Privacy Policy

Introduction

drczSTUDIO ("we," "us," or "our") is committed to protecting the privacy of our clients and website visitors. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit drcz.studio or engage with our services.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our website and services.

Information We Collect

We may collect the following categories of personal information, depending on how you interact with us:

• Contact Information - Name, email address, phone number, and company name, provided voluntarily through contact forms, email, or social media channels.
• Project Information — Details about your project, business goals, and requirements shared during discovery calls or written communications.
• Technical Data — IP address, browser type, device type, operating system, referring URLs, and pages visited — collected automatically via website analytics tools.
• Communication Records — Records of correspondence between you and drczSTUDIO, including emails and messages exchanged during or after a project.

We only collect personal information that is necessary, relevant, and adequate for the purposes described in this policy.

How We Use Your Information

The information we collect is used solely to:

• Respond to your inquiries and communicate about our services.
• Prepare proposals, contracts, invoices, and project deliverables.
• Fulfill our contractual and legal obligations to you.
• Improve our website, service quality, and client experience.
• Display portfolio work where applicable and where consent has been given or agreed upon in the project terms.

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. Ever.

Legal Basis for Processing

We process your personal data on the following legal grounds, in accordance with the General Data Protection Regulation (GDPR) and applicable Romanian law:

• Contractual Necessity — Processing required to perform or prepare for a service agreement with you.
• Legitimate Interest — Improving our services, maintaining business records, and protecting our legal rights.
• Consent — Where you have explicitly consented to processing, such as receiving communications from us.
• Legal Obligation — Compliance with applicable laws, including tax and accounting regulations.

Data Sharing & Third Parties

We do not share your personal data with third parties except in the following limited circumstances:

• Service Providers — Trusted third-party tools that assist in operating our business (e.g., invoicing platforms, cloud storage, analytics services). These providers are carefully selected and are bound by confidentiality obligations.
• Legal Authorities — Where required by applicable law, court order, or legal process, we may disclose your information to competent authorities.

We do not share your data with advertising networks, data brokers, or any party that would use it for purposes beyond what is described in this policy.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable law. Our standard retention periods are as follows:

• Client project data and communications are retained for 5 years after project completion, in line with standard accounting and legal requirements.
• Inquiry data from contacts who did not proceed to a project is deleted within 12 months if no engagement is initiated.

Upon a valid erasure request, we will delete your personal data within 30 days, unless continued retention is required by law.

Cookies & Tracking

Our website may use cookies and similar tracking technologies to analyze traffic patterns and improve website performance. We use privacy-respecting analytics and do not employ invasive tracking technologies or behavioral advertising cookies.

You can manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality or visual presentation of our website.

Your Rights

Depending on your location, you may have the following rights regarding your personal data under the GDPR or other applicable legislation:

• Right of Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate or incomplete data.
• Right to Erasure — Request deletion of your personal data, subject to legal retention obligations.
• Right to Restriction — Request that we limit the processing of your data under certain conditions.
• Right to Portability — Receive your data in a structured, commonly used, machine-readable format.
• Right to Object — Object to processing based on legitimate interest or for direct marketing purposes.

To exercise any of these rights, please contact us at hello@drcz.studio. We will respond within 30 days of receiving your request.

Data Security

We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encrypted storage and secure transmission of sensitive data.
• Restricted access to personal information on a strict need-to-know basis.
• Regular review and improvement of our data security practices.

No method of internet transmission or electronic storage is 100% secure. While we apply commercially reasonable safeguards, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.

Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at hello@drcz.studio and we will promptly delete the relevant data.

International Data Transfers

drczSTUDIO is based in Romania, within the European Union. If you are located outside the EU/EEA, please be aware that your information may be transferred to and processed in Romania.

All international data transfers comply with applicable data protection legislation, including the GDPR. Where transfers occur outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognized by the European Commission.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, service offerings, or applicable laws. When we do, we will update the effective date at the top of this page. For material changes, we will make reasonable efforts to notify affected individuals directly. We encourage you to review this policy periodically to stay informed about how we protect your data.