Privacy Policy

This Privacy Policy describes how Arverion Technologies SRL ("Arverion", "we", "us", "our") collects, uses, and protects personal data when you visit arverion.com or use the contact form on this website. We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and Romanian Law no. 190/2018.

1. Data controller

The controller of your personal data is:

2. What personal data we collect

We only collect personal data that you provide voluntarily and a limited set of technical data needed to operate the site securely.

2.1 Data you provide via the contact form

• Name (required)
• Email address (required)
• Company / organization (optional)
• Phone number (optional)
• Project type (required)
• Message content (required)
• GDPR consent confirmation (timestamp of when you accepted this policy)

2.2 Technical data collected automatically

• IP address (used for rate-limiting, abuse prevention, and security logs)
• User-agent string of your browser
• Date and time of the submission

2.3 What we do not collect

• We do not use tracking cookies, marketing cookies, or third-party analytics scripts on this website.
• We do not profile visitors and we do not run automated advertising.
• We do not place any cookies that require a consent banner under GDPR / ePrivacy.

3. Why we process your data (purposes)

• To respond to your inquiry — to read your message, contact you back, and discuss your project.
• To take pre-contractual steps at your request, such as preparing a proposal or estimate.
• To prevent abuse of the contact form (spam, brute-force, denial-of-service attempts).
• To comply with legal obligations that may apply to us as a Romanian company.

4. Legal basis for processing

We rely on the following legal bases under Article 6 of the GDPR:

• Art. 6(1)(a) — your consent (which you give by checking the consent box before submitting the contact form).
• Art. 6(1)(b) — pre-contractual measures taken at your request (e.g., evaluating whether we can work together).
• Art. 6(1)(f) — our legitimate interest in operating the site securely, preventing fraud and abuse, and keeping basic business records.

5. How long we keep your data

• Contact-form submissions: kept for up to 24 months from the last interaction, then deleted, unless a contractual relationship has begun (in which case retention rules in the contract apply).
• Technical / security logs: kept for up to 12 months, then rotated or deleted.
• Data we are legally required to keep (e.g., for accounting or tax reasons) is kept for the period required by Romanian law.

6. Who we share your data with

We do not sell or rent personal data. We share it only with the following categories of processors, who act on our behalf and under written agreements with us:

• Email delivery provider: MailerSend (operated by MailerSend, USA, with EU sub-processors). Used to deliver contact-form messages to our inbox. International transfers are covered by EU Standard Contractual Clauses.
• Hosting provider: a dedicated server located in the European Union (Germany, Hetzner Online GmbH), where the website and contact-form backend are run.

We may also disclose data when required to do so by law, by a competent public authority, or to protect our rights or those of third parties.

7. International transfers

Your personal data is processed primarily within the European Economic Area (EEA). Where a processor (such as MailerSend) may transfer data outside the EEA, we ensure that an appropriate transfer mechanism is in place, such as the Standard Contractual Clauses adopted by the European Commission.

8. Your rights under the GDPR

You have the following rights regarding your personal data:

• Right of access — to know what data we hold about you.
• Right to rectification — to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — to ask us to delete your data when it is no longer needed.
• Right to restriction — to limit how we process your data in certain circumstances.
• Right to data portability — to receive a copy of your data in a structured, machine-readable format.
• Right to object — to object to processing based on our legitimate interests.
• Right to withdraw consent — at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint with the Romanian supervisory authority, ANSPDCP (www.dataprotection.ro), or with the authority in your country of residence.

To exercise any of these rights, please write to office@arverion.com. We will reply within 30 days, as required by the GDPR.

9. How we protect your data

We apply technical and organizational measures appropriate to the risk, including:

• TLS / HTTPS encryption in transit (Let's Encrypt certificates).
• Strict server-side validation, honeypot fields, request rate-limiting, and anti-abuse checks on the contact form.
• Restricted access to the server, with key-based authentication and limited administrative accounts.
• Credentials and configuration stored in protected files outside any publicly accessible directory.
• Regular operating-system and dependency updates.

10. Children

This website is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest version. Material changes will be communicated through the website.

12. Contact

Questions about this policy or about how we handle your data? Write to us: