Privacy Policy

Effective Date: November 1, 2024

Abstract Lab (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines the practices we follow to collect, use, process, and share personal data when you interact with our website or services. Compliant with the General Data Protection Regulation (GDPR) and Romanian data protection laws, this policy provides a detailed explanation of your rights and how your information is handled. By using our website, you agree to the terms outlined in this Privacy Policy. If you do not agree, please refrain from using our services.

1. Data Controller

The data controller responsible for processing your personal data is Abstract Lab S.R.L., a company headquartered at Str. Nufarului nr. 8, Oradea, Jud. Bihor, Romania. As the data controller, we determine the purposes and means of processing your personal data. For any inquiries regarding this policy or data protection matters, you can contact us via email at office@abstractlab.ro.

2. What Personal Data We Collect

Abstract Lab collects personal data to provide and improve its services. When you interact with our website, we may collect information you provide directly, such as your name, email address, and phone number, particularly if you use our contact form to reach us. Additionally, we may collect information automatically through your interaction with our website, including technical data like your IP address, browser type, and the pages you visit. This data is gathered using third-party analytics tools, such as Google Analytics, and is anonymized to ensure your privacy. Our website also uses cookies, which are small files stored on your device to enhance your browsing experience and analyze how visitors interact with our site. You can manage your cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.

3. Legal Basis for Processing Personal Data

Abstract Lab processes your personal data in compliance with GDPR requirements. Data processing is carried out based on one or more of the following legal grounds. We process personal data to fulfill contractual obligations, such as responding to inquiries submitted via the contact form. Your consent serves as the legal basis when you have explicitly agreed to the use of your data for specific purposes, such as analytics. In certain cases, processing is necessary to comply with legal obligations or to pursue our legitimate interests, such as improving the functionality of our website.

4. How We Use Your Personal Data

The personal data we collect is used solely for the purposes outlined in this policy. When you provide your contact details, we use this information to respond to your inquiries, address your requests, or provide relevant information about our services. Automatically collected data helps us understand how visitors use our website, enabling us to enhance its performance and usability. We do not use personal data for marketing purposes without obtaining prior consent.

5. Who Has Access to Your Data

Abstract Lab ensures that your personal data is not sold, rented, or traded to third parties. However, certain trusted third-party service providers, such as hosting providers, analytics platforms, and IT service providers, may process your data on our behalf to facilitate the operation of the website. These third parties are bound by contractual agreements to process your data securely and in compliance with GDPR.

6. Data Transfers Outside the EU

The personal data we process is stored and handled within the European Union. If, in exceptional cases, data is transferred to countries outside the EU, such transfers will be made in compliance with GDPR. Appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions, will be implemented to ensure that your rights are protected.

7. Data Retention

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by legal and regulatory obligations. For example, data submitted through the contact form is retained for a reasonable period to address inquiries effectively. Automatically collected data, such as anonymized analytics, is retained for a maximum of 12 months. Once the retention period has expired, data is securely deleted or anonymized.

8. Your Rights Under GDPR

As a data subject, you have the right to access your personal data and request information about how it is being processed. If you find that your data is inaccurate or incomplete, you have the right to request its correction. In certain circumstances, you may request the deletion of your personal data or restrict its processing, particularly if you believe the processing is unlawful. You also have the right to receive your personal data in a structured, commonly used, and machine-readable format or to have it transferred directly to another data controller, where technically feasible. If you have provided consent for data processing, you can withdraw this consent at any time without affecting the lawfulness of processing conducted prior to withdrawal. To exercise these rights, please contact us at office@abstractlab.ro. We will respond to your request within 30 days unless an extension is required due to the complexity of the request.

9. How We Protect Your Personal Data

Abstract Lab implements robust technical and organizational measures to safeguard your personal data against unauthorized access, loss, or disclosure. These measures include data encryption, secure servers, and regular security audits. While we strive to protect your data, no security system is entirely foolproof. In the event of a data breach, we will notify affected individuals and the relevant supervisory authority in accordance with GDPR.

10. Processing of Children's Data

Our website and services are intended for individuals aged 16 and above. We do not knowingly collect or process personal data from children under this age. If we become aware of such processing, the data will be deleted immediately.

11. Automated Decision-Making

Abstract Lab does not use automated decision-making processes or profiling that produce legal or similarly significant effects on individuals.

12. Links to Other Websites

Our website may contain links to external websites for your convenience. Please note that Abstract Lab is not responsible for the privacy practices of these third-party websites, and we encourage you to review their privacy policies before sharing any personal data.

13. Supervisory Authority

If you believe that your rights under GDPR have been violated, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing in Romania. The authority’s contact information is as follows: National Supervisory Authority for Personal Data Processing
Address: Gheorghe Magheru Blvd. 28-30, Sector 1, Bucharest, Romania
Email: anspdcp@dataprotection.ro

14. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any significant updates will be communicated via our website. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

15. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:
Abstract Lab S.R.L.
Address: Str. Nufarului nr. 8, Oradea, Jud. Bihor, Romania
Email: office@abstractlab.ro