AMS International Consulting Group (“AMS”, “we”, “us”, or “our”) values the privacy of website visitors, prospects, clients, and business partners (“you” or “your”). This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you access or use our website located at www.amaliaconsulting.com (the “Site”), communicate with us, or engage our services.
This Policy is intended to comply with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and Romanian implementing legislation, where applicable. If you do not agree with this Policy, you should not use the Site and should not provide personal data to us.
Important note: This Policy does not cover third-party websites, services, plug-ins, or applications that may be linked from the Site. We are not responsible for the privacy practices of third parties.
For GDPR purposes, AMS International Consulting Group is the data controller for the processing described in this Policy, unless explicitly stated otherwise in a separate written agreement (e.g., a Data Processing Agreement for client engagements).
This Policy applies to personal data we collect through (i) the Site, (ii) communications with us (email, phone, social media, video calls), (iii) lead generation and inquiry forms, and (iv) business development and client relationship management activities. Where we process personal data strictly on behalf of a client as a processor (e.g., in a consulting project that involves client-controlled datasets), such processing is governed by the applicable contract and/or Data Processing Agreement.
We may collect personal data you voluntarily provide, including:
When you use the Site, we may collect certain data automatically, such as:
We do not intentionally collect special categories of personal data (e.g., health, biometric, political opinions, religion) via the Site. Please do not submit such data through forms or email unless we have explicitly requested it and agreed appropriate safeguards in writing.
We may collect personal data from the following sources:
We process personal data only where we have a lawful basis under GDPR, including:
We process personal data to respond to requests, prepare proposals, negotiate, and perform contracts (Article 6(1)(b) GDPR).
We may process personal data for our legitimate interests (Article 6(1)(f) GDPR), such as operating and securing the Site, improving services, preventing fraud, managing business relationships, and pursuing or defending legal claims. Where we rely on legitimate interests, we assess and balance our interests against your rights and expectations.
We may process personal data based on your consent (Article 6(1)(a) GDPR), for example for certain cookies/analytics and marketing communications where legally required. You may withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.
We may process personal data to comply with legal obligations (Article 6(1)(c) GDPR), including accounting, tax, regulatory compliance, and responding to lawful requests by authorities.
We use personal data for the following purposes:
We use cookies and similar technologies (e.g., pixels, local storage) to operate the Site, enhance user experience, analyze traffic, and support marketing—depending on configuration and your consent. For details about types of cookies, purposes, and how to manage preferences, please refer to our Cookie Policy (recommended as a separate page).
Where required by law, non-essential cookies (e.g., analytics/marketing) will be used only after you provide consent via a cookie banner/consent management platform. You can modify your browser settings to block cookies; however, certain Site features may not function properly.
We do not sell your personal data. We may disclose personal data in the following circumstances:
We may transfer personal data to countries outside the European Economic Area (“EEA”) or the UK where our service providers or operations require it. Where such transfers occur, we implement appropriate safeguards as required by GDPR/UK GDPR, such as adequacy decisions, Standard Contractual Clauses (SCCs), and supplementary measures where necessary.
You may request information about applicable safeguards by contacting us at business@amaliaconsulting.com.
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including to comply with legal obligations, resolve disputes, enforce agreements, and maintain business records. Retention periods vary depending on the data type, purpose, and legal requirements (e.g., accounting/tax record retention). Where feasible, we anonymize or securely delete data when no longer required.
We implement reasonable and appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures may include access controls, least-privilege permissions, encryption where appropriate, backups, logging, and incident response processes.
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security and disclaim liability for unauthorized access beyond what is imposed by mandatory law. You are responsible for maintaining the security of your own devices, networks, and communications.
Subject to conditions and exemptions under applicable law, you may have the following rights regarding your personal data:
To exercise your rights, contact us at business@amaliaconsulting.com. We may need to verify your identity and request additional information to process your request.
You also have the right to lodge a complaint with your local data protection authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).
Where we send marketing communications, you can opt out at any time by using the unsubscribe link (if available) or contacting us at business@amaliaconsulting.com. Opting out of marketing does not affect service-related or transactional communications (e.g., replies to inquiries, contractual notices).
We may maintain a suppression list (minimal information) to ensure we respect your opt-out request, based on our legitimate interests and compliance obligations.
The Site is not directed to children and we do not knowingly collect personal data from individuals under 18. If you believe a minor has provided personal data, contact us and we will take appropriate steps to delete it where required.
We may update this Privacy Policy from time to time. Changes become effective when posted on the Site with an updated “Last Updated” date. Your continued use of the Site after changes are posted constitutes acceptance of the updated Policy, to the extent permitted by law.
If you have questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact:
Implementation note (recommended): For full GDPR alignment, ensure you also publish a dedicated Cookie Policy and implement a compliant cookie consent banner (especially if using analytics/marketing cookies), and maintain internal records (ROPA), processor contracts, and retention schedules aligned with your actual tooling (CRM, hosting, email, analytics).