Legal

Privacy Policy

Effective: 8 April 2026 Last updated: 8 April 2026 Cluj-Napoca, Romania (EU)

Contents

Who We Are
Data We Collect
How and Why We Use Your Data
Cookies and Tracking
Data Sharing and Disclosure
International Transfers
Data Retention
Your Privacy Rights
Children's Privacy
Security
Changes to This Policy
Contact and DPO

This Privacy Policy explains how Adaptive.s Code collects, uses, stores, and protects your personal data. We are committed to full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and its amendment the California Privacy Rights Act (CPRA), the UK GDPR, Brazil's LGPD, Canada's PIPEDA, and all other applicable data protection laws.

1. Who We Are

Adaptive.s Code (referred to as "we", "us", or "our") is the data controller responsible for your personal data. Our contact details are:

Company name: Adaptive.s Code
Registered address: 52 Paris Street, Cluj-Napoca, Romania
Email: hello@adaptivescode.com
Website: https://www.adaptivescode.com

As a company registered in Romania, we are subject to Regulation (EU) 2016/679 (GDPR) and are supervised by the National Supervisory Authority for Personal Data Processing (ANSPDCP), Romania's designated supervisory authority.

2. Data We Collect

We collect the minimum data necessary to operate our services and communicate with you. The categories of personal data we may collect include:

2.1 Data You Provide Directly

Contact information: Name, email address, company name, job title, phone number when you contact us via our website or email.
Application data: CV, cover letter, work samples, and other recruitment materials when you apply for a position.
Project enquiries: Information you share about your business needs, technical requirements, or project scope.
Communications: Content of emails, messages, or other correspondence you send to us.

2.2 Data Collected Automatically

Usage data: Pages visited, time spent, referral source, click interactions, and browser navigation patterns.
Technical data: IP address, browser type and version, operating system, device type, screen resolution, and time zone.
Log data: Server logs including access timestamps, HTTP request headers, and error logs.

2.3 Data from Third Parties

Publicly available professional information: LinkedIn profiles or GitHub activity you have made publicly available, reviewed during recruitment processes.
Referral data: If a third party refers you to us, we may receive your name and contact details.

We do not collect or process special category data (sensitive personal data) such as health information, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, unless you explicitly provide it during a recruitment process and only where legally permitted.

3. How and Why We Use Your Data

We process your data only for specified, explicit, and legitimate purposes. Under the GDPR, we rely on the following legal bases:

Purpose	Data Used	Legal Basis (GDPR)
Responding to enquiries and project discussions	Contact info, communications	Legitimate interest (Art. 6(1)(f))
Managing recruitment and evaluating applications	Application data, contact info	Legitimate interest / Pre-contractual steps (Art. 6(1)(b), (f))
Entering into and performing client contracts	Contact info, project details	Contract performance (Art. 6(1)(b))
Legal and regulatory compliance	As required by law	Legal obligation (Art. 6(1)(c))
Website analytics and performance monitoring	Usage data, technical data	Legitimate interest (Art. 6(1)(f))
Improving our services and communications	Usage data, feedback	Legitimate interest (Art. 6(1)(f))
Security monitoring and fraud prevention	Log data, technical data	Legitimate interest (Art. 6(1)(f))
Marketing communications (only with consent)	Contact info	Consent (Art. 6(1)(a))

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your fundamental rights and freedoms. You have the right to object to any processing based on legitimate interests.

4. Cookies and Tracking Technologies

We use a minimal number of cookies and similar technologies on our website. Cookies are small text files stored on your device when you visit our site.

4.1 Types of Cookies We Use

Strictly necessary cookies: Required for the website to function (e.g., session state, theme preference). These cannot be disabled.
Analytics cookies: Used to understand how visitors interact with our site (e.g., page views, navigation paths). We use privacy-respecting analytics tools that do not share data with advertising networks.

4.2 Your Cookie Choices

Strictly necessary cookies are placed without consent as they are essential to the service. Analytics cookies require your consent where required by applicable law (ePrivacy Directive, CCPA). You may control cookies through your browser settings and withdraw any consent at any time.

We do not use advertising, tracking, or profiling cookies, and we do not share data with advertising networks or data brokers.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to any third party. We share data only in the following limited circumstances:

5.1 Service Providers (Processors)

We engage trusted third-party service providers to support our operations. These processors act only on our documented instructions and are contractually bound via Data Processing Agreements (DPAs). Categories include:

Cloud infrastructure and hosting providers (e.g., Microsoft Azure)
Email and communication platforms
Analytics tools (privacy-preserving, no advertising use)
Recruitment platforms and applicant tracking systems

5.2 Legal Requirements

We may disclose your data where required to comply with a legal obligation, court order, or lawful request by a competent public authority, or to protect the vital interests, rights, or safety of individuals.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data held by us may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.

5.4 Professional Advisors

We may share data with lawyers, accountants, and insurers where necessary, subject to professional confidentiality obligations.

6. International Data Transfers

We are based in Romania (EU) and process most data within the European Economic Area (EEA). Where we transfer personal data to processors or partners outside the EEA, we ensure adequate protection is in place through one of the following mechanisms:

Adequacy decisions: Transfers to countries recognised by the European Commission as providing adequate protection (e.g., UK, Switzerland, Japan).
Standard Contractual Clauses (SCCs): EU Commission-approved contractual clauses (2021 SCCs) incorporated into our processor agreements.
Binding Corporate Rules (BCRs): Where applicable for intra-group transfers.
UK International Data Transfer Agreements (IDTAs): For transfers involving UK-based processors or recipients.

You may request a copy of the appropriate transfer mechanism by contacting us at the address in Section 12.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. Our general retention periods are:

Data Category	Retention Period	Basis
General enquiry and contact data	2 years from last contact	Legitimate interest
Recruitment applications (unsuccessful)	12 months from decision	Legitimate interest / Legal defence
Recruitment applications (successful)	Duration of employment + 7 years	Legal obligation
Client contract and project data	7 years from contract end	Legal obligation (accounting / tax)
Website analytics logs	14 months	Legitimate interest
Server and security logs	90 days	Legitimate interest / Legal obligation
Marketing consent records	Until consent withdrawn + 3 years	Consent / Legal defence

At the end of any retention period, data is securely deleted or anonymised so that it can no longer be associated with you.

8. Your Privacy Rights

Depending on where you are located, you have significant rights over your personal data. We honour all applicable rights and will respond to verified requests within the timeframes required by law (typically 30 days under GDPR; 45 days under CCPA/CPRA).

8.1 Rights Under GDPR (EU / EEA / UK)

Right to Access

Request a copy of your personal data and information about how we process it (Art. 15).

Right to Rectification

Request correction of inaccurate or incomplete personal data (Art. 16).

Right to Erasure

Request deletion of your data where there is no compelling reason for continued processing ("right to be forgotten", Art. 17).

Right to Restriction

Request that we limit how we use your data in certain circumstances (Art. 18).

Right to Portability

Receive your data in a structured, machine-readable format and transfer it to another controller (Art. 20).

Right to Object

Object to processing based on legitimate interests or for direct marketing at any time (Art. 21).

Right to Withdraw Consent

Withdraw any previously given consent at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint

Complain to the ANSPDCP (Romania) or your local supervisory authority if you believe we have violated your rights.

8.2 Rights Under CCPA / CPRA (California Residents)

California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: Know what personal information we collect, use, disclose, and sell (we do not sell or share PI).
Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale / Sharing: We do not sell or share personal information for cross-context behavioural advertising. No opt-out is required.
Right to Limit Use of Sensitive PI: Limit the use and disclosure of sensitive personal information to the extent permitted by law.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise CCPA/CPRA rights, contact us as described in Section 12. We will verify your identity before processing any request.

8.3 Rights Under LGPD (Brazil) and PIPEDA (Canada)

Brazilian residents have rights under Lei Geral de Proteção de Dados (LGPD) including access, correction, anonymisation, portability, deletion, and information about sharing. Canadian residents have rights under PIPEDA including access and correction. To exercise these rights, please contact us as described in Section 12.

8.4 How to Exercise Your Rights

Submit a request by emailing hello@adaptivescode.com with the subject line "Privacy Rights Request" and a description of your request. We may ask you to verify your identity before processing your request. We will not charge a fee for reasonable requests, but may charge a reasonable fee for manifestly unfounded or excessive requests.

9. Children's Privacy

Our website and services are directed at business professionals and are not intended for children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly.

If you believe a child has provided us with personal data without parental consent, please contact us at the details in Section 12.

10. Security

We implement technical and organisational measures appropriate to the risk level of our processing activities to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Access controls based on least-privilege principles
Regular security assessments and penetration testing
Employee training on data protection and security
Incident response and breach notification procedures
Regular backups and disaster recovery planning

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (as required by GDPR Art. 33) and will inform affected individuals without undue delay where the breach is likely to result in a high risk (GDPR Art. 34).

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Post the revised policy on our website
Notify you by email (where we hold your address) for significant changes
Where required by law, seek your fresh consent

We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy, to the extent permitted by applicable law.

12. Contact and Data Protection

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us:

Email: hello@adaptivescode.com
Post: Adaptive.s Code, 52 Paris Street, Cluj-Napoca, Romania
Subject line: "Privacy Request" or "Data Protection Enquiry"

If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority:

Romania (lead authority under GDPR): Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), www.dataprotection.ro
UK: Information Commissioner's Office (ICO), ico.org.uk
California: California Privacy Protection Agency (CPPA), cppa.ca.gov