Affarit StudioFree audit
Legal

Privacy Policy

Last updated on May 31, 2026.

1. Who we are

This Privacy Policy explains how Affarit Studio SRL ("Affarit", "we", "us", "our") collects and processes personal data through https://affarit.com (the "website") and our related services. We are the data controller responsible for your personal data.

Affarit Studio SRL (CUI RO40374098)
Str. Bistritei Nr. 6A, Targu Mures, Mures
Romania
Email: hello@affarit.com

2. Scope

This policy covers personal data we process about visitors to our website, people who contact us, and people who complete our online assessments. It should be read together with our Cookie Policy.

3. What information we collect

We only collect data you choose to give us, plus limited technical data needed to operate the site securely.

  • Contact and enquiry data — when you contact us or submit a form (for example our contact or free-audit forms), your name, email address, company, and the contents of your message.
  • Assessment ("scorecard") data — when you complete one of our online assessments, your name, email address, company, your answers, and the resulting score. We use this to generate your report and to follow up about our services.
  • Technical data — when you visit the site, our hosting provider processes standard information such as your IP address, browser type and the pages you view, primarily for security, abuse prevention and reliability. When you submit a form we may also store the referring page and browser user-agent.
  • Analytics data — if you consent to the analytics category, we use Vercel Web Analytics to collect aggregated, cookieless usage data such as page views and general device/browser type. This data does not identify you personally and is not used to track you across other websites.
  • Consent data — your cookie choices, as described in our Cookie Policy.

We do not knowingly collect data from children, and we do not intentionally collect special categories of personal data (such as health or political opinions).

4. How and why we use your data

Under the EU/UK General Data Protection Regulation (GDPR), we rely on the following legal bases:

PurposeData usedLegal basis
Responding to your enquiries and providing requested informationContact and enquiry dataSteps taken at your request prior to a contract, and our legitimate interest in responding to you
Generating and sending your assessment reportAssessment dataYour consent / steps taken at your request
Following up about our services where relevantContact and assessment dataOur legitimate interest in business development, balanced against your rights
Operating, securing and improving the websiteTechnical dataOur legitimate interest in a secure, reliable website
Measuring how the website is used (analytics)Analytics dataYour consent
Remembering your cookie choicesConsent dataOur legal obligation / your consent (see Cookie Policy)

Where we rely on consent, you can withdraw it at any time without affecting processing carried out before withdrawal.

5. Marketing

If we contact you about our services, we will give you a clear way to opt out (for example an unsubscribe link or a reply asking us to stop). We do not sell your personal data, and we do not currently run advertising or behavioural tracking.

6. Who we share your data with

We do not sell your personal data. We share it only with trusted service providers ("processors") who help us run the website and our services, under contracts that require them to protect your data and use it only on our instructions:

  • Vercel Inc. — website hosting and content delivery, and (only with your consent) privacy-friendly, cookieless Web Analytics.
  • Supabase — secure database hosting for assessment submissions and administrator authentication.
  • Resend — sending transactional emails such as your assessment report.

We may also disclose data where required by law, to protect our rights, or in connection with a business transfer (such as a merger or acquisition).

7. International transfers

Some of our providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards recognised under the GDPR — such as the European Commission's Standard Contractual Clauses or an adequacy decision — to ensure your data remains protected.

8. How long we keep your data

We keep personal data only for as long as necessary for the purposes above:

  • Enquiries — for as long as needed to handle your request and for a reasonable period afterwards in case you contact us again.
  • Assessment data — for the duration of our business relationship and a reasonable follow-up period, after which it is deleted or anonymised.
  • Technical and security logs — for a short period, as handled by our hosting provider.

When data is no longer needed, we securely delete or anonymise it.

9. How we protect your data

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls on our admin area, and reputable providers with their own security programmes. No method of transmission or storage is completely secure, but we work to protect your data and to address any incidents promptly.

10. Your rights

Subject to applicable law, you have the right to:

  • be informed about how your data is used;
  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to certain processing, including direct marketing;
  • data portability — receive your data in a portable format;
  • withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at hello@affarit.com. We will respond within the time limits required by law. We may need to verify your identity first.

11. Complaints

If you have a concern about how we handle your data, please contact us first at hello@affarit.com so we can try to resolve it. You also have the right to lodge a complaint with a data protection supervisory authority. In Romania this is the National Supervisory Authority for Personal Data Processing (ANSPDCP — www.dataprotection.ro). You may also contact the authority in your country of residence.

12. Third-party links

Our website may link to other sites we do not control. We are not responsible for the privacy practices or content of those sites, and we encourage you to read their privacy policies.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will revise the "last updated" date above and, where appropriate, notify you. Your continued use of the website after an update constitutes acceptance of the revised policy.

14. Contact us

For any questions about this Privacy Policy or your personal data:

Affarit Studio SRL (CUI RO40374098)
Str. Bistritei Nr. 6A, Targu Mures, Mures
Romania
Email: hello@affarit.com
Website: https://affarit.com