Privacy Policy
Effective date: 11 July 2026
Last updated: 11 July 2026
1. Who we are
Delegatos is a trading name of WONDER WARDROBE S.R.L., a company registered in Romania.
| Legal entity | WONDER WARDROBE S.R.L. |
|---|---|
| Trading as | Delegatos (delegatos.com) |
| CUI | 49678309 |
| Trade Register no. | J40/4292/2024 |
| Registered address | Calea Moșilor nr. 88, Scara F, Ap. F1, 030167 București, Sector 3, Romania |
| Privacy contact | info@delegatos.com |
We are the data controller for the personal data described in Part A of this policy (data collected through delegatos.com). For data we access inside a client’s own systems during a project, we act as a data processor on that client’s instructions. This is explained in Part B.
We are not required to appoint a Data Protection Officer under Article 37 GDPR, as we do not carry out large-scale monitoring or large-scale processing of special-category data. Privacy questions are handled directly by our founder at info@delegatos.com.
2. What this policy covers
- Part A covers people who visit delegatos.com, contact us, or subscribe to our emails.
- Part B covers data we encounter when delivering AI implementation projects for client organisations.
- Part C covers your rights, cookies, security, and how to reach us.
Part A: Website visitors, enquiries and subscribers
3. Data we collect and why
3.1 Contact form enquiries
When you submit the contact form on delegatos.com we collect the information you enter, typically your name, email address, and the content of your message, along with the date and time of submission.
- Why: to reply to you and, if relevant, to discuss and scope a possible engagement.
- Legal basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and Article 6(1)(f) (our legitimate interest in responding to business enquiries).
- Where it goes: the submission is stored in our WordPress database (hosted with Hostinger) and emailed to our inbox.
3.2 Newsletter and marketing emails
If you subscribe, we collect your email address and, where you provide it, your name. Our email platform (Brevo) also records engagement data such as whether an email was delivered, opened, or clicked.
- Why: to send you our newsletter and occasional information about our services.
- Legal basis: Article 6(1)(a) GDPR (your consent). You can withdraw consent at any time using the unsubscribe link in any email, or by writing to info@delegatos.com. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
- We do not sell, rent, or share your email address with third parties for their own marketing.
We also send transactional emails (for example, replies to your enquiry, project communications, or invoices). These are sent on the basis of our contract with you or our legitimate interest in operating the business, and are not marketing messages you can unsubscribe from while a business relationship is active.
3.3 Analytics
We use Google Analytics 4, connected through the Site Kit by Google plugin, to understand how visitors find and use our website. This collects information such as pages viewed, approximate location (derived from a truncated IP address), device and browser type, referral source, and interactions on the page.
- Why: to measure which content is useful and improve the site.
- Legal basis: Article 6(1)(a) GDPR (your consent, given through our cookie banner where one is presented). Analytics cookies are not set until you consent.
- We have IP anonymisation enabled and we do not use Google Analytics to identify individual visitors.
We also use Google Search Console (also via Site Kit), which reports aggregated search performance and does not identify individual users.
3.4 Server logs and security
Our hosting provider records standard technical data for every request to the site, including IP address, user agent, requested URL, and timestamp.
- Why: to keep the site running, diagnose faults, and protect against abuse and attacks.
- Legal basis: Article 6(1)(f) GDPR (legitimate interest in the security and availability of our website).
3.5 Cookies
See section 10 for our cookie disclosure.
3.6 Data we do not collect
We do not knowingly collect special-category data (health, political opinions, religious beliefs, biometric data, and similar) through this website, and we ask that you do not include such information in contact form messages. We do not run advertising or retargeting pixels on delegatos.com. We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
4. How long we keep your data
| Data | Retention |
|---|---|
| Contact form enquiries that do not lead to a project | 24 months from last contact, then deleted |
| Client contact and project records | For the duration of the engagement, then as required by law |
| Accounting and invoicing records | 10 years, as required by Romanian accounting law (Law 82/1991) |
| Newsletter subscription data | Until you unsubscribe or ask us to delete it, plus a suppression record so we do not email you again |
| Google Analytics data | 14 months (Google Analytics 4 default), aggregated thereafter |
| Server logs | As per our hosting provider’s standard retention, typically up to 12 months |
5. Who we share your data with
We do not sell your personal data. We share it only with service providers who process it on our behalf (“processors”), each bound by a data processing agreement:
| Provider | Purpose | Location |
|---|---|---|
| Hostinger International Ltd | Website hosting, server logs, database | EU |
| Brevo (Sendinblue SAS) | Email marketing and delivery | EU (France) |
| Google Ireland Ltd | Analytics, Search Console, Google Workspace email and storage | EU, with transfers to the USA |
We may also disclose personal data where we are legally required to do so, for example in response to a valid request from a public authority or a court.
Part B: Client project data
This part applies to organisations that engage Delegatos to design, build, or integrate AI systems, and to the individuals whose data may appear inside those systems.
6. Our role
When we work inside a client’s environment (their inbox, CRM, accounting system, project boards, document storage, or similar), any personal data in those systems belongs to the client. The client is the data controller. Delegatos acts as a data processor and only processes that data on the client’s documented instructions, under a written data processing agreement signed before work begins.
7. How we handle access
- We do not store, copy, duplicate, or export client data to our own systems. We work inside the client’s tools, using access the client grants us.
- Access is limited to what is needed for the agreed work, and is revoked by the client when the engagement ends.
- Everyone working on the engagement is bound by confidentiality obligations.
- We do not use client data, or any personal data contained in it, to train AI models, and we do not use it for our own purposes.
8. AI providers and other subprocessors
The systems we build connect to third-party services. Which ones are used is agreed with each client in advance and recorded in the engagement documentation. Depending on that agreement, these may include:
| Provider | Typical role |
|---|---|
| Anthropic (Claude) | AI model processing |
| OpenAI | AI model processing |
| Google (Gemini, Google Workspace) | AI model processing, email, calendar, storage |
| Notion | Knowledge base and document storage |
| Slack | Team messaging |
Where personal data is sent to an AI provider as part of a system we build, we configure the integration to use the provider’s business or API tier, under which the provider does not use the data to train its models by default. Each provider’s own terms and data processing agreement govern that processing, and we make these available to clients on request.
Clients may exclude any provider from an engagement. Where a client requires that no personal data reaches a third-party AI model, we will say so plainly if that constrains what can be built.
9. International transfers
Some of our providers process data outside the European Economic Area, principally in the United States. Where this happens, the transfer is covered by one of the safeguards permitted under Chapter V GDPR, typically the European Commission’s Standard Contractual Clauses, and where applicable the provider’s certification under the EU-U.S. Data Privacy Framework. You can request details of the safeguards that apply to a specific provider by writing to info@delegatos.com.
Part C: Your rights, cookies, security and contact
10. Cookies
delegatos.com uses the following categories of cookies:
- Strictly necessary cookies. Set by WordPress and our caching layer (LiteSpeed Cache) so the site loads and functions correctly, and by WPForms to protect the contact form against spam. These do not require consent.
- Analytics cookies. Set by Google Analytics 4 (
_ga,_ga_*) to measure site usage. These are set only with your consent and expire after up to 24 months. - Email platform cookies. Brevo may set a cookie if you interact with a subscription form, to prevent duplicate submissions and attribute a signup.
You can withdraw or change your cookie preferences at any time through the cookie banner, and you can block or delete cookies through your browser settings. Blocking strictly necessary cookies may stop parts of the site from working.
11. Security
We use HTTPS across the site, keep WordPress and its plugins updated, restrict administrative access, and use strong authentication on the accounts that hold personal data. No system is perfectly secure, and we cannot guarantee absolute security, but we take reasonable technical and organisational measures appropriate to the risk. If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours and, where the risk is high, notify you directly.
12. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you and receive a copy of it.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”), where we have no overriding legal ground to keep it.
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interest, and to object at any time to direct marketing.
- Data portability: receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, write to info@delegatos.com. We will respond within one month. There is no charge, unless a request is manifestly unfounded or excessive. We may ask you to confirm your identity before we act on a request.
If your request concerns data held inside a client’s systems, we will forward it to the client, who is the controller of that data, and support them in responding.
13. Complaints
If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the Romanian supervisory authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, 010336 București, Romania
Telephone: +40 318 059 211
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro
We would appreciate the chance to address your concern first, so please do consider contacting us at info@delegatos.com before or alongside making a complaint.
14. Children
Our website and services are directed at businesses and are not intended for anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
15. Changes to this policy
We may update this policy as our services, tools, or legal obligations change. When we do, we will revise the “Last updated” date at the top of the page. If a change materially affects how we use your personal data, we will notify you by email where we have your address and a lawful basis to do so.
16. Contact
WONDER WARDROBE S.R.L. (trading as Delegatos)
Calea Moșilor nr. 88, Scara F, Ap. F1, 030167 București, Sector 3, Romania
CUI 49678309, Trade Register J40/4292/2024
Email: info@delegatos.com