Privacy Policy
Effective Date : 23.09.2025
Whitelight Advisory SRL respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, how we share it, and your rights under applicable data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”).
By using our website or services, you agree to the terms of this Privacy Policy.
1. Who we Are
Whitelight Advisory SRL is a strategy consultancy providing strategic analysis, recommendations, and related services. For the purposes of the GDPR, we act as the data controller of your personal data.
2. Information We Collect
We process the following categories:
Identification & contact: name, email, phone, company, role.
Billing: invoicing details; payment status (note: card data is processed by our payment providers; we do not store card numbers).
Order & intake data: goals, constraints, uploads (docs, PDFs, images), messages.
Technical/usage: IP address, device/browser, pages viewed, timestamps, referrers, cookie IDs.
Communications & preferences: emails, support tickets, consent/opt-in records.
We Do not Seek Special-Category Data (health, political opinions, etc.) and ask users not to submit it.
3. Purposes & Legal Bases (GDPR art. 6)
Account/order handling, delivery of services (Playmaker Token) – art. 6(1)(b) performance of contract.
Customer support & communications – art. 6(1)(b) and/or 6(1)(f) legitimate interest.
Invoicing, accounting, legal obligations – art. 6(1)(c) (e.g., tax laws).
Website security, fraud prevention, debugging, analytics – art. 6(1)(f) legitimate interest.
Direct marketing by email/SMS – art. 6(1)(a) consent; or soft opt-in under Law 506/2004 art. 12(2) for our own similar products to existing customers, with opt-out at any time.
Consent-based features (e.g., non-essential cookies, marketing pixels) – art. 6(1)(a) consent.
You may withdraw consent at any time without affecting prior processing (GDPR art. 7).
4. Cookies & similar tech
We use cookies as required by Law 506/2004 and GDPR. Non-essential cookies (analytics/marketing) are set only after your consent via our banner. You can change preferences anytime in the banner or browser settings.
Analytics currently used: Google Analytics (IP truncation enabled where available). Opt-out tool: https://tools.google.com/dlpage/gaoptout.
See our Cookie Policy for details (types, purposes, lifetimes, vendors).
5. Sources of Data
- Directly from you (checkout, forms, email, uploads).
- Automatically via our site/app (cookies, logs).
- Payment status from payment providers (e.g., success/failed).
6. Recipients (Who we share data with)
We disclose data only as needed and subject to appropriate safeguards:
Hosting & website: HOSTINGER, UAB
Payments: Stripe, (independent controllers for card data; PCI-DSS compliant).
Email/communications: Gmail, Google Workspace, Hostinger Webmail, Substack INC.
Analytics/consent management: Google Analytics, [Cookie banner provider].
Professional advisors & authorities: accountants, legal counsel, tax authorities, courts, ANAF/other regulators when legally required.
We do not sell personal data.
7. International Transfers
Some recipients may be outside the EEA (e.g., US). Where this occurs, we rely on:
Adequacy decisions (GDPR art. 45), and/or
Standard Contractual Clauses (SCCs) (GDPR art. 46) + supplementary measures.
Copies of relevant safeguards can be requested at privacy@whitelightadvisory.com (commercially reasonable redactions may apply).
8. Retention
We keep data no longer than necessary:
Contract/account/Order data: 10 years (Romanian accounting/tax rules).
Intake/uploads for all SERVICES deliverables: up to 3 years from last activity, unless you request deletion earlier where legally possible.
Marketing/contact data: until withdrawal of consent or objection, then we suppress to honor opt-outs.
Logs/analytics: typically 12–24 months (or per tool default), aggregated thereafter.
Legal disputes or obligations may extend retention.
9. Your rights (GDPR arts. 15–22)
You can request:
Access to your data; rectification; erasure; restriction; portability; objection to processing (incl. direct marketing).
To withdraw consent at any time for consent-based processing.
Not to be subject to a decision based solely on automated processing, including profiling (we do not make such decisions producing legal or similarly significant effects).
To exercise rights: email privacy@whitelightadvisory.com . We may verify identity. We respond within 1 month (extendable by 2 months for complexity).
Complaint: You may lodge a complaint with the Romanian Data Protection Authority:
ANSPDCP – B-dul G-ral Gheorghe Magheru nr. 28-30, Sector 1, 010336, București •
Tel: +40 318 059 211 • www.dataprotection.ro • anspdcp@dataprotection.ro
10. Children
Our services target adults. We do not knowingly process data of persons under 18. If you believe a minor provided data, contact us to delete it.
11. Security
We implement technical and organizational measures appropriate to the risk (encryption in transit, access controls, least-privilege, backups, vendor due diligence). No system is 100% secure; residual risk cannot be eliminated.
12. Automated Decision Making / Profiling
We do not use automated decision-making that produces legal or similarly significant effects (GDPR art. 22). Any analytics or scoring we run is solely to improve services and does not make binding decisions about you.
13. Third-party Links & Platforms
Our site may link to third-party websites or embed third-party tools. Their privacy practices apply. Please review their policies.
14. Changes to this Policy
We may update this Policy periodically. We will post the new version here and update the Effective date. Material changes may be notified by email/banner where feasible.
15. Contact
For any privacy question, request, or complaint, contact:
[Whitelight Advisory SRL] • privacy@whitelightadvisory.com