Privacy Policy

Company: Scientific Discovery Elements S.R.L.
Address: B-dul Decebal 12, Bl S7, Sc 1, Et 5, Ap 15, CAMERA 1, Bucureşti, Sector 3, Romania
Support email: office@sde.center
Last updated: November 30, 2025

Download

1. Introduction

This Privacy Policy explains how Scientific Discovery Elements S.R.L. (“the Company”, “we”, “us”) collects, uses, and protects personal data in connection with our interview, evaluation, and related Services.

We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR),
  • applicable Romanian data protection laws,
  • and relevant industry standards and contractual requirements (including those of our payment processor, Stripe).

2. Data We Collect

2.1. Data provided directly by the Client or Candidate

We may collect:

  • Client name and contact details (email address, company details where applicable),
  • Candidate name and contact details (if different from the Client),
  • billing information and invoicing details,
  • role, seniority, or context of the evaluation,
  • documents or technical materials voluntarily submitted for evaluation,
  • communication content (emails, messages, notes relevant to the Service).

2.2. Data generated during the Service

During interviews and evaluation sessions, we may collect and generate:

  • interview notes and observations,
  • evaluation scores and internal rubrics,
  • written feedback and reports,
  • session logs (date, time, duration, attendance),
  • in some cases, recorded audio/video (only if legally permitted and with explicit prior notice or consent where required).

2.3. Automatically collected technical data

When you access our website or platform, we may automatically collect:

  • IP address,
  • browser type and version,
  • device information,
  • operating system,
  • access timestamps,
  • basic usage and interaction data.

2.4. Payment data

We do not store or directly process full payment card details. All card payments are processed securely by our payment service provider, Stripe Payments Europe, Limited (“Stripe”).

Stripe may collect and process:

  • card number (tokenized), expiry date, and security code,
  • billing address and country,
  • transaction identifiers and metadata,
  • fraud detection and risk assessment data.

For more information on Stripe’s data processing, please refer to Stripe’s Privacy Policy.

3. Purposes of Processing

We process personal data for the following purposes:

  • to provide and deliver our Services,
  • to prepare and share evaluation reports and feedback,
  • to manage bookings, scheduling, and communication,
  • to process payments and issue invoices,
  • to prevent fraud and abuse,
  • to comply with legal and regulatory requirements,
  • to improve our Services, processes, and user experience.

4. Legal Basis for Processing

Depending on the context, we rely on one or more of the following legal bases:

  • Performance of a contract – when processing is necessary to deliver the Services requested by the Client;
  • Legal obligations – for accounting, tax, and regulatory compliance;
  • Legitimate interest – for service improvement, fraud prevention, and security;
  • Consent – where required, for example for non-essential cookies or optional communications.

5. Data Sharing and Processors

We may share personal data with:

  • our payment service provider, Stripe, for payment processing and fraud prevention,
  • hosting and infrastructure providers,
  • communication and email service providers,
  • professional advisors (lawyers, accountants) where necessary,
  • public authorities, where required by law.

We do not sell personal data to third parties.

6. Data Storage and Retention

Personal data is stored primarily on servers located within the European Union or in jurisdictions with adequate data protection safeguards.

Retention periods:

  • billing and invoicing data: up to 5 years, for legal and tax compliance,
  • evaluation reports and session metadata: up to 24 months, unless a different period is required by the Client or by law,
  • general communication data: up to 3 years from the last interaction,
  • logs and technical data: for as long as reasonably necessary for security and diagnostics.

7. Your Rights under GDPR

Data subjects (Clients and Candidates) have the following rights, subject to applicable law:

  • right of access – to obtain confirmation whether we process personal data and to access it,
  • right to rectification – to correct inaccurate or incomplete data,
  • right to erasure – to request deletion of data where legally permissible,
  • right to restriction of processing – in specific circumstances,
  • right to data portability – to receive certain data in a structured, commonly used format,
  • right to object – to certain types of processing based on legitimate interest,
  • right to withdraw consent – where processing is based on consent.

To exercise these rights, please contact us at: office@sde.center.

You also have the right to lodge a complaint with a supervisory authority, such as the Romanian National Authority for the Supervision of Personal Data Processing (ANSPDCP).

8. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to ensure basic functionality, enhance user experience, and collect aggregated analytics data.

Where required by law, we will request your consent before setting non-essential cookies. You can manage your cookie preferences via your browser settings or any consent tools made available on the website.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • encryption in transit (HTTPS),
  • access controls and authentication,
  • logging and monitoring of access where appropriate,
  • secure infrastructure and regular maintenance.

Card payments are processed exclusively through Stripe, which is certified as PCI-DSS compliant.

10. International Data Transfers

Some of our service providers, including Stripe, may process personal data in countries outside the European Economic Area. In such cases, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent mechanisms under GDPR.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offering. The updated version will be indicated by a new “Last updated” date.

Continued use of our Services after such changes are published constitutes acceptance of the updated Policy.

12. Contact

For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact us at: office@sde.center.