Last updated: April 15, 2026
This Privacy Policy describes how ANINU APPS SRL (hereinafter referred to as the "Controller", "we" or "AccessBox"), headquartered in Romania, Timis County, Ghiroda, Tax ID 49235450, collects, uses, stores and protects the personal data of users of the website accessbox.app.
By accessing and using our website, you express your consent to the collection, use and processing of personal data in accordance with this policy. If you do not agree with the provisions of this policy, please do not access or use our website or services.
This policy is drafted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and the applicable national legislation on personal data protection.
For the purposes of this policy, the following terms have the meanings described below:
Personal data — any information relating to an identified or identifiable natural person (name, email address, IP address, payment data, etc.).
Processing — any operation performed on personal data (collection, storage, use, transmission, deletion, etc.).
Controller — ANINU APPS SRL, the entity that determines the purposes and means of data processing.
Data subject — the natural person whose personal data is processed.
Consent — freely given, specific, informed, and unambiguous indication of the data subject's wishes.
ANSPDCP — The National Supervisory Authority for Personal Data Processing (Romania's Data Protection Authority).
We collect and process the following categories of personal data:
a) Identification and account data: first and last name, email address, phone number (optional), company name and Tax ID (for business clients).
b) Payment data: payment information is processed exclusively through secure third-party payment processors. We do not store your card data on our servers.
c) Technical data: IP address, browser type, operating system, screen resolution, pages visited, visit duration, referring URL.
d) Communication data: content of messages sent through the contact form, email or other direct communication channels.
e) Newsletter data: email address voluntarily provided for newsletter subscription.
We process your personal data for the following purposes and on the following legal bases:
a) Performance of a contract (Art. 6(1)(b) GDPR):
• Creating and managing your customer account
• Processing orders, payments and delivering the AccessBox license
• Providing post-sale technical support
b) Your consent (Art. 6(1)(a) GDPR):
• Sending newsletters with news and offers
• Using non-essential cookies (analytics)
c) Our legitimate interest (Art. 6(1)(f) GDPR):
• Improving and optimizing the website and services
• Fraud prevention and security assurance
• Anonymized statistical traffic analysis
d) Legal obligations (Art. 6(1)(c) GDPR):
• Compliance with tax and accounting legislation
• Responding to requests from competent authorities
The AccessBox widget installed on your website does NOT collect, does NOT transmit and does NOT store personal data of your website visitors.
All accessibility preferences selected by visitors (contrast, text size, night mode, etc.) are saved exclusively locally in the visitor's browser (localStorage) and are not transmitted to ANINU APPS SRL servers or to third parties.
The AccessBox widget does not use cookies, does not collect browsing data and does not perform tracking. This approach ensures full GDPR compliance for websites integrating AccessBox.
We collect your personal data through the following methods:
a) Directly from you:
• When you fill out the contact or order form
• When you subscribe to the newsletter
• When you contact us by email at contact@accessbox.app
• When you make a purchase (Starter, Pro or Custom plans)
b) Automatically, through the website:
• Essential cookies for website functionality
• Technical browsing data (IP address, browser, operating system)
• Analytics cookies (only with your explicit consent)
For details on the cookies we use, please refer to our Cookie Policy.
We do not sell, rent or trade your personal data to third parties.
We may share personal data only in the following strictly limited situations:
a) Payment processors: for secure transaction processing (these operate under GDPR-compliant data processing agreements).
b) Hosting and infrastructure services: server and cloud service providers necessary for website operation, which comply with adequate security standards.
c) Email services: for sending transactional emails and newsletters (only if you have subscribed).
d) Public authorities: when the law requires us to disclose data (tax authorities, courts, law enforcement agencies).
All third-party processors we work with are contractually required to ensure an adequate level of personal data protection.
As a general rule, your personal data is stored and processed within the European Union / European Economic Area.
In the event that data transfer to countries outside the EU/EEA becomes necessary (for example, through the use of third-party services), we ensure that adequate safeguards are in place, such as:
• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Other transfer mechanisms recognized by GDPR
We implement appropriate technical and organizational measures to protect your personal data, including but not limited to:
• SSL/TLS encryption for all communications between browser and server
• Restricted access to personal data, limited to authorized personnel
• Regular encrypted backups to prevent data loss
• Firewall and intrusion detection systems
• Regular security updates of software and infrastructure
• Internal information security policies
However, no method of internet transmission and no method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
• Account and contractual data: for the duration of the contractual relationship and 5 years after its termination (in accordance with tax and accounting requirements).
• Communication data: 3 years from the last communication.
• Newsletter data: until unsubscription or withdrawal of consent.
• Technical data (logs): maximum 12 months.
• Cookies: according to the duration specified in the Cookie Policy.
Upon expiration of the retention period, personal data is permanently deleted or irreversibly anonymized.
Under the General Data Protection Regulation (GDPR), you have the following rights:
a) Right of access (Art. 15) — you have the right to obtain confirmation of your data processing and a copy of your data.
b) Right to rectification (Art. 16) — you have the right to request correction of inaccurate data or completion of incomplete data.
c) Right to erasure ("right to be forgotten") (Art. 17) — you have the right to request deletion of your data, except where processing is necessary for compliance with a legal obligation.
d) Right to restriction of processing (Art. 18) — you have the right to request restriction of processing under certain conditions.
e) Right to data portability (Art. 20) — you have the right to receive your data in a structured, commonly used and machine-readable format.
f) Right to object (Art. 21) — you have the right to object to processing based on legitimate interest.
g) Right to withdraw consent (Art. 7) — you may withdraw your consent at any time without affecting the lawfulness of prior processing.
h) Right to lodge a complaint — you have the right to lodge a complaint with ANSPDCP (The National Supervisory Authority for Personal Data Processing), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania, www.dataprotection.ro.
To exercise any of the rights mentioned above, you may contact us:
• Email: contact@accessbox.app
• Contact page: accessbox.app/contact
We will respond to your request within 30 calendar days of receiving it. In complex cases or in the event of a large number of requests, the deadline may be extended by an additional 60 days, with prior notification to you.
Please note that certain data is necessary for providing the service. Withdrawing consent or deleting certain data may render the service partially or fully unavailable.
Our website uses cookies and similar technologies. Essential cookies are necessary for the proper functioning of the website, while analytics cookies are only activated with your explicit consent.
For detailed information about the types of cookies used, their purposes and how to control them, please refer to our Cookie Policy.
Our website may contain links to third-party websites that are not operated by ANINU APPS SRL. We have no control over and assume no responsibility for the content, privacy policies or practices of these external websites.
We recommend that you review the privacy policies of any third-party website you visit through links on our website.
AccessBox services are not intended for persons under the age of 16. We do not intentionally collect personal data from minors.
If we identify that we have collected personal data from a minor without the consent of a parent or legal guardian, we will proceed to immediately delete such data. If you are aware of such a situation, please contact us at contact@accessbox.app.
We reserve the right to update or modify this privacy policy at any time.
Significant changes will be communicated through:
• Displaying a visible notice on the website
• Sending a notification email (to registered users)
• Updating the "Last updated" date at the top of this page
Continued access to the website and use of services after changes are published implies automatic acceptance of the revised policy. We recommend periodically reviewing this page.
This privacy policy is governed by and interpreted in accordance with:
• Regulation (EU) 2016/679 (GDPR)
• Law no. 190/2018 on measures for the implementation of GDPR
• Law no. 506/2004 on personal data processing in the electronic communications sector
• Applicable Romanian and European legislation in this field
Any dispute shall be resolved amicably. If no agreement is reached, the dispute shall be submitted to the competent courts in Romania.
Given the size of the organization and the nature of the processing carried out, ANINU APPS SRL is not legally required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR.
However, for any question or request regarding data protection, the designated contact person is available at contact@accessbox.app.
Company: ANINU APPS SRL
Headquarters: Romania, Timis, Ghiroda
Tax ID: 49235450
Email: contact@accessbox.app
Website: accessbox.app
This privacy policy was last updated on April 15, 2026.
We use cookies to ensure you have the best experience on our site. By continuing to use our site, you accept the use of cookies, privacy policy and terms and conditions.