Legal

Privacy Policy

Last updated: 17 May 2026

1. Who We Are

Verbabit SRL (“Verbabit”, “we”, “our”, or “us”) is a company registered in Romania, operating under Romanian and European Union law. We provide software development, digitalization, and technology consulting services.

Data Controller: Verbabit SRL, Romania
Contact: [email protected]

2. Legal Basis (GDPR Article 6)

We process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide our services.
  • Legitimate interest (Art. 6(1)(f)): Responding to inquiries, improving our services, security.
  • Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies, where you have opted in.
  • Legal obligation (Art. 6(1)(c)): Compliance with fiscal and legal requirements.

3. Data We Collect

3.1 Data you provide directly

  • Name, email address, phone number (contact forms, project onboarding)
  • Company name, VAT number, address (invoicing)
  • Project requirements and communications
  • Account credentials (for client portals, if applicable)

3.2 Data collected automatically

  • IP address (security, rate limiting — not stored long-term)
  • Browser type, device type, operating system (analytics)
  • Pages visited, referrer URL (analytics)
  • Cookies (see our Cookie Policy)

4. How We Use Your Data

  • Responding to inquiries and providing our services
  • Creating and managing project contracts and invoices
  • Communication throughout project delivery
  • Sending transactional emails (confirmations, invoices, project updates)
  • Improving our website and services (analytics)
  • Complying with legal obligations (fiscal, contractual)
  • Security: detecting and preventing fraud or unauthorized access

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

5. Data Sharing & Third Parties

We share data only with trusted processors under data processing agreements (DPAs):

  • Resend (USA) — Transactional email delivery. Privacy Policy
  • Migadu (Switzerland) — Staff email hosting. Privacy Policy
  • Hetzner/VPS provider — Hosting infrastructure (EU/Germany data center)
  • Cloudflare — DNS and CDN services. Privacy Policy

International transfers (where applicable) are covered by Standard Contractual Clauses (SCCs) or adequacy decisions under GDPR Chapter V.

6. Data Retention

  • Inquiry/contact data: 3 years from last contact
  • Client project data: Duration of contract + 5 years (fiscal obligations)
  • Invoice records: 10 years (Romanian fiscal law)
  • Analytics data: Aggregated, anonymized — no individual tracking stored beyond 24 months
  • Cookies: See Cookie Policy

7. Your Rights (GDPR Chapter III)

As a data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of the data we hold about you.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”), where no legal obligation requires retention.
  • Right to restrict processing (Art. 18): Request that we limit processing of your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any right, email us at [email protected]. We will respond within 30 days. Identity verification may be required.

8. Data Security

We implement technical and organizational measures to protect your data, including: encrypted connections (TLS), encrypted storage, access controls, regular security audits, and incident response procedures. In the event of a data breach, we will notify affected individuals and the ANSPDCP as required by GDPR Art. 33–34.

9. Supervisory Authority

You have the right to lodge a complaint with the Romanian data protection authority:

ANSPDCP — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Website: dataprotection.ro
Email: [email protected]

10. Children

Our services are intended for businesses and professionals. We do not knowingly collect personal data from individuals under 16 years of age.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email or a prominent notice on our website. The “Last Updated” date above reflects the most recent revision.

Privacy PolicyTerms of ServiceCookie PolicyRefund PolicyLegal Notice