Privacy Policy

Last updated: 11 September 2025

Who we are

This website (the “Site”) is operated by Aidea Technologies SRL-D, a company registered in Romania.
Registered office: Aleea Primaverii nr 8, Ramnicu Valcea, Valcea, Romania
Trade Registry (ONRC) EUID.: J/38/1075/2023 • Tax ID CUI: 49237914
Website: aidea-srl.com
Email: admin@aidea-srl.com

What personal data we collect and why we collect it

We collect data you provide directly and data generated by your use of the Site:

  • Identity & contact data: name, company, email, phone — to respond to inquiries, provide quotes, and deliver projects (legal bases: contract or steps prior to contract; legitimate interest to respond to messages; consent for marketing).
  • Transactional data (WooCommerce): billing details, order details, invoices, payment status — to process purchases and meet tax/accounting duties (legal bases: contract; legal obligation).
  • Support & communications: messages, notes from calls, feedback — to provide support and improve services (legal bases: contract; legitimate interest).
  • Marketing preferences: newsletter opt-in, campaign engagement — to send communications you’ve consented to (legal basis: consent; you can withdraw anytime).
  • Technical & usage data: IP address, device/browser info, pages visited, events (with consent) — for security, performance, analytics, and to improve UX (legal bases: legitimate interest for security/essential operations; consent for analytics/marketing cookies).
  • User-generated content (if enabled): comments, reviews — to publish and manage content (legal bases: consent; legitimate interest to operate community features).
  • Sensitive data: We do not intentionally collect special categories of data (e.g., health). Please don’t submit such data through our forms. If it’s required for a specific service, we’ll seek explicit consent and give specific notices.

Comments (if enabled)

When visitors leave comments, we collect the data shown in the comments form, and also the visitor’s IP address and browser user-agent string to help spam detection. An anonymised string created from your email address (hash) may be provided to the Gravatar service to see if you are using it. After approval, your profile picture is visible to the public in the context of your comment. (This reflects WordPress defaults.)

Media (if uploads are enabled)

If you upload images to the Site, avoid uploading images with embedded location data (EXIF GPS). Visitors can download and extract any location data from images on the Site.

Contact forms

When you submit a form (contact, project brief, audit request), we process your name, email, phone, company, and message. We use this information only to respond to your request and provide the requested service. Retention: typically 12 months for general inquiries; longer if it relates to an active client relationship. We do not add you to marketing lists unless you explicitly opt-in.

Cookies

We use cookies and similar technologies to:

  • operate the Site and secure your session (strictly necessary);
  • remember preferences (e.g., language, cookie choices);
  • measure traffic and performance (analytics) only with your consent;
  • run remarketing/ads (marketing) only with your consent.

The Site displays a cookie banner that lets you accept, reject, or customise non-essential cookies at any time. Romanian e-privacy rules require prior consent for non-essential cookies; only strictly necessary cookies load without consent. See our separate Cookie Policy for a detailed list of cookies and partners. DLA Piper Data Protection (https://gdpr-info.eu/)

WordPress & WooCommerce cookies (examples):

  • WordPress: wordpress_logged_in_*, wp-settings-*, wp-settings-time-*, comment_author_* (if you comment).
  • WooCommerce: woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_*, store_notice*, woocommerce_recently_viewed.

Analytics

We use Google Analytics 4 with Consent Mode to respect your choices. Analytics runs only if you consent in the banner. You can change your preferences anytime via “Cookie settings” in the footer. See Google’s privacy information and the EU transfer safeguards under the EU-U.S. Data Privacy Framework below. (European Commission)

Who we share your data with (processors & recipients)

We use carefully selected service providers (processors) who process data on our behalf, under contracts that include GDPR-compliant terms:

  • Hosting & infrastructure: [EU-based host/CDN] — site hosting, security, backups.
  • Website & CRM tools: [Form plugin], [CRM/email automation] — manage inquiries and client relations.
  • Analytics & performance: Google Analytics (only with consent).
  • Payments (if applicable): [Stripe / local gateway] — process payments; we receive only limited payment metadata, not full card details.
  • Communications: [Email service], [Live chat] — customer support.
  • Professional advisors: accounting and legal (as independent controllers where applicable).

We will disclose data to public authorities if required by law. By default, WordPress does not share personal data with anyone; sharing occurs only through the services you enable/configure. (See also international transfers below.) (GDPR)

How long we retain your data

We keep personal data only as long as needed for the purposes described, then delete or anonymise it. Typical periods:

  • Contact inquiries: 12 months (or until your request is resolved + 6 months).
  • Client/project files: duration of contract + 5 years (claims limitation / records).
  • Invoices & tax records: 10 years (legal obligation under accounting/tax laws).
  • Support tickets: up to 24 months.
  • Analytics data: 14–26 months (per tool setting), only if consented.
  • Cookie consent logs: up to 5 years (compliance evidence).

If a different period applies, we’ll inform you at the point of collection.

What rights you have over your data

Under the GDPR you can request: access, rectification, erasure, restriction, portability, and you can object to processing based on legitimate interests or to direct marketing. Where processing is based on consent, you can withdraw consent at any time (this doesn’t affect prior lawful processing).

To exercise your rights, email admin@aidea-srl.com
We will respond within one month (extendable by two months for complex requests, we’ll let you know). You also have the right to lodge a complaint with the Romanian supervisory authority (ANSPDCP): Bld. G-ral Gheorghe Magheru 28–30, 010336, Bucharest;
Email: anspdcp@dataprotection.ro

Where your data is sent (international transfers)

We prefer to store data in the EEA. Some providers are located (or store data) outside the EEA. When data is transferred internationally, we rely on appropriate safeguards, such as:

  • the EU-U.S. Data Privacy Framework for certified U.S. recipients; and/or
  • Standard Contractual Clauses (SCCs) and supplementary measures.

In July 2023, the European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework, and in September 2025 the EU General Court upheld that decision, offering additional legal certainty for EU-U.S. transfers. (European Commission)

Contact information (privacy)

For any privacy questions or to exercise your rights:
Email: admin@aidea-srl.com
Registered office: Aleea Primaverii nr 8, Ramnicu Valcea, Valcea, Romania

Additional information

How we protect your data

  • Transport security: HTTPS/TLS across the Site and admin.
  • Access controls: role-based access, least privilege, strong passwords, 2FA for admin accounts.
  • Platform hygiene: timely updates for WordPress, theme, and plugins; minimal plugin set; regular vulnerability scans.
  • Data minimisation: collect only what we need; pseudonymise/anonymise where possible.
  • Vendor due diligence: GDPR terms with processors; review of sub-processors and data locations.
  • Training: internal staff awareness on data protection and secure handling.

What data breach procedures we have in place

We maintain detection and response procedures. If a personal data breach occurs, we assess risk and, where required, notify ANSPDCP within 72 hours and affected individuals without undue delay.

What third parties we receive data from

For B2B prospecting and marketing (with legitimate interest and/or consent), we may process publicly available business contact data (e.g., company websites, professional networks) consistent with privacy laws.

What automated decision-making and/or profiling we do

We do not carry out automated decisions with legal or similarly significant effects. With your consent, we may use basic profiling (e.g., segmenting by pages viewed or email engagement) to send more relevant content and measure campaign effectiveness. You can object at any time.

Industry regulatory disclosure requirements

We are not part of a regulated sector that imposes additional privacy disclosures. If this changes, we will update this policy.

Children

Our services target businesses and adults. We do not knowingly collect data from children. If you believe a child has provided data, contact us to remove it.

Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page with the “Last updated” date.

Key references: GDPR Art. 13 (transparency duties), GDPR data subject rights, Romanian cookie/e-privacy rules, and EU-U.S. Data Privacy Framework adequacy. (GDPR) (European Commission)

Scroll to Top