Privacy Policy
Your data is important to us. Here's how we use it in accordance with the EU's data processing laws.
1. Core Principles
All personal data processing at QA DNA is governed by Article 5 of the GDPR and the following principles:
Lawfulness, fairness and transparency. Data is processed on a valid legal basis, fairly, and with clear notice.Purpose limitation. Data is collected for specified, explicit, and legitimate purposes only.Data minimisation. Only data that is adequate, relevant, and limited to what is necessary is collected.Accuracy. Personal data is kept accurate and up to date.Storage limitation. Data is retained only for as long as necessary to fulfil its stated purpose or legal obligation.Integrity and confidentiality. Data is protected against unauthorised access, accidental loss, or destruction.Accountability. RENESE SMART TECH SRL is responsible for, and can demonstrate, compliance with all of the above.
2. Categories of Personal Data We Process
RENESE SMART TECH SRL, operating as QA DNA, collects personal data from employees, job applicants, clients, business partners, suppliers, website visitors, and individuals who contact us. We collect only what is necessary for the specific purpose.
Identification and contact data. Name, date of birth, nationality, identity document number, CNP, place of birth, photo, address, email, telephone.Professional qualification data. Educational certificates, diplomas, CVs, employment history.Financial data. Bank account details, salary, benefits, payment information (processed via third-party providers where applicable).Civil and family status data. Marital status, number of dependants.Electronic identification data. IP addresses, cookies, device identifiers, browser type, usage patterns.Contact form data. Name, email address, and message content submitted via our website contact form, including email addresses captured from partially completed forms where notice has been provided.Video surveillance data. CCTV footage of visitors to QA DNA premises.
3. Processing Activities
a) Business Partners and Clients
We process contact information of business partners and client representatives, including name, job title, employer, telephone, and email, to manage relationships, fulfil contractual obligations, and develop commercial opportunities. Legal basis: legitimate interest (Art. 6(1)(f)) or contract performance (Art. 6(1)(b)).
b) Job Applicants
We collect CVs, cover letters, and employment history as part of our recruitment process. Data may be submitted directly or sourced via publicly available recruitment platforms. Legal basis: pre-contractual steps (Art. 6(1)(b)), legal obligations under the Romanian Labour Code (Art. 6(1)(c)), and legitimate interest in talent acquisition (Art. 6(1)(f)). For unsuccessful candidates, data is retained only with explicit consent.
c) Suppliers and Subcontractors
We process contact and identification data of individuals associated with our suppliers and subcontractors to manage contractual relationships and legal obligations. Legal basis: contract performance (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).
d) Website Visitors
When you visit qadna.co we may collect electronic identification data via cookies and similar technologies. See Section 11 for full cookie details.
e) Contact Form
When you use the contact form we collect your name, email, and message to respond to your enquiry. We also capture email addresses entered but not fully submitted. See Section 10 for full details. Legal basis: legitimate interest (Art. 6(1)(f)).
f) Office Visitors
We maintain visitor sign-in records and operate CCTV for premises security. Footage is deleted within 30 days unless required to document an incident. Legal basis: legitimate interest (Art. 6(1)(f)).
g) Other Individuals
When individuals contact us with questions or complaints, we collect only what is necessary to respond. Legal basis: legitimate interest or consent, depending on context.
4. Legal Grounds for Processing
Under Article 6 GDPR, RENESE SMART TECH SRL processes personal data only when one of the following lawful bases applies:
Contract performance (Art. 6(1)(b)). Necessary to enter into or fulfil a contract with you.Legal obligation (Art. 6(1)(c)). Required by Romanian or EU law, for example tax or labour law.Legitimate interests (Art. 6(1)(f)). Necessary for our legitimate business interests, where these do not override your fundamental rights.Consent (Art. 6(1)(a)). You have given clear, informed, and freely given consent for a specific purpose, for example marketing cookies. You may withdraw consent at any time by emailing hello@qadna.co.
5. Third-Party Data Sharing
RENESE SMART TECH SRL does not sell personal data to third parties. We share data only in the following circumstances:
Legal obligations. Disclosures required by Romanian or EU law, regulators, or court orders.Contractual performance. With subcontractors or partners involved in delivering our services, limited to what is strictly necessary.Service providers. IT hosting, CRM platforms, and email delivery services acting under a Data Processing Agreement (DPA) per Article 28 GDPR.Analytics providers. Anonymised or pseudonymised data may be shared with tools such as Google Analytics for website performance measurement.
All third-party processors are contractually bound to implement appropriate technical and organisational measures and may only process data per our documented instructions.
6. International Data Transfers
Where personal data is transferred outside the EEA to countries without adequate protection, RENESE SMART TECH SRL ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs) where applicable, and adequacy decisions by the European Commission.
You may request a copy of the relevant transfer safeguards by emailing hello@qadna.co.
7. Data Retention
RENESE SMART TECH SRL retains personal data only for as long as necessary. Indicative retention periods:
Client and contractual data. Duration of the relationship plus up to 5 years (Romanian statute of limitations and tax law).Employee data. Duration of employment plus up to 5-10 years post-termination as required by Romanian labour and tax law.Job applicant data (unsuccessful). Up to 6 months, or longer with explicit consent.Contact form enquiries. Up to 24 months from last interaction, including emails captured from partially completed forms.Partial form capture only, no response. Deleted within 30 days of capture.CCTV footage. Deleted within 30 days unless required for a specific security incident.Cookie data. Session cookies deleted on browser close; persistent cookies per their stated expiry, typically 12-24 months.
8. Your Data Subject Rights
Under the GDPR you have the following rights. All requests are addressed within 30 days, or 90 days for complex cases. To exercise any right, email hello@qadna.co.
Right to Information. Request details on how we process your personal data.Right to Rectification. Correct inaccurate or incomplete personal data.Right to Erasure. Request deletion if processing is unlawful or no longer necessary.Right to Restrict Processing. Limit how we use your data in certain circumstances.Right to Data Portability. Receive your data in a structured, machine-readable format.Right to Object. Object to processing based on legitimate interests.Right to Withdraw Consent. Withdraw consent at any time without affecting prior processing.
9. Security Measures
RENESE SMART TECH SRL implements appropriate technical and organisational measures per Article 32 GDPR, including:
Access controls. Personal data is accessible only to employees who need it for their duties.Authorisation requirements. Data cannot be copied, modified, or deleted without proper authorisation.Audit trails. Records of who accessed personal data and when.Confidentiality obligations. All staff handling personal data are bound by confidentiality agreements.Technical safeguards. Encryption in transit (TLS/HTTPS), password policies, and secure storage.Breach procedures. In the event of a personal data breach we will notify the ANSPDCP within 72 hours (Article 33 GDPR) and affected individuals where the breach poses high risk to their rights.
No system is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet.
10. Contact Form and Email Follow-Up
QA DNA uses a contact form on our website to allow prospective clients, partners, and other interested parties to get in touch. This section explains exactly what data we collect, when we collect it, and how we may use it, including when you begin filling in the form but do not complete the submission.
Data collected via the contact form
Full nameEmail addressCompany name (optional)Message content
We do not collect sensitive categories of personal data (Article 9 GDPR) through the contact form.
Partial form submissions. Early email capture.
Our contact form captures your email address as soon as it is entered into the email field, even if you do not click Submit or complete the remaining fields. This allows us to follow up in case you experienced a technical issue, ran out of time, or had a question you were not sure how to phrase.
A notice is displayed directly below the email field on our form before you type: "We may save your email to follow up in case you don't finish this form. You can opt out at any time by emailing hello@qadna.co."
Legal basis. Legitimate interest (Art. 6(1)(f) GDPR). RENESE SMART TECH SRL has a legitimate interest in following up on genuinely initiated enquiries. We have assessed that this does not override your rights, given the limited scope of data, the clear notice provided, and your ability to opt out at any time.What we send. A single, brief follow-up email asking whether we can help you complete your enquiry. No marketing content is sent on the basis of a partial submission.Timing. The follow-up is sent within 48 hours if the form has not been completed in the meantime.Frequency. Maximum one follow-up email per partial submission. No repeated reminders.Opt-out. Every follow-up email includes a one-click opt-out link. You may also email hello@qadna.co at any time to request removal.Retention. If you do not respond, your email is deleted within 30 days of capture. If you respond and an enquiry proceeds, standard retention applies, up to 24 months from last interaction.
Fully submitted forms
When you complete and submit the form, we use the information to respond to your enquiry within 2 business days, follow up on any business opportunities raised in your message, and record the interaction in our CRM where a business relationship is initiated. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
What we will never do
Add you to a marketing list without your explicit, separate consent.Share your email address with third parties for their own marketing purposes.Send unsolicited commercial communications unrelated to your original enquiry.Continue contacting you after you have asked us to stop.
Opting out and erasure
You may opt out of follow-up communications or request deletion of your contact data at any time by emailing hello@qadna.co. We will action your request within 5 business days and confirm once complete.
11. Cookie Policy
Cookies are small text files stored on your device when you visit our website. We use cookies in compliance with the ePrivacy Directive and GDPR. You will be presented with a cookie consent banner on your first visit to qadna.co.
Strictly necessary. Always active. Required for core website functions including session management and security. No consent required.Preference cookies. Activated on consent. Stores your language and display choices.Analytics and statistics. Activated on consent. Measures website performance, for example Google Analytics with IP anonymisation enabled.Marketing cookies. Activated on explicit opt-in only. Used for targeted advertising and remarketing across sites.
You can withdraw or adjust cookie consent at any time via the cookie settings panel on our website or your browser settings. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.
12. Changes to This Policy
RENESE SMART TECH SRL reserves the right to update this Privacy Policy at any time to reflect changes in our processing activities, applicable legislation, or best practices. Where changes are material we will publish the updated policy on our website with a new Last Updated date, and notify relevant contacts by email where required by law or where changes significantly affect their rights.
We encourage you to review this policy periodically. Continued use of our services after changes take effect constitutes acknowledgement of the revised policy.
13. Data Processing Agreement Administrator
RENESE SMART TECH SRL has entered into Data Processing Agreements with third-party processors who process personal data on its behalf. These agreements are required under Article 28 of the GDPR and govern the scope, purpose, duration, and conditions of all processing carried out by such processors.
The individual responsible for reviewing, executing, and maintaining Data Processing Agreements on behalf of RENESE SMART TECH SRL is:
Name: Stoica Liana
Title: Administrator
Organisation: RENESE SMART TECH SRL, operating as QA DNA
Contact: hello@qadna.co
This individual acts as the internal point of accountability for all processor relationships and is responsible for ensuring that:
Each Data Processing Agreement is in place before any processing begins.
Agreements remain current and are reviewed whenever the scope of processing changes.
Standard Contractual Clauses or equivalent transfer mechanisms are included where data is transferred outside the European Economic Area.
Processors are assessed for their ability to implement appropriate technical and organisational measures in accordance with Article 32 GDPR.
Current Data Processing Agreements include, but are not limited to, the following processors:
Webflow Inc. Website hosting and form data storage, including partial form captures. Data Processing Addendum in place, incorporating Standard Contractual Clauses for transfers outside the EEA. Contact: privacy@webflow.com.
A copy of any relevant Data Processing Agreement or transfer safeguard may be requested by emailing privacy@qadna.co. Requests will be assessed and responded to within 30 days.
14. Data Protection Contact
RENESE SMART TECH SRL has designated a data protection contact responsible for handling all data subject rights requests, data protection enquiries, and complaints relating to the processing of personal data by QA DNA.
All requests submitted to this contact will be acknowledged promptly and responded to within 30 days of receipt. Where a request is complex or involves a large volume of data, the response period may be extended to 90 days. In such cases, the data subject will be informed of the extension and the reason for it within the initial 30-day period.
Name: Stoica Liana
Email: hello@qadna.co
Organisation: QA DNA Romania, operated by RENESE SMART TECH SRL
This contact is the first point of call for all of the following:
Exercising any data subject right under Articles 15 to 22 of the GDPR, including the right to access, rectification, erasure, restriction, portability, and objection.
Questions about how personal data is collected, used, stored, or shared by RENESE SMART TECH SRL.
Concerns about the lawfulness of any processing activity.
Requests to withdraw consent for any processing based on consent.
Complaints about how a data subject request has been handled.
If you are not satisfied with the response received, you retain the right to escalate your complaint to the Romanian supervisory authority, the National Supervisory Authority for Personal Data Processing (ANSPDCP), at anspdcp@dataprotection.ro or www.dataprotection.ro.