Privacy policy / GDPR

VM Software Lab SRL, with registered office in Bucharest, Romania, Tax ID (CUI) 52618692, is the controller of personal data collected through the vmcodes.io website. For any request or question regarding your data, contact us at vm.codes11@gmail.com.

Identification and contact data: email (required), name (optional, if you provide it).

Transactional data: Stripe order ID, purchased product, payment date and amount, invoice status.

Communication data: content of messages exchanged with support.

Aggregated technical data: visited page, country, device type, collected via cookieless analytics without individual identification.

Under GDPR Art. 6, we process data on the following bases:

• Contract performance (Art. 6(1)(b)): course delivery and purchase-related communication.

• Legal obligation (Art. 6(1)(c)): issuing invoices and retaining fiscal records, per Romanian Tax Code (Law 227/2015).

• Consent (Art. 6(1)(a)): newsletter and marketing communications (only with explicit opt-in).

• Legitimate interest (Art. 6(1)(f)): fraud prevention, ensuring site security.

We do not sell or rent your data to third parties for marketing purposes. Data is transmitted to the following processors strictly for the contracted services:

• Stripe Payments Europe Ltd.: payment processing (stripe.com/privacy).

• Oblio: electronic invoicing (oblio.eu/termeni).

• Vercel Inc.: site hosting (vercel.com/legal/privacy-policy).

• Resend / Postmark: transactional email delivery.

Some processors (Vercel, Resend/Postmark) are established in the United States. Data transfers rely on the EU-US Data Privacy Framework and, where necessary, on Standard Contractual Clauses approved by the European Commission under GDPR Art. 46.

Transactional data and invoices: 10 years (Romanian fiscal obligation under Accounting Law 82/1991).

Marketing data: until consent is withdrawn, or 3 years from last interaction.

Support correspondence: 3 years from case closure.

Aggregated technical data: 12 months, then permanently anonymized.

You have the right to: access processed data, rectification, erasure ("right to be forgotten"), processing restriction, data portability, objection to processing, and withdrawal of consent at any time.

When processing is based on a legal obligation (e.g. 10-year fiscal retention), erasure is not possible before the legal term expires, but we can restrict processing during that period.

Send an email to vm.codes11@gmail.com with the subject "GDPR request: [type]" from the address associated with your account. We respond within 30 calendar days, per the statutory deadline. Exercising rights is free; we only charge for manifestly unfounded or repetitive requests.

If you are unsatisfied with how we process your data, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

Bd. G-ral Gheorghe Magheru nr. 28-30, Sector 1, Bucharest

anspdcp.ro · +40 318 059 211 · anspdcp@dataprotection.ro

We do not use tracking cookies, advertising cookies, or fingerprinting. If we use analytics, they are cookieless (e.g. Plausible) and record only aggregated data about pages, countries, and devices, without identifying individual visitors.

We apply reasonable technical and organizational measures to protect your data: mandatory HTTPS, encryption in transit, restricted access to sensitive data on a "need-to-know" basis, regular backups.

In accordance with GDPR Art. 33-34, we will notify you without undue delay in the event of a security breach affecting your data.

We do not use automated decision-making or profiling that produces legal effects concerning you or significantly affects you.

We will update this policy whenever processing practices change. Material changes will be announced by email to buyers with active access. The version in force is always the one published at vmcodes.io/legal/privacy.