Privacy Policy

Last updated: June 2026

1. Data Controller

The data controller responsible for your personal data is:
ARCANUM WONDERS SRL
EUID: ROONRC.J31/703/2021
Badacin 127, Sălaj County, Romania
Website: andplay.eu

2. What data we collect and why

Server request logs
Every HTTP request to andplay.eu is logged server-side. We record the IP address, requested path, HTTP method, response status code, response time, and user-agent string. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — we need this data to detect and respond to abuse, DDoS attacks, and security incidents. Retention: 90 days, after which logs are deleted.

Page view telemetry
When you visit a page, a JavaScript client logs the page path and referrer URL to our telemetry endpoint. This is stored alongside the server-side request log entry. No unique visitor identifiers or cross-site tracking are used. Legal basis: legitimate interest — operational analytics for the site itself.

Desktop application telemetry
Applications you download from andplay.eu may, with your explicit opt-in consent at first launch, send structured log events, error reports, and periodic heartbeat pings. Each event includes the application version and your IP address as seen by our server. Legal basis: consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time through the application's settings. Retention: 90 days.

Contact form
If you use the contact form, the name, email address, and message content you submit are used solely to respond to your inquiry and are not stored in a database or shared with third parties. Legal basis: performance of a pre-contractual step / legitimate interest.

Theme preference
Your light/dark mode preference is stored in your browser's localStorage. This is local to your device, never transmitted to our servers, and is not personal data under GDPR.

3. Data we do not collect

We do not use advertising trackers, social media pixels, third-party analytics (e.g. Google Analytics), fingerprinting techniques, or persistent cookies for tracking. We do not sell, rent, or share personal data with third parties for marketing purposes.

4. Data retention

Server request logs and telemetry data are retained for a maximum of 90 days. Contact form messages are retained only for as long as necessary to handle your inquiry.

5. Your rights under GDPR

As a data subject in the EU/EEA you have the right to:

  • Access — request a copy of personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request that we restrict processing of your data
  • Objection — object to processing based on legitimate interest
  • Portability — receive your data in a structured, machine-readable format
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, contact us using the details in Section 1. We will respond within 30 days.

6. Supervisory authority

You have the right to lodge a complaint with the Romanian data protection supervisory authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, București, Romania
Website: www.dataprotection.ro

7. Changes to this policy

We may update this policy as our services change. The date at the top of this page reflects the most recent revision. Continued use of the site after changes constitutes acceptance of the updated policy.