1. Who is responsible for your data
The data controller is HASHGRAPH TECHNOLOGIES SRL, trading as Simion Advisory Partners, registered office at Str. Școlii Nr. 29, Sat Stăncești, Comuna Târgșoru Vechi, Prahova County, 107590, Romania, Trade Registry No. J29/507/22.02.2022, CUI 45683140, VAT ID RO46177761 ("we", "us"). Contact for anything in this Notice: simion@simionadvisory.com. We have not appointed a Data Protection Officer, as we are not required to; the contact above handles all privacy matters.
2. What we collect, and when
When you contact us or request a free review. Name, email address, anything you write about your situation, and any files you attach or send, which may include financial models, board packs or company financials. We treat submitted business materials as confidential and use them only to respond to your request.
When you purchase a service through the Site. Your name, email, billing details and order configuration. Card payments are processed by Stripe; we do not receive or store your full card number. Stripe acts as our payment processor and, for some of its own obligations, as an independent controller under its own privacy policy.
When we work together. Contact details, contractual and billing information, correspondence, and the business information needed to deliver the engagement.
Automatically, through the Site. Usage data via cookies and similar technologies, only as described in our Cookie Policy and subject to your choices there.
We do not intentionally collect sensitive (special category) data, and the Site is not directed at children. If you send us data about other people (for example, inside company files), you are responsible for having the right to share it.
3. Why we process it, and on what legal basis
- Responding to inquiries and providing free reviews: steps at your request prior to a contract (GDPR art. 6(1)(b)) and our legitimate interest in responding to people who contact us.
- Delivering purchased services, billing and account administration: performance of a contract (art. 6(1)(b)).
- Invoicing, accounting and tax records: legal obligation (art. 6(1)(c)).
- Analytics and advertising measurement: your consent where required (art. 6(1)(a)), as managed in the cookie banner.
- Occasional emails about our services to existing contacts: legitimate interest (art. 6(1)(f)), with an opt-out in every message; or consent where the law requires it. We send no third-party advertising.
- Establishing, exercising or defending legal claims, and securing the Site: legitimate interest (art. 6(1)(f)).
We do not sell personal information, and we do not use automated decision-making that produces legal or similarly significant effects about you.
4. Files you submit for review
Because our free reviews invite you to send real business documents, this deserves its own paragraph. Submitted files are used solely to prepare the review you asked for, are accessible only to the principal, are not shared with anyone, and are deleted or archived once the exchange concludes, unless we proceed to an engagement (in which case the engagement terms apply) or we need to retain them to document the interaction. Sending a file does not create an engagement; see the Terms of Use.
5. Who receives data
We use a small set of service providers acting on our instructions: website hosting and infrastructure (Google Firebase), analytics and advertising measurement (Google, subject to your cookie choices), payment processing (Stripe), and email/productivity tooling for correspondence and scheduling. We may disclose data where the law requires it, to professional advisers under confidentiality, or in connection with a corporate transaction. We share no data with third parties for their own marketing.
6. International transfers
Some providers (Google, Stripe) may process data outside the European Economic Area, including in the United States. Where that happens, transfers rely on an adequacy decision such as the EU-US Data Privacy Framework, or on Standard Contractual Clauses, together with additional safeguards where appropriate.
7. How long we keep data
- Inquiries and free-review exchanges that do not become engagements: up to 24 months from the last contact, then deleted.
- Client and engagement records, invoices and fiscal documents: as required by Romanian accounting and tax law.
- Marketing contact details: until you opt out or ask us to stop.
- Data relevant to a dispute: until the matter and its limitation periods close.
8. Your rights
If you are in the EU/EEA or another jurisdiction with similar laws, you can ask us for access to your data, correction, deletion, restriction of processing, portability, and you can object to processing based on legitimate interest. Where processing is based on consent, you can withdraw it at any time without affecting prior processing. Write to simion@simionadvisory.com; we may need to verify your identity, and if you act for someone else, proof of authorization. We respond within the legal deadline (one month, extendable for complex requests).
You can also lodge a complaint with a supervisory authority. In Romania this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), www.dataprotection.ro. If you live elsewhere in the EU, you may complain to your local authority instead.
9. Security
We limit access to personal data to what the work requires, use reputable infrastructure providers, encryption in transit, and access controls. No internet transmission is perfectly secure; if a breach occurs that affects your rights, we will notify you and the authority as the law requires.
10. Third-party links
The Site may link to external websites, which have their own privacy practices. This Notice covers only our processing.
11. Changes
We update this Notice as our processing changes; the date above reflects the current version, and material changes will be made reasonably visible on the Site.