WebAestheticLab — Studio · Bucharest
Begin a project

Legal · Privacy

Privacy Policy

Last updated · 12 March 2026

This Privacy Policy explains how WebAestheticLab S.R.L. (“WebAestheticLab”, “we”, “our”, or “us”) collects, uses, and protects personal information when you visit https://webaestheticlab.com (the “Site”) or engage us as a client. We are a digital design studio registered in Romania and we comply with the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and Romanian Law 190/2018 on data-protection measures.

1. Who we are

Data Controller

WebAestheticLab S.R.L., registered at Strada Vasile Cârlova 4, 031145 București, Romania. Registered with the Trade Registry under J40/12847/2023; VAT number RO47892361. Contact: studio@webaestheticlab.com · +40 742 305 428.

2. What information we collect

Information you give us

  • Contact form data — first name, last name, email, phone (optional), company name, type of engagement, approximate budget and the message you send. Provided when you complete the form on our Contact page.
  • Checkout and billing data — first name, last name, email, phone, country, optional company name and EU VAT number. Provided when you place an order.
  • Project communications — emails, briefs, files, and meeting notes exchanged in the course of an engagement.

Information we collect automatically

  • Strictly necessary cookies — a small session token used to keep your form submissions secure (CSRF) and a single cookie storing your cookie-consent choice.
  • Server logs — basic request data (IP address, user agent, request path, timestamp), retained for 30 days for security and abuse-prevention purposes.

Information we do not collect

We do not run third-party advertising tracking, behavioural analytics, fingerprinting scripts, or social-media pixels on this Site. We do not use Google Analytics. Card details are entered on Stripe’s checkout page and are never transmitted to or stored on our servers.

3. How we use your information

  • To respond to your enquiry and exchange briefs (legal basis: legitimate interest and, where relevant, steps prior to entering a contract — Art. 6(1)(b) and (f) GDPR).
  • To deliver services we have agreed to provide and to invoice for them (legal basis: performance of a contract — Art. 6(1)(b) GDPR).
  • To comply with Romanian and EU bookkeeping and tax obligations, including the retention of invoices for ten years (legal basis: legal obligation — Art. 6(1)(c) GDPR).
  • To prevent abuse and secure the Site (legal basis: legitimate interest — Art. 6(1)(f) GDPR).

4. Who we share information with

We share personal information only with the following categories of processors, each bound by a written data-processing agreement:

  • Stripe Payments Europe, Limited — payment processing for orders. Stripe receives your name, email, billing address, country and payment details. Stripe’s privacy notice: stripe.com/privacy.
  • Hetzner Online GmbH (or equivalent EU hosting provider) — server hosting; data processed within the European Economic Area.
  • Our accountant — receives invoice data as required for Romanian bookkeeping. Bound by professional confidentiality.

We do not sell, rent, or otherwise transfer your personal information to any third party for marketing purposes.

5. International transfers

Personal data is processed primarily within the EEA. Where a processor (such as Stripe) processes data outside the EEA, transfers are protected by Standard Contractual Clauses approved by the European Commission, or by an adequacy decision.

6. How long we keep your information

  • Contact-form enquiries: up to 24 months from your last contact with us, then deleted unless we have a contract.
  • Active client records: for the duration of the engagement plus four years.
  • Invoices and accounting records: ten years, as required by Romanian tax law.
  • Server logs: 30 days.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data, subject to our legal retention obligations.
  • Object to or restrict our processing of your data.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where consent is the legal basis (this does not affect prior processing).

To exercise any of these rights, write to studio@webaestheticlab.com. We respond within 30 days.

8. Right to lodge a complaint

If you believe we have mishandled your personal data, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, www.dataprotection.ro.

9. Security

Our infrastructure runs over HTTPS with TLS 1.2 or higher. Form submissions are protected by CSRF tokens. Production databases (where applicable) are encrypted at rest and access is restricted to studio staff on a need-to-know basis. We do not store payment card data — this is handled by Stripe under PCI-DSS compliance.

10. Children

The Site is not directed at children under 16 and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated by email to active clients.

12. Contact

Questions about this policy or about our handling of your personal data: studio@webaestheticlab.com · +40 742 305 428 · Strada Vasile Cârlova 4, 031145 București, Romania.