X-HOUSE Logo
Back to home

Privacy Policy

Last updated: 23.08.2025

1. Who We Are

The website xhouse.ro (the "Site") is operated by X-House SRL, registered in Arad, Bd. I.C. Brătianu nr. 3, under trade register no. J2/768/2002, VAT no. RO14900053 (referred to as "X-House").

2. Scope and Purpose

This policy explains how we process personal data solely in the context of using the Site. The Site is purely informational (presenting the X-House brand and its web design, hosting, and SEO/AI services). We do not sell products online, create user accounts, process orders, or send marketing communications through the Site.

3. Data We Process When You Visit the Site

  • Voluntarily provided data — only if you contact us on your own initiative (email, phone, contact form). Examples: name, email, phone number, and message content. We use this data solely to respond to you.
  • Technical/minimal data — our systems may automatically record technical information in logs for security and diagnostic purposes (IP address, date/time, accessed URL, referrer, browser type and OS). Logs are retained for a limited period.
  • Cookies — we use only strictly necessary cookies for the Site to function. We do not use analytics, advertising, or behavioural tracking cookies. See our Cookie Policy for details.

4. Purposes and Legal Bases

  • Responding to enquiries (Art. 6(1)(f) GDPR – legitimate interest / (a) – consent): we manage and archive correspondence to respond to you efficiently.
  • Security and operation of the Site (Art. 6(1)(f) GDPR – legitimate interest): operation, maintenance, fraud/abuse prevention, technical diagnostics.
  • Legal compliance (Art. 6(1)(c) GDPR): when we are legally required to provide information to authorities.

5. Retention Periods

  • Correspondence: for the duration required to resolve the request, plus a maximum of 12 months for internal records.
  • Technical logs: typically 30–90 days, potentially extended if necessary to investigate security incidents.

6. Recipients and Processors

We do not rent or sell your data. Access is limited to our technical service providers (e.g., hosting, IT maintenance), who act as data processors and are contractually bound to maintain confidentiality and process data solely according to our instructions. We may disclose data to public authorities when required by law.

7. Transfers Outside the EEA

We store data, where possible, on infrastructure located within the European Union/EEA. If, exceptionally, a transfer outside the EEA is required, it will be carried out only with appropriate safeguards (e.g., EU Standard Contractual Clauses).

8. Your Rights (GDPR)

  • Right to information and access to data we process about you;
  • Rectification or erasure ("right to be forgotten") under applicable law;
  • Restriction and portability (where applicable);
  • Objection to processing based on legitimate interest;
  • Complaint to the Romanian data protection authority (ANSPDCP) or before a competent court.

To exercise your rights, contact us at office@xhouse.ro.

9. Children's Privacy

The Site is not directed at persons under 18 years of age, and we do not knowingly collect data from minors. If we receive such data, we will delete it without undue delay.

10. Security

We apply reasonable technical and organisational measures to protect your data (access controls, encryption in transit, backup policies). No method of transmission or storage is 100% secure, but we take due diligence to maintain an appropriate level of security.

11. Policy Changes

We may update this policy from time to time. The current version is published on this page. Last updated: 23.08.2025.

Questions about your personal data?

office@xhouse.ro