GDPR & Privacy Policy
We hereby inform you about the processing of personal data when you consent to the processing of personal data by Creative Ideas Marketing SRL and/or Strategic Marketing Concept SRL, hereinafter referred to as the “Agency”.
1. Practices concerning the collection, use (processing) and transfer of data
The Agency is responsible for compliance with the provisions of the General Data Protection Regulation (GDPR). This represents our practices concerning the collection, use (processing) and transfer of data communicated directly to our firms, the use of personal data collected by the Agency from public sources for the purpose of providing our specific marketing, advertising, marketing consultancy, public relations services for the purpose of promoting the trade names and services, brands, products for the purpose of recognizing the identity of the Agency. Our data protection policies are in accordance with current data protection legislation. If the terms set out in this Policy are not acceptable to you, you may notify us at [email protected].
2. Terms used in this document:
Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity. Data Protection Laws means the EU Data Protection Laws and, to the extent applicable, the data protection and personal data protection laws of any other country; EU Data Protection Laws means EU Directive 95/46/EC, as transposed into the national law of each Member State and as subsequently amended and supplemented, including by the GDPR and the laws implementing or supplementing the GDPR;
GDPR – means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data 2 and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Consent – of the data subject shall mean any freely given, specific, informed and unambiguous indication of the data subject’s free, specific, informed and unambiguous indication of his or her wishes by which he or she signifies his or her agreement, by an unambiguous statement or action, to personal data relating to him or her being processed; Consent should be given by an unambiguous action which constitutes a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of his or her personal data, such as a statement in writing, including electronically or verbally. This could include ticking a box when visiting a website, the choice of technical parameters for information society services or any other statement or action which clearly indicates in this context the data subject’s acceptance of the proposed processing of his/her personal data. The absence of a response, pre-checked boxes or the absence of an action should not constitute consent.
Processing – collecting, recording, organizing, structuring, storing, adapting, adapting, retrieving, consulting, using, disclosing by transmitting, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying.
Data controller – the person who determines the purposes and means of the processing of personal data shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data where the purposes and means of processing are laid down by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;
Processor – means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient – means the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities to which personal data may be disclosed in the framework of a particular inquiry in accordance with Union or national law shall not be considered as recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;
Third party – means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Processor – means a natural or legal person, public authority, agency or other body processing personal data on behalf of the controller. Applicable Laws means (a) the laws of the European Union or Member States governing Company Personal Data for which any Group Company is subject to Data Protection Laws; and (b) any other applicable law governing Company Personal Data for which any Group Company is subject to Data Protection Laws; Authorized Sub Processor means any entity or third party designated by the Controller and expressly approved by the Company;
Sub Processor – is the contractual partner of the Controller, which processes the Personal Data of the Company and/or its End Customers. Any third party natural or legal person designated by the Provider or acting on behalf of the Provider to process the Customer’s Personal Data.
Affiliate of the Company – means an entity controlled by the Company, which controls the Company or which is controlled by the same entities as the Company;
Group Company – means the Company or any Affiliate of the Company as defined by the Tax Code.
Operator’s Affiliate – means an entity controlled by Operator, which controls Operator or which is controlled by the same entities as Operator;
Services – means the services and other activities that are provided or to be provided or performed by or on behalf of Operator to or on behalf of Operator for the Company, Group Companies or the Company’s ultimate Customers, as defined in the Master Agreement.
Information – means all information relating to the Operator’s activities, including but not limited to any customer lists or details, ideas, business methods, finances, pricing, computer systems and software, products and services that are disclosed which may or may not include Personal Data. Such information may be expressed orally or in any other intangible or tangible form, including but not limited to written or printed form, disk, CD, electronic storage media or by telephone or which may be disclosed;
Personal Data Breach – means a breach of security that results in the destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored or otherwise processed;
Data Transfer – means a transfer of Personal Data of the Customer or its End Customer(s) from the Provider to a Sub-processor, or between two entities of a Sub-processor, in each case, if such transfer would be prohibited or restricted by the Personal Data Protection Legislation (or by the terms of the personal data transfer contracts), in the absence of Standard Contractual Clauses or other mechanisms that provide adequate safeguards pursuant to Art. 46 of GDPR.
Standard Contractual Clauses – shall mean standard data protection clauses adopted by the Commission of the European Union in accordance with the examination procedure referred to in Art. 93 para. (2) of the GDPR or standard data protection clauses adopted by a Supervisory Authority and approved by the Commission of the European Union in accordance with the examination procedure referred to in Art. 93 para. (2) of the GDPR.
Genetic data – means personal data relating to inherited or acquired genetic characteristics of a natural person, which provide unique information about the physiology or health of that person and which result in particular from an analysis of a sample of biological material taken from the person concerned;
Biometric data – means personal data resulting from specific processing techniques relating to the physical, physiological or behavioral characteristics of a natural person which uniquely identify or confirm the identity of that person, such as facial images or dactyloscopic data;
Health data – means personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about the health status of that natural person;
Enterprise group – means a controlling undertaking and the undertakings controlled by it;
Binding Corporate Rules – means the personal data protection policies to be complied with by a controller or processor established in the territory of a Member State in respect of transfers or sets of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings or a group of undertakings engaged in a joint economic activity;
3. Rights of data subjects (defined according to GDPR):
– Information and access to data;
– Rectification or erasure of data;
– Restriction of processing;
– To object to processing, data portability, not to be subject to an individual decision;
– To object.
4. The purposes of processing personal data collected by the Agency
The Agency process personal data for the purpose of carrying out Public Relations services, specific to the advertising, marketing, public relations industry, provided by the Agency for the purpose of promoting trade names, brands and/or other elements developed for the purpose of recognizing the identity of the Agency Clients or their products.
These services may consist of, but are not limited to, the following activities: PR and communication services, event organization, press conferences, media relations, creative, strategy, graphics, DTP, audio-video production, project management, client service, online and mobile marketing services, development of digital applications or mechanisms for promotional contests, project / campaign implementation.
5. Processing of personal data in the context of giving consent to the processing of personal data
In the context of giving consent to the processing of personal data by us, the Agency undertakes to use the data thus processed only for the purposes specified, namely:
– invitations to events organized through the Agency;
– information through communication materials as well as products for direct marketing purposes from the Agency, with the purpose of promoting the Agency’s clients;
– contact for collaborations for direct marketing purposes, carried out through the Agency.
For this purpose, for the provision of our basic services, the following personal data might be processed:
– first name;
– surname;
– postal address;
– phone number;
– address for sending invitations in physical format, promotional materials of the Agency’s clients, etc.
The date, time of completion, as well as the IP might be stored for the purposes of proving valid consent in case of a security incident, but not for any other purposes other than that.
You have the option to request the modification, deletion, partial or total deletion from our database of the following personal data processed and collected / stored by sending a request to the following email address: [email protected].
The Agency does not request and does not process personal data in special categories, but only non-sensitive data necessary and relevant for the provision of the advertising services defined above, unless legally required to do so at a later stage. Data considered sensitive / special data could be, but is not limited to, information relating to race or ethnicity, political opinions, religion, trade union membership, health, sexual preference or criminal record.
The Agency does not allow the use of personal data of persons under the age of 18 years, unless with the prior written consent of the parent, which clearly states the purpose, the personal data used and the duration of use of the data of minors. The information collected about you shall not be transferred to our partners or processors.
6. Processing of personal data for market research
If it becomes necessary to process your personal data for the purposes of market research and opinion polls, your data will be anonymized, used by us exclusively for statistical purposes and cannot be linked to you in any way. You can revoke this data processing at any time with effect for the future without stating your reasons. For this purpose you can choose from the ways mentioned in this privacy statement (below). We respect the protection of our customers and collaborators by conducting market research with anonymized data.
7. The storage period of personal data
The storage period of personal data collected and processed by the Agency might be kept for 5 years. However, your basic data may be kept for the duration of the realization of the contract if a collaboration is the case.
8. Data security
In order to prevent unauthorized access, maintain data accuracy and ensure the correct use of data, we take appropriate physical, IT and organizational security measures to effectively protect all personal data we collect/store/process. We take technical and organizational security measures to protect your data from unwanted access to the greatest extent possible. In addition to securing the operating environment, we use encryption in some areas. The information you provide will be transmitted in encrypted form using the Secure Socket Layer (SSL) protocol to prevent misuse of the data by third parties. You can recognize this by the fact that your browser’s status bar shows a closed padlock symbol and the address bar starts with “https”. Data security will be adjusted according to the latest protocols available.
9. Your rights
The right to information – You have the right to request information from us at any time about the data stored about you, as well as about the origin of the data, the recipients or categories of recipients to whom the data are disclosed and the purpose of the storage. For all other copies except the first copy, reasonable administrative costs may be charged. This does not apply to the communication of information by electronic means;
Right of withdrawal – If you have given your consent to the use of the data, you may withdraw it at any time with effect for the future (once the contracted services have been completed), without giving reasons. Simply send an email to [email protected].
Right of rectification – If your data collected by our agency is incorrect, you may request that it be amended at any time by contacting any employee of the Agency or by email at [email protected].
Right of erasure – You have the right to request the erasure of your data. The deletion of your personal data can be carried out at any time by means of a request through the methods already stated using our contact details. As a rule, your data will be deleted immediately, but no later than one month after this right has been exercised. If erasure contravenes data retention obligations laid down by law, contract or by tax or commercial legislation or for other reasons laid down by law, only pseudo-anonymization of your data may be carried out instead of erasure. Once your data has been deleted, it is no longer possible to receive your information. All personal data that no longer needs to be stored for legal reasons will be deleted after the aforementioned deadline. Personal data, such as basic data, which do not need to be deleted during storage for legal reasons, will be blocked for your security.
Right to data portability – If you request personal data made available to us, we will, if you wish, provide or communicate the data to you or another responsible person in a structured, common and electronically processable format. The latter only if this is technically feasible and only in relation to the data you have entrusted to us. Data obtained as a result of services rendered is not within the scope of such a process and will be discussed separately.
Right to object – You have the right to object to the processing of data for direct marketing purposes at any time and without stating your reasons. In addition, we draw your attention to the fact that by refusing all data processing processes, the realization of the information regarding Agency’s services mentioned above may be limited or may no longer be possible to be realized, and we therefore ask you to carefully consider before submitting such requests.
If you contact us by email at [email protected] or by post at Creative Ideas Marketing SRL and/or Strategic Marketing Concept SRL, Str. Constantin Zlatescu 15A, sector 2, Bucuresti, Romania, the information you provide (your email address, your name and your telephone number, if applicable) will be stored by us in order to answer your questions or fulfill your request. We delete the data arising in this context after the storage space is no longer needed or limit processing if there are retention obligations stipulated by law.
Right to lodge a complaint – In case of complaints, please contact: the National Supervisory Authority for Personal Data Processing. In addition, you have the right to lodge a complaint with a supervisory authority about the processing of your personal data if you believe that your data protection rights have been violated.
10. Cookies
This Website uses anonymous non-identifiable information to analyze site activity, and to improve the website by using Cookies. You have control over how this information is collected and used. You can find more information here: https://www.youronlinechoices.com and here: https://www.allaboutcookies.org/.
You can also manage your cookie settings by:
– changing your Privacy Settings;
– changing settings on your mobile device;
– changing your browser settings.
Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.
11. Questions about data protection
Questions about all data processing can be addressed at any time to: Creative Ideas Marketing SRL and/or Strategic Marketing Concept SRL by email at [email protected] or by post: Str. Constantin Zlatescu 15A, sector 2, Bucuresti, Romania.