Ernesto Motion SRL ("we") is the data controller for personal data collected through this website, project intake forms, calls, emails and contracts. We follow Romanian law and EU Regulation 2016/679 ("GDPR"). This page explains what we collect, why, and what you can do about it.
01What we collect
- —Identity and contact data — name, role, company, email, phone — when you fill out our audit, write to us, or sign a contract.
- —Project brief data — anything you choose to share about your product, market, or business in the audit form or during a call.
- —Technical data — IP address, browser, device type, language preference, referrer — collected automatically when you visit the site.
- —Cookies and storage — we use a small first-party localStorage entry to remember your language preference. We do not run third-party analytics or advertising trackers by default.
02Why we collect it
- —To respond to your audit submission or message (legal basis: pre-contractual steps at your request).
- —To deliver the contracted work and keep accounting records (legal basis: contract performance and legal obligation under Romanian law).
- —To maintain and secure the website (legal basis: legitimate interest in operating our business).
- —To send occasional studio updates — only if you explicitly opt in (legal basis: consent).
03How long we keep it
- —Audit submissions and unsigned briefs — 12 months from last contact, then deleted.
- —Contract and accounting records — 10 years from the end of the fiscal year in which the contract was signed (Romanian Law 82/1991).
- —Website logs — 30 days, except where retained for security investigation.
04Who we share it with
We share personal data only with vetted processors who help us run the studio: cloud hosting (EU region), email delivery, accounting software, and legal counsel. Each processor is bound by a written data-processing agreement that meets GDPR Article 28. We never sell personal data and we never use it to train models.
05International transfers
Some of our processors may transfer data outside the European Economic Area. When they do, we rely on European Commission adequacy decisions or Standard Contractual Clauses. You can request the list and the safeguards in writing.
06Your rights under GDPR
- —Right of access — get a copy of the personal data we hold about you.
- —Right to rectification — correct anything wrong or incomplete.
- —Right to erasure — delete your data, subject to our legal retention obligations.
- —Right to restriction — pause processing while a dispute is resolved.
- —Right to data portability — receive your data in a machine-readable format.
- —Right to object — to processing based on legitimate interest or direct marketing.
- —Right to withdraw consent — at any time, where consent is the legal basis.
To exercise any of these rights, write to privacy@devsolution.ro. We respond within 30 calendar days. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) — dataprotection.ro.
07Security
We apply technical and organisational measures appropriate to the risk: encryption in transit, encrypted storage, principle of least privilege, MFA on all studio accounts, and regular access reviews. No system is perfect; if a breach occurs and is likely to result in a risk to your rights, we notify you and ANSPDCP within 72 hours.
08Children
Our services are not directed at children under 16 and we do not knowingly collect their personal data.
09Contact
Ernesto Motion SRL · Strada Polonă 68, Bucharest 010494, Romania · CUI RO00000000 · J40/0000/2024 · privacy@devsolution.ro