GDPR / Data Protection Policy

Last updated: March 13, 2026

1. Introduction

Evolving AI Systems is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. This policy describes how we collect, use, store, and protect your personal data when you interact with our website or engage our services.

2. Data Controller

EVOLVING AI SYSTEMS S.R.L. acts as the data controller for personal data collected through our website and services.

Company: EVOLVING AI SYSTEMS S.R.L.
Address: Sat Giroc, Strada Dacilor 8A, Ap. 11, Cod 307220, TimiČ™ County, Romania
CUI: 46234794
Email: contact@evolvingaisystems.com
Phone: +40 743 917 955

3. Principles of Data Processing

We process personal data in accordance with the following GDPR principles:

  • Lawfulness, fairness and transparency: Data is processed on a legal basis and in a transparent manner.
  • Purpose limitation: Data is collected for specified, explicit and legitimate purposes and not processed further in a manner incompatible with those purposes.
  • Data minimisation: We only collect data that is adequate, relevant and limited to what is necessary.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage limitation: Data is kept no longer than necessary for the purposes for which it was collected.
  • Integrity and confidentiality: Data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage.
  • Accountability: We are responsible for and able to demonstrate compliance with these principles.

4. Categories of Data Collected

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Contact and identification data: Name, email address, phone number, company name and position.
  • Service and engagement data: Details provided during consultation bookings, project discussions, or service inquiries.
  • Payment data: Transaction references and billing information processed securely through our payment provider (we do not store card details).
  • Communication records: Emails, messages, and notes from interactions with our team.
  • Technical and usage data: IP address, browser type, device information, pages visited, and session duration collected automatically when you use our website.
  • Marketing preferences: Your subscription status and communication preferences.

5. Data Sharing and Transfers

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

  • Service providers and processors: Third-party vendors who assist us in operating our website and delivering services (e.g. payment processors, email platforms, analytics providers). These parties are contractually bound to process data only on our instructions and to maintain appropriate security measures.
  • Legal obligations: When required by applicable law, regulation, or court order.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with equivalent protections in place.

Any international transfer of personal data outside the European Economic Area (EEA) is carried out only where adequate safeguards exist, such as standard contractual clauses approved by the European Commission.

6. Social Media and Analytics Tools

Our website may use third-party analytics and social media tools that collect usage data. These include:

  • Google Analytics: Used to analyse website traffic and user behaviour. Data collected includes pages visited, session duration, and device/browser information. You can opt out via the Google Analytics Opt-out Browser Add-on.
  • Social media plug-ins: Our website may include links or plug-ins from platforms such as LinkedIn, Facebook, or Instagram. When you interact with these elements, the respective platform may collect data in accordance with its own privacy policy.

For full details on cookies used by these tools, please see our Cookie Policy.

7. Processing of Personal Data of Minors

Our services are directed exclusively at businesses and adult professionals. We do not knowingly collect or process personal data relating to individuals under the age of 16. If we become aware that personal data of a minor has been collected without appropriate consent, we will delete it promptly. If you believe this has occurred, please contact us at contact@evolvingaisystems.com.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
  • Right to Restriction: You can request restriction of processing of your data.
  • Right to Data Portability: You can request transfer of your data to another service provider.
  • Right to Object: You can object to processing of your data for certain purposes.
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time.

9. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Consent: Where you have given explicit consent (e.g. for marketing communications).
  • Performance of a contract: Where processing is necessary to deliver services you have requested.
  • Legal obligation: Where processing is required to comply with applicable laws or regulations.
  • Legitimate interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When data is no longer needed, it is securely deleted or anonymised. Specific retention periods vary by data category and are available on request.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls, and regular security reviews. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

12. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with GDPR requirements.

13. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: contact@evolvingaisystems.com
Phone: +40 743 917 955

We will respond to your request within one month of receipt. If your request is complex or numerous, we may extend this period by a further two months, and will notify you accordingly.

14. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) in Romania, or with the data protection authority in your country of residence.

15. Updates to This Policy

We may update this GDPR / Data Protection Policy from time to time to reflect changes in legal requirements or our data practices. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically. For significant changes, we will provide a more prominent notice where required by law.