Our Office

Get In Touch

Privacy policy

Privacy
Updated

PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA LAST UPDATE: 30.03.2026


This Privacy Policy ("Privacy Policy" or "Policy") explains how Hex Agency S.R.L. ("Hex Agency" or "We") processes the personal data of website visitors https://hexagency.ro ("the Site") and people who contact us through the Site or subscribe to our newsletter.


I. GENERAL PROVISIONS This Privacy Policy sets out clear, transparent and easy to understand information on how Hex Agency collects, uses, stores and protects the personal data of the users of the Website ("Users", "User" or "You") , in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable national legislation on the protection of personal data. This Policy applies to all Your interactions with Us conducted through the Site. Terms, conditions and definitions used in this Privacy Policy shall have the meanings ascribed to them by the GDPR, including the notions of "controller", "data subject", "personal data", "processing", "recipient" , and any other terms defined by the GDPR and used in this Privacy Policy.


II. PERSONAL DATA CONTROLLER The personal data controller is the person or entity that determines how your personal data is collected, used and managed. The personal data controller is the limited liability company Hex Agency S.R.L., with registered office in Timișoara, str. Miron Costin Nr. 1, Office No. 1, Timiș county, postal code 300174, registered with the Trade Register under no. J35/4770/2018, with unique registration code (CUI) 40363463 The personal data controller can be contacted:


  1. By post, to the registered office address;
  2. By e-mail to: [email protected]

III. WHAT DATA WE PROCESS Depending on how you interact with the Site, we may process the following categories of data: A.Data provided directly by you:


  1. Contact form: first and last name, e-mail, telephone number, company details (if filled in), message content and any other information you choose to include.
  2. Newsletter: e-mail address, name and preferences.
  3. Correspondence: answers, clarifications and attachments sent by you.

B.Data collected automatically (technical data):


  1. IP address, browser/device details, operating system, language settings;
  2. Pages visited, date/time of access, traffic sources, other interactions with the Site;
  3. Cookies and similar technologies (details can be found in the Cookie Policy).

We do not collect special categories of personal data within the meaning of Article 9 of the GDPR, namely information concerning health, racial or ethnic origin, political opinions, membership of political, professional or trade union organisations, religious or philosophical beliefs, sexual orientation, biometric or genetic data or information about criminal convictions or offences.


IV. PURPOSES AND LEGAL GROUNDS FOR PROCESSING Depending on how you interact with the Site, we process your personal data for the following purposes:


Aim

Data concerned

Legal basis

Response, communication and tendering

Identifying data (Surname, first name, name)


Contact details (e-mail/phone/address)

Art. 6 para. (1) lit. f) GDPR - legitimate interest;


Art. 6 para. (1) letter b) GDPR - pre-contractual steps.

Subscribe to and send newsletters / marketing communications

Identifying data (Surname, first name, name)


Contact (e-mail)


Communication preferences

Art. 6 para. (1) lit. a) GDPR - your consent in this regard.

Managing and ensuring the security of the Site;


Prevent fraud/abuse

Technical data;


Logs

Art. 6 para. (1) lit. f) GDPR - legitimate interest;

Legal obligations (Archiving, accounting, requests from authorities)

Data required by law

Art. 6 para. (1) lit. c) GDPR - legal obligations;

Statistical analysis and Site improvement

Technical data, cookies

Art. 6 para. (1) lit. a) GDPR - your consent;


Art. 6 para. (1) lit. f) - legitimate interest, where permitted by law (e.g. for strictly necessary data)

[Table source: cite: 30]



V. NEWSLETTER For the transmission of commercial communications (such as newsletters), the processing of personal data takes place only on the basis of your express consent, in accordance with art. 6 para. (1) lit. a) GDPR.

  1. Your data will be used to send you communications about news, services, articles, invitations or other marketing material.
  2. Consent can be withdrawn at any time, free of charge, by using the unsubscribe link in the email containing the newsletter or directly by email to [email protected].
  3. The lawfulness of processing carried out prior to the withdrawal of consent will not be affected by the withdrawal of consent.


VI. COOKIES AND SIMILAR TECHNOLOGIES

  1. The Site uses cookie technologies necessary for the operation of the Site, as well as, if you choose to use them, analytics and/or marketing cookies.
  2. Cookies that are strictly necessary for the proper functioning of the Website may be used without Your express consent, to the extent and within the limits permitted by applicable law.
  3. Functional and analysis and/or marketing cookies may only be used with your express consent via the cookie banner that will be visible when you first access the Site.
  4. Your preferences can be changed at any time in your browser settings,
  5. Detailed cookie policy can be studied by clicking on the following link: cookie policy.


VII. RECIPIENTS OF THE DATA

  1. As a rule, your personal data will be stored and processed internally by Hex Agency.
  2. However, we may disclose your data, strictly to the extent necessary, to:
    1. Providers of hosting, website maintenance and IT services;
    2. Providers of email infrastructure and newsletter transmission tools;
    3. Site security and abuse prevention providers;
    4. External consultants (lawyers/accountants/auditors) where necessary;
    5. Public authorities/bodies, when we are required to do so and we have to fulfil a legal obligation, i.e. when it is necessary for the defence of our legitimate rights.
  4. To the extent that the recipients of your data act as authorised processors, Hex Agency enters into contracts with them which require data confidentiality and security measures with respect to such data.
  5. Hex Agency will not transfer your personal data to third countries outside the European Economic Area. In the event that such a transfer takes place, it will be strictly for the purposes set out in this Privacy Policy and will be carried out with the implementation of appropriate safeguards as required by the GDPR (e.g. standard contractual clauses approved by the European Commission) and, where appropriate, additional security measures.


VIII. STORAGE DURATION

  1. Unless European or national law requires a longer storage period, your personal data is stored only for the period necessary for the fulfilment of the purposes for which it was collected and processed.
  2. Data provided at the time of subscription to the newsletter will be kept until unsubscribe/withdrawal of consent, plus a reasonable period for keeping records that may be required in the future (e.g. proof of consent, unsubscribe lists).
  3. Technical and security data will be kept for a limited period proportionate to the purpose for which they have been stored and processed.


IX. RIGHTS OF THE DATA SUBJECT

  1. In accordance with the provisions of the GDPR, you, as the data subject of the processing of personal data by Hex Agency, have the following rights in relation to the processing of personal data:
    1. Right of access - The data subject has the right to obtain confirmation of the processing of his or her data and to receive a copy of it.
    2. Right to rectification - The data subject has the right to request the rectification of inaccurate or incomplete data.
    3. Right to erasure ("right to be forgotten") - The data subject has the right to obtain the erasure of personal data, under the conditions set out in the GDPR. Hex Agency has the right to refuse a request for erasure in certain situations, such as where the processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims, or for the exercise of freedom of expression and information.
    4. Right to restriction of processing - The data subject may request the restriction of the processing of his/her personal data.
    5. The right to data portability - The data subject has the right to receive personal data relating to him or her in a structured, commonly used and machine-readable format and has the right to have these data transmitted to another controller.
    6. The right to object - The data subject has the right to object to the processing of personal data, under the conditions laid down in the GDPR.
    7. The right not to be subject to a decision based solely on automated processing.
    8. Right to withdraw consent - Where personal data are processed on the basis of consent, the data subject has the right to withdraw consent.
    9. The right to lodge a complaint - The data subject has the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing ("ANSPDCP").
  3. In order to exercise any of your rights, as well as for any other requests in relation to the processing of your personal data, you may contact us using one of the methods set out in Article II of this Privacy Policy.
  4. We will respond to any request concerning the processing of personal data no later than one month from the date of receipt of the request, in accordance with applicable law. This period may be extended by up to two months if necessary, taking into account the complexity and number of requests. In that case, we will inform you of the extension within one month of receipt of the request and communicate the reasons for the delay.
  5. In certain situations, we may be unable to honour a request for personal data, to the extent that such refusal is permitted by applicable law or the request is manifestly unfounded or excessive. In such cases, we will provide the User with a clear justification of the grounds for refusal, i.e. we will inform the User of the possibility to lodge a complaint with the competent supervisory authority or to go to court.
  6. You have the right to lodge a complaint to the supervisory authority about the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:
    1. National Supervisory Authority for Personal Data Processing ("ANSPDCP")
    2. Address. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
    3. Phone: +40.318.059.211 or +40.318.059.212
    4. E-mail: [email protected]
  8. Without prejudice to your right to contact the Supervisory Authority at any time, we encourage you to contact us first to try to resolve any problems amicably. We undertake to use all reasonable endeavours to respond promptly and efficiently to your requests.


X. DATA SECURITY

  1. We apply appropriate technical and organisational measures proportionate to the nature of the data processed and the associated risks in order to protect personal data against unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, accidental or unlawful destruction or alteration.
  2. We can use security measures such as:
    1. Limiting access to processed personal data to authorised persons only;
    2. Use of IT security systems;
    3. Encrypt data where possible;
    4. Continuous risk monitoring;
    5. Develop internal organisational measures such as training of authorised persons, confidentiality rules, incident management procedures and regular evaluation of security measures.
  4. However, we cannot completely exclude the risk of security incidents caused by external factors or unforeseen vulnerabilities. In the event that we identify a security incident affecting personal data and in respect of which we have legal obligations, we will take all necessary measures to mitigate the effects and will provide the notifications required by applicable data protection legislation (where applicable to the data subjects and/or the competent authority).


XI. LINKS TO THIRD PARTIES The Site may contain links to third party platforms (including social networks). The processing of personal data by these third parties will be in accordance with their privacy policies, for which we assume no responsibility.


XII. CHANGES AND UPDATES TO THE PRIVACY POLICY

  1. We reserve the right to modify and update this Privacy Policy from time to time, in particular in the following situations: (i) when applicable legislative or interpretative changes occur (e.g. in the field of data protection and electronic communications), (ii) when we change the functionalities of the Site (e.g. introduction of new forms, analytics/marketing tools, integrations with third party platforms), (iii) when we change our providers or the way we provide services.
  2. The updated version will be published on the Website and the "Last updated" date at the beginning of the document will be modified accordingly.
  3. Changes to the Privacy Policy will take effect upon their publication on the Site, and their validity is not subject to prior notification to the Users of the Site.
  4. We encourage you to consult this Privacy Policy regularly to stay informed about how we process your data.

This Privacy Policy has been drawn up in accordance with the GDPR, as well as with the provisions of the applicable national legislation on personal data protection.

Agentie de marketing, branding, digital & software solutions | Hex Agency