Privacy Policy
Protecting your personal data is important to us. This policy explains how we collect, use, and protect your information.
Last updated: January 26, 2026
1. Data Controller
In accordance with Regulation (EU) 2016/679 (GDPR), the controller of your personal data is:
Company name: AGRESS BUSINESS COMPANY SRL
Tax ID (CUI): 11650068
Trade Register No.: J1999000219172
Address: București, România
Data protection contact email: hi@aestet.ro
Phone: +40 (744) 327 096
For any questions related to the processing of your personal data, you can contact us at the email address above.
2. Data We Collect
2.1 Data you provide directly
When you complete the contact form on our website, we collect the following data:
- Full name — to address you correctly
- Email address — to respond to your request
- Phone number — for phone contact, if necessary
- City / Locality — to understand the geographical context
- Area of interest — to direct you to the right specialist
- Professional status — to understand your business profile
- Company name (optional) — for B2B clients
- Your message (optional) — additional details about your request
2.2 Automatically collected data
Our website may automatically collect certain technical information, including:
- IP address (anonymized in certain contexts)
- Browser type and operating system
- Pages visited and time spent
- Referral source (where you came from)
This data is collected through cookies and similar technologies, in accordance with our Cookie Policy.
2.3 What we do NOT collect
We do not collect or request:
- Payment data or financial information
- Sensitive data (ethnic origin, political beliefs, health data, etc.)
- Data about minors
3. Processing Purposes
We process your data for the following purposes:
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to contact form requests | Art. 6(1)(b) — Pre-contractual measures |
| Communications about requested products and services | Art. 6(1)(b) — Pre-contractual measures |
| Website and service improvement | Art. 6(1)(f) — Legitimate interest |
| Website traffic and behavior analysis | Art. 6(1)(a) — Consent |
| Compliance with legal obligations | Art. 6(1)(c) — Legal obligation |
Important: We do not sell or rent your personal data to third parties. We do not send unsolicited commercial communications (spam).
4. Who We Share Data With
Your data may be shared with the following categories of recipients, in accordance with the principle of data minimization:
4.1 Service providers
- Automation services (Zapier) — for processing contact forms
- Hosting and CDN services — for website hosting and delivery
- Analytics services — for understanding website usage (only with consent)
4.2 Authorities
We may disclose data to competent authorities (ANAF, ANSPDCP, courts) when legally required or to protect our legitimate rights.
4.3 International transfers
Some of our service providers may process data outside the European Economic Area (EEA). In these cases, we ensure adequate safeguards are in place in accordance with GDPR:
- European Commission adequacy decisions
- Standard contractual clauses
- Other approved mechanisms
5. Retention Period
We retain your data only as long as necessary for the purposes for which it was collected:
| Data type | Retention period |
|---|---|
| Contact form data | Maximum 2 years from last interaction |
| Data for active business relationships | Duration of relationship + legal archiving periods |
| Website analytics data | According to tool settings (typically 14-26 months) |
| Technical logs | Maximum 90 days |
At the end of retention periods, data is deleted or irreversibly anonymized.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right of access (Art. 15 GDPR)
You can request a copy of the personal data we hold about you.
Right to rectification (Art. 16 GDPR)
You can request correction of inaccurate data or completion of incomplete data.
Right to erasure (Art. 17 GDPR)
You can request deletion of your data in certain circumstances ("right to be forgotten").
Right to restriction (Art. 18 GDPR)
You can request limitation of data processing in certain situations.
Right to data portability (Art. 20 GDPR)
You can request to receive your data in a structured, commonly used, and machine-readable format.
Right to object (Art. 21 GDPR)
You can object to data processing for direct marketing purposes or based on our legitimate interest.
Right to withdraw consent
Where processing is based on consent, you can withdraw consent at any time, without affecting the lawfulness of prior processing.
How to exercise your rights
To exercise any of these rights, you can contact us at:
- Email: hi@aestet.ro
- Mail: AGRESS BUSINESS COMPANY SRL, București, România
We will respond to your request within a maximum of 30 calendar days from receipt.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure:
- Encryption in transit: The website uses HTTPS for all communications
- Restricted access: Only authorized personnel have access to personal data
- Verified providers: We work only with providers who offer adequate security guarantees
- Data minimization: We collect only data strictly necessary for stated purposes
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to treating any security incident according to legal procedures.
8. Cookies and Similar Technologies
This website uses cookies and similar technologies. For complete information about the types of cookies used, their purposes, and how you can manage them, please consult our Cookie Policy.
Consent for non-essential cookies is requested on the first visit to the website and can be modified at any time.
9. Policy Changes
We reserve the right to update this Privacy Policy periodically to reflect changes in our practices or applicable legislation.
Significant changes will be communicated by:
- Updating the "Last updated" date on this page
- Displaying a notice on the website (for major changes)
We recommend that you periodically check this page to stay informed about our privacy policy.
10. Supervisory Authority
If you believe that the processing of your personal data violates data protection legislation, you have the right to file a complaint with the competent supervisory authority:
National Supervisory Authority for Personal Data Processing (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro
However, we encourage you to contact us first to try to resolve any issues directly.
Questions About Your Data?
If you have questions about this Privacy Policy or how we process your personal data, you can contact us:
We will respond to requests within a maximum of 30 calendar days.