EUROANSWER DATA PROTECTION & PRIVACY POLICY
EUROANSWER DATA PROTECTION & PRIVACY POLICY
Euroanswer Data Protection & Privacy Policy
Last updated: 30/06/2026
About This Policy
This policy explains how Euroanswer S.R.L. (“Euroanswer”, “we”, “us”, “our”) collects, uses, stores, and protects personal data in connection with our website and our business activities. It applies to website visitors, enquirers, job applicants, and marketing subscribers.
It does not cover personal data processed by Euroanswer on behalf of its clients as a data processor — such processing activities are governed by the applicable Data Processing Agreement (“DPA”) concluded with each client and by the instructions provided by the respective data controller.
Contents:
7. Cookies. 8
1. Who We Are and How to Contact Us
Euroanswer S.R.L. is a Business Process Outsourcing (BPO) company registered in Romania, operating delivery centres in Bucharest (Romania), and in Skopje (Republic of North Macedonia). We provide multilingual customer service, technical support, staffing, and outstaffing services to clients across more than 40 countries.
For the purposes of this policy, Euroanswer acts as the data controller in relation to the personal data described herein — meaning that we determine the purposes and means of processing such personal data in accordance with the applicable data protection legislation, including the GDPR.
Data Controller & Data Protection Officer (DPO)
Company: Euroanswer S.R.L.
Address: 28 Dr. Iacob Felix St, 1st Floor, 011038, District 1, Bucharest, Romania
DPO Name: Cristian Șerbănoiu
DPO Email: [email protected]
DPO Phone: +40 724 254 177
Website: www.euroanswer.co.uk
For all data protection queries — including exercising your rights, raising a concern, or requesting a copy of the applicable Data Processing Agreement — please contact the DPO using the details above. You may submit your request using any of the contact methods provided above. In certain circumstances, we may request additional information to verify your identity before responding to your request, where this is necessary to protect your personal data and comply with applicable data protection legislation. If you contact us by phone, we will advise you on the appropriate steps for submitting your request.
2. Personal Data We Collect and How We Use It
We collect and process personal data only where we have a valid legal basis under the GDPR to do so. The sections below describe each processing activity, the categories of personal data processed, the legal basis under the GDPR, and the applicable retention period.
2.1 Website Enquiries and Contact Form
When you submit our contact form or email us directly, we collect the following personal data: first name, last name, email address, phone number, company name, and the content of your message (including the area of interest you indicate and how you heard about us).
Purpose: Responding to business enquiries and managing ongoing correspondence Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — to manage business relationships and respond to enquiries, and communicate with prospective clients.
Retention period: 2 years from the date of our last contact, will be securely deleted or anonymised, unless a longer retention period is required by law or is necessary for the establishment, exercise or defence of legal claims.
Purpose: Complaint handling and dispute resolution
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — to investigate, manage and resolve complaints and disputes.
Retention period: 5 years from the date the complaint or dispute is resolved, unless a longer retention period is required by applicable law or is necessary for the establishment, exercise or defence of legal claims.
2.2 Marketing and Newsletter Communications
We send newsletters, industry news, white papers, case studies, and promotional content only to individuals who have explicitly opted in by ticking the marketing consent checkbox on our contact form or newsletter sign-up widget.
Purpose: Sending marketing emails and newsletters to subscribers who have provided their consent.
Legal basis: Consent (Article 6(1)(a) GDPR) — freely given, specific, informed, and withdrawable at any time.
Retention period: Until you unsubscribe or withdraw your consent; Your personal data will be deleted or anonymised within 30 days of receiving your unsubscribe request or withdrawal of consent, unless we are required to retain certain information to comply with a legal obligation or to establish, exercise or defend legal claims.
You may withdraw your marketing consent at any time by clicking the unsubscribe link in any email we send, or by contacting our Data Protection Officer using the contact details provided above. Withdrawal of consent will not affect the lawfulness of processing based on your consent before withdrawal.
2.3 Job Applications
When you apply for a position through our website or the “Join the Team” page, we collect the personal data contained in your application including— typically name, contact details, work history, qualifications, and any additional information you choose to provide.
Purpose: Assessing your application and conducting a recruitment process
Legal basis: Taking steps at your request prior to entering into a contract of the data subject (Article 6(1)(b) GDPR).
Retention period: 12 months from the date of our final decision if unsuccessful, unless you have consented to the retention of your personal data.
Purpose: Onboarding and employment administration if your application is successful Legal basis: Performance of the employment contract (Article 6(1)(b) GDPR) and compliance with legal obligations (Article 6(1)(c) GDPR).
Retention period: Duration of employment plus the applicable statutory period required under applicable Romanian employment, tax and accounting legislation.
Additional information regarding the processing of applicants’ personal data is provided in our Candidate Privacy Notice, available in Romanian and English upon request.
2.4 Website Analytics and Cookies
We use cookies and similar tracking technologies to understand how visitors interact with our website. Non-essential cookies including analytics and advertising cookies are placed on your device only after you have provided your prior consent through our cookie consent banner, in accordance with the applicable data protection and ePrivacy legislation. See Section 7 and our full Cookie Policy for details.
Purpose: Essential site functionality (session management, language preference, spam prevention)
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) / and/or compliance with the rules applicable to strictly necessary cookies, for which consent is not required.
Retention period: Session to 1 year, as specified in our Cookie Policy.
Purpose: Functional cookies (remembering your language preference and other display settings)
Legal basis: Consent (Article 6(1)(a) GDPR).
Retention period: Up to 1 year, as specified in our Cookie Policy.
Purpose: Analytics (Google Analytics, Microsoft Clarity)
Legal basis: Consent (Article 6(1)(a) GDPR).
Retention period: Up to 13 months for Google Analytics data; 30 days for Microsoft Clarity session recordings.
Purpose: Advertising and remarketing (Google Ads, DoubleClick, Google Marketing Platform)
Legal basis: Consent (Article 6(1)(a) GDPR).
Retention period: 3 to 6 months, as specified in our Cookie Policy.
3. Third-Party Recipients and International Transfers
In operating this website and our business, your personal data may be shared with the following third-party service providers. We have carried out due diligence on each provider and require them to process your data only on our documented instructions, in accordance with applicable data protection law.
Google LLC (Google Analytics, Google Tag Manager, reCAPTCHA)
Role: Data processor (where applicable)
Purpose: Website analytics, tag management, spam prevention
Country: USA
Transfer safeguard: EU Standard Contractual Clauses (SCCs)
Google LLC (YouTube, DoubleClick)
Role: Independent controller / processor depending on the service and processing activity
Purpose: Embedded video content; advertising measurement and remarketing
Country: USA
Transfer safeguard: EU Standard Contractual Clauses (SCCs)
Microsoft Corporation (Microsoft Clarity)
Role: Data processor (where applicable)
Purpose: Session recording and heatmap analytics — captures anonymised user behaviour patterns including mouse movements, clicks, and scroll activity
Country: USA
Transfer safeguard: EU Standard Contractual Clauses (SCCs)
CookieYes Ltd Role: Data processor
Purpose: Cookie consent management — records and stores your consent choices
Country: Ireland (EEA)
Transfer safeguard: EEA-based processing — no international transfer
Automattic Inc. / WordPress Role: Data processor
Purpose: Website hosting and content management platform
Country: USA
Transfer safeguard: EU Standard Contractual Clauses (SCCs)
Where personal data is transferred to countries outside the European Economic Area (primarily the United States), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR as the appropriate safeguard. You may request a copy of the relevant SCCs by contacting our Data Protection Officer using the contact details provided in Section 1.
We do not sell your personal data to any third party, nor do we share it for any purpose beyond those described in this policy.
4. How Long We Keep Your Data
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, and to comply with applicable legal, regulatory, and contractual obligations.
- Contact form submissions and business enquiries: 2 years from the date of last contact;
- Complaint records: 5 years from the date the complaint is resolved.
- Marketing subscriber data: Until you unsubscribe or withdraw your consent, plus 30 days for deletion processing.
- Unsuccessful job applications: 12 months from the date of the final recruitment decision.
- Employee records (successful applicants): Duration of employment plus the applicable statutory retention periods under Romanian employment, tax, and accounting legislation.
- Website analytics data (Google Analytics): Up to 13 months.
- Session recordings (Microsoft Clarity): 30 days.
When the applicable retention period expires, data is securely deleted or anonymised so that it can no longer be associated with an individual.
5. How We Protect Your Data
Euroanswer implements appropriate technical and organisational security measures in accordance with Article 32 GDPR to protect personal data against unauthorised access, accidental loss, destruction, or disclosure.
Technical measures
- TLS/HTTPS encryption for all data in transit across the website
- Encryption of personal data at rest on our systems
- Role-based access controls — staff access personal data only on a need-to-know basis
- Multi-factor authentication for access to internal systems and CRM platforms
- Regular vulnerability assessments and security patching
- Firewall and intrusion detection systems across our delivery centre infrastructure
Organisational measures
- Mandatory data protection training for all staff, refreshed annually
- Written confidentiality and non-disclosure agreements for all employees and contractors
- A formally appointed Data Protection Officer with independence and adequate resources
- A documented incident response team and breach notification procedure
- ISO-certified information security management systems where applicable (certification details available on request)
- Regular internal audits of data processing activities
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and will inform you directly without undue delay where the breach is likely to result in a high risk to your rights and freedoms.
6. Your Rights Under GDPR
Under EU GDPR and where applicable UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact our Data Protection Officer using the contact details provided in Section 1. We will respond within one calendar month of receiving your request, extendable by a further two months in complex or multiple cases, with notification to you of the extension and the reasons for it.
Right to be Informed To know how and why we process your personal data — which is the purpose of this policy and the information provided in this document.
Right of Access (Article 15) To obtain confirmation of whether we hold your data, and to receive a copy of it along with information about how it is used. Copies are provided free of charge unless a request is manifestly unfounded or excessive.
Right to Rectification (Article 16) To have inaccurate or incomplete personal data corrected. We will act within one month, extendable to three months for complex cases.
Right to Erasure (Article 17) To request deletion of your data where it is no longer necessary for the purpose which it was collected, consent is withdrawn (where consent is the applicable legal basis), or processing is unlawful. We will inform you if deletion is not possible and explain the reason.
Right to Restrict Processing (Article 18) To request that we limit how we use your data — for example, while we verify its accuracy or consider an objection you have raised.
Right to Data Portability (Article 20) To receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and is carried out by automated means.
Right to Object (Article 21) To object to processing based on legitimate interest or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately and without requiring any further action or explanation from you.
Rights Related to Automated Decision-Making (Article 22) Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Euroanswer does not engage in such automated decision-making activities.
To protect your data, we may ask you to verify your identity before we process a rights request. We will request only reasonable evidence (such as a copy of photo ID) and will use it solely for verification purposes. We will not charge a fee unless a request is manifestly unfounded or excessive, in which case we will explain our reasons before applying any charge or declining to act. Where possible, we will limit the information requested to what is necessary to verify your identity.
7. Cookies
We use cookies and similar tracking technologies on our website. Cookies are small text files placed on your device that allow us and third parties to recognise your browser and collect certain information about how you use our site.
We categorise cookies as follows:
Necessary cookies — essential for the website to function correctly. These are placed automatically and do not require your consent.
Functional cookies — improve your experience, for example by remembering your language preference. Placed only with your consent.
Analytics cookies — help us understand how visitors use the site (Google Analytics, Microsoft Clarity). Placed only with your consent.
Advertising cookies — used to deliver relevant advertisements and track campaign effectiveness (Google Ads, DoubleClick, YouTube). Placed only with your consent.
You can manage or withdraw your cookie consent at any time by clicking the Cookie Settings link in the footer of our website, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the site.
Full details of every cookie we use — including names, purposes, providers, and durations — are set out in our Cookie Policy at www.euroanswer.co.uk/euroanswer-cookies-policy and are updated periodically to reflect any changes to the cookies and tracking technologies used on our website
8. Automated Decision-Making
Euroanswer does not make any decisions about individuals that are based solely on automated processing including profiling, where such decisions produce legal or similarly significant effects on individuals. All decisions with material consequences for data subjects involve human review and oversight.
9. Children’s Data
Our website and services are directed at business professionals and are not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact our Data Protection Officer using the contact details provided in Section 1 and we will take appropriate steps to verify the situation and delete the data where required by applicable data protection law.
10. Changes to This Policy
We may update this policy from time to time to reflect changes in our data processing activities, applicable law, or regulatory guidance. Where changes are material, we will notify you by posting a prominent notice on our website, updating the Last Updated date at the top of this page, and — where we hold your email address — sending you a direct notification.
We encourage you to review this policy periodically. Continued use of our website after a material change constitutes acknowledgement of the updated policy, but does not constitute consent to any new processing activities that require explicit consent — we will seek such consent separately.
11. How to Make a Complaint
If you have a concern about how we handle your personal data, we ask that you contact our DPO in the first instance, so we have the opportunity to address it:
Data Protection Officer Name: Cristian Șerbănoiu Email: [email protected] Phone: +40 724 254 177 Address: 28 Dr. Iacob Felix St, 1st Floor, 011038, District 1, Bucharest, Romania
If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority.
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) Website: www.dataprotection.ro Address: B-dul Gheorghe Magheru 28-30, Sector 1, Bucharest Email: [email protected]
Contact Us
Name: Cristian Serbanoiu
Phone: (+40) 0724 254 177
Email: [email protected]
Address: 28 Dr. Iacob Felix St, 1st Floor, 011038, District 1, Bucharest.
