Privacy Policy
Last updated: 4 July 2026
This Privacy Policy explains how Andrei trading as CodeHAC ("we", "us", "our") collects, uses, and protects personal data when you visit https://codehac.com (the "Website"). We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection law.
1. Data Controller
The data controller responsible for your personal data is:
- Andrei (CodeHAC)
- Location: Sibiu, Romania, Romania
- Email: contact@codehac.com
- Website: https://codehac.com
2. Scope
This policy applies to visitors of the Website and to individuals who contact us through the contact form. It does not apply to third-party websites linked from the Website.
3. Categories of Personal Data
Depending on how you use the Website, we may process the following categories of data:
- Usage and technical data — pages visited, referring URL, browser type, device type, approximate location (derived from IP address), and interaction events. Collected via Google Analytics 4 only if you accept analytics cookies.
- Contact data — name, email address, and message content when you submit the contact form.
- Consent records — your cookie consent choice stored locally in your browser, and your agreement when submitting the contact form.
4. Purposes and Legal Bases
We process personal data only where we have a valid legal basis under Article 6 GDPR:
- Website analytics — to understand how visitors use the Website and improve content and performance. Legal basis: consent (Art. 6(1)(a) GDPR). Analytics cookies are not placed until you click Accept on the cookie banner.
- Contact enquiries — to respond to your message and discuss potential projects. Legal basis: steps prior to entering a contract (Art. 6(1)(b) GDPR) and/or legitimate interest in responding to business enquiries (Art. 6(1)(f) GDPR).
- Website security and operation — to deliver the Website, prevent abuse, and maintain security. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Consent management — to record and honour your cookie preferences. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) and/or legal obligation to demonstrate consent where required.
5. Sources of Data
We receive data directly from you (contact form, cookie choices) and automatically from your device (technical data, only when analytics consent is granted).
6. Recipients and Processors
We may share personal data with the following categories of recipients:
- Google LLC — Google Analytics 4 (measurement ID: G-NG5S96K1NZ) for website analytics when you have consented. See Google's Privacy Policy .
- Hosting and infrastructure providers — who process data on our behalf to deliver the Website and contact form.
We require processors to handle data only on our instructions and in compliance with applicable data protection law.
7. International Transfers
Some recipients, including Google LLC, may process data outside the European Economic Area (EEA), including in the United States. Where transfers occur, they are safeguarded by appropriate mechanisms such as the European Commission's Standard Contractual Clauses or other lawful transfer tools recognised under GDPR Chapter V.
8. Retention Periods
- Contact enquiries: 24 months from the date of your last communication.
- Analytics data: 26 months (Google Analytics default retention).
- Consent preference: 12 months.
We delete or anonymise data when it is no longer needed for the purposes for which it was collected, unless a longer retention period is required by law.
9. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data in certain circumstances ("right to be forgotten").
- Restriction — request that we limit processing in certain cases.
- Data portability — receive your data in a structured, machine-readable format where applicable.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, email us at contact@codehac.com. We will respond within one month, as required by Article 12 GDPR. We may need to verify your identity before processing your request.
10. Right to Lodge a Complaint
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority. In Romania, the competent authority is:
- National Supervisory Authority for Personal Data Processing (ANSPDCP) (ANSPDCP)
- B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
If you live in another EU member state, you may also complain to your local data protection authority.
11. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
12. Children
The Website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. Security
We implement appropriate technical and organisational measures to protect personal data, including HTTPS encryption for data in transit and access controls for systems that store contact enquiries. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows when it was last revised. We encourage you to review this page periodically.
15. Related Documents
For details on cookies and how to manage them, see our Cookie Policy. For terms governing use of the Website, see our Terms and Conditions.
16. Contact
For any privacy-related questions, contact us at contact@codehac.com or via the contact page.