Privacy Policy

Last updated: 12 May 2026
Overview

This Privacy Policy describes how Fact and Form S.R.L. (“Fact & Form”, “we”, “us”, “our”) collects, uses, and protects your personal data when you visit factandform.com or interact with our services.

We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR), Romanian Law no. 190/2018, and the ePrivacy Directive.

1. Who we are (Data Controller)

Fact and Form S.R.L.
Registered office: 1D–6 Pipera Blvd., First Floor, Ap. 5, Building 3, Entrance 1, Bucharest, Romania
CUI / Registration Number: RO46440026
Email: [email protected]
Website: factandform.com

For all data protection inquiries, contact us at [email protected].

2. What personal data we collect

Information you provide directly

  • Contact form submissions: name, email address, company name, message content.
  • Email correspondence: any information you include when emailing us.
  • Career applications: name, email, CV, portfolio links, and any information shared during recruitment.

Information collected automatically

  • Technical data: IP address, browser, operating system, device type.
  • Usage data: pages visited, time spent, click behavior (only with your consent).
  • Server logs: IP, timestamp, requested resource.
3. Why we process your data and the legal basis

We rely on the following lawful bases under GDPR Article 6:

  • Art. 6(1)(b) – pre-contractual measures: responding to inquiries, recruitment, contract performance for clients.
  • Art. 6(1)(a) – your consent: analytics (Google Analytics, advertising performance (Google Ads).
  • Art. 6(1)(f) – legitimate interest: spam protection (Google reCAPTCHA), security and fraud prevention.
  • Art. 6(1)(c) – legal obligation: tax, accounting, fiscal record retention.
4. Who we share your data with

We do not sell personal data. We share data only with the following recipients, under appropriate data protection agreements:

  • Hosting provider — server logs and technical data.
  • Google LLC — Google Analytics 4, Google Tag Manager, Google Ads, Google reCAPTCHA. See Google Privacy Policy.
  • Email service providers — Twilio SendGrid (transactional email).
  • Backup and security — UpdraftPlus, Smush.
  • Romanian tax and legal authorities — when required by law.
  • Professional advisors — lawyers, accountants under confidentiality.
5. International data transfers

Some of our service providers (notably Google, SendGrid) are based outside the European Economic Area, primarily in the United States. These transfers are protected by:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
  • The EU–US Data Privacy Framework (where applicable).
6. How long we keep your data
  • Contact form submissions: up to 24 months after last interaction.
  • Career applications: 12 months after recruitment ends, unless you consent to longer retention.
  • Client project data: duration of contract + 5 years (Romanian fiscal retention).
  • Analytics data (Google Analytics): maximum 14 months.
  • Server logs: maximum 90 days.
7. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of the data we hold about you.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your data (where applicable).
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7) — at any time, without affecting prior processing.
  • Right not to be subject to automated decision-making (Art. 22).

To exercise any right, email [email protected]. We respond within 30 days.

8. Right to lodge a complaint

If you believe we have violated your data protection rights, you may lodge a complaint with the Romanian Data Protection Authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București
Email: [email protected]
Website: www.dataprotection.ro

9. Cookies

This website uses cookies and similar technologies. For details on what cookies we use, why, and how you can manage them, please see our Cookie Policy.

You can adjust your cookie preferences at any time via the cookie consent banner.

10. Security

We implement reasonable technical and organizational measures to protect your personal data, including HTTPS encryption, regular backups, restricted access controls, and secure hosting infrastructure.

11. Children's privacy

Our website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via the website.

13. Contact us

For any questions about this Privacy Policy or how we handle your data, contact us at [email protected].