PFCS

Privacy Policy & Terms of Use

Last updated: April 2026

Privacy Policy

1. Introduction

People First Consultancy Services (“PFCS”, “we”, “us”, “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679), the ePrivacy Directive (2002/58/EC), and applicable Romanian data protection legislation (Law No. 190/2018).

2. Data Controller

The data controller responsible for your personal data is:
People First Consultancy Services
Operated by Elena Dumitru
Website: pfcs.world
Email: elena@pfcs.world

For any data protection inquiries or to exercise your rights, please contact us at the email address above.

3. What Data We Collect

We may collect the following categories of personal data:

  • Identity data: Name, job title, company name
  • Contact data: Email address, phone number
  • Communication data: Messages you send us through our contact form or email, including the content of your inquiry and the service you are interested in
  • Technical data: IP address, browser type and version, device type, operating system, referring URL, pages visited, time and date of visit (collected automatically — see our Cookie Policy)

We do not collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation).

4. How We Collect Your Data

We collect personal data through the following means:

  • Contact form: When you voluntarily submit a form on our website, providing your name, email, and message. By submitting the contact form, you consent to the processing of the data you provide for the purpose of responding to your inquiry.
  • Email correspondence: When you contact us directly via email
  • Automatic collection: Technical data collected through cookies and server logs when you browse our website

5. How We Use Your Data

We process your personal data for the following purposes:

  • To respond to your inquiries and provide our consulting services
  • To communicate with you about our services, engagements, and scheduling
  • To improve our website and user experience
  • To ensure the security and proper functioning of our website
  • To comply with legal obligations

We do not use your personal data for automated decision-making or profiling as defined under Article 22 of the GDPR.

6. Legal Basis for Processing

Under Article 6(1) of the GDPR, we process your data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): When you submit a contact form or accept non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Contractual necessity (Art. 6(1)(b)): When processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract with you for our consulting services.
  • Legitimate interest (Art. 6(1)(f)): To improve our website, ensure security, and understand how our services are used. Our legitimate interest does not override your fundamental rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): When we are required to process or retain data by Romanian or EU law (e.g., tax and accounting requirements).

7. Data Sharing & Third-Party Processors

We do not sell, rent, or trade your personal data. We may share data with the following trusted third-party service providers (“data processors”) who process data on our behalf under Data Processing Agreements (DPAs) and in compliance with GDPR:

  • Vercel Inc. (San Francisco, USA) — Website hosting and deployment. Vercel may process technical data (IP addresses, request logs) as part of serving the website. Vercel Privacy Policy
  • Sanity AS (Oslo, Norway) — Content management system. Sanity stores and serves website content. It does not process visitor personal data. Sanity Privacy Policy

All third-party processors are contractually obligated to process personal data only on our instructions and to implement appropriate technical and organizational security measures.

8. International Data Transfers

Some of our third-party processors are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place as required by Chapter V of the GDPR:

  • Vercel Inc. (USA): Transfers to the United States are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914), and Vercel’s compliance with applicable data protection frameworks.
  • Sanity AS (Norway): Norway is recognized by the European Commission as providing an adequate level of data protection (adequacy decision), so no additional safeguards are required.

You may request a copy of the safeguards in place by contacting us at elena@pfcs.world.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods:

  • Contact form submissions: Up to 24 months from the date of submission, unless a contractual relationship is established
  • Contractual data: For the duration of the contractual relationship plus the legally required retention period (up to 10 years for tax/accounting purposes under Romanian law)
  • Technical/log data: Up to 12 months
  • Cookie consent preferences: Up to 12 months

You may request deletion of your data at any time by contacting us. We will respond within 30 days and delete your data unless we have a legal obligation to retain it.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Article 32 of the GDPR. These measures include HTTPS/TLS encryption for all data in transit, access controls to limit data access to authorized personnel, and regular review of our security practices. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also inform you directly without undue delay (Article 34 GDPR).

12. Your Rights

Under GDPR (Articles 15–22), you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data and information about how it is processed
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”) where there is no compelling reason for continued processing
  • Right to restrict processing (Art. 18): Request limitation of how we use your data in certain circumstances
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Right to object (Art. 21): Object to processing based on legitimate interests, including direct marketing
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal
  • Right not to be subject to automated decision-making (Art. 22): We do not make decisions based solely on automated processing that produce legal effects concerning you

To exercise any of these rights, contact us at elena@pfcs.world. We will respond within 30 days. If we need to extend this period (by up to two additional months due to complexity), we will inform you within the initial 30-day period. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

13. Children’s Data

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child under 16, please contact us immediately and we will take steps to delete that information.

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucharest, Romania
Phone: +40.318.059.211
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

Terms of Use

1. Acceptance of Terms

By accessing and using the PFCS website (pfcs.world), you agree to be bound by these Terms of Use, our Privacy Policy, and our Cookie Policy. If you do not agree, please do not use this website.

2. Intellectual Property

All content on this website — including text, graphics, logos, images, and blog articles — is the intellectual property of People First Consultancy Services unless otherwise stated. You may not reproduce, distribute, or use any content without our prior written consent.

3. Use of the Website

You agree to use this website only for lawful purposes and in a way that does not:

  • Infringe on the rights of others
  • Restrict or inhibit anyone else’s use of the website
  • Attempt to gain unauthorized access to any part of the website

4. Disclaimer

The information on this website is provided for general informational purposes only and does not constitute professional advice. While we strive for accuracy, we make no warranties or representations about the completeness, reliability, or suitability of the information. Any reliance you place on such information is at your own risk. For specific organizational psychology, HR, or management consulting advice, please contact us directly.

5. Limitation of Liability

To the fullest extent permitted by applicable law, PFCS shall not be liable for any direct, indirect, incidental, or consequential damages arising from your use of, or inability to use, this website or its content. Nothing in these terms excludes or limits liability that cannot be excluded or limited under applicable EU or Romanian law.

6. Third-Party Links

Our website may contain links to third-party websites (e.g., LinkedIn, Calendly). We are not responsible for the content, privacy practices, or terms of any external sites. We encourage you to review their privacy policies before providing any personal data.

7. Governing Law

These Terms of Use are governed by and construed in accordance with the laws of Romania and applicable EU regulations, including the GDPR. Any disputes shall be subject to the exclusive jurisdiction of the competent courts in Bucharest, Romania.

8. Changes to These Terms

We reserve the right to update these Terms of Use at any time. Changes will be posted on this page with an updated revision date. Continued use of the website constitutes acceptance of the revised terms.

9. Contact

For any questions regarding these terms or our data processing practices, please contact us at:
People First Consultancy Services
Email: elena@pfcs.world