Privacy Policy

Last updated: December 14, 2025

At WebFTL, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or engage our services.

1. Who We Are

WebFTL is operated by Alexandru Ciobotariu, a freelance web professional based in the European Union. For the purposes of data protection law, Alexandru Ciobotariu (operating as WebFTL) is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or how we handle your data, please contact us via our contact page.

2. Information We Collect

We collect and process the following types of personal data:

2.1 Information You Provide

  • Contact Information: Name, email address, phone number when you contact us or submit an enquiry
  • Project Information: Project briefs, requirements, content, files, and materials you provide for your project
  • Communication Data: Records of correspondence between us
  • Billing Information: Information necessary for invoicing and payment processing

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, device information, operating system
  • Usage Data: Pages visited, time spent on pages, referring website

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide our services: Delivering web development, design, and consulting services you have engaged
  • To communicate with you: Responding to enquiries, providing project updates, and discussing requirements
  • To process payments: Issuing invoices and processing payments for services rendered
  • To improve our website: Analysing how visitors use our website to enhance user experience
  • To comply with legal obligations: Meeting our legal and regulatory requirements
  • To protect our interests: Establishing, exercising, or defending legal claims

4. Legal Basis for Processing

Under EU data protection law (GDPR), we process your personal data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you or take steps prior to entering a contract
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and website security
  • Legal Obligation: Processing necessary to comply with legal requirements (e.g., tax and accounting obligations)
  • Consent: Where you have given specific consent for a particular processing activity

5. Cookies

Our website uses only essential cookies that are necessary for the website to function properly. These cookies:

  • Enable core functionality such as security and session management
  • Do not track you for advertising purposes
  • Do not collect personal information for marketing

We do not use marketing, advertising, or non-essential tracking cookies.

6. Third-Party Services

We use the following third-party services that may process your data:

6.1 Cloudflare

We use Cloudflare for website security, performance (CDN), and spam protection (Turnstile). Cloudflare may process your IP address and technical data. Cloudflare Privacy Policy

6.2 Google Services

We may use Google Fonts for typography on our website. Google may collect limited technical data when fonts are loaded. Google Privacy Policy

6.3 Payment Processors

Payments are processed through third-party payment providers. We do not store your full payment card details. Payment processors handle your payment data according to their own privacy policies and PCI-DSS compliance standards.

7. Data Sharing

We do not sell, rent, or trade your personal information. We only share your data with:

  • Service Providers: Third-party services necessary to deliver our services (as described in Section 6)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Protection: To protect our rights, privacy, safety, or property

We do not share your data with third parties for their own marketing purposes.

8. International Data Transfers

Some of our third-party service providers (such as Cloudflare and Google) are based in the United States. When your data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses approved by the European Commission
  • Other legally recognised transfer mechanisms

9. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • Project Data: Retained for the duration of our business relationship and as needed for ongoing support or future work
  • Financial Records: Retained as required by tax and accounting laws (typically 7 years)
  • Contact Enquiries: Retained for a reasonable period to respond and follow up, then deleted if no engagement occurs
  • Communication Records: Retained as needed for business and legal purposes

When data is no longer needed, it is securely deleted or anonymised.

10. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Data Portability: Request transfer of your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us via our contact page. We will respond to your request within one month.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Secure HTTPS encryption for all website traffic
  • Secure storage of project files and data
  • Limited access to personal data on a need-to-know basis
  • Regular security reviews and updates

While we take reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of data transmitted to our website.

12. Marketing Communications

We do not send marketing emails or newsletters. Our communications with you will be limited to:

  • Responding to your enquiries
  • Project-related communications
  • Invoicing and payment matters
  • Important service announcements (if applicable)

13. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

14. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any website you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

16. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve your concerns.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.

17. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us: