Legal

GDPR Compliance

Last updated: June 18, 2026 · Version 1.0

We are committed to handling personal data in line with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national law. This page summarises how the GDPR applies to Webkio and how you can exercise your rights. It complements our Privacy Policy, Data Processing Agreement, and Cookie Policy.

1. Who Is the Controller?

For personal data about you (our account holders and site visitors), the controller is Acme Web SRL, Str. Exemplu nr. 1, București 010101, Romania. For data your Published Sites collect from their End Users, you are the controller and we act as your processor under the Data Processing Agreement.

2. Lawful Bases We Rely On

We process personal data only where we have a lawful basis: performance of our contract with you, our legitimate interests (e.g. securing and improving the Service), your consent (e.g. non-essential cookies and marketing), and compliance with legal obligations. Where we rely on consent, you may withdraw it at any time.

3. Your Rights as a Data Subject

Under the GDPR you have the right to:

  • Be informed — about how we use your data (this page and the Privacy Policy);
  • Access — obtain a copy of the personal data we hold about you;
  • Rectification — correct inaccurate or incomplete data;
  • Erasure ("right to be forgotten") — have your data deleted where there is no overriding reason to keep it;
  • Restriction — limit how we process your data in certain cases;
  • Data portability — receive your data in a structured, commonly used, machine-readable format;
  • Object — to processing based on legitimate interests or to direct marketing;
  • Withdraw consent — at any time, without affecting prior lawful processing;
  • Not be subject to solely automated decisions with legal or similarly significant effects.

4. How to Exercise Your Rights

You can manage and export much of your data, and permanently delete your account (which triggers a cascading deletion of your projects and associated records), directly from your account settings. For anything else, email contact@webkio.com. We will respond within one month, as required by the GDPR (extendable by two further months for complex requests, with notice). We may need to verify your identity first. Exercising your rights is free unless requests are manifestly unfounded or excessive.

5. International Transfers

Where we use providers outside the EEA, we safeguard transfers using mechanisms such as the European Commission's Standard Contractual Clauses and/or adequacy decisions. A list of the providers we use is in our Privacy Policy.

6. Data Protection Contact

Questions about data protection can be sent to contact@webkio.com. We will appoint a Data Protection Officer where legally required and update this page with their contact details.

7. Right to Complain

If you believe we have not handled your data lawfully, you may lodge a complaint with the supervisory authority in your country of residence or work. In Romania, this is the national data protection authority (for Romania, the National Supervisory Authority for Personal Data Processing — ANSPDCP). We would, however, appreciate the chance to address your concerns first.

8. For Our Customers (Acting as Processor)

If you build sites with Webkio and collect personal data from your visitors, the GDPR makes you the controller of that data. You must provide your own privacy notice, establish a lawful basis, and obtain any required consents. Our Data Processing Agreement sets out our commitments when processing that data on your behalf.

This document is provided for transparency and general information. It is not legal advice; please have it reviewed by qualified counsel for your jurisdiction before relying on it.