Privacy Policy

The data controller is Vaida Laura-Erika PFA (Laura Vaida), a sole trader registered in Romania.

For any question about your data or to exercise your rights, write to [email protected]. You will get a reply from a real person: me.

This site collects very little, and only what it needs.

When you use the contact form, it collects the name, email address, and message you choose to send. Nothing more is required to reply to you.

Like any website, the hosting provider keeps short technical server logs (for example IP address, browser type, and the time of the request) for security and to keep the site running. These are not used to profile you.

Contact form data is used for one purpose: to read your message and reply to your enquiry. The legal basis is the steps taken at your request before entering into a contract, and my legitimate interest in answering people who reach out about work (Article 6(1)(b) and 6(1)(f) GDPR).

Server logs are processed on the basis of legitimate interest in keeping the site secure and operational (Article 6(1)(f) GDPR).

Your data is never used for marketing, newsletters, or advertising. If that ever changes, it will only happen with your explicit, separately given consent, which you can withdraw at any time.

Your data is not sold and is not shared for marketing. A small number of trusted providers process it on my behalf, under contract, only to make the service work:

Cloudflare hosts the site and provides cookieless, aggregated web analytics. The email provider I use delivers and stores the messages you send through the contact form so I can read and answer them.

Data may be disclosed only where the law genuinely requires it, for example a valid request from a public authority.

This site uses no advertising or tracking cookies. Visitor statistics come from Cloudflare Web Analytics, which is cookieless: it sets no cookies on your device and stores only aggregated, non-identifying data.

Because there are no non-essential cookies, no consent banner is needed. Full details are in the Cookie Policy.

Contact enquiries are kept for as long as needed to handle the conversation and any project that follows, and in any case no longer than 12 to 24 months after our last exchange, after which they are deleted.

Technical server logs are kept only for a short period, in line with the hosting provider's standard retention, and then removed.

Under the GDPR, you have the right to:

• Access: ask whether I hold data about you and get a copy of it.
• Rectification: have inaccurate or incomplete data corrected.
• Erasure: ask for your data to be deleted when there is no longer a reason to keep it.
• Restriction: ask me to pause the processing of your data in certain cases.
• Portability: receive the data you gave me in a structured, machine-readable format.
• Objection: object to processing based on legitimate interest.

To exercise any of these rights, write to [email protected]. I will respond within one month, as the law requires.

If you believe your data has been handled incorrectly, you have the right to lodge a complaint with the Romanian supervisory authority, the National Supervisory Authority for Personal Data Processing (ANSPDCP), at dataprotection.ro. I would appreciate the chance to put things right first, but the choice is yours.

My hosting and analytics provider, Cloudflare, operates a global network, so your data may be processed on servers outside Romania, including outside the European Economic Area.

Where that happens, the transfer is covered by appropriate safeguards required under the GDPR, such as the European Commission's Standard Contractual Clauses, so your data keeps the same level of protection wherever it is processed.

If this policy changes, the updated version will be published on this page with a new date at the top. Significant changes will be made clear.