This Privacy Policy explains how we collect, use, and protect your personal data when you visit safeinit.com, contact us, or interact with our services. It is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Romanian Law 190/2018.
1. Who we are (the data controller)
The data controller for personal data processed through this website is:
S.C. FUSECON S.R.L.
trading as safeINIT
- Registered address: Constantin Daniel 4, Sector 1, Bucharest, Romania
- CUI (tax registration): RO38855898
- Trade Register number: J2018002021404
- Contact: contact@safeinit.com
We have not appointed a Data Protection Officer because our processing activities do not meet the criteria under Article 37 GDPR. For any privacy question or to exercise your rights, write to contact@safeinit.com — your message will reach the team responsible for privacy matters.
2. The personal data we collect
Depending on how you interact with us, we may collect:
- Identification and contact data — name, work email, phone number, company name, job title. Provided directly by you through contact forms, lead-capture forms (e.g. the HIPAA guide download or the AWS assessment), or in correspondence.
- Professional context — your role, industry, company website, and the questions or answers you submit through assessments and downloadable resources.
- Technical data — IP address (truncated for analytics), browser type and version, device type, operating system, language preference, the pages you visit and how you reached them. Collected automatically when you visit the site.
- Usage and interaction data — clicks, scrolls, form interactions, and session recordings (via Microsoft Clarity, only after you grant analytics consent).
- Communications — emails, meeting notes, and other content you share when you contact us or attend a meeting we organise.
3. How we use your data and on what legal basis
We process personal data only when there is a lawful basis under Article 6 GDPR. The table below maps each purpose to its legal basis.
| Purpose | Legal basis |
|---|---|
| Responding to your inquiry and providing information you have requested (e.g. a downloadable guide, an assessment report). | Pre-contractual steps at your request, Art 6(1)(b) GDPR. |
| Performing a consulting engagement we have agreed with you or your employer. | Contract, Art 6(1)(b) GDPR. |
| Sending occasional follow-up emails about safeINIT (newsletters, event invitations, content updates). | Your consent, Art 6(1)(a) GDPR — withdrawable at any time via the unsubscribe link in each email. |
| Measuring website use through analytics (Google Analytics 4, Microsoft Clarity). | Your consent, Art 6(1)(a) GDPR — granted through the cookie banner. |
| Measuring marketing effectiveness and conversions (LinkedIn Insight Tag). | Your consent, Art 6(1)(a) GDPR — granted through the cookie banner. |
| Securing the site, preventing fraud, and ensuring service reliability. | Legitimate interest, Art 6(1)(f) GDPR — keeping the site safe and operational. |
| Complying with accounting, tax, and other legal obligations. | Legal obligation, Art 6(1)(c) GDPR. |
We do not use your personal data for purposes other than those listed above without first informing you and, where required, obtaining your consent.
4. How long we keep your data
We keep personal data only as long as needed for the purpose it was collected for, after which we delete or anonymise it. Indicative retention periods:
- Inquiries and lead-form submissions — up to 24 months from your last interaction with us, unless we have an active relationship.
- Newsletter and marketing communications — until you unsubscribe or withdraw consent, plus a short suppression-list retention (typically 24 months) to honour your opt-out.
- Client engagement records — for the duration of the engagement, plus the period required by Romanian commercial and tax law (generally 10 years for accounting records).
- Analytics and cookie data — retained per the expiration of each cookie (see the Cookie Policy). Aggregated and anonymised reporting may be kept indefinitely.
- Consent records — your cookie consent choice is stored in your browser for about 13 months; we keep a corresponding record for the same period.
5. Who we share your data with
We do not sell your personal data. We share it with a small set of trusted service providers ("processors") who help us run the website and our business operations. Each processor acts on documented instructions and is bound by a data processing agreement under Article 28 GDPR.
| Provider | Purpose | Location |
|---|---|---|
| Google (Google Ireland Ltd. / Google LLC) | Web analytics (Google Analytics 4) and tag management (Google Tag Manager). | Ireland (EU) and United States. |
| Microsoft (Microsoft Corporation) | Session-replay and behavioural analytics (Microsoft Clarity). | United States. |
| LinkedIn (LinkedIn Ireland Unlimited Company) | Conversion tracking and audience insights (LinkedIn Insight Tag). | Ireland (EU) and United States. |
| HubSpot (HubSpot Ireland Ltd.) | CRM, lead-form processing, and meeting scheduling. | Ireland (EU) and United States. |
| Intuit Mailchimp (Rocket Science Group LLC) | Email delivery and marketing automation for newsletters and assessment reports. | United States. |
| Amazon Web Services (AWS EMEA SARL) | Static website hosting (Amazon S3) and content delivery (Amazon CloudFront). | European Union (with CloudFront edge locations worldwide for content delivery). |
We may also disclose personal data to public authorities or courts where we are required to do so by law, or to professional advisors (auditors, lawyers) under appropriate confidentiality obligations.
6. International data transfers
Some of the providers listed above are established in the United States or process personal data outside the European Economic Area (EEA). Where this happens, we rely on the following safeguards under Chapter V GDPR:
- EU–US Data Privacy Framework — for transfers to U.S. providers certified under the framework (currently Google, Microsoft, HubSpot, LinkedIn, and Intuit, where applicable).
- Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) — combined with supplementary measures (encryption in transit and at rest, contractual restrictions on government access) for transfers not covered by an adequacy decision.
You can request a copy of the specific safeguards by writing to contact@safeinit.com.
7. Automated decision-making
We do not subject you to decisions based solely on automated processing that produce legal effects or similarly significantly affect you (Article 22 GDPR). The AWS assessment on this site computes a score from your answers, but the resulting report is informational only and does not by itself determine any decision about you.
8. Your rights
Under the GDPR you have the following rights regarding your personal data:
- Right of access (Art 15) — ask us to confirm whether we process data about you and obtain a copy.
- Right to rectification (Art 16) — ask us to correct inaccurate or incomplete data.
- Right to erasure (Art 17) — ask us to delete your data when there is no lawful reason for us to keep it.
- Right to restriction (Art 18) — ask us to limit how we use your data while a dispute is resolved.
- Right to data portability (Art 20) — receive the data you provided to us in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to object (Art 21) — object to processing based on our legitimate interest or for direct-marketing purposes.
- Right to withdraw consent (Art 7(3)) — withdraw any consent you have given at any time, without affecting the lawfulness of processing carried out before the withdrawal. Use the Cookie preferences link in the footer for cookies; use the unsubscribe link in any marketing email; or write to us.
- Right to lodge a complaint (Art 77) — file a complaint with the Romanian supervisory authority, Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP): www.dataprotection.ro. You may also lodge a complaint with the supervisory authority of your habitual residence or place of work.
To exercise any of these rights, write to contact@safeinit.com. We will respond within one month, extendable by two further months for complex requests. We may need to verify your identity before we act.
9. Cookies and similar technologies
We use cookies and similar technologies for analytics, marketing, and to remember your consent choices. Non-essential cookies are only set after you give consent through the cookie banner, and you can withdraw or change your consent at any time via the Cookie preferences link in the footer.
For the full list of cookies, their providers, expiration periods, and purposes, see our Cookie Policy.
10. How we protect your data
We apply industry-standard security measures appropriate to the risk of processing: encryption in transit (HTTPS/TLS), access control on internal systems, restricted access on a need-to-know basis, and continuous monitoring of the AWS infrastructure that supports our services. We review these measures regularly and update them when needed.
11. Children
This website is not directed at children under 16, and we do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us so we can delete it.
12. Changes to this Privacy Policy
We may update this policy when the law changes, when our processing changes, or when we adopt new tools. The current version and effective date are shown at the top of this page. Material changes will be communicated through the cookie banner or by email, where appropriate, so you can review them.
13. Contact
For any question about this Privacy Policy or how we process your personal data, contact us at contact@safeinit.com or by post at S.C. FUSECON S.R.L., Constantin Daniel 4, Sector 1, Bucharest, Romania.