WIMO LAB helps tech companies enter and scale in European B2B markets.

Coming Soon

Controller
WIMO LAB SRL (“WIMO”), a Romanian limited liability company
Registered office: Cluj‑Napoca, RomaniaContact for privacy matters: [email protected]Supervisory authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), Bucharest, Romania.Scope
This Policy explains how we process personal data when you: (i) visit wimolab.com (the “Site”); (ii) contact us; (iii) interact with us as a business prospect/partner or as Client personnel; and (iv) are contacted by us in a B2B/professional context. This Policy applies under the EU General Data Protection Regulation (GDPR) and Romanian law. It does not apply to processing carried out by our Clients as independent controllers.1) No cookies, pixels or analytics on the Site
We do not use cookies, analytics scripts, marketing pixels or other tracking technologies on the Site. Our hosting provider may keep standard security/server logs (see Section 4).2) Categories of data we process
A. Data you send us voluntarily
Email enquiries: name, email address, message content, and any other information you include.
Meeting bookings (Cal.com): name, email, booking details (date/time, meeting link) and optional notes.
Purpose: responding to your enquiry, scheduling and holding meetings.
Legal basis: GDPR Art. 6(1)(b) (pre‑contractual steps) or Art. 6(1)(f) (legitimate interests in operating our business and handling requests).B. Business contact data used for B2B outreach (professional context)
Data types: name, role/title, employer, business email address, business phone (if publicly available), public profile URL (e.g., LinkedIn), business location (city/country), interaction metadata (e.g., we sent/you replied/meeting held), meeting notes relevant to the business discussion.Sources: publicly available sources (company websites, professional platforms), licensed data providers, referrals/partners, and our own research.
Purpose: to initiate and develop professional B2B relationships relevant to the recipient’s role, including cold outreach, follow‑ups, qualification and scheduling.
Legal basis: GDPR Art. 6(1)(f) (legitimate interests). We assess necessity and proportionality, limit outreach to relevant roles/industries, use business contact details, and honor opt‑out at any time.e‑Privacy: We respect EU/Romanian rules on electronic communications for direct marketing. Our messages identify the sender and always include a simple opt‑out.C. Client/partner data
Data types: contact details of Client personnel, contract/billing details, and project metadata.
Purpose: contract performance, invoicing, account management and compliance.
Legal basis: GDPR Art. 6(1)(b) and Art. 6(1)(c) (legal obligations), and Art. 6(1)(f) for operational records.3) How we communicate with you
We may contact business professionals via email, LinkedIn, and (where a business number is publicly provided for professional contact) WhatsApp Business. Each message includes an easy opt‑out (e.g., reply “opt out”). We record and respect suppressions.4) Hosting, security and logs
Domain/hosting/DNS: Google, GoDaddy and Namecheap (domain registration/DNS and, where applicable, hosting).
Server security logs (from our provider or reverse proxy/CDN, if any): IP address, timestamps, requested URLs, user‑agent and basic error/diagnostic data.
Purpose: ensuring the security and availability of the Site, detecting abuse.
Legal basis: GDPR Art. 6(1)(f) (legitimate interests in IT security).
Retention: up to 30 days unless a longer period is necessary to investigate incidents.5) Tools, processors and recipients
We use reputable service providers that process data only on our instructions under GDPR‑compliant data processing terms. Depending on our operations, we may share personal data with:
Domain/hosting/DNS
- Google, GoDaddy, Namecheap – domain registration/DNS and, where applicable, hosting.Collaboration & productivity
- Google Workspace (email/drive); Microsoft 365 (email/office) – business communications and storage.CRM / contact management- folk (CRM) – storing business contacts, opportunity tracking and meeting notes.
Lead generation & outreach infrastructure- Apollo.io (B2B data/enrichment and sequencing)
- Clay (data enrichment/automation)
- Instantly and Smartlead (bulk/sequence emailing & inbox management)
- Email verification: MillionVerifier (aka EmailMillionVerifier) – quality and deliverability checksScheduling
- Cal.com – meeting scheduling and calendar bookingCommunication channels
- WhatsApp Business / Meta Platforms – professional messaging, where appropriateOther recipients
- Professional advisers (legal/accounting) where needed; public authorities/courts if required by law; partner companies (e.g., to arrange a demo/intro) only where reasonably expected in a B2B context and with an immediate opt‑out.
For each processor we require confidentiality, appropriate security measures, processing solely for our stated purposes, and deletion/return of data at the end of the engagement.6) International transfers
Some providers may process data outside the EEA (e.g., the United States). Where applicable, we rely on:
- the EU‑U.S. Data Privacy Framework certification of the recipient; and/or
- Standard Contractual Clauses (SCCs) and supplementary measures.
We keep a record of transfer tools used for key vendors and make it available upon request.7) Retention
Enquiry emails: up to 12 months from closure of the thread.B2B prospect/CRM data: up to 18 months from last meaningful interaction, or sooner upon opt‑out/objection, followed by suppression (to avoid further contact).Meetings & scheduling metadata: up to 12 months after the meeting unless linked to an active opportunity/contract.Contracts, invoicing and tax records: per statutory retention under Romanian law.Server/security logs: up to 30 days (see Section 4).
We may retain minimal records if necessary to establish, exercise or defend legal claims.8) Your rights
You may request: access, rectification, erasure, restriction, data portability, and object to processing based on legitimate interests (including direct marketing). To exercise your rights or to opt out of further outreach, contact [email protected]. You also have the right to lodge a complaint with ANSPDCP or your local EU authority.
We will respond without undue delay and within applicable legal time limits. Where we act as a processor for a Client, we will forward your request to the relevant Client (controller).9) Security
We apply appropriate technical and organisational measures, including access controls, least‑privilege, encryption in transit, vendor risk management, incident response, and staff confidentiality undertakings. We notify Clients/authorities as required by law in the event of a personal data breach.10) Children
Our services are aimed at organisations and adult professionals. We do not intentionally collect personal data from children.11) Changes to this Policy
We may update this Policy from time to time. The latest version will be posted at wimolab.com with a revised “Last updated” date.Last updated: 10 December 2025