Summary
We collect only what we need, we never sell your data, and we always ask for consent before using analytics or advertising cookies. You can withdraw consent at any time.
Data Controller
The entity responsible for the processing of your personal data is:
- Company: We Are Code SRL
- Registered in: Romania (EU)
- Website: wecode.ro
- Contact email: team@wecode.ro
For any questions about this policy or to exercise your data subject rights, please contact us at team@wecode.ro.
What Data We Collect and Why
2.1 Contact Form
When you submit our contact form, we collect the following personal data:
| Data | Purpose | Legal Basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Full name | To address you correctly in our reply | Art. 6(1)(f) — Legitimate interest | 2 years from last contact |
| Email address | To respond to your enquiry | Art. 6(1)(f) — Legitimate interest | 2 years from last contact |
| Phone number | To contact you by phone if requested | Art. 6(1)(f) — Legitimate interest | 2 years from last contact |
| Company name | To personalise our offer | Art. 6(1)(f) — Legitimate interest | 2 years from last contact |
| Website URL | To better understand your project | Art. 6(1)(f) — Legitimate interest | 2 years from last contact |
| Message content | To understand and respond to your request | Art. 6(1)(f) — Legitimate interest | 2 years from last contact |
| GDPR consent record | To document that consent was given | Art. 6(1)(c) — Legal obligation | 5 years |
Submission of the form requires you to tick the GDPR consent checkbox. You may request deletion of your data at any time by writing to team@wecode.ro.
2.2 Server Log Files
Our web server automatically records standard access logs that may include your IP address, browser type, operating system, referring URL, and the pages visited. This data is used solely for security, threat management, and server diagnostics. Log files are automatically rotated and purged within 30 days. The legal basis is our legitimate interest in maintaining a secure and stable service (Art. 6(1)(f) GDPR).
2.3 Language Preference
We store a PHP session cookie (PHPSESSID) to remember your language selection (RO/EN) during your visit. This cookie expires when you close your browser and contains no personal data. It is strictly necessary for the correct functioning of the website.
Cookies
Cookies are small text files placed on your device by a website. We present a consent banner on your first visit. Non-essential cookies are placed only after you give explicit consent. You may withdraw consent at any time by clearing your browser cookies.
3.1 Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be disabled.
3.2 Analytics Cookies (require consent)
Loaded only after you accept analytics cookies via our consent banner.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Distinguishes unique users in Google Analytics 4 | 2 years | Google LLC (USA) |
_ga_* | Persists session state for Google Analytics 4 | 2 years | Google LLC (USA) |
_gid | Distinguishes users over a 24-hour window | 24 hours | Google LLC (USA) |
3.3 Advertising Cookies (require consent)
Loaded only after you accept advertising cookies via our consent banner.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
_gcl_au | Used by Google Ads to store and track conversion events | 3 months | Google LLC (USA) |
_gcl_aw | Stores click information for Google Ads campaign attribution | 90 days | Google LLC (USA) |
Third-Party Services
We use the following third-party services on our website. Each operates under its own privacy policy. Where applicable, data transfers to providers outside the EEA are governed by EU Standard Contractual Clauses (SCCs, 2021 version).
| Service | Provider | Purpose | Data transferred | Privacy policy |
|---|---|---|---|---|
| Google Tag Manager | Google LLC (USA) | Manages and deploys analytics and marketing tags without modifying site code directly | Technical data (IP anonymised) | policies.google.com |
| Google Analytics 4 | Google LLC (USA) | Analysis of website traffic — pages visited, session duration, device type. Activated only after consent. | Anonymised IP, usage behaviour | policies.google.com |
| Google Ads / Conversion Tracking | Google LLC (USA) | Measures the effectiveness of our advertising. Activated only after consent. | Conversion events, anonymised IP | policies.google.com |
| Google Fonts | Google LLC (USA) | Loads web fonts (Inter, JetBrains Mono) to render the website typography | IP address (logged by Google on each font request) | policies.google.com |
| jsDelivr CDN | Prospect One (EU — Poland) | Delivers JavaScript libraries via CDN for faster page loading | IP address, browser user-agent | jsdelivr.com/privacy-policy |
| jQuery CDN | OpenJS Foundation (USA) | Delivers the jQuery JavaScript library | IP address | openjsf.org privacy policy |
Google Consent Mode v2
We have implemented Google Consent Mode v2. Before you give consent, Google Tag Manager operates in a restricted mode — no analytics or advertising cookies are placed and no personal data is transmitted to Google for measurement or advertising purposes. Analytics and advertising tags are only activated once you explicitly accept them via our consent banner. You may withdraw consent at any time by clearing your browser cookies, which will cause Consent Mode to revert to its restricted default state on your next visit.
Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to any third party.
We may share data only in the following limited circumstances:
- Authorised service providers: Third-party tools listed in Section 4, operating under data processing agreements and bound by confidentiality obligations.
- Legal obligation: When required by Romanian law, a binding court order, or a competent authority (e.g. ANAF, Police, ANSPDCP).
- Protection of rights: Where necessary to protect the rights, property, or safety of We Are Code SRL, our clients, or third parties.
International Data Transfers
Some of our service providers (Google LLC, OpenJS Foundation) are based in the United States. All transfers of personal data outside the European Economic Area (EEA) to these providers are governed by the EU Standard Contractual Clauses (SCCs) approved by the European Commission in June 2021 (Decision 2021/914), ensuring an equivalent level of protection to that required within the EU.
For Google services specifically, the applicable terms are available at: business.safety.google/gdprprocessorterms.
Your Rights Under GDPR
Under Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you and information about how it is processed.
Request correction of inaccurate or incomplete personal data without undue delay.
Request deletion of your data ("right to be forgotten") where there is no longer a legal basis for processing.
Request that we suspend processing of your data in certain circumstances (e.g. while you contest accuracy).
Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
Object to processing based on our legitimate interests, including for direct marketing purposes.
Withdraw cookie consent at any time by clearing your browser cookies. Withdrawal does not affect the lawfulness of prior processing.
File a complaint with the national supervisory authority (ANSPDCP) — see Section 9 below.
To exercise any of these rights, contact us at team@wecode.ro. We will acknowledge your request promptly and respond within 30 days, extendable by a further 60 days for complex requests (with prior written notice and reason). We do not charge any fee for exercising your rights.
Supervisory Authority
If you consider that processing of your personal data infringes GDPR or Romanian data protection law, you have the right to lodge a complaint with the national supervisory authority:
We would however appreciate the opportunity to address your concerns before you approach the ANSPDCP, so please contact us first at team@wecode.ro.
Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our measures include:
- HTTPS / TLS encryption for all data transmitted to and from our website
- Server access restricted to authorised personnel only via SSH key authentication
- Regular security patching and infrastructure monitoring
- IP access log rotation with automatic deletion within 30 days
- CSRF token protection on all web forms
- Web Application Firewall (WAF) and DDoS mitigation via Cloudflare
While we take every reasonable precaution, no internet transmission is 100% secure. In the event of a personal data breach that is likely to result in a high risk to your rights, we will notify you without undue delay in accordance with Art. 34 GDPR.
Links to Other Websites
Our website may contain links to external sites (partner companies, ANPC, EUIPO, etc.). We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any external site before submitting personal data.
Consumer Dispute Resolution
In accordance with Romanian Government Ordinance 38/2015 and EU Regulation 524/2013, consumers have access to the following alternative dispute resolution mechanisms:
- ANPC — SAL (Alternative Dispute Resolution): anpc.ro/ce-este-sal/
- EU Online Dispute Resolution Platform: ec.europa.eu/consumers/odr
Changes to This Policy
We may update this Privacy & Cookie Policy from time to time to reflect changes in our data processing practices, technology, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.
Intellectual Property
wecode® is a registered trademark of We Are Code SRL in the European Union (EUIPO No. 018778232). All rights reserved. Unauthorised use of the WeCode name, logo, or brand identity is strictly prohibited and may constitute trademark infringement under EU law.