Skip to content
RO EN
ServicesIT outsourcingIT maintenanceIT securityPricingAboutContact
RO EN
Contact us
PRIVACY · GDPR

Privacy Policy

Last updated: 23 June 2026

This policy explains how the personal data of persons who visit this site and who submit information through the available forms is processed. The document complies with Regulation (EU) 2016/679 (GDPR) and Law no. 190/2018 and describes what data is collected, for what purposes, on what legal basis, to whom it may be disclosed, and what rights you have as a data subject.

The data controllers

Your personal data is processed by the two legal entities operating under the “HQ” brand. For any matter relating to data protection, the data subject may write to the email address office@hqsolutions.ro.

Controller 1: HQ-SOLUTIONS S.R.L., CUI RO16288296, Reg. Com. No. J40/2535/2017, share capital 50.000 RON, with its registered office at Str. Episcop Chesarie nr. 15, Tronson E, Parter, Sector 4, București. Controller 2: IT USER DESK S.R.L., CUI RO46446819, Reg. Com. No. J40/13131/2022, share capital 1.000 RON, with its registered office at the same address: Str. Episcop Chesarie nr. 15, Tronson E, Parter, Sector 4, București. Common contact details: telephone +40 314 257 888, email office@hqsolutions.ro. Data protection contact: office@hqsolutions.ro.

With respect to the personal data collected through this site, the two entities act as joint controllers within the meaning of Art. 26 GDPR: they jointly determine the purposes and means of the processing. The data subject may exercise the rights provided by the GDPR in respect of either of the two controllers, at the contact address below, regardless of the internal arrangement between them. The essence of the arrangement between the joint controllers is available, on request, at office@hqsolutions.ro.

No data protection officer (DPO) has been appointed; the applicable legislation does not impose this obligation in the present case. For any matter concerning data protection, the data subject may write to office@hqsolutions.ro.

What data we collect

We collect only the data necessary to respond to requests received through the site and to operate it securely. Three categories are distinguished.

(a) Data provided through forms. The site makes three forms available (the form in the main area, the contact form, and the IT self-assessment form). Through the form in the main area and through the contact form, the following may be collected: name, email address, telephone number (optional), company name (optional), and the message submitted. The IT self-assessment tool collects your name, telephone number, and your answers to the questionnaire, submitted together, so that we may contact you and discuss the result.

(b) Technical data collected automatically. Through the hosting provider, technical data such as the IP address, server logs, and browser type may be processed. This data is necessary for the delivery of the pages and for the security and proper functioning of the site.

(c) Cookies and local storage. The site uses a local storage item that records the visitor’s choice regarding analytics cookies (acceptance or refusal). The analytics tool (Google Analytics 4, loaded through Google Tag Manager) is activated solely on the basis of this consent. Full details are described in the Cookie Policy.

Purposes and legal bases of the processing

We process your data only for the purposes set out below and only on the basis of a legal basis provided by Art. 6 GDPR.

Purpose of the processingCategories of dataLegal basis (Art. 6 GDPR)
To respond to requests received through the contact forms and to prepare, on request, an offer or a commercial discussion Name, email, telephone, company, message Pre-contractual steps taken at the data subject’s request, Art. 6(1)(b); and/or our legitimate interest in communicating with the persons who contact us, Art. 6(1)(f)
Processing the IT self-assessment request and subsequent contact to discuss the result Name, telephone, questionnaire answers At the user’s request, who completes and submits the questionnaire in order to be contacted — Art. 6(1)(b) (pre-contractual steps on request)
Security, maintenance, and proper functioning of the site IP address, server logs, browser type The legitimate interest in keeping the site functional and protected, Art. 6(1)(f)
Web analytics (Google Analytics 4, activated only with consent) Usage data collected through the analytics tool The data subject’s consent, Art. 6(1)(a) — collection takes place only after the visitor clicks “Accept” in the cookie banner

With regard to web analytics: the site uses Google Analytics 4, loaded through Google Tag Manager. It operates only on the basis of the prior consent expressed through the cookie banner: by default it is deactivated and transmits no data, and the tool is loaded and begins collection only after the visitor clicks “Accept.” Refusal or the absence of a choice leaves the tool inactive, without affecting the use of the site. Consent may be withdrawn at any time from the “Cookie settings” link in the site footer.

Recipients and processors

Your data is not sold and is not traded. Access to the data is limited to the persons and providers who need it for the purposes described above.

When a form is submitted, the data is transmitted through a technical function hosted by Cloudflare, Inc. and is sent, through Cloudflare’s email service, to the company’s business email inbox. In this context, Cloudflare, Inc. acts as a processor for the hosting of the site and for the delivery of email messages, processing the data on the basis of our instructions. The message subsequently arrives in the company’s business email inbox, provided by our email provider.

  • Cloudflare, Inc. — hosting of the site and delivery of email messages originating from the forms (processor).
  • The company’s business email provider — storage and management of the messages received in the email inbox (processor).
  • Public authorities — only where disclosure is required by law or is necessary for the establishment, exercise, or defense of a right in court.

International data transfers

Some of our providers, in particular Cloudflare, Inc., may process data on servers located outside the European Union and the European Economic Area. In such cases, the transfer takes place with appropriate safeguards within the meaning of Capitolul V (Chapter V) of the GDPR, such as the standard contractual clauses adopted by the European Commission or an applicable adequacy decision. On request, we can provide you with further information regarding the applicable safeguards.

Retention period

We retain personal data only for as long as is necessary for the purposes for which it was collected.

  • Emails containing requests submitted through the forms are retained for as long as is necessary to respond to the request and, where applicable, for the duration of the resulting commercial relationship, as well as thereafter, for the period imposed by legal obligations and any applicable limitation periods.
  • The answers to the self-assessment questionnaire are retained for as long as is necessary to contact you and discuss the result, after which they are deleted or anonymized, unless there is another basis for retention.
  • Technical logs (IP address, server logs) are retained for a limited period, necessary for security and diagnostics, after which they are deleted or anonymized.

Upon the expiry of the periods set out above, the data is deleted or anonymized, except in situations where the law requires its retention for a longer period.

The data subject’s rights

In accordance with Art. 15-22 GDPR, as a data subject you have the following rights:

  • The right of access — to obtain confirmation that we process your data and a copy of it;
  • The right to rectification — to obtain the correction of inaccurate data or the completion of incomplete data;
  • The right to erasure (“the right to be forgotten”) — to obtain the deletion of the data, under the conditions provided by law;
  • The right to restriction of processing — in the situations provided by Art. 18 GDPR;
  • The right to data portability — to receive the data in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller, where applicable;
  • The right to object — to object to processing based on the legitimate interest, on grounds relating to your particular situation;
  • The right to withdraw consent at any time, where the processing is based on consent; the withdrawal does not affect the lawfulness of the processing carried out before the withdrawal.

To exercise these rights, submit a request to the address office@hqsolutions.ro. We will respond without undue delay and, in any event, within one month of receiving the request; this period may be extended by two months where necessary, taking into account the complexity and number of the requests, in which case we will inform you of the extension and of the reasons for it. In order to handle the request, we may ask you for additional information necessary to confirm your identity.

The right to lodge a complaint

If you consider that the processing of your data infringes data protection legislation, you have the right to lodge a complaint with the supervisory authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

We encourage you, before notifying the authority, to contact us at office@hqsolutions.ro, so that we may attempt to resolve any dissatisfaction directly.

Data security

We apply reasonable technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or accidental or unlawful disclosure. These include the secure transmission of data through encrypted connections (HTTPS), limiting access to information to the persons who need it for the purposes described, and selecting providers that offer appropriate safeguards regarding the security of the processing. No system, however, can guarantee absolute security.

Automated decisions and profiling

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning the data subject or that similarly affect the data subject to a significant extent, within the meaning of Art. 22 GDPR.

Minors

The site and the services presented are addressed to legal entities and their representatives and are not intended for minors. We do not knowingly collect personal data of minors. If we become aware that we have received such data without an appropriate basis, we will delete it.

Changes to the policy

We may update this policy to reflect changes in our processing practices, in the providers used, or in legal requirements. The version in force is the one published on this page, and the date of the last update is displayed automatically at the top of the document. We recommend that you consult this page periodically.

Data protection contact

For any question regarding this policy or to exercise the rights described above, you may contact us at:

  • Email: office@hqsolutions.ro;
  • Telephone: +40 314 257 888;
  • Address: Str. Episcop Chesarie nr. 15, Tronson E, Parter, Sector 4, București.
Legal pages