Privacy Policy for Ennovea
1. Who We Are
Data Controller: SPINCODER SOFTWARE SRL (trading as Ennovea) Contact Email: privacy@ennovea.com
For our full company registration details, including our Fiscal Identification Code (CUI) and registered mailing address, please see our Legal Notice.
Ennovea is an architecture advisory firm providing enterprise advisory services from Romania, European Union.
2. What Data We Collect
When you visit ennovea.com, we collect information in several ways:
Website Analytics
When you visit our website, we automatically collect:
- Pages you visit and how long you spend on them
- Device information (operating system, browser type, screen resolution)
- Approximate location (city/country level, not precise)
- Referrer information (how you arrived at our site)
This is collected via Google Analytics 4 (GA4), a service operated by Google LLC.
Cookies
We use cookies to:
- Remember your cookie consent preferences
- Enable analytics to track website usage
- Provide core website functionality
See Section 8 for details on cookie types and how to manage them.
Contact Form (When Implemented)
If you submit our contact form, we collect:
- Your name
- Your email address
- Your message/inquiry
- The date and time of submission
Email Communications
If you email us or we email you, we process:
- Your email address
- The content of your message
- When you communicated with us
3. Legal Basis for Processing
We process your data under these legal bases:
Legitimate Interest
- Analytics (GA4): Analyzing how visitors use our website to improve design, performance, and user experience. We balance this interest against your privacy rights.
Consent
- Non-essential cookies: We ask for your consent via our cookie banner (managed by Cloudflare Zaraz) before loading any non-essential cookies.
- Marketing communications: If we send you promotional emails, we ask for explicit consent first (or rely on existing business relationship and opt-out rights).
Contract Performance
- Contact form: Processing your inquiry to respond to your request for information about our services.
- Email support: Responding to your questions or support requests.
4. How We Use Your Data
Your data is used for:
- Website improvement — analyzing visitor behavior, identifying broken features, optimizing page performance and content
- Responding to inquiries — replying to contact form submissions and emails
- Service delivery — providing you with information you request about our advisory services
- Legal compliance — fulfilling legal obligations and resolving disputes
We do not use your data for automated decision-making or profiling.
5. Who We Share Your Data With
We share data with these processors:
| Processor | Purpose | Location |
|---|---|---|
| Google LLC | Analytics (Google Analytics 4) | United States |
| Cloudflare Inc | Website hosting, DNS, cookie consent management (Zaraz), DDoS protection | United States |
| Contact form provider (TBD) | Processing form submissions | To be determined |
All processors are bound by Data Processing Agreements (DPAs) including Standard Contractual Clauses for data transfers outside the EU.
6. Data Retention
We retain data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| GA4 analytics data | 14 months | Default GA4 retention; after this, data is automatically deleted |
| Cookies (consent preferences) | 13 months | Tracking user consent choices; refreshed on each visit |
| Contact form submissions | 1 year | Responding to follow-up inquiries and record-keeping |
| Email communications | 2 years | Business correspondence and dispute resolution |
After retention periods expire, we delete your data or anonymize it.
7. Your Rights Under GDPR
You have the right to:
- Access — Request a copy of the data we hold about you
- Rectification — Correct inaccurate or incomplete data
- Erasure (“Right to be Forgotten”) — Request deletion of your data, with limited exceptions (e.g., legal obligations)
- Restriction — Ask us to limit how we process your data
- Portability — Receive your data in a structured, machine-readable format
- Objection — Object to processing based on legitimate interest (including direct marketing)
- Lodge a complaint — File a complaint with your national data protection authority
Romanian Data Protection Authority (ANSPDCP):
- Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
- Website: www.anspdcp.ro
- Email: anspdcp@anspdcp.ro
To exercise any of these rights, contact us at privacy@ennovea.com with your request and proof of identity.
8. Cookies & Tracking
What Are Cookies?
Cookies are small files stored on your device that remember information about you across visits.
Types of Cookies We Use
| Cookie Type | Purpose | How Long | Can You Disable? |
|---|---|---|---|
| Consent preferences (Cloudflare Zaraz) | Remember your cookie consent choices | 13 months | No (needed to respect your preferences) |
| GA4 analytics cookies | Track page views and user behavior for analytics | 14 months | Yes (via cookie banner or Zaraz preferences) |
| Cloudflare cookies | Security and DDoS protection | Varies | Automatically managed; necessary for site security |
Managing Your Cookie Preferences
When you first visit ennovea.com, our cookie banner (managed by Cloudflare Zaraz) appears. You can:
- Accept all — Allow all cookies
- Reject non-essential — Block analytics and marketing cookies while allowing essential cookies
- Customize — Choose which types of cookies to allow
You can change your preferences anytime by:
- Looking for the “Manage Cookies” or “Cookie Preferences” link on the footer
- Adjusting your choices in the banner that reappears
- Clearing cookies in your browser settings (though this may require you to reconsider preferences next visit)
Disabling Cookies Entirely
You can disable cookies in your browser settings. However, some website features may not work correctly.
9. International Data Transfers
Google LLC (Analytics) and Cloudflare Inc (hosting) are located in the United States. When we transfer data outside the EU, we rely on:
- EU-US Data Privacy Framework — Both companies are certified under the DPF, which ensures adequate protection levels
- Standard Contractual Clauses (SCCs) — Legally binding agreements that provide safeguards for international transfers
Transfers to these processors comply with GDPR Article 45 and Article 46.
10. Changes to This Privacy Policy
We may update this policy to reflect:
- Changes to our data processing practices
- New features or services
- Legal or regulatory requirements
When we make changes, we will:
- Post the updated policy on this page with an updated “Effective Date”
- Notify you via email if the changes are significant
Your continued use of ennovea.com after changes are posted means you accept the updated policy. We encourage you to review this policy periodically.
11. Contact Us
For questions about this privacy policy or your data:
- Email: privacy@ennovea.com
For data access requests or complaints:
- Email privacy@ennovea.com with “Data Subject Access Request” or “GDPR Complaint” in the subject line
- Include proof of identity with your request
Document Control
- Version: 1.0 (Draft)
- Effective Date: [To be set after legal review]
- Last Updated: [Current date]
- Next Review: Before publishing on ennovea.com
Appendix: Technical Details (For Reference)
Google Analytics 4
- Data Processor: Google LLC
- Privacy Policy: https://policies.google.com/privacy
- Opt-out Tool: https://tools.google.com/dlpage/gaoptout
- Data Transfer: EU-US Data Privacy Framework + Standard Contractual Clauses
- Data Retention: 14 months (configurable in GA4 settings)
Cloudflare Inc
- Services: Website hosting (Pages), DNS, DDoS protection, cookie consent (Zaraz)
- Privacy Policy: https://www.cloudflare.com/en-gb/privacypolicy/
- Data Transfer: EU-US Data Privacy Framework + Standard Contractual Clauses
END OF DRAFT