Last updated: 21 September 2025
Controller
Robert Hangu (t/a Hangu Robert P.F.A.)
CUI: 51818625
Str. Lăcrămioarelor 15, 505200 Făgăraş, Romania
Phone: (+40) 368 630 004
Email (data protection contact): robert@nextops.agency
This policy explains how we collect, use, disclose, store and protect personal data when you use our website https://nextops.agency and any related services (the “Site”, “we”, “us”, or “our”). It also explains the rights you have under the EU General Data Protection Regulation (GDPR). We are the data controller for the processing described below. This policy supplements (and replaces) the version previously published on our Site.
We process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679).
1. Quick summary (plain language)
We collect contact and technical information so we can respond to enquiries, provide services, and improve the Site.
We only collect what we need and keep it as long as necessary.
You have rights including access, rectification, erasure, restriction, portability, objection and the right to withdraw consent.
For lawful bases for processing we rely on consent, contract performance, legal obligations, and legitimate interests as set out under the GDPR.
If there’s a personal data breach that risks people’s rights and freedoms we will notify the supervisory authority within 72 hours where required.
2. What personal data we collect
Personal data you give us
Name, email address, company name, phone number, job title and any other information you include in contact forms, support requests, proposals, or messages you send us.
Newsletter subscription details (email address and consent record).
Payment-related data when you purchase a service (we do not store full card data ourselves – we use approved payment processors).
Derivative / technical data
IP address, browser and device information, operating system, pages viewed, referral source, access times, and other standard server logs (collected automatically).
Cookies and similar technologies (see §8 Cookies & tracking).
Special categories / sensitive data
We do not ordinarily collect special categories of personal data (e.g., health, racial/ethnic origin, political opinions). If we do so in the future we will only do so with explicit consent or other lawful grounds and will make that explicit at the point of collection.
3. Why we process your data & lawful bases
We list the common processing activities and the GDPR lawful basis we rely on. For details about the categories of data processed for each activity, see §2 above.
Responding to contact requests / enquiries — Lawful basis: performance of a contract or steps at your request prior to a contract, or our legitimate interest to respond and communicate with potential clients.
Providing services and fulfilment (client onboarding, consultancy delivery, invoicing) — Lawful basis: performance of a contract and compliance with legal obligations.
Marketing and newsletters — Lawful basis: consent where required (for electronic marketing) or, where permitted by law and appropriate, legitimate interest (with an easy opt-out). We will always provide an unsubscribe/withdraw link.
Site analytics and improvement (aggregated statistics, measuring traffic, improving user experience) — Lawful basis: our legitimate interests to improve the Site, plus consent for non-essential cookies where required. See §8 Cookies & tracking.
Legal & regulatory compliance (record-keeping to comply with accounting/tax laws, responding to legal claims) — Lawful basis: legal obligation.
4. How long we keep personal data
We retain personal data only as long as necessary for the purpose for which it was collected, taking into account: (a) the nature of the data; (b) the purposes for processing; (c) statutory retention requirements; and (d) our legitimate interests.
Typical retention periods (examples — we retain data for the period necessary and in compliance with Romanian and EU law):
Contact form enquiries / general correspondence: retained for up to 3 years from last contact unless a longer retention is necessary to fulfil contractual or legal obligations.
Clients & contractual records (invoices, contracts): retained for the duration of the contract and thereafter for as long as required by applicable law (which may require retaining accounting and tax records for several years). Romanian accounting and related rules may require retention of certain financial/accounting records for multiple years (e.g., obligations under Accounting Law No. 82/1991 and related rules).
Newsletter / marketing consent: until you withdraw consent or unsubscribe.
Analytics logs: aggregated or pseudonymised analytics kept for up to 26 months unless you opt out; raw logs retained only as needed for security or fraud prevention.
If you want details about the exact retention for a particular dataset, contact us at robert@nextops.agency.
5. Who we share personal data with (recipients)
We may share data with:
Service providers / processors that provide hosting, email delivery, analytics, CRM, payment processing, marketing automation, and customer support (e.g., hosting provider, email platform, analytics providers, PayPal or other payment processors where used). These providers process data on our instructions under written contracts and with appropriate safeguards.
Professional advisers (lawyers, accountants) where necessary to provide or defend our legal interests.
Public authorities where required by legal process or to comply with law.
Successors in the event of a corporate reorganisation, sale, merger or acquisition.
We require processors to maintain appropriate technical and organisational measures and to process data only on our instructions.
6. International transfers
Some of our processors or their sub-processors may be located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we will ensure an adequate level of protection by relying on one or more of the following:
the European Commission has issued an adequacy decision covering the destination country; or
appropriate safeguards such as the European Commission standard contractual clauses (SCCs) or other approved transfer mechanisms; or
explicit consent where appropriate.
For more about EU adequacy decisions and the international transfer framework see the European Commission guidance.
7. Cookies & tracking technologies
We use cookies, web beacons, tracking pixels and similar technologies to operate and secure the Site, understand how you use it, and to deliver relevant content. Cookies fall into categories:
Strictly necessary cookies — required for the Site to operate. These do not require consent.
Functional / preference cookies — remember settings and improve experience.
Analytics cookies — used to collect aggregated usage statistics (e.g., Google Analytics). Where cookies are not strictly necessary we will obtain your consent before placing them and you can withdraw consent at any time. You can also control cookies via your browser settings.
If you have questions about specific third-party trackers we use, contact robert@nextops.agency.
8. Your rights (how to exercise them)
Under the GDPR you have the following rights in relation to your personal data (subject to certain legal limits):
Right to access the personal data we hold about you and certain information about how we process it.
Right to rectification of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) in certain circumstances.
Right to restriction of processing in certain circumstances.
Right to data portability where processing is based on consent or contract and processing is carried out by automated means.
Right to object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent at any time when processing is based on consent (this does not affect processing carried out before withdrawal).
Right to lodge a complaint with a supervisory authority (see below).
To exercise any of these rights, please contact us at robert@nextops.agency or by mail at the address in the header. We will respond without undue delay and at the latest within one month of receipt of your request (that period may be extended in complex cases).
9. Data security & data breach procedures
We use technical and organisational measures (access controls, encryption where applicable, secure hosting, backup and incident procedures) to protect personal data. While we take reasonable steps to protect data, no security is absolute — we cannot guarantee perfect security.
If we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority without undue delay and, where required, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to the rights and freedoms of individuals we will also communicate the breach to affected individuals without undue delay.
10. Automated decision-making & profiling
We do not carry out automated decision-making (including profiling) which produces legal effects or similarly significant effects on individuals. If this changes, we will provide information about the logic involved and your rights at the time of collection.
11. Minors
Our Site and services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16 please contact us and we will delete that data without undue delay.
12. Complaints / supervisory authority
If you are unhappy with how we process your personal data you have the right to lodge a complaint with your local supervisory authority. As our establishment is in Romania, the competent national supervisory authority is:
National Supervisory Authority for Personal Data Processing (ANSPDCP)
Address: 28-30 G-ral Gheorghe Magheru Bld., District 1, 010336 Bucharest, Romania
Email: anspdcp[at]dataprotection.ro (or dpo[at]dataprotection.ro)
Phone: +40.318.059.211.
You may of course also contact us first using robert@nextops.agency and we will try to resolve your concern.
13. Third-party sites and links
Our Site may contain links to third-party websites and services. This Privacy Policy does not apply to the practices of third parties. Please read their privacy policies before submitting personal data. We are not responsible for third-party privacy practices.
14. Changes to this policy
We may update this policy from time to time (for example to reflect changes in the law or our processing). We will publish the revised policy on the Site with an updated “Last updated” date. Where required by law, we will ask for consent again if changes require it.
15. Contact
Controller / contact for data protection matters:
Robert Hangu (t/a Hangu Robert P.F.A.) — robert@nextops.agency
Str. Lăcrămioarelor 15, 505200 Făgăraş, Romania
Phone: (+40) 368 630 004
If you need any additional details about how we process personal data, or you want to exercise your rights, please contact us at the email above.
