Last updated: 11 May 2026
1. Who we are (Controller)
AFI OPS Technologies SRL ("AFI OPS", "we", "us") is the data controller for the processing of your personal data through this Site.
AFI OPS Technologies SRL
Address: Street Paring, no. 10, Timisoara, Romania
Email: contact@afiops.com
2. What personal data we collect
Depending on how you interact with the Site, we may collect:
- Contact data: name, email address, phone number (if provided), company name, and any message content you submit through our contact form.
- Technical data: IP address, device type, browser type and version, operating system, referral URL, and server logs.
- Usage data: pages visited, time spent, click patterns — collected only if analytics are enabled.
- reCAPTCHA data: when you submit a form, Google reCAPTCHA v3 processes behavioral signals (mouse movements, interaction timing) and your IP address to verify you are human. This data is processed by Google LLC under Google's Privacy Policy.
- Cookies and similar technologies: see Section 6.
3. Why we process personal data and legal bases (GDPR Art. 6)
We process personal data for the following purposes:
- (a) Responding to inquiries and communicating with potential clients.
Legal basis: legitimate interests (Art. 6(1)(f)) and/or steps taken at your request prior to entering into a contract (Art. 6(1)(b)). - (b) Operating, securing, and improving the Site (e.g., server logging, error tracking, security monitoring).
Legal basis: legitimate interests (Art. 6(1)(f)). - (c) Analytics (optional — only where you have provided consent).
Legal basis: consent (Art. 6(1)(a)). - (d) Fraud prevention and bot detection via Google reCAPTCHA.
Legal basis: legitimate interests (Art. 6(1)(f)). - (e) Compliance with legal obligations (e.g., responding to lawful requests from authorities).
Legal basis: legal obligation (Art. 6(1)(c)).
4. Who we share data with (Recipients and Processors)
We use the following third-party service providers (processors) who may handle personal data on our behalf:
- Amazon Web Services (AWS) — S3: used for file storage and uploads submitted through our contact form. Servers may be located in the EU or US. Safeguards: AWS Data Processing Agreement and Standard Contractual Clauses.
- Google LLC — reCAPTCHA v3: used for bot detection on contact forms. Data is processed by Google and subject to Google's Privacy Policy and Terms of Service.
- HubSpot Inc.: used as a CRM and communication tool to manage and respond to inquiries. Data may be transferred to the US under Standard Contractual Clauses.
- Hotjar Ltd.: used for behavioral analytics (heatmaps, session recordings) — only when you have given consent. Data may be transferred outside the EEA under Standard Contractual Clauses.
- Hosting / infrastructure provider: to operate the Site and its servers.
All processors are required to process data only under our instructions and to implement appropriate technical and organizational security measures.
We do not sell personal data to third parties.
5. International transfers
Some of our processors (including Google and HubSpot) are located in or transfer data to countries outside the European Economic Area (EEA), including the United States. Where this occurs, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — to protect your data in accordance with GDPR requirements.
6. Cookies
We use the following categories of cookies:
- Strictly necessary cookies: required for the Site to function (e.g., session management). No consent required.
- Google reCAPTCHA cookies: set by Google to distinguish humans from bots when submitting forms. These are loaded on pages containing a contact form.
- Analytics cookies (Hotjar): used to understand how visitors interact with the Site (heatmaps, session recordings). Only set after you provide consent through our cookie consent banner.
You can manage your cookie preferences at any time through our cookie banner or by adjusting your browser settings.
7. Data retention
We retain personal data only for as long as necessary for the purposes described above:
- Contact inquiries: up to 36 months after the last interaction with a prospect or client.
- Server and security logs: up to 90 days.
- Analytics data (Hotjar): as configured in the tool — typically up to 365 days.
- CRM records (HubSpot): for the duration of the business relationship plus up to 36 months.
When data is no longer needed, it is securely deleted or anonymized.
8. Your rights (GDPR — EEA and UK)
If you are located in the EEA or the United Kingdom, you have the following rights under GDPR:
- Right of access: to obtain a copy of your personal data and information about how it is processed.
- Right to rectification: to correct inaccurate or incomplete data.
- Right to erasure: to request deletion of your data ("right to be forgotten"), subject to legal exceptions.
- Right to restriction: to limit how we process your data in certain circumstances.
- Right to data portability: to receive your data in a structured, machine-readable format.
- Right to object: to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent: at any time where processing is based on consent, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at contact@afiops.com. We will respond within 30 days.
9. Automated decision-making and profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you, as defined in GDPR Article 22.
10. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, or disclosure. These include encrypted data transmission (HTTPS), access controls, and regular security reviews. However, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.
11. Complaints
You have the right to lodge a complaint with your local data protection supervisory authority. In Romania, the competent authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP — www.dataprotection.ro). If you are located in another EEA member state or the UK, you may contact your national authority.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page indicates when the most recent changes were made. We encourage you to review this Policy and our Terms of Service periodically.
13. Contact
For questions, requests, or concerns about this Privacy Policy or our data practices, please contact us:
AFI OPS Technologies SRL
Address: Street Paring, no. 10, Timisoara, Romania
Email: contact@afiops.com