Privacy Policy
Who We Are
Voight S.R.L. is a consultancy company registered in Romania, specialising in business advisory services in the areas of AI governance, GDPR compliance, NIS2 alignment, and company formation.
Our websites are accessible at www.voight.eu and www.voight.ro. For any data protection enquiries, please contact us at office@voight.eu.
Data We Collect
We collect only the personal data you voluntarily provide to us through the forms available on our websites. Depending on the form used, this may include:
| Data Category | Examples | Source |
|---|---|---|
| Identity data | First name, last name | Contact form / NIS2 assessment form |
| Contact data | Email address, phone number | Contact form / NIS2 assessment form |
| Communication data | Content of your message or enquiry | Contact form |
| Organisational data | Company name, industry sector, entity size | NIS2 assessment form |
We do not collect browsing data, we do not use our own cookies, and we do not install any tracking mechanisms on your browser.
Purpose of Processing
The data you provide is used solely for the purpose for which it was submitted. Specifically:
Contact form: to respond to your enquiry, provide information about our services, and, where applicable, proceed with entering into a service agreement.
NIS2 assessment form: to generate and deliver your personalised assessment result by email, and to follow up with relevant compliance guidance based on your organisation's profile.
Legal Basis
The processing of your personal data is carried out in accordance with Regulation (EU) 2016/679 (GDPR), on the following legal grounds:
Performance of a contract or pre-contractual measures — when you contact us with a view to concluding or carrying out a consultancy services agreement (Article 6(1)(b) GDPR).
Your express consent — for the following processing activities (Article 6(1)(a) GDPR):
| Processing activity | Basis |
|---|---|
| Sending the NIS2 assessment result to the email address provided | Consent |
| Communications regarding our compliance consultancy services | Consent |
| Newsletter with legislative and regulatory updates | Consent |
Consent may be withdrawn at any time, without consequence, by clicking the unsubscribe link in any email received from us, or by sending a request to office@voight.eu. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.
Retention Period
Your data is retained for as long as necessary to fulfil the purpose for which it was provided, or for the period required by applicable legal obligations.
For enquiries that do not result in a service agreement, data is retained for a reasonable period sufficient to address your request and any follow-up communications. Once that period has elapsed, your data is securely deleted.
If a service agreement is concluded, data will be retained in accordance with the applicable contractual and statutory obligations.
Data Sharing
We do not sell, rent, or transfer your personal data to third parties for their own purposes. Your data may only be accessed by:
Voight S.R.L. staff — strictly to the extent necessary to handle your request.
Technical service providers — such as email hosting providers, acting solely as data processors on our behalf, under GDPR-compliant data processing agreements.
Your Rights
Under the GDPR, you have the following rights with respect to your personal data:
Right of access
You may request a copy of the personal data we hold about you.
Right to rectification
You may request correction of inaccurate or incomplete data.
Right to erasure
You may request deletion of your data where there is no longer a legal basis for its retention.
Right to restriction
You may request that we limit the processing of your data in certain circumstances.
Right to portability
You may request your data in a structured, commonly used, machine-readable format.
Right to object
You may object to processing carried out on the basis of legitimate interests.
These rights may be exercised by submitting a request to office@voight.eu. We will respond within 30 calendar days.
You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include restricted access controls and internal data management procedures.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals, in accordance with our obligations under the GDPR.
Cookies & Technical Connections
To ensure the correct display of our interface, our websites use the IBM Plex Sans typeface, loaded via the Google Fonts service (fonts.googleapis.com). This technical connection involves the transmission of your IP address and browser information to Google's servers. We do not control or access this data. Google may process this information in accordance with its own privacy policy, available at policies.google.com/privacy.
This transmission is strictly technical in nature and is not used for tracking or profiling purposes by Voight S.R.L.
Changes to This Policy
This policy may be updated from time to time to reflect legislative or operational changes. The updated version will be published on the website with a new effective date. We recommend checking this page periodically to stay informed of any updates.
Contact
For any questions regarding the processing of your personal data, or to exercise any of your rights under the GDPR, please contact us at:
We are committed to responding within 30 calendar days of receiving your request.