Privacy policy
Effective date: 2026-04-28 Last updated: 2026-04-28
This privacy policy explains how Niponx Technology S.R.L. (referred to as "Niponx", "we", "us", "our") collects, uses, and protects personal data when you visit niponx.com or interact with us through our forms.
We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), Law no. 190/2018 (Romanian implementation of GDPR), Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, and applicable supplementary legislation.
1. Data controller
Niponx Technology S.R.L. Strada Buzești, Nr. 75-77, Camera 7, Etaj 9, Sector 1, 011013 București, România Trade Register: J2025097283002 · CUI: 53111239 · VAT: RO53111239 Email: [email protected] Telephone: +40 733 654 489
For all data-protection enquiries, requests, or complaints, contact: [email protected].
2. What we collect
We collect personal data only when you actively provide it through one of our forms, plus a minimum of technical data needed to operate the site.
2.1 Data you provide
- Contact form (
/contact): first name, last name, work email, telephone (optional), company, country, message. - Hire-talent form (
/hire): the contact data above plus business information about your hiring requirement (technologies, role, seniority, engagement model, work model, preferred talent region, start date, duration, optional budget, free-text message). - Mini consultation CTA: first name and work email.
2.2 Data collected automatically
- Technical data: IP address (transient, used by our hosting provider for security and abuse prevention), user-agent, referring URL, page visited, timestamp, language preference.
- Cookies and similar technologies: as described in our Cookie Policy. Non-essential cookies are set only after you grant consent through our cookie banner.
- Marketing attribution parameters: utm_source, utm_medium, utm_campaign, utm_term, utm_content, gclid, fbclid — when present in the URL that brought you to our site, these are passed alongside any form submission you choose to make.
We do not collect special categories of personal data (Article 9 GDPR), and we do not knowingly collect data from children under 16.
3. Why we process it (lawful bases)
| Purpose | Lawful basis |
|---|---|
| Responding to a contact, hire, or consultation enquiry you sent us | Article 6(1)(b) GDPR — pre-contractual measures taken at your request |
| Sending you a follow-up email related to your enquiry | Article 6(1)(b) and 6(1)(f) — legitimate interest in completing the conversation you initiated |
| Operating the website (security, abuse prevention, basic analytics) | Article 6(1)(f) — legitimate interest in maintaining a secure, functional service |
| Optional analytics and marketing measurement | Article 6(1)(a) — your consent, given through the cookie banner; withdrawable at any time |
| Compliance with legal obligations (accounting, tax, response to lawful authority requests) | Article 6(1)(c) — legal obligation under Romanian and EU law |
4. Who receives your data
We share personal data only with carefully selected service providers ("processors") who act on our documented instructions under a written data-processing agreement.
| Processor | Purpose | Country | Safeguards |
|---|---|---|---|
| Salesforce, Inc. | CRM — storing and managing leads submitted via our forms | United States | Standard Contractual Clauses (Article 46(2)(c) GDPR); Salesforce is certified under the EU-U.S. Data Privacy Framework. |
| Resend, Inc. | Sending transactional notification emails to our team about your enquiry | United States | Standard Contractual Clauses; Data Privacy Framework. |
| Vercel, Inc. | Website hosting and content delivery | United States / EU edge | Standard Contractual Clauses; Data Privacy Framework. |
| Google reCAPTCHA (v3) | Spam and bot protection on our forms | United States | Standard Contractual Clauses; Data Privacy Framework. Loaded only with your consent. |
| Plausible Analytics (or Vercel Analytics, as applicable) | Cookieless, aggregated visitor analytics | EU / EEA | Processed in the EU; no personal data stored. |
We may also disclose personal data to public authorities or third parties when required to comply with a legal obligation, judicial order, or to defend our legal rights.
We do not sell personal data, and we do not share personal data with advertising networks.
5. International transfers
Some of our processors are established outside the European Economic Area (primarily in the United States). For each such transfer we rely on:
- Standard Contractual Clauses adopted by the European Commission (Article 46(2)(c) GDPR), and
- Where applicable, the EU-U.S. Data Privacy Framework adequacy decision (Commission Implementing Decision (EU) 2023/1795).
Copies of the safeguards in place are available on request from [email protected].
6. How long we keep it
| Data | Retention period |
|---|---|
| Lead data from unconverted enquiries | 24 months from last contact, then deleted or anonymised |
| Lead data from converted clients | Duration of the commercial relationship + 10 years (Romanian fiscal and accounting record-keeping requirement under Law no. 82/1991) |
| Technical access logs | 12 months |
| Cookie consent records | 12 months |
| Records required by tax or accounting law | Statutory minimum (typically 10 years) |
After the applicable period, data is deleted or irreversibly anonymised.
7. Your rights
Subject to the conditions of the GDPR, you have the right to:
- Request access to the personal data we hold about you (Article 15);
- Request rectification of inaccurate or incomplete data (Article 16);
- Request erasure ("right to be forgotten") in the circumstances described in Article 17;
- Request restriction of processing (Article 18);
- Object to processing based on legitimate interest (Article 21);
- Receive your data in a portable format (Article 20);
- Withdraw consent at any time, where processing is based on consent (Article 7(3)); withdrawal does not affect prior lawful processing;
- Lodge a complaint with the supervisory authority — see Section 9.
To exercise any of these rights, write to [email protected] with enough information for us to identify you. We respond within one month of receipt; we may extend this by two further months for complex requests, in which case we will tell you within the first month.
8. Security
We implement appropriate technical and organisational measures to protect personal data against unlawful or accidental destruction, loss, alteration, unauthorised disclosure or access. These include access control, encryption in transit (TLS), encrypted storage at rest where supported by our processors, role-based access to leads, and security review of processors before engaging them.
If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours and, where required, inform you without undue delay.
9. Right to lodge a complaint
You can lodge a complaint with the Romanian supervisory authority at any time:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) B-dul G-ral Gheorghe Magheru nr. 28-30, Sector 1, 010336 București, România Website: www.dataprotection.ro Email: [email protected]
You may also lodge a complaint with the supervisory authority in your EU member state of habitual residence or where the alleged infringement took place.
10. Changes to this policy
We may update this policy from time to time. We will publish the updated version on this page and amend the "Last updated" date above. Material changes will be highlighted on the homepage for a reasonable period before they take effect.