Privacy Policy

Last updated: June 30, 2026

1. Data Controller

SOFTIVO INNOVATIONS SRL ('we', 'us', 'our') is the data controller responsible for your personal data processed through this website.

Contact for data protection matters: office@softivo.ro. A Data Protection Officer (DPO) has not been designated, as the processing activities carried out through this website do not meet the thresholds requiring mandatory DPO appointment under Article 37 of the GDPR.

2. Data We Collect

When you submit the contact form on our website, we collect the following information: full name (required), email address (required), phone number (optional), company name (optional), and your message (required).

Additionally, Cloudflare Turnstile — the bot protection service integrated into our contact form — processes certain technical signals from your browser to distinguish automated bots from real users. These signals include your IP address, User-Agent string, and TLS fingerprint. This processing is carried out by Cloudflare, Inc. as a data processor on our behalf.

We do not collect any special categories of personal data (e.g., health data, racial or ethnic origin, political opinions) through this website.

3. Purpose and Legal Basis

We process your contact form data for the purpose of receiving and responding to your business inquiry, and potentially engaging in pre-contractual discussions.

The legal basis for this processing is Article 6(1)(f) of the GDPR — legitimate interests. Our legitimate interest consists of being able to receive, manage, and respond to business inquiries submitted through our website.

We have assessed that this processing does not override your fundamental rights and freedoms, given that: (a) you actively initiate contact by submitting the form; (b) the data collected is limited to what is necessary to respond; and (c) the data does not include sensitive categories.

The bot protection processing by Cloudflare Turnstile is also based on our legitimate interest in protecting our contact form from automated abuse, spam, and malicious submissions.

4. Recipients and Data Processors

Your contact form data is transmitted to the following data processors acting on our behalf:

Resend, Inc. — an email delivery service used to transmit your inquiry to our team. Resend processes your data solely to deliver the email on our behalf. Resend is based in the United States.

Cloudflare, Inc. — a security and network services provider whose Turnstile product is used to protect our contact form from bot submissions. Cloudflare processes technical browser signals as part of this service. Cloudflare is based in the United States.

Your data is not sold, rented, or shared with any third parties for marketing or profiling purposes.

5. International Data Transfers

Both Resend and Cloudflare are companies based in the United States. Transfers of personal data to these companies are subject to appropriate safeguards.

These transfers are conducted on the basis of the EU-US Data Privacy Framework (adequacy decision adopted by the European Commission on July 10, 2023), under which both Resend and Cloudflare participate. This framework ensures that personal data transferred to certified US companies receives a level of protection essentially equivalent to that guaranteed within the European Economic Area.

6. Data Retention

Contact form submissions are retained for a maximum of 12 months from the date the inquiry is concluded (i.e., the communication is answered or the matter is closed).

If your inquiry leads to a contractual relationship, data relevant to that contract may be retained for the duration of the contract and for the statutory limitation periods applicable under Romanian law (generally 3 years for contractual claims under Article 2517 of the Romanian Civil Code, and up to 10 years for accounting records under Romanian Accounting Law no. 82/1991).

After the applicable retention period, your personal data is deleted or anonymised.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Article 15): You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of it.

Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.

Right to erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you exercise your right to object.

Right to restriction of processing (Article 18): You have the right to request that we restrict processing of your data in certain circumstances.

Right to data portability (Article 20): This right applies where processing is based on consent or contract and is carried out by automated means. Since we process your data on the basis of legitimate interests, this right has limited applicability; however, you may contact us to discuss any specific request.

Right not to be subject to automated decision-making (Article 22): We do not use your personal data for automated decision-making or profiling with legal or similarly significant effects.

To exercise any of the above rights, please send a request to office@softivo.ro. We will respond within one month of receiving your request (extendable by a further two months in complex cases, with notification).

Right to Object — Article 21 GDPR

Where we process your personal data on the basis of our legitimate interests (Article 6(1)(f) GDPR), you have the right to object to such processing at any time.

Upon receipt of an objection, we will cease processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.

To exercise this right, contact us at office@softivo.ro.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR or applicable Romanian data protection law, you have the right to lodge a complaint with the Romanian supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), Blvd. G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania. Website: www.dataprotection.ro. Email: anspdcp@dataprotection.ro.

This right is without prejudice to any other administrative or judicial remedy available to you.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. All data submitted through our contact form is transmitted over an encrypted HTTPS connection.

Our data processors, Resend and Cloudflare, implement their own security measures in accordance with industry standards and their contractual obligations to us under Data Processing Agreements.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities or applicable law. The date at the top of this page always reflects the most recent version.

We encourage you to review this policy periodically. If changes are material, we will take reasonable steps to notify you.

11. Contact

For any data protection questions, to exercise your rights, or for any other privacy-related matter, please contact us at: office@softivo.ro.