Controller contact details are available on the Contact page.
• For B2B relationships, certain business contact data may be processed on legitimate interest grounds.
• Project-specific engagements may include additional data processing terms (DPA).

2. Categories of personal data

Depending on your interaction with us, we may process:

• Identity and contact data: name, email, phone number, company (if applicable).
• Communication data: content submitted through contact forms or email.
• Technical data: IP address, browser/device data, security and logging data.
• Contract and fiscal data: data needed for offers, invoicing, and accounting records.
• Cookie consent preferences (essential, analytics, marketing).

3. Purposes and legal bases (GDPR Art. 6)

We only process personal data where a clear legal basis exists:

• Contract performance or pre-contract steps: proposals, service delivery, support.
• Legal obligation: invoicing, accounting, tax and compliance duties.
• Legitimate interest: security, abuse prevention, legal claims defense.
• Consent: non-essential cookies and optional marketing communications.
• You may withdraw consent at any time, without affecting prior lawful processing.

4. Data sources

Most personal data is collected directly from you (contact forms, email, contractual communication). In some cases, data may also come from public sources or contractual partners, within legal limits.

5. Recipients and processors

We may disclose data only to recipients required to provide our services:

• Hosting, cloud infrastructure, monitoring, and security providers.
• Email/communication providers and technical tools used in projects.
• Accounting/payment providers and legal/tax advisors.
• Public authorities where disclosure is legally required.

6. International transfers

Where providers use infrastructure outside the EEA, transfers are performed with appropriate safeguards (for example, Standard Contractual Clauses) and suitable technical/organizational measures.

7. Retention periods

We retain personal data only as long as necessary for declared purposes or legal obligations:

• Contract/fiscal data: retained according to legal archiving obligations.
• Support/communication data: retained as needed to handle requests and operational justification.
• Technical/security logs: limited retention proportional to security purposes.
• Cookie preferences: retained according to durations listed in the Cookie Policy.

8. Data security

We apply technical and organizational controls proportionate to risk, including access control, logging, infrastructure safeguards, data minimization, and abuse-prevention measures.

9. Your rights

Under GDPR, you have the following rights:

• Right to information and access.
• Right to rectification and, where applicable, erasure.
• Right to restriction and right to object.
• Right to data portability (where applicable).
• Right to withdraw consent at any time.
• Right to lodge a complaint with ANSPDCP (www.dataprotection.ro).

10. Exercising your rights

You can send requests using the contact details published on this website. We generally respond within one month under GDPR Art. 12, with possible extensions for complex requests.

11. Cookies and similar technologies

For detailed information on cookie categories, purposes, durations, and consent control, please see the Cookie Policy page.

12. Policy updates

We may update this Policy to reflect legal, technical, or operational changes. The current version is published on this page with its last updated date.