Privacy

Privacy Policy

Plain language. Last updated:

Who we are

This website is operated by BUICĂ MIHAI-VALENTIN PERSOANĂ FIZICĂ AUTORIZATĂ, trading as Silva Interactive., an independent game and app studio based in Romania. Full registration details (registered address, CUI, ONRC number) are available on our Imprint. For privacy enquiries or data requests, contact us at hello@silvainteractive.games. (GDPR Art. 4(7); Art. 13(1)(a))

What data we collect and why

Contact form

When you use the contact form on this site, we receive your name, email address, and message content. This information is delivered to our inbox via our hosting provider's server infrastructure. It is not stored in any database or logged to a separate file beyond standard server operation. We use it solely to respond to your enquiry. Providing this information is voluntary; if you do not provide it, we cannot respond to your message. It is neither a statutory nor a contractual requirement to provide it. (GDPR Art. 13(1)(c); Art. 13(2)(e))

We retain contact form correspondence for as long as necessary to handle your enquiry. Messages that do not lead to an ongoing exchange are deleted within 12 months of the last communication. If correspondence leads to a business engagement, we retain it for the duration of that engagement and 12 months after it concludes. (GDPR Art. 5(1)(e); Art. 13(2)(a))

To prevent automated abuse, the contact form temporarily records a one-way SHA-256 hash of your IP address at the time of submission. This hash is stored in a temporary server file and is automatically deleted within 5 minutes. It cannot be reversed to obtain your IP address and is not associated with your name, email, or message content. (GDPR Art. 6(1)(f); Recital 47)

Legal basis for contact form processing: Legitimate interest in responding to communications you initiated and in preventing automated abuse of the form. (GDPR Art. 6(1)(f); Art. 13(1)(b)) You can request deletion of our email reply thread at any time by contacting us.

Server logs

Our hosting provider's servers automatically record standard access logs, which include your IP address, browser type, operating system, pages requested, and timestamps. These logs exist for security and abuse prevention. They are not used for profiling or advertising. Log retention is managed by our hosting provider. (GDPR Art. 28(1)) We do not have direct control over server-level log retention, and our provider does not publish a fixed retention period: their policy is to retain logs for as long as necessary for security and operational purposes. If you wish to know the current retention period applicable to server logs, contact us and we will request this information from the provider on your behalf.

Legal basis for server log processing: Legitimate interest in maintaining server security and diagnosing technical issues. (GDPR Art. 6(1)(f); Art. 5(1)(a); Art. 13(1)(b))

Service providers

We use a third-party provider for both our web hosting and mail server infrastructure. This provider hosts the server on which this website runs and on which contact form emails are received and stored. They handle data only as necessary to operate the server infrastructure, are subject to data protection obligations under applicable EU law, and hold ISO 27001 certification for information security management. The servers are located in Romania. We do not use any other third-party service that processes your personal data. (GDPR Art. 13(1)(e); Art. 28(1))

What we do not do

  • We do not use analytics or tracking software of any kind.
  • We do not set cookies. (ePrivacy Directive Art. 5(3))
  • We do not use advertising networks or tracking pixels.
  • We do not sell or rent your personal data, and we do not share it with any third party for their own purposes. (GDPR Art. 5(1)(b))
  • We do not load any external fonts, scripts, or resources from third-party servers. All assets are self-hosted.

Fonts

This site uses the Inter typeface, licensed under the SIL Open Font License 1.1. The font files are served directly from this website's server. No request is made to Google Fonts or any other external font provider. Your IP address is never sent to a third party as a result of loading this page.

Automated decision-making

We do not use automated decision-making or profiling of any kind. No decisions are made about you based solely on automated processing of your personal data. (GDPR Art. 22; Art. 13(2)(f))

Your rights under GDPR

If you are in the European Economic Area, you have the following rights regarding any personal data we hold about you. (GDPR Art. 13(2)(b))

  • Access - you can ask us what data we hold about you and receive a copy. (GDPR Art. 15)
  • Rectification - you can ask us to correct inaccurate or incomplete data. (GDPR Art. 16)
  • Erasure - you can ask us to delete your data (the "right to be forgotten"). (GDPR Art. 17)
  • Restriction - you can ask us to pause processing while a dispute is resolved. (GDPR Art. 18)
  • Portability - where processing is based on consent or contract, you can request your data in a portable, machine-readable format. Because our processing is based on legitimate interest rather than consent or contract, this right does not apply to the data we currently hold. We will nonetheless provide your data in a common format upon request. (GDPR Art. 20; Art. 6(1)(a); Art. 6(1)(b); Art. 6(1)(f))
  • Withdraw consent - you have the right to withdraw consent at any time where processing is based on consent. We do not currently rely on consent as a legal basis for any processing, so this right is not directly applicable. If we were to rely on consent in the future, withdrawal would not affect the lawfulness of any processing carried out before withdrawal. (GDPR Art. 7(3))
  • Right to object - because we process your data on the basis of legitimate interest (Art. 6(1)(f)), you have the right to object to that processing at any time. If you object, we will stop unless we can demonstrate compelling legitimate grounds that override your interests, or unless the data is needed for the establishment, exercise, or defence of legal claims. (GDPR Art. 21(1))

In practice, the only personal data we may hold is an email thread in our inbox containing your name, email address, and message. To exercise any of the above rights, email us at hello@silvainteractive.games. We will respond within one month. (GDPR Art. 12(3))

You also have the right to lodge a complaint with a supervisory authority. As an operator based in Romania, our lead supervisory authority is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), reachable at www.dataprotection.ro. You may also contact the supervisory authority in your own EU/EEA member state. (GDPR Art. 77; Art. 13(2)(d))

Data transfers outside the EEA

Our hosting provider's servers are located in Romania. We do not transfer personal data to countries outside the EEA. (GDPR Art. 44)

Children

This website is not directed at children under 16. The contact form is intended for business enquiries from adults. We do not knowingly collect personal data from anyone under 16 through this website. If you believe a child has submitted data via our contact form, please contact us and we will delete it promptly. (GDPR Art. 8; Recital 38)

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. We will not retroactively change how we handle data already collected under a previous version of this policy without your consent. (GDPR Art. 12(1); Art. 5(1)(a))

Contact

For any privacy-related questions or data requests:
hello@silvainteractive.games