Privacy policy

Lynx Solutions SRL (“Lynx Solutions”, “we”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our corporate website (the “Website”). We process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”), and this Policy is designed to be GDPR-compliant and tailored to our Website’s features.

Please read this Privacy Policy carefully. By using our Website or submitting any personal information through it (for example, via our contact or career forms), you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use the Website or provide personal data. For any questions or requests regarding your personal data, you can contact us at the details provided in the “Your Rights & Contact” section below.

Controller: The data controller for the Website is Lynx Solutions SRL, a company registered in Romania. When this Policy mentions “Lynx Solutions” or “we/us”, it refers to Lynx Solutions SRL as the entity responsible for your personal data.

• Registered Address: Str. Ropo, Nr. 6, 547367 Corunca, Mureș County, Romania.
• Contact Email: [email protected]
• Contact Phone: +40 265 311 829 (office)

Data Protection Officer: We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection. For any inquiries about this Privacy Policy or your personal data, you may contact our DPO at dpo@lynxsolutions.eu.

We collect personal data on our Website only when you voluntarily provide it or when it is necessary for the Website to function (such as security measures). The specific contexts in which we collect data are:

• Contact Form (“Let’s Talk”): When you fill out our “Let’s Talk” contact form, we ask for your name, email address, phone number (optional), and your message or inquiry. You will also be asked to check a box confirming you agree to this Privacy Policy and our Terms and Conditions before submitting the form. We collect these details so that we can respond to your inquiry appropriately.
• Career Application Forms: On our careers or “Join Us” pages (for example, specific job listings like “.NET Developer” or “PHP Developer”), you may submit a job application. These application forms typically collect your name, email address, phone number, an uploaded Curriculum Vitae (CV) or resume file, and an optional cover message or note. By submitting a job application, you provide us with personal data contained in your CV and form (which may include contact information, work experience, education, and any other details you choose to share). You will also need to agree to this Privacy Policy and our Terms and Conditions via checkbox before submission.
• Browsing Data (Technical Information): We do not use any analytics or tracking cookies on our Website. We do not utilize Google Analytics, heat mapping, marketing pixels, or similar tracking tools to monitor your browsing behavior. However, when you access our Website, certain technical information is automatically received by our systems (via your browser and hosting platform) as part of normal web operations. This can include your IP address, browser type, device information, and timestamps of your visit. We use this information solely for essential functionality like delivering the webpages, ensuring security (e.g., firewall or anti-bot measures), and compiling anonymous, aggregate logs to maintain our Website. We do not use this data to identify you or to profile your activities, and we do not link it to any contact or application information you submit.
• Captcha Verification: To protect our site from spam and abuse, we may employ a CAPTCHA service on our forms (for example, Google reCAPTCHA) to verify that a real person is submitting the form. This tool may collect hardware and software information (such as device and application data) and send it to the CAPTCHA provider (Google) for analysis. Google’s privacy policy and terms of service will apply to this data processing. We use CAPTCHA only for the legitimate purpose of keeping our Website and forms secure from bots or fraudulent submissions. The CAPTCHA functionality might place a cookie on your device solely to perform its risk analysis (see our Cookie Policy for more details), but it is not used for advertising or tracking beyond the security purpose.

We do not collect any sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.) through our Website. We ask that you refrain from including such sensitive data in any messages or CVs you submit. Our forms are intended only for the specific details requested.

We will only use your personal data for the purposes for which you provided it to us, plus related legitimate purposes as permitted by law. Specifically:

• Responding to Inquiries: If you contact us via the “Let’s Talk” form or any general contact form/email, we will use the information you provided (name, contact details, message) to communicate with you. This means responding to your inquiry, answering your questions about our services, providing the information you requested, or discussing a potential business opportunity. We may contact you via email or phone, depending on the contact details and preference you provided.
• Processing Job Applications: If you apply for a job through our Website, we will use the personal data in your application (contact details, CV information, etc.) to assess your suitability for the position applied, and to carry out the recruitment process. This includes reviewing your qualifications and experience, contacting you to schedule interviews or request additional information, and informing you of the outcome. If your profile fits another open role, we may also consider your application for that alternative role (if appropriate and in line with your expectations). We will keep your application confidential and only share it internally with those who need to know (such as HR personnel and the relevant hiring department).
• Site Functionality and Security: Basic technical data (like IP address or browser type) is utilized to enable the proper display and security of our Website. For example, we might use IP addresses for server security logs, to detect and prevent malicious activities like brute-force attempts or spam submissions (especially in conjunction with our CAPTCHA tool). We also use this data to maintain and troubleshoot the site (for instance, to investigate errors or performance issues).
• No Marketing Without Consent: We will not use the contact details you provide through the Website to send you unsolicited marketing communications. We do not add you to any newsletter or mailing list automatically. We may follow up once regarding your specific inquiry or application, but we won’t send general marketing emails unless you explicitly request or consent to such communication. (If in the future you opt-in to receive a newsletter or updates, that would be handled separately and you would have the right to unsubscribe at any time.)
• No Automated Decision-Making or Profiling: We do not make any decisions about you solely by automated means (i.e., without human involvement), and we do not profile you in the sense of analyzing or predicting aspects of you (like personal preferences or behavior) through automated processing. All inquiries and job applications are reviewed by real people, and any decisions (such as hiring decisions) involve human evaluation.

Our use of your data will always be consistent with the reason you provided it. If we need to use your personal data for a new purpose that is unrelated to the original purpose, we will seek your permission or provide notice as required by law.

Under the GDPR, we must have a valid “legal basis” to process your personal data. Depending on the context of your interaction with our Website, our processing of your data is based on one or more of the following legal grounds:

• Your Consent: When you voluntarily submit information via our Website forms, we rely on your consent to process that information for the intended purpose. For example, by checking the box and submitting the contact form, you consent to us using your provided details to respond to you. Similarly, by agreeing to the Privacy Policy and submitting a job application, you consent to our processing of the personal data in your application for recruitment. You have the right to withdraw your consent at any time (see “Your Rights” below), though note that doing so will not affect any processing already performed and may mean we cannot continue the specific process (e.g. we would stop considering your job application if you withdraw consent for us to process it).
• Legitimate Interests: In some cases, we process your data based on our legitimate interests. For instance, when you send us an inquiry, it is in our legitimate interest as a business to keep that correspondence and your contact info in order to effectively respond and follow up. We believe this usage is expected by you and has minimal privacy impact. We also have a legitimate interest in ensuring the security and proper functioning of our Website (processing technical data for security/logging, and using reCAPTCHA to prevent abuse). When we rely on legitimate interests, we ensure that our interests are balanced against your rights and expectations – we only use data in ways that you might reasonably anticipate when interacting with us.
• Pre-contractual Steps / Contract Performance: If you contact us as a potential client inquiring about our services, the processing of your data might be considered as taking steps at your request prior to entering into a contract. Similarly, if you are eventually hired as an employee or engaged as a contractor, the processing of your data in the hiring process is related to entering into an employment contract. In such cases, GDPR allows processing as necessary for the performance of a contract or steps preparatory to a contract ([GDPR Art. 6(1)(b)]). Even if no contract is ultimately signed, this basis can cover the evaluation and communications in the interim.
• Legal Obligation: Although less likely in the context of Website interactions, we may be required to process or retain certain data to comply with a legal obligation. For example, if your inquiry or application involves any legal claims or regulatory issues, or if we are required by Romanian law or an authority’s request to retain certain correspondence, we will do so as necessary to fulfill those obligations.

We will gladly explain the specific legal basis applicable to your situation if you require more detail – feel free to contact us (see “Your Rights & Contact” section).

Our Website’s philosophy is to minimize intrusive data collection, and as noted, we do not employ analytics or advertising cookies. We use only a few cookies that are strictly necessary for the Website’s core features:

• Essential Cookies: We may set a small number of essential cookies through our Website, for example to support the functioning of embedded services (such as the Calendly scheduling widget or the security CAPTCHA). These cookies are not used to track you across other sites or for advertising purposes; they are only to maintain the smooth operation and security of our site during your visit. For instance, a cookie named _cfuvid (provided by Calendly/Cloudflare) may be set to ensure your scheduling session is consistent, and a cookie named wf_auth (by Webflow, our site host) might appear as part of the platform’s authentication system (though this is not actively used for site visitors and typically expires immediately).
• No Analytics or Advertising Cookies: We do not use Google Analytics (or any similar web analytics service) on our new Website, and we do not deploy any cookies for marketing, advertising, or user-behavior tracking. This means we do not collect information about your browsing habits on our site beyond what is necessary for basic functionality. You will not see third-party marketing cookies (like Facebook pixels, Google Ads cookies, etc.) coming from our Website.

For a detailed list of the cookies used on our site and their purposes, please review our Cookie Policy (accessible via the Website footer). That policy provides information on each cookie’s name, purpose, and duration. It also explains how you can manage or disable cookies through your browser settings. Generally, because we only use necessary cookies, the site will still function if you disable non-essential cookies; however, blocking essential cookies (for example, the reCAPTCHA cookie or session cookie) might prevent certain forms or features from working (you might not be able to submit a contact request if the CAPTCHA cannot verify you, for instance).

We treat your personal data with care and confidentiality. We do not sell your data to third parties, and we do not share it with others for their own marketing purposes. However, we do share or entrust data to certain third parties in the following circumstances, as necessary to run our Website and business:

• Website Hosting (Webflow): Our Website is hosted on the Webflow platform. This means that the website content and form submissions are processed on Webflow’s servers. When you submit a form on our site, the data travels through Webflow’s infrastructure and is stored there temporarily (and/or sent to us via email). Webflow acts as a data processor on our behalf, handling the data only as we instruct and for the purpose of providing the web services. Webflow may store data on servers located in the United States or the European Union. We have taken steps to ensure that any transfers of personal data to Webflow’s servers outside the EU are protected by appropriate safeguards (for example, Webflow is certified under privacy frameworks or uses EU Standard Contractual Clauses in their terms, providing a lawful basis for international data transfer under GDPR). We have a data processing agreement in place with Webflow to protect your data.
• Email and Communication Providers: We use enterprise email services to receive form submissions and communicate internally about your inquiries or applications. Specifically, our company email may be provided through Google Workspace (Gmail) and/or Microsoft 365 (Outlook). This means that when you send a message via the contact form (which gets forwarded to our email) or when we correspond about a job application, your information may be stored on Google’s or Microsoft’s email servers. These providers are large, reputable companies that also operate under GDPR-compliant terms for business customers. They may process data on servers both within and outside the EU, but they have committed to protecting personal data via Standard Contractual Clauses and other measures as required by EU law. Your data is not used by these providers except as needed to transmit and store our communications.
• Google reCAPTCHA: When we use Google’s reCAPTCHA for spam prevention, certain data (mostly technical, like IP and mouse movements) is sent to Google LLC for analysis. Google acts as a service provider to determine if the input is from a human. We do not see the details of what Google collects for CAPTCHA; we only receive the end result (a pass/fail indicating if the form can be submitted). Google might store some of this data (e.g., for improving their service or security analytics). Google is Privacy Shield invalidation compliant via SCCs and has extensive privacy commitments. That said, this data transfer is solely for security, and we do not use Google for any other purpose on our site.
• Internal Personnel: Within Lynx Solutions, your personal data is accessed only by authorized personnel who need to process that data for the purposes described. For example, our sales or administrative team will handle contact inquiries, and our HR/recruitment team will handle job applications. All staff are trained to handle personal data securely and confidentially.
• Legal Requirements and Protection: We may disclose your information to third parties if required by law or if we believe in good faith that such disclosure is necessary to (i) comply with a legal obligation, subpoena, or request from authorities, (ii) protect our rights, property, or safety, or that of our users or others, (iii) investigate fraud or security issues, or (iv) respond to an emergency situation. We will strive to notify you if we are compelled to disclose your data in this way, unless legally prohibited or unless the situation is urgent and notification is impractical.

Aside from the above, Lynx Solutions will not transfer your personal data to others. In particular, we will not share or rent your information to advertisers or unrelated parties. All third parties that process personal data on our behalf do so under data processing agreements and are bound to strict confidentiality and security obligations as required by law.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or allowed by law (for example, for legal, accounting, or reporting requirements). The retention periods for the main categories of data we collect through the Website are:

• Contact Form Inquiries: If you submit a general inquiry or message, we will keep the information you provided (including our correspondence with you) for up to six (6) months from the date of our last interaction regarding your inquiry. We retain it for this period to ensure we have reference to our communication in case you follow up or have additional questions, and to improve our service (for example, understanding common inquiries). After 6 months of no further relevant contact, your inquiry details will be deleted from our online form database and any associated emails will be securely deleted from our mailboxes (or archived in a secure manner if needed for record-keeping, then deleted when no longer necessary). If our conversation leads toward a business relationship, we may retain correspondence longer as part of client records (but in that case, you’ll likely have entered into a contract with us and be informed accordingly).
• Job Applications (CVs and related data): If you apply for a job and are not hired for that position, we will retain your application data for up to twelve (12) months from the closure of the recruitment process or from the date we received your application. We keep it for 12 months to consider you for future employment opportunities that may arise and for which you might be a fit, and to have a record of past candidates in case a position reopens or our needs change. After 12 months, if we have not entered into an employment relationship with you, we will delete your application data (this includes deleting your CV, cover letter, and any interview notes or email exchanges from our systems). If you prefer that we do NOT keep your data after the specific recruitment process is over, you have the right to object or request erasure at any time – and we will delete your data immediately once the position you applied for is filled and data is no longer needed, upon your request (see “Your Rights” below). If you are hired as a result of your application, your data will be retained as part of your employee file and handled under our internal employee privacy policies (in such a case, we will provide you with a separate privacy notice for employees, and this Website Privacy Policy will no longer directly apply to that data).
• Website Logs: Basic server and security logs containing IP addresses and visit timestamps are generally retained only for a short period (usually a few weeks up to a few months, depending on Webflow’s policies and our needs) and are used only for troubleshooting and security monitoring. These logs are typically auto-purged on a rolling basis. We do not store them long-term unless investigating a specific security incident.
• Email Communications: If you correspond with us via email (either directly or as a follow-up to a form submission), those emails may be stored in our email system. We retain email communications for as long as necessary to manage our relationship or as required for legal or administrative purposes. Practically, important business communications might be kept indefinitely in archives, whereas casual or irrelevant communications are periodically cleaned out. We follow our internal email retention guidelines to ensure we don’t keep personal data in emails longer than needed. If you want an email you sent us deleted, please let us know and we will accommodate where possible.

When the retention period expires, or if you withdraw your consent (where applicable) and request deletion, we will ensure that your personal data is securely deleted or anonymized (so it can no longer be associated with you). In case of backup copies, those will be removed as soon as feasible as well.

Please note that in certain cases we might retain data for a longer period if it is necessary due to a legal obligation or to establish, exercise, or defend legal claims (for example, if you made a complaint or we reasonably believe there is potential litigation regarding your interaction, we may preserve relevant information until the issue is resolved). We always ensure such extended retention is lawful and secure.

Under the GDPR and applicable Romanian data protection laws, you have a number of important rights regarding the personal data that we hold about you. We are committed to upholding your rights and facilitating your exercise of them. Your principal rights include:

• Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to access that data. You may ask for a copy of the personal information we hold about you, as well as information on how we use it. (Note: For multiple or excessive requests, we may charge a reasonable fee or refuse if manifestly unfounded, as permitted by law, but we will inform you of our reasoning in such cases.)
• Right to Rectification: If any of your personal data we have is inaccurate or incomplete, you have the right to have it corrected or completed. For example, if you realize you provided a wrong phone number in an inquiry, you can ask us to update it. We appreciate it if you keep your data up-to-date when interacting with us.
• Right to Erasure: Also known as the “right to be forgotten,” this gives you the ability to request deletion of your personal data when there is no compelling reason for us to continue processing it. You can request that we erase your data if: (a) it’s no longer necessary for the purpose we collected it (e.g., we’ve finished processing your inquiry or job application and have no other justification to keep the data); (b) you initially consented to processing, but now withdraw consent and we have no other legal basis to keep it; (c) you have objected to us using your data (see right to object below) and we have no overriding legitimate grounds to continue; (d) we processed your data unlawfully; or (e) the data must be erased for compliance with a legal obligation. We will honor valid erasure requests and take steps to inform any processors (e.g., Webflow, if they still hold it) to also delete your data. Keep in mind there are some exceptions – for example, we might retain certain minimal information if needed for a legal claim or if required by law to keep (but we would inform you about this if it applies).
• Right to Restrict Processing: You have the right to request that we temporarily limit the processing of your data in certain circumstances. This means we can store it but not use it further until the restriction is lifted. You might request restriction if: you contest the accuracy of the data (while we verify it); or you objected to our use (while we consider if our grounds override yours); or the processing is unlawful but you prefer restriction instead of deletion; or we no longer need the data but you need us to keep it for a legal claim. If restricted, we will mark the data as such and only process it with your consent or for legal reasons.
• Right to Data Portability: For data that you provided to us and that we process by automated means based on your consent or in performance of a contract, you have the right to request that we provide it to you in a structured, commonly used, machine-readable format (for example, CSV or JSON file), and you have the right to transmit that data to another controller (or ask us to transfer it for you, where technically feasible). In plain terms, this is mostly relevant if you gave us data in a system and want to reuse it elsewhere. Given the nature of our data (contact form or CV), this right may be less applicable, but if you need your data that we have, we will provide it in a suitable format.
• Right to Object: You have the right to object to our processing of your personal data when that processing is based on our legitimate interests. If you object on grounds relating to your particular situation, we will consider your request and will no longer process the data unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or unless we need to continue processing for the establishment, exercise, or defense of legal claims. You also have an absolute right to object to any processing for direct marketing purposes – though as noted, we currently do not process your data for direct marketing without consent.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing that was done before withdrawal, but once consent is withdrawn, we will stop the processing that was based on it. For example, if you consented to us keeping your CV for future opportunities and you later change your mind, you can contact us to withdraw that consent, and we will delete your CV (unless another legal basis applies to keep it). Withdrawing consent will not cause any penalties or change how we treat you; however, it might mean we cannot continue providing certain services (e.g., consider you for future roles).
• Right to Lodge a Complaint: If you believe that we have not handled your personal data properly or have violated your rights, you have the right to file a complaint with a supervisory authority. Lynx Solutions SRL is under the jurisdiction of the Romanian data protection authority: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP). You can contact the ANSPDCP (e.g., via their website www.dataprotection.ro) to submit a complaint. If you reside in another EU country, you may also contact your local supervisory authority. Of course, we would appreciate the chance to address your concerns directly before you escalate to an authority – so please feel free to reach out to us or our DPO with any issues, and we will do our best to resolve them promptly and transparently.

To exercise any of your rights, you can contact us by email at dpo@lynxsolutions.eu or by mail to our postal address (see “Who We Are”). We may need to verify your identity before fulfilling certain requests (to ensure we don’t disclose data to the wrong person). We will respond to your request within one month of receipt, or inform you if we need additional time (up to a maximum of two further months for complex requests, as permitted by GDPR). There is normally no fee for exercising your rights; however, if a request is manifestly unfounded or excessive, we might charge a reasonable fee or decline to act on it (but we will provide our reasoning in such cases).

We are dedicated to respecting your rights and will assist you in every possible way.

We understand the importance of data security and take appropriate measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Lynx Solutions implements a variety of technical and organizational security measures, such as encryption of data in transit (our Website is served over HTTPS/TLS), access controls to limit who in our organization can see your information, secure data storage solutions, anti-malware and firewall systems on our website platform, and training for staff on data protection best practices.

Our Webflow hosting environment maintains its own robust security protocols, and any third-party processors (Google, Microsoft, , etc.) that handle data on our behalf are reputable companies with strong security standards and GDPR-compliant data protection programs.

However, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You should also take care to protect your own credentials and personal information, especially when sending information to us. If you have reason to believe that your interaction with us or the Website is no longer secure (for example, if you suspect a vulnerability or you receive suspicious communication purporting to be from us), please notify us immediately at dpo@lynxsolutions.eu.

We thank you for reading our Privacy Policy. Privacy and data protection is an ongoing priority for Lynx Solutions, and we welcome any questions or feedback you might have. If you would like to ask anything about this Policy or about how we handle your personal data, or if you wish to exercise your data protection rights, please contact us:

• Email: dpo@lynxsolutions.eu (Attn: Data Protection Officer)
• Postal Mail: Data Protection Officer – Lynx Solutions SRL, Str. Ropo, Nr. 6, 547367 Corunca, Mureș, Romania
• Phone: +40 265 311 829 (you can ask for the DPO or HR department regarding a privacy inquiry)

We will be happy to assist you.

However, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You should also take care to protect your own credentials and personal information, especially when sending information to us. If you have reason to believe that your interaction with us or the Website is no longer secure (for example, if you suspect a vulnerability or you receive suspicious communication purporting to be from us), please notify us immediately at dpo@lynxsolutions.eu.