Nedora

Privacy policy

This policy explains how Nedora collects, uses, and protects personal data when you submit our contact form. We do not sell personal data.

Data controller

The data controller responsible for your personal data is Nedora, based in Bucharest, Romania. You can reach us through the contact form on our website with any questions regarding this policy or your personal data.

Data we collect

When you submit a form on our website, we collect the information you provide. For quote requests, this includes your full name, work email address, company name, project details, and timeline preference. For general contact messages, we collect your first name, last name, email address, subject, and message. Personal identifiers (name and email) are encrypted before storage. We do not collect any other personal data through this website unless you include it voluntarily in your message.

Purpose and legal basis

We process your data to respond to your inquiry and follow up on potential business discussions. The legal basis for this processing is our legitimate interest in handling business communications and evaluating prospective engagements, pursuant to Article 6(1)(f) of the GDPR.

Data retention

We retain your contact form data for up to 12 months after our last communication with you, unless a longer period is required by law or an ongoing business relationship. After this period, your data is permanently deleted.

Third-party processors

We use the following service providers who process data on our behalf: Supabase, which stores contact form submissions securely in the cloud (with personal identifiers encrypted), and Vercel, which hosts this website. These providers act as data processors under the GDPR and are bound by appropriate data processing agreements.

Your rights

Under the GDPR, you have the right to access your personal data, rectify inaccurate data, request erasure, restrict processing, data portability, and object to processing based on legitimate interest. To exercise any of these rights, submit a message through our contact form with the subject "Privacy request". We will respond within one month.

Right to lodge a complaint

If you believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with Romania's data protection authority, the ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal), at dataprotection.ro.

Effective date

This privacy policy is effective from June 2026.