We respect your privacy and we are committed to protecting any personally identifiable information you may provide us through the Website, while complying with all applicable data protection and privacy laws.

This Privacy Policy sets out the basis on which any personal data which we collect from you, or that you provide to us, will be processed by us.


The data controller for our website is WORDSURF SRL, located in Bucharest, Romania.

If you need to contact us with regard to any of your rights as set out in this Privacy Policy, feel free contact our designated Data Protection Officer (DPO) via e-mail at


We may collect Personal Data from you in the course of our business, including through your use of our website, when you contact or request information from us, when you contract our services or as a result of your relationship with our staff.

The information we process includes:

  • basic information, such as your name, the name of the company you represent, your position;
  • contact information, such as your e-mail address, phone number(s), and postal address;
  • technical information, such as information from your visits to our website or in relation to materials and communications we send to you electronically;
  • identification and background information provided by you; or
  • any other information relating to you which you may provide to us.

We receive personal data directly from you, as data subjects, or we may use public web pages to gather contact information. Other information sources may be used as permitted by the applicable legislation.

We endeavour to keep your data accurate and up-to-date. As such, you should let us know about any changes to such information that you are aware of as soon as possible.

We may use your personal data on the following legal bases:

  • to provide and improve our services to you;
  • to provide information requested by you;
  • to send you updates and publications;
  • to manage our relationship with you;
  • to fulfil our legal, regulatory and risk management obligations; or
  • to fulfil the purposes of recruitment, as applicable.

Whenever we wish to use your personal data in any other way, we will ensure that we notify you and get your consent first. You will be given the opportunity to withhold or withdraw your consent for the use of your personal data for purposes other than those listed in this Privacy Policy.

We do not share or sell data and you can always request an overview of your data from us. To learn more about your rights, please visit


Categories of data subjects, whose personal data may be processed by WORDSURF may include, among others:

  • Website end-users
  • Customers (contact persons/representatives)
  • Prospects (contact persons/representatives)
  • Suppliers (contact persons/representatives)
  • Contractors/consultants/freelancers
  • Current personnel
  • Potential personnel (job applicants)
  • Former personnel
  • Shareholders
  • Beneficiaries


WORDSURF will not share your personal data without your consent or unless required by law, except as set out in this Privacy Policy.

In order to fulfil our contractual obligations to you, we may disclose your personal data to our employees, contractors and affiliated organizations that (i) only on a need-to-know basis for the processing of such data on WORDSURF’s behalf, and (ii) only to those employees, contractors and affiliated organizations that have agreed not to disclose such data to third parties and are bound by confidentiality obligations. Some of those employees, contractors and affiliated organizations may be located outside Romania. By submitting your data, you explicitly consent to the transfer of such information to them. We have suitable safeguards in place for such transfer, using standard contractual clauses accepted by the EU.

We process information ourselves and use subcontractors, such as direct marketing service providers, that process personal data on behalf of and for us when providing services to us. Such subcontractors are not entitled to use the personal data for any purpose other than for providing services to us.


The personal data of our website end-users, customers, prospects, suppliers, contractors, consultants, freelancers, current personnel, job applicants, former personnel, shareholders, and beneficiaries is stored in on our (or contracted third party) secure servers, access to which is secured by a password.

The right to access the personal data in our system is limited to certain persons, based on their responsibilities requiring processing of such personal data. Any person accessing the personal data in our system is bound by confidentiality obligations.

Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted us and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You acknowledge that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your personal data arising from such risks.

Personal data is stored for as long as it is required for the purpose of processing personal data, considering the storage times specified in the applicable legislation and regulations, such as accounting and taxation legislation and regulations.


According to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and other data protection legislation currently in force in Romania, you have the right of access to your personal data and to relevant information regarding our use of such data.

If you would like to have a copy of the personal data we hold on you or if you think that we hold incorrect personal data about you, please write to our Data Protection Officer.

We will deal with requests for copies of your personal data or for correction of your personal data within one month. If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than one month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Where applicable, you may also have a right to receive a machine-readable copy of your personal data.

You have the right to rectify your personal data and ask that we delete your personal data or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request.

You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time, by submitting a written request.

Where you have provided us with consent to use your personal data, you can withdraw or change this at any time by submitting a written request via e-mail at

If you feel your rights have been infringed, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing at:

We will notify serious data breaches in respect of your personal data to the supervisory authority without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay. However, it is not necessary to notify the supervisory authority where the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. A personal data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your personal data (which poses a high risk to you) when we are required to do so under data protection legislation. We will not be required to notify you of a data breach where: we have implemented appropriate technical and organizational measures that render the personal data unintelligible to anyone not authorized to access it, such as encryption; or we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialize; or it would involve disproportionate effort, in which case we may make a public communication instead.

WORDSURF may change its Privacy Policy from time to time and at WORDSURF’s sole discretion. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use the website to submit your personal data. If material changes are made to the Privacy Policy, we will notify you by placing a prominent notice on our website or by sending you a notification in relation to such change. We will not process your personal data in a manner not contemplated by this Privacy Policy without your consent.

This Privacy Policy was last reviewed on: January 2023.




Most modern-day interactive websites use cookies to enable retrieval of user details for each visit. Cookies are pieces of data, normally stored in text files, that websites place on a visitor’s computer or mobile device to store specific information about the visitor. Cookies were designed to be a reliable mechanism for websites to remember information or to record the user’s browsing activity.

How we use cookies

Like most website operators, WORDSURF uses cookies to analyse how our Website is being used, measure the number of visitors and improve their browsing experience, as well as to show services that are relevant to our visitors. When you access, we may automatically collect information from you through cookies or similar technologies.

Cookies that are used by our Website are referred to as “first-party cookies” and those that are used by our partners are “third-party cookies”. Because of how cookies work, our Website cannot access third-party cookies, nor can other organisations access the data in the cookies we use on our Website.  

Types of cookies we use

Below is a detailed list of the cookies we use on our Website.

  • Essential Cookies – cookies that are essential to provide you with services you have requested. For example, these include the cookies that make it possible for you to stay logged into your WORDSURF account, if available. If you set your browser to block these cookies, then these functions and services will not work for you. In particular, we won’t be able to save your preferences about cookies.
  • Performance Cookies – cookies which measure how often you visit our website and how you use it. We use this information to get a better sense of how our users engage with our content and to improve our website, so that users have a better experience. For example, we collect information about which of our pages are most frequently visited, and by which types of users. We also use third-party cookies to help with performance. For example, the Google Analytics cookie gives us information such as your journey between pages and whether you have downloaded anything (details of how to opt out of it are below).
  • Functional Cookies – cookies that are used to recognise you and remember your preferences or settings when you return to our site, so that we can provide you with a more personalised experience. For example, if you are based in Romania, we will remember this and make sure that you access our homepage in Romanian when you visit our website, rather than the English version. A mix of first-party and third-party cookies are used.
  • Targeting Cookies – cookies that are used to collect information about your visit to our Website, the content you have viewed, the links you have followed and information about your browser, device and your IP address.

It is possible to stop your browser from accepting cookies altogether by changing your browser’s cookie settings. You can usually find these settings in the “options” or “preferences” menu of your browser. The following links may be helpful, or you can use the “Help” option in your browser.

Useful links

If you would like to find out more about privacy, cookies and their use on the internet, you may find the following links useful:

If you would like to contact us about cookies please email us at