Privacy Policy GMG Digital

Last updated: 02.06.2026

At GMG Digital, we are committed to protecting the privacy of our users and managing personal data with the utmost responsibility. This Privacy Policy provides detailed information about the types of personal data we collect through our website https://gmgdigital.ro, how this data is used, and the rights you have under applicable legislation. It is essential for us to comply with data protection laws and ensure transparency in managing personal information.

As a data controller, GMG Digital complies with relevant international and national regulations, ensuring that all our data collection and processing procedures are fair, lawful, and transparent. This policy complies with:

  • Regulation (EU) 2016/679 (GDPR)
  • Law no. 190/2018 on the implementation of GDPR in Romania
  • Law no. 506/2004 regarding the processing of personal data and the protection of privacy in the electronic communications sector

1. Who We Are and How to Contact Us

Controller: GMG Digital Innovation SRL

Official Website: https://gmgdigital.ro

GDPR Contact Email: contact@gmgdigital.ro

For any request or question regarding the management of your personal data, you can write to us directly at the e-mail address above.


2. What Data We Collect

In the context of the specific activities of a presentation and consulting website, we only collect the minimum data necessary to interact effectively with you:

2.1. Data Provided Directly by You

This is information that you actively provide to us through contact forms or direct e-mail:

  • Identification Data: Information such as your first name, last name, and the company you represent, collected to personalize our response and collaborate effectively.
  • Contact Data: Your e-mail address and phone number, which are essential to respond to your requests for quotes or support.
  • Communication and Support: We keep the content of the messages sent to resolve your requests and ensure the traceability of commercial discussions.

2.2. Automatically Collected Data

When you browse our website, we automatically collect certain technical information through cookies and similar technologies:

  • Technical and Device Data: IP address, device type, browser used, operating system, and the pages from which you arrived at our site (referrers). This ensures that the website renders correctly on your platform.
  • Website Interaction Data: We record pages visited, actions taken, session duration, and navigation events to understand user behavior and improve content.
  • Analytics and Marketing Tools: We use third-party modules (such as Google Analytics and Meta Ads) for statistical analysis and optimization of advertising campaigns. This data is collected solely based on your explicit consent, expressed via the cookie banner.

3. How We Collect Data

  • Direct Collection: When you manually fill out a form on the website or write to us via e-mail. This process is transparent, and data is sent exclusively through your voluntary action.
  • Automatic Collection: Through our own and third-party cookies, which technically monitor website usage without requiring direct intervention from you.

4. Categories of Sensitive Data (Special Data)

By the nature of GMG Digital agency's activity, we do not request, collect, or process in any way sensitive personal data classified under special categories according to Art. 9 of the GDPR (racial/ethnic origin, political opinions, religious beliefs, genetic/biometric data, health data, or sexual orientation).

Please do not include such details in the free-text fields of contact forms or in initial e-mails. In the exceptional case where such data is provided to us involuntarily, it will be immediately deleted from our systems.


5. Purposes and Legal Grounds for Data Processing

We process your data in a transparent manner, based on clear purposes and legal grounds, according to Art. 6 of the GDPR:

Purpose of Processing Legal Ground (GDPR)
Handling Requests and Quoting: Responding to messages from forms, scheduling meetings, and sending commercial service proposals. Pre-contractual steps or execution of a contract (Art. 6 para. 1 lit. b of the GDPR) - the data is necessary to generate the requested offer.
Marketing Communications (Newsletter): Sending news, articles, or specific agency offers. Your explicit consent (Art. 6 para. 1 lit. a of the GDPR) - only if you have actively chosen to subscribe.
Website Security and Web Analytics: Protecting the platform against cyber attacks, fixing errors, and optimizing loading speed. Legitimate interest (Art. 6 para. 1 lit. f of the GDPR) - maintaining a secure, functional, and high-performing online infrastructure.
Billing and Tax Obligations: Issuing invoices for services contracted by clients and archiving documents. Legal obligation (Art. 6 para. 1 lit. c of the GDPR) - in accordance with Romanian fiscal legislation (including reporting through the national RO e-Factura system).

Note: GMG Digital does not use automated decision-making processes or profiling that produce legal effects concerning you.


6. To Whom We Disclose Data (Data Recipients)

GMG Digital does not sell or rent your personal data to third parties. For the optimal functioning of the agency and the website, we may transfer a minimum set of data to trusted partners under strict confidentiality obligations:

  • IT and Hosting Service Providers: Specialized companies that ensure the hosting of our servers within the EU, website maintenance, and cybersecurity.
  • Accounting Management Services: Our external accounting provider, for keeping mandatory registers, and secure billing applications.
  • Analytics and Marketing Platforms: Third-party services (such as Google Analytics, Google Ads, or Meta Ads) that process traffic data exclusively based on the cookies accepted by you.
  • Public Authorities (ANAF, courts, control bodies): Only when there is an imperative legal obligation (such as declaring invoices in e-Factura) or to defend our legitimate rights in the event of a dispute.

7. Data Transfers Outside the European Economic Area (EEA)

For certain technical analysis and marketing services (e.g., Google or Meta infrastructure), data may be accessed or stored on servers located outside the EEA (particularly in the USA). Any transfer of this type is carried out exclusively based on protection mechanisms recognized by the GDPR:

  • Adequacy Decisions: To organizations in the USA certified under the EU-US Data Privacy Framework.
  • Standard Contractual Clauses (SCC): Standard contracts approved by the European Commission that bind recipients to rigorous security measures equivalent to those in the European Union.

8. How Long We Keep Data (Retention Period)

We do not store your information longer than necessary for the purpose of collection:

  • Commercial / Client Data: Data required for contract execution and billing is kept for a period of 10 years from the end of the financial year in which the last invoice was issued, in accordance with Accounting Law no. 82/1991.
  • Data from Contact Forms: If the request does not materialize into a commercial contract, the messages and associated data are kept for a maximum period of 2 years from the last interaction, for the purpose of resolving support history.
  • Data for Marketing (Newsletter): Retained until you choose to withdraw your consent (by clicking the unsubscribe link in the email), at which point removal from the marketing database is immediate.
  • Cookie Data: According to the specific settings of each cookie module (detailed in the Cookie Policy) or until manually deleted from your browser.

All data is stored on secure servers and, upon expiration of the terms, is permanently deleted or irreversibly anonymized.


9. Requirement to Provide Data

  • Mandatory Data for Interaction: Providing your name, e-mail, and project details is an essential condition for us to respond or enter into a contract. Without them, we cannot contact you or provide an offer.
  • Optional Data: Accepting marketing cookies or subscribing to the newsletter is strictly optional. Refusal will not affect your ability to browse our website or request services in any way.

10. User Rights

According to the GDPR Regulation, you benefit from full rights over your personal data:

  • Right of Access: You can request confirmation and a copy of the data we hold about you.
  • Right to Rectification: You have the right to ask us to correct inaccurate or incomplete data.
  • Right to Erasure ("The Right to be Forgotten"): You can request data deletion (except in situations where legislation obliges us to keep it, such as legal billing data).
  • Right to Restriction of Processing: You can request the temporary suspension of data usage in certain cases.
  • Right to Data Portability: You can request the transfer of data in a structured, commonly used format to another controller.
  • Right to Object: You can object to processing based on legitimate interest or for direct marketing purposes (unsubscribing).
  • Right to Withdraw Consent: At any time, without affecting the lawfulness of processing prior to withdrawal.

To exercise these rights, you can send us a clear request at the e-mail address: contact@gmgdigital.ro. For data security, we may ask for proof of your identity before processing the request. The response will be sent within a maximum of one month.

You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):
Address: 28-30 G-ral. Gheorghe Magheru Bld., District 1, Bucharest
Website: www.dataprotection.ro


11. Links to Other Sites

GMG Digital is not responsible for the privacy practices or content of other websites linked on our platform. We recommend reading the privacy policies of every external site you visit.


12. Changes to the Privacy Policy

We reserve the right to update this Privacy Policy whenever necessary to reflect legislative or operational updates within the agency. Any new version will be published on this page, with the update date mentioned at the beginning. We recommend checking this section periodically.


13. Contact

For any questions, clarifications, or requests related to the processing of your personal data, you can contact us directly at:

Email: contact@gmgdigital.ro