Legal

Privacy Policy

Last updated: February 19, 2026

1. Introduction

Kicked SRL ("Company", "we", "us", or "our"), registered under CUI 51862990, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Romanian data protection legislation.

2. Data Controller

Kicked SRL

CUI: 51862990

Jud. Arges, Mun. Pitesti, Str. Patrascu Voda, Nr.3, Bl.d1, Sc.c, Ap.b4, Romania

Email: hello@kicked.ro

Phone: +40 746 580 305

3. Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide

  • Contact information: name, email address, phone number, company name
  • Account data: login credentials, billing address, payment information
  • Communications: messages sent through our contact form, support tickets, emails
  • Service data: technical requirements, project specifications, configurations

3.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type
  • Usage data: pages visited, time spent on site, referral source
  • Log data: server access logs, error logs (for service delivery and security)

4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

PurposeLegal Basis (GDPR)
Providing and managing our servicesContract performance (Art. 6(1)(b))
Processing payments and billingContract performance (Art. 6(1)(b))
Responding to contact form inquiriesLegitimate interest (Art. 6(1)(f))
Infrastructure security and DDoS mitigationLegitimate interest (Art. 6(1)(f))
Legal compliance (tax, accounting)Legal obligation (Art. 6(1)(c))
Service improvement and analyticsLegitimate interest (Art. 6(1)(f))

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: payment processors, email delivery services (Resend), cloud infrastructure providers — only as necessary to deliver our services
  • Legal authorities: when required by law, court order, or to protect our legal rights
  • Business transfers: in the event of a merger, acquisition, or sale of assets

All third-party processors are bound by data processing agreements in compliance with GDPR Article 28.

6. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA (e.g., to service providers in the US), we ensure appropriate safeguards through EU Standard Contractual Clauses (SCCs) or adequacy decisions.

7. Data Retention

  • Contact form submissions: retained for 2 years, then deleted
  • Customer account data: retained for the duration of the service agreement plus 5 years (legal/accounting requirements)
  • Server logs: retained for 90 days for security and debugging purposes
  • Billing data: retained for 10 years as required by Romanian fiscal legislation

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, email us at hello@kicked.ro. We will respond within 30 days as required by GDPR.

9. Cookies

Our website uses minimal cookies:

  • Theme preference (localStorage) — stores your dark/light mode choice. Not a cookie; no personal data involved.
  • Essential cookies — required for the website to function (session management). Cannot be disabled.

We do not use tracking cookies, advertising cookies, or third-party analytics services that track individual users.

10. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest
  • Network-level DDoS mitigation and firewall protection
  • Role-based access controls for all internal systems
  • Regular security audits and vulnerability assessments
  • Incident response procedures in compliance with GDPR Article 33 (72-hour notification)

11. Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, contact us immediately and we will delete it.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

ANSPDCP

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania

Website: www.dataprotection.ro

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.

14. Contact

For any privacy-related questions or data subject requests, contact us at:

Kicked SRL

CUI: 51862990

Email: hello@kicked.ro

Phone: +40 746 580 305