Privacy Policy

1. INTRODUCTION

SPORTS DIGITAL DESIGN SRL, trading as "Qudrai" ("we," "us," or "our"), is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you:

• Visit our website at www.qudrai.com ("Website")

• Engage our creative and technical services

• Communicate with us via email, phone, or other channels

This Privacy Policy applies to all personal data processed by Qudrai in accordance with:

• EU General Data Protection Regulation (GDPR) (Regulation 2016/679)

• Romanian Law 190/2018 on data protection

• Other applicable data protection laws

Our Contact Information:

SPORTS DIGITAL DESIGN SRL (trading as Qudrai)
Company Registration Number (CUI): RO 48056014
Registered Address: Voluntari, Ilfov, Romania
Email: hello@qudrai.com
Website: www.qudrai.com

2. WHO WE ARE

Qudrai is a creative-tech studio providing visual systems, web design and development, brand identity, and product design services to player agencies, clubs, and ambitious brands.

For the purposes of data protection law, Qudrai is the "data controller" of personal data collected through our Website and business operations. This means we determine how and why your personal data is processed.

3. WHAT PERSONAL DATA WE COLLECT

We collect and process different types of personal data depending on how you interact with us:

3.1. Information You Provide Directly

Website Contact Forms: When you submit a contact form or inquiry through our Website, we collect:

• Full name

• Email address

• Message content

• Any other information you choose to provide

Client Engagement: When you become a client, we collect:

• Full name and job title

• Company name and registration details

• Email address and phone number

• Billing and invoicing information (company address, VAT number)

• Project requirements and specifications

• Communication records (emails, meeting notes, feedback)

Booking and Scheduling: When you book a strategy call via our booking system (Cal.com), we collect:

• Name and email address

• Preferred meeting time

• Any information provided in booking forms

3.2. Information We Collect Automatically

Website Analytics: When you visit our Website, we automatically collect:

• IP address (anonymized where possible)

• Browser type and version

• Device type and operating system

• Pages visited and time spent on pages

• Referring website or source

• Geographic location (country/city level)

• Date and time of visit

This information is collected via Google Analytics and cookies (see Section 9 for cookie details).

Communication Metadata: When you communicate with us via email or video calls, we may collect:

• Email metadata (timestamp, sender/recipient)

• Video call metadata (meeting duration, participants)

3.3. Information We Receive from Third Parties

We may receive limited personal data from:

• Referral partners: If you are referred to us by a business partner or existing client

• Service providers: Such as payment processors (Stripe) providing transaction confirmation

• Public sources: Such as LinkedIn or company websites, if you are a prospective client

We only use such data in accordance with applicable privacy laws and this Privacy Policy.

4. HOW WE USE YOUR PERSONAL DATA

We process your personal data only for specific, legitimate purposes:

4.1. To Provide Our Services

Legal Basis: Contract performance / Legitimate interest

• Responding to inquiries and consultation requests

• Delivering creative and technical services as agreed

• Communicating about projects, timelines, and deliverables

• Managing client relationships and project workflows

• Invoicing and payment processing

• Providing customer support

4.2. To Improve Our Website and Services

Legal Basis: Legitimate interest

• Analyzing website usage to improve user experience

• Understanding how visitors interact with our content

• Identifying technical issues and optimizing performance

• Developing new features and services

4.3. For Business Operations and Legal Compliance

Legal Basis: Legal obligation / Legitimate interest

• Maintaining business records for accounting and tax purposes

• Complying with legal and regulatory requirements

• Preventing fraud and ensuring security

• Enforcing our Terms and Conditions

• Protecting our legal rights and interests

4.4. For Marketing and Business Development

Legal Basis: Consent / Legitimate interest

• Sending occasional updates about our services (only to clients and prospects who have engaged with us)

• Showcasing portfolio work (only with client permission)

• Conducting market research to improve our offerings

Note: We do not engage in mass email marketing at this time. If we introduce newsletter services in the future, we will only send marketing emails with your explicit consent, and you may unsubscribe at any time.

5. LEGAL BASIS FOR PROCESSING

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

Contract Performance: Processing necessary to perform our contractual obligations to you (e.g., delivering services you have engaged us for).

Consent: You have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).

Legitimate Interests: Processing is necessary for our legitimate business interests, provided this does not override your fundamental rights and freedoms. Examples include:

• Improving our services and Website

• Preventing fraud and ensuring security

• Direct marketing to existing clients and prospects (with easy opt-out)

Legal Obligation: Processing is necessary to comply with legal requirements (e.g., tax and accounting obligations).

You have the right to object to processing based on legitimate interests (see Section 11).

6. WHO WE SHARE YOUR DATA WITH

We do not sell, rent, or trade your personal data to third parties. We only share your data with trusted service providers and partners as necessary to deliver our services:

6.1. Service Providers

We share data with third-party service providers who process data on our behalf:

Website and Hosting:

• Framer: Website hosting and content delivery

• Google Analytics: Website analytics and performance monitoring

Communication and Scheduling:

• Cal.com: Appointment booking and scheduling

• Google Workspace / Email providers: Email communication and calendar management

Payment Processing:

• Stripe: Payment processing for invoices (when applicable)

• Banking institutions: For bank transfer payments

Cloud Storage and Collaboration:

• Dropbox: Secure file storage and sharing for project deliverables

AI and Creative Tools:

• Google AI Studio, ChatGPT, Freepik, Envato Elements: For creative asset generation and project execution (we do not share client data with these tools; they process only generic project inputs)

All service providers are carefully selected and contractually required to:

• Process data only for specified purposes

• Implement appropriate security measures

• Comply with GDPR and applicable data protection laws

6.2. Legal and Regulatory Authorities

We may disclose your data to:

• Law enforcement, regulators, or government authorities if required by law

• Courts or tribunals in connection with legal proceedings

• Tax authorities for compliance with Romanian and EU tax obligations

6.3. Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6.4. With Your Consent

We may share your data with third parties where you have given explicit consent, such as:

• Featuring your project in our portfolio (only with your written permission)

• Sharing your testimonial or case study (only with your approval)

7. INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the European Economic Area (EEA), including in the United States. This means your personal data may be transferred to and processed in countries that may not offer the same level of data protection as the EU/EEA.

How We Protect Your Data in International Transfers:

We ensure that all international data transfers are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms that require recipients to protect your data to EU standards

• Adequacy Decisions: Transfers to countries deemed by the EU Commission to provide adequate data protection

• Vendor Compliance: Our service providers (Google, Stripe, Dropbox, etc.) comply with GDPR requirements and use recognized transfer mechanisms

Service Providers with International Operations:

• Google (Analytics, AI Studio, Workspace): US-based, uses SCCs and EU-US Data Privacy Framework

• Stripe: US-based, GDPR-compliant, uses SCCs

• Dropbox: US-based, GDPR-compliant, uses SCCs

• OpenAI (ChatGPT): US-based, GDPR-compliant

You have the right to request further information about the safeguards we use for international transfers by contacting us at hello@qudrai.com.

8. HOW LONG WE KEEP YOUR DATA

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

8.1. Data Retention Periods

Website Visitors:

• Google Analytics data: Retained for 26 months (Google's default setting), then automatically deleted

• Contact form inquiries: Retained for 2 years unless you request deletion sooner

Active Clients:

• Client information and project data: Retained for the duration of the engagement plus 7 years (to comply with Romanian accounting and tax law requirements)

• Communication records: Retained for 7 years from project completion

Former Clients:

• Contractual and financial records: Retained for 7 years from the end of the engagement (legal and tax compliance requirement)

• Non-essential data: Deleted within 30 days of client request or engagement termination

Marketing and Prospective Clients:

• Inquiry and contact data: Retained for 2 years unless you request deletion or opt out sooner

8.2. Legal Retention Requirements

Under Romanian law, we are required to retain certain business and financial records (invoices, contracts, payment records) for a minimum of 7 years for tax and audit purposes. This requirement overrides deletion requests for these specific records.

8.3. Data Deletion

After retention periods expire, we securely delete or anonymize your personal data. You may request early deletion of your data (see Section 11), subject to our legal obligations.

9. COOKIES AND TRACKING TECHNOLOGIES

Our Website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website performance.

9.1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you use the site.

9.2. Types of Cookies We Use

Strictly Necessary Cookies:

• Essential for the Website to function properly

• Cannot be disabled without affecting Website functionality

• Example: Session cookies, security cookies

Analytics Cookies (Google Analytics):

• Help us understand how visitors use our Website

• Collect anonymous data about pages visited, time spent, and user behavior

• Used to improve Website performance and user experience

• Provider: Google LLC

• Data collected: IP address (anonymized), browser type, pages viewed, session duration

• Retention: 26 months

Performance and Functionality Cookies:

• Remember your preferences and settings (e.g., language, region)

• Improve Website performance and loading times

We do not currently use marketing or advertising cookies (e.g., Facebook Pixel, LinkedIn Insight Tag). If we introduce such cookies in the future, we will update this Privacy Policy and obtain your consent where required.

9.3. Cookie Consent

We use a cookie consent banner to inform you about our use of cookies and obtain your consent where required by law.

You can manage your cookie preferences at any time through:

• Our cookie consent banner (available on the Website)

• Your browser settings (see Section 9.4)

9.4. How to Control Cookies

You can control and delete cookies through your browser settings:

• Google Chrome: Settings > Privacy and Security > Cookies

• Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data

• Safari: Preferences > Privacy > Cookies and Website Data

• Microsoft Edge: Settings > Cookies and Site Permissions

Note: Disabling cookies may affect Website functionality and user experience.

To opt out of Google Analytics specifically:

• Use the Google Analytics Opt-Out Browser Add-On

9.5. Third-Party Cookies

Some cookies are set by third-party services we use (e.g., Google Analytics). We do not control these cookies. Please refer to the third party's privacy policy for more information:

• Google Analytics: https://policies.google.com/privacy

• Cal.com: https://cal.com/privacy

10. DATA SECURITY

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, alteration, or disclosure.

10.1. Security Measures

Technical Measures:

• Encryption: All data transmitted between your browser and our Website is encrypted using SSL/TLS (HTTPS)

• Secure storage: Personal data is stored on secure, password-protected servers

• Access controls: Only authorized personnel have access to personal data, on a need-to-know basis

• Regular backups: Data is regularly backed up to prevent loss

Organizational Measures:

• Staff training: Our team is trained on data protection and security best practices

• Confidentiality agreements: All employees and contractors are bound by confidentiality obligations

• Vendor management: Third-party service providers are carefully vetted and contractually required to maintain security standards

10.2. Limitations

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal data.

Your Responsibility:

• Keep your login credentials (if applicable) secure and confidential

• Use strong, unique passwords

• Report any suspected security breaches to hello@qudrai.com immediately

11. YOUR RIGHTS UNDER GDPR

Under the EU General Data Protection Regulation (GDPR) and Romanian data protection law, you have the following rights regarding your personal data:

11.1. Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a clear and accessible format.

11.2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will update your information promptly upon request.

11.3. Right to Erasure ("Right to Be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as:

• The data is no longer necessary for the purposes for which it was collected

• You withdraw consent (where processing is based on consent)

• You object to processing based on legitimate interests and there are no overriding legitimate grounds

• The data has been unlawfully processed

Limitations: We may be unable to delete certain data if we are legally required to retain it (e.g., for tax and accounting purposes under Romanian law, which requires 7-year retention).

11.4. Right to Restriction of Processing

You have the right to request that we limit how we use your personal data in certain circumstances, such as:

• You contest the accuracy of the data (while we verify accuracy)

• Processing is unlawful, but you prefer restriction over deletion

• We no longer need the data, but you need it for legal claims

11.5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

This right applies when:

• Processing is based on consent or contract performance

• Processing is carried out by automated means

11.6. Right to Object

You have the right to object to processing of your personal data based on legitimate interests, including:

• Direct marketing: You can opt out of marketing communications at any time

• Profiling or automated decision-making: We do not currently engage in automated decision-making, but you have the right to object if we do in the future

11.7. Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

11.8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

Romanian Supervisory Authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro

EU Data Protection Authorities: You may also contact the data protection authority in your country of residence.

11.9. How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: hello@qudrai.com
Subject Line: "Data Privacy Request"

What to Include in Your Request:

• Your full name and contact information

• Description of the right you wish to exercise (e.g., access, deletion, rectification)

• Any relevant details to help us locate your data

Response Time: We will respond to your request within 30 days of receipt. If your request is complex or we receive multiple requests, we may extend this period by an additional 60 days and will inform you of the delay.

Verification: To protect your privacy, we may need to verify your identity before fulfilling your request. We may ask for additional information to confirm your identity.

No Fee: We do not charge a fee for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

12. CHILDREN'S PRIVACY

Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at hello@qudrai.com. We will promptly delete such data from our systems.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

13.1. How We Notify You of Changes

Material Changes:

• We will notify active clients via email at least 30 days before the changes take effect

• A prominent notice will be displayed on our Website

Non-Material Changes:

• We will update the "Last Updated" date at the top of this Privacy Policy

• Continued use of our Website or services after changes take effect constitutes acceptance of the updated Privacy Policy

13.2. Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

SPORTS DIGITAL DESIGN SRL (trading as Qudrai)

Email: hello@qudrai.com
Website: www.qudrai.com
Registered Address: Voluntari, Ilfov, Romania
Company Registration Number (CUI): RO 48056014

Response Time: We will respond to all inquiries within 30 days (or sooner where possible).

15. DEFINITIONS

For clarity, the following terms used in this Privacy Policy have the following meanings:

"Personal Data": Any information relating to an identified or identifiable natural person (e.g., name, email address, IP address).

"Processing": Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.

"Data Controller": The entity that determines the purposes and means of processing personal data (i.e., Qudrai).

"Data Processor": An entity that processes personal data on behalf of the data controller (e.g., our service providers).

"Data Subject": The individual to whom personal data relates (i.e., you).

"GDPR": General Data Protection Regulation (EU Regulation 2016/679).

"Consent": Freely given, specific, informed, and unambiguous indication of your wishes by which you agree to the processing of your personal data.

16. ADDITIONAL INFORMATION FOR EU/EEA RESIDENTS

If you are located in the European Union or European Economic Area, you benefit from additional protections under GDPR.

16.1. Data Protection Officer (DPO)

Under GDPR, certain organizations are required to appoint a Data Protection Officer (DPO). As a small agency, Qudrai is not currently required to appoint a DPO. However, all data protection inquiries should be directed to:

Email: hello@qudrai.com
Subject Line: "Data Protection Inquiry"

16.2. Representative in the EU

Qudrai is established in Romania (an EU Member State), so we do not require a separate EU representative under GDPR Article 27.

16.3. Supervisory Authority

Your primary supervisory authority for data protection matters is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, Romania
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro

17. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). However, as a B2B agency primarily serving business clients, most CCPA provisions do not apply to our business operations.

If you believe CCPA applies to your personal data, please contact us at hello@qudrai.com for more information.

END OF PRIVACY POLICY

This Privacy Policy was last updated on January 2025.

SPORTS DIGITAL DESIGN SRL
Trading as Qudrai
CUI: RO 48056014
Voluntari, Ilfov, Romania