Skip to content

Privacy Policy

Last updated: 2026-05-07

This Privacy Policy explains how Incorpore ("Incorpore", "we", "us") collects and processes personal data of website visitors and clients in accordance with the Moldovan Law 133/2011 on the protection of personal data and, where applicable, Regulation (EU) 2016/679 (GDPR).

Data controller

Incorpore is the controller of personal data collected through this website and through the engagement process. Enquiries about how your data is handled, or any of the rights below, should be sent to info@incorpore.md. We aim to respond within one calendar month.

Data we collect

We collect personal data you submit through contact and booking forms: name, email, current jurisdiction, area of interest, preferred meeting time, and the substance of your enquiry. If you accept the cookies banner, we additionally collect anonymised behavioural analytics via Hotjar (session recordings, heatmaps, device class, country derived from IP). Vercel Web Analytics and Speed Insights run cookieless and do not capture personal identifiers; they are loaded by default and require no consent.

Sub-processors

We rely on the following processors. Each is bound by a written data-processing agreement, processes data on our instructions only, and (for non-EU processors) is covered by Standard Contractual Clauses or equivalent transfer mechanisms.

  • Vercel Inc. (USA): site hosting, CDN, Web Analytics, Speed Insights. Receives request metadata required to serve pages and aggregate cookieless analytics.
  • Resend Inc. (USA): transactional email delivery for contact and booking enquiries. Receives sender name, email, and message body.
  • Sanity.io (Norway / EU): content management for the blog. Receives published content only; no visitor data.
  • Hotjar Ltd (Malta, EU): session recording and heatmaps. Loads only after explicit consent. Stores data in the EU. See the Cookie Policy for details.

Lawful basis

Pre-contractual enquiries: Article 6(1)(b) GDPR (steps prior to entering a contract) and Article 5(1)(b) of Law 133/2011. Engaged clients: contractual necessity for service delivery and legal obligation under Law 308/2017 for AML / KYC. Cookies-based analytics (Hotjar): Article 6(1)(a) GDPR (consent), revocable at any time via the "Cookies" link in the footer. Marketing communications, if any: consent only.

Retention

Enquiry data: 12 months from last contact. Client files: five years from engagement end (Moldovan commercial and AML retention requirements under Law 308/2017). Cookies-based analytics data: as set by Hotjar (typically 365 days).

International transfers

Where data is transferred outside the European Economic Area (notably to Vercel and Resend in the United States), we rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) and equivalent safeguards required by Article 29 of Law 133/2011.

Your rights

Under GDPR and Law 133/2011 you have the right to access your personal data, rectify it, request erasure (subject to legal retention obligations), restrict or object to processing, withdraw consent, and exercise data portability. To do so, contact info@incorpore.md. You may also lodge a complaint with the National Centre for Personal Data Protection of the Republic of Moldova (Centrul Național pentru Protecția Datelor cu Caracter Personal, datepersonale.md) or, if you are based in the EU, with the supervisory authority of your member state of residence.

Security

Personal data is transmitted over HTTPS only (HSTS preload), stored on EU-region infrastructure where possible, and access is restricted to senior advisors directly handling the engagement. We do not sell, rent, or trade personal data under any circumstances.

Contact

Incorpore, Strada Alexei Mateevici 75, MD-2012 Chișinău, Republic of Moldova · info@incorpore.md