Privacy Policy

This policy explains how WOW SITE EXPERT SRL processes personal data when you use SiteExpert services, in line with Regulation (EU) 2016/679 (GDPR) and applicable Romanian law.

1. Data controller

Controller: WOW SITE EXPERT SRL, Baia Mare, Liliacului 16, Maramureș, 430066, Romania. Contact for privacy requests: contact@siteexpert.ro, phone 0727765177.

2. What data we collect

  • Account data: first name, last name, email, encrypted/authentication credentials, account status.
  • Verification data: one-time email verification code flow and related anti-abuse/rate-limit technical records.
  • Domain order data: domain name, registration/renewal period, registrant identity and contact details (including tax/identifier fields where applicable), nameservers.
  • Payment data: Stripe checkout session/payment identifiers, payment status, amount, currency, timestamps, and webhook metadata.
  • Support and communications data: operational emails (account/order/domain events), message delivery/open tracking tokens, and related logs.
  • Security and audit data: hashed IP indicators, user-agent, action logs, fraud/abuse prevention records, and technical diagnostics.

3. Purposes and legal bases

  • Account registration and authentication (Art. 6(1)(b) GDPR – contract performance).
  • Domain registration, renewal, and nameserver management (Art. 6(1)(b) GDPR – contract performance).
  • Payment processing and reconciliation (Art. 6(1)(b) and Art. 6(1)(f) GDPR – contract and legitimate interest in fraud prevention/accounting control).
  • Legal/fiscal compliance (Art. 6(1)(c) GDPR – legal obligation).
  • Security, abuse detection, and service integrity (Art. 6(1)(f) GDPR – legitimate interest).
  • Optional analytics cookies/measurement (Art. 6(1)(a) GDPR – consent, where applicable).

4. Payments and Stripe

Online card payments are processed through Stripe-hosted checkout pages. Cardholder data is entered directly into Stripe infrastructure and is not stored on our servers. We retain only transaction metadata necessary for provisioning, fraud prevention, accounting reconciliation, and legal obligations.

5. Domain registry/registrar processing

To execute domain services, registrant and technical domain data is transmitted to registry/registrar infrastructure required for .ro domain operations (including validation, registration, renewal, status and nameserver updates). Processing follows the technical and legal framework applicable to that ecosystem.

6. Data recipients

  • Payment processor: Stripe.
  • Domain registry/registrar service operators required for .ro lifecycle operations.
  • Email and infrastructure providers used to deliver operational communications and host platform services.
  • Public authorities, where disclosure is required by law.

7. International transfers

Some providers may process data outside the EEA. Where such transfers occur, we rely on GDPR-compliant transfer mechanisms (for example, adequacy decisions or standard contractual clauses), as applicable to each provider relationship.

8. Retention periods

  • Account and service data: for the account lifecycle and a reasonable period thereafter for legal defense and compliance.
  • Order/payment/accounting data: for statutory retention periods under fiscal/accounting law.
  • Security and audit logs: limited to periods necessary for fraud prevention, incident response, and legal defense.
  • Temporary verification/reset artifacts: short-lived and automatically invalidated after expiration/use.

9. Your GDPR rights

Subject to legal conditions, you can request: access, rectification, erasure, restriction, objection, and data portability. You may also withdraw consent at any time for consent-based processing. Requests can be sent to contact@siteexpert.ro.

10. Complaints

If you believe your rights were infringed, you may contact us first for resolution and/or lodge a complaint with the Romanian supervisory authority (ANSPDCP).

11. Security measures

We implement technical and organizational safeguards, including transport security, authenticated sessions, anti-CSRF controls, access control, and event/audit logging. No internet service can guarantee absolute security, but we continuously monitor and improve controls.

12. Policy updates

We may revise this policy to reflect legal, technical, or operational changes. The current version is published on this page and applies from its publication date, unless otherwise stated.