Privacy Policy
This Privacy Policy describes how Brixwave SRL collects, uses and protects personal data when you visit brixwave.com, contact us, or use our services. We follow EU General Data Protection Regulation (GDPR — Regulation 2016/679) and Romanian Law 190/2018.
Scope of this policy
This policy applies to all personal data we process about visitors of brixwave.com, prospective and existing clients, partners and third parties who interact with us through any channel.
It does not cover personal data we process strictly on behalf of our business clients under a separate Data Processing Agreement (DPA). For that processing, our client is the data controller and we act as a data processor.
Personal data we collect
We collect only the data we need for clearly defined purposes.
- Identity & contact data: full name, company, role, email, phone number.
- Communication data: the content of messages, attachments and email correspondence you send us.
- Service data: project briefs, contractual documents, deliverables, billing data, invoicing details.
- Technical data: IP address, device & browser type, operating system, language, pages visited, referrer, timestamps, error events.
- Marketing data: newsletter subscription status, opt-in / opt-out preferences.
Where we collect data from
- Directly from you — when you fill in a form, send an email, sign a contract or speak to us.
- Automatically — through cookies, server logs and error-tracking tools when you browse brixwave.com.
- From third parties — public sources (LinkedIn, company registries) and partners who refer business to us.
Why we use your data and on what legal basis
Each processing activity has at least one legal basis under GDPR Article 6:
We process the contact details and the content of your message to reply, prepare proposals and quotes.
We process client data to perform our agreements: scoping, design, build, billing, support, security incident response.
Accounting, tax and bookkeeping records are kept to comply with Romanian and EU law (e.g. invoices kept for 10 years per Romanian accounting law).
We process technical data to protect the site against attacks, debug errors and improve performance. We balance this against your rights — see Section "Your rights" to object.
Newsletter and similar updates are sent only to people who opted in. You can withdraw consent at any time using the unsubscribe link in every email or by writing to contact@brixwave.com.
International data transfers
Some of our subprocessors are established outside the European Economic Area (e.g. United States). Where this is the case, transfers are protected by EU Standard Contractual Clauses (SCCs) and/or adequacy decisions issued by the European Commission, as required by GDPR Chapter V.
You may request a copy of the relevant safeguards by writing to contact@brixwave.com.
How long we keep your data
- Contact form & email enquiries: up to 24 months from the last interaction, unless we sign a contract.
- Client contracts and deliverables: for the duration of the contract plus the legal limitation period (typically 3 years for civil claims, 10 years for accounting documents).
- Newsletter data: until you unsubscribe, plus a short technical retention to honour your opt-out.
- Technical logs: typically 30–90 days for security investigation, then deleted or anonymised.
- Backups: rotated according to our backup policy and overwritten in the normal cycle.
Your GDPR rights
Under GDPR (Articles 15–22) you have the following rights:
- Right of access (Art. 15) — obtain confirmation that we process your data and a copy of it.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17) — ask us to delete your data when no longer needed.
- Right to restriction (Art. 18) — limit how we use your data while a dispute is resolved.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — including objection to processing based on legitimate interests and to direct marketing.
- Rights related to automated decision-making (Art. 22) — we do not use solely automated decisions with legal effect.
- Right to withdraw consent at any time, without affecting the lawfulness of processing performed before withdrawal.
How to exercise your rights
Send your request to contact@brixwave.com with enough detail to identify you and the right you want to exercise. We may ask for proof of identity to prevent unauthorised disclosure.
We respond within one month of receipt (extendable by two further months for complex or numerous requests, in which case we will inform you). The service is provided free of charge unless requests are manifestly unfounded or excessive.
Security measures
We apply technical and organisational measures appropriate to the risk: encryption in transit (TLS 1.2+), access controls based on least privilege, multi-factor authentication for administrative access, audit logging, regular backups, vulnerability management and security training.
No system is impenetrable. If we ever discover a personal data breach likely to result in a risk to your rights, we will notify the supervisory authority within 72 hours and inform affected data subjects without undue delay, as required by GDPR Articles 33–34.
Children's data
Our services are intended for businesses and adults. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, please contact us and we will delete it.
Changes to this policy
We may update this policy when our practices, the law or our infrastructure changes. The "Last updated" date at the top of the page reflects the date of the most recent revision. Material changes will be communicated via the website and, where appropriate, by email.
Data Controller
- Brixwave SRL ("Brixwave", "we", "us", "our")
- Registered office: [REPLACE: ADRESA SEDIULUI SOCIAL]
- Trade Register: [REPLACE: NR_REG_COM] · VAT / CUI: [REPLACE: CUI]
- Email: contact@brixwave.com · Phone: [REPLACE: TELEFON]
- GDPR contact: contact@brixwave.com
Contact us
Send GDPR requests, complaints or general privacy questions to one of the addresses below. For data subject requests, contact@brixwave.com is the fastest route.
- Generalcontact@brixwave.com
- Officeoffice@brixwave.com
- Supportsupport@brixwave.com
- Informationinfo@brixwave.com
- Invoicesinvoices@brixwave.com
Please describe your request clearly and include any reference number from previous correspondence. We respond within one month, in line with GDPR Article 12(3).
This document is provided for informational purposes and does not constitute legal advice. For binding legal advice on your specific situation, please consult a licensed attorney.