Menu
brightlayoutgroup
EN RO
Start a project →

Home / Privacy

privacy policy.

This document explains what personal data BrightLayoutGroup SRL collects through this website and its related services, on what legal basis, how long we retain it, and what your rights are under the General Data Protection Regulation (GDPR) and applicable Romanian law.

Last updated: 8 May 2026

1. Who we are

The data controller is BrightLayoutGroup SRL, a Romanian limited company registered under tax number RO43217684, with its registered office at Str. Mihai Eminescu nr. 13A, sat. Movilița, jud. Ialomița, 927180, Romania. You can reach us about this document at any time via web@brightlayoutgroup.com or by post at the address above.

2. What we collect and why

The contact form. When you send us a brief via the contact page, we collect your name, email, phone (optional), company (optional), indicative budget (optional), and the contents of your message. The legal basis is our legitimate interest in evaluating you as a prospective client (art. 6(1)(f) GDPR) and, if you give us a mandate, entering a pre-contractual agreement (art. 6(1)(b) GDPR).

Checkout and payment. At checkout we collect your name, email, phone, and country to issue the engagement letter and invoice. Card details never reach our servers — payment is processed directly by Stripe Payments Europe, Ltd. (Dublin), our payment processor. The legal basis is contract performance (art. 6(1)(b) GDPR) and compliance with Romanian tax law (art. 6(1)(c) GDPR).

Technical logs. Our web server records IP addresses, user agent strings, and visited pages for security and diagnostics. These logs are rotated automatically after thirty days. The legal basis is our legitimate interest in site security (art. 6(1)(f) GDPR).

Cookies. We set one strictly necessary technical cookie to remember your language preference (EN/RO) and one optional analytics cookie (only after consent). Full detail in the Cookie policy.

3. Who we share your data with

We do not sell or rent personal data. We share it only with the following processors, each bound by a contract under art. 28 GDPR:

  • Stripe Payments Europe, Ltd. (Dublin, Ireland) — payment card processing.
  • Hetzner Online GmbH (Falkenstein, Germany) — web hosting and technical logs.
  • Fastmail Pty Ltd (Sydney, Australia) — our email server for client correspondence.

4. How long we keep it

Briefs received through the contact form are kept for twenty-four months and then automatically deleted if no contract has been signed. Active client data is retained for the duration of the contract plus ten years for Romanian tax obligations. Technical logs — thirty days.

5. Your rights

Under GDPR and Romanian law you have the right to: access your data, rectify it, erase it (subject to tax obligations), restrict processing, data portability, and object to processing based on legitimate interest. Write to us at web@brightlayoutgroup.com and we reply within thirty days.

If you are not satisfied with our response, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, or at dataprotection.ro.

6. International transfers

Stripe processes some payments in the United States under the Data Privacy Framework. Fastmail operates in Australia; no adequacy decision exists, and transfers occur under the European Commission’s standard contractual clauses.

7. Changes to this policy

Important versions of this policy are archived and available on request. Significant changes are communicated by email to active clients at least thirty days in advance.