Skip to content
Black Point Agency

LEGAL · DATA PROTECTION

Privacy Policy

Last updated: 07.05.2026

I. General information

Protecting your personal data is a priority for BLACK POINT AGENCY S.R.L., a Romanian limited liability company with its registered office at București, Sector 3, Strada Zizin, Nr. 8, Ap. 55, România, registered with the Trade Registry under no. J40/3087/18.02.2022, fiscal code 45669375, acting as data controller.

This document explains how we process your personal data when you use the website blackpointagency.com or enter into a commercial relationship with us, in line with the EU General Data Protection Regulation (GDPR — 2016/679) and applicable Romanian law.

II. Categories of data we process

II.1 Clients

We process: full name, company name, role, work email, phone number, billing address, banking details required to issue invoices, and the information exchanged in the course of service contracts and the marketing campaigns we run on your behalf.

II.2 Website visitors

We process the data you provide voluntarily through the contact form (name, email, company, message) and technical information collected automatically (IP address, browser, pages visited, time on site) through cookies and analytics tools.

III. Purposes and legal bases

III.1 Clients

  • Performance of the contract — delivering marketing services, operational communication, reporting, invoicing and deliverable tracking. Legal basis: contractual relationship.
  • Legal obligations — issuing tax documents, archiving as required by accounting legislation (up to 10 years after the end of the financial year). Legal basis: legal obligation.
  • Marketing communications — newsletters, service updates, case studies. Legal basis: consent (opt-in). You can unsubscribe at any time via the link in any email.
  • Performance analysis — continuous improvement of our services and reporting. Legal basis: legitimate interest.

III.2 Visitors

  • Responding to enquiries — handling contact-form submissions and questions. Legal basis: legitimate interest and/or pre-contractual measures at your request.
  • Traffic analytics — understanding how the site is used. Legal basis: consent (analytics cookies) and legitimate interest (aggregate data).

IV. Retention

We process your data only as long as necessary for the stated purposes. For clients, data is retained for the duration of the contractual relationship and afterwards in line with legal obligations (financial records: 10 years). Marketing data is kept until consent is withdrawn.

A request to delete your account signals withdrawal of consent for commercial communications. Actual deletion happens once any outstanding contractual and legal obligations are met.

V. Recipients and transfers

Your data may be disclosed, for the purposes above, to:

  • Our service providers (web hosting, cloud infrastructure, email platforms, analytics and ad-campaign tools — Google, Meta, Microsoft, LinkedIn, TikTok), acting as data processors;
  • Our accountant, auditor, legal counsel and other professionals involved in related processes;
  • Public authorities, where required by law.

Some services (e.g. Google Analytics, Meta) may transfer data outside the European Economic Area, on the basis of the Standard Contractual Clauses (SCC) approved by the European Commission and/or the EU-US Data Privacy Framework.

VI. Your GDPR rights

As a data subject, you have the following rights:

  • Right to information — clear details about how your data is processed.
  • Right of access — to confirm whether your data is processed and receive a copy.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure (the “right to be forgotten”) — when the data is no longer needed, you have withdrawn consent, or you object to processing.
  • Right to restrict processing.
  • Right to data portability — to receive your data in a structured, machine-readable format and have it transmitted to another controller.
  • Right to object — particularly to direct marketing, with no justification required.
  • Right not to be subject to solely automated decision-making producing legal effects on you.
  • Right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) or competent courts.

To exercise any of these rights, write to office@blackpointagency.com. We respond within 30 days at the latest.

VII. Security

We apply appropriate technical and organisational measures to protect data against unauthorised access, loss, alteration or disclosure: TLS encryption, access control, logging, periodic audits, staff training, and confidentiality undertakings with all our partners.

VIII. Changes

This policy may be updated periodically. The current version is always available at blackpointagency.com/privacy-policy. Material changes will be flagged on the website.

IX. Contact

For any question about this policy or how we process your data, reach us at:

For information about cookies, see the Cookie Policy.