Privacy and personal data protection Policy
This is the Policy on the privacy and protection of personal data (hereinafter referred to as “Policy”), adopted by GLITCH MEDIA SRL (hereinafter referred to as “GLITCH MEDIA”).
GLITCH MEDIA respects your privacy and is committed to protecting the personal data you have provided to us. We undertake to collect and use personal data in accordance with the General Data Protection Regulation (GDPR).
This Policy will inform you of how we handle your personal data and will detail your rights in relation to your personal data and how the law (including the GDPR) protects you.
This Policy applies to the personal data of our customers, business partners, other persons who contact and visit us and their representatives and employees, potential employees or interns and applies to data collected through our websites https://photolog.cloud , https://glitch.ro , https://photolog.studio , respectively to our services and/ or products’ websites, namely PhotoLog, as well as during our events, respectively personal data collected by e-mail or other offline lines.
1. Important information and details about GLITCH MEDIA
This Policy is intended to inform you of how GLITCH MEDIA collects and uses personal data as a result of using our websites, as a result of registering for any Events (as defined in the Glossary) or courses organized by GLITCH MEDIA, as a result of subscription to any GLITCH MEDIA publications or newsletter or as a result of collaboration of any kind, current or potential, with GLITCH MEDIA.
Our website, respectively our ervices and/ or products’ websites are not intended for minors and we do not consciously collect personal data of minors.
GLITCH MEDIA SRL is the operator for your personal data (collectively referred to as "Company", "us", "to us" or "our" in this personal data protection policy).
It is important that the personal data we hold is accurate and current. Please let us know if your personal data changes during your relationship with us.
2. The data we collect
Personal data or personal information means any information about a person from which that person can be identified. Does not include data in which the identity was removed (anonymous data).
In order to provide our services, we collect or receive your personal information in different ways. We often choose what information to provide, but sometimes we need certain information from you to use so that we can provide you with these services.
We may collect, use, store and process different types of personal data about you that we have grouped together (all or any):
• Identity data includes first name, last name, username or similar identifier, personal numerical code, specialty, professional grade, job, date of birth and gender.
• Contact details include billing address, delivery address, e-mail address and phone numbers.
• Financial data includes bank account and payment card details.
• Transaction data includes details about payments to and from you and other details about the products and services you have contracted from us.
• Technical data includes [IP protocol] address, your connection data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you are using for the use of the site.
• Profile data includes your username and password, purchases or orders made by you, interests, preferences, feedback and survey responses, including user data for registration on the platforms where webinars are eventually organized.
• Usage data includes information about how you use our website, products and services.
• Marketing and communication data includes your preferences in receiving our communications from us and our third parties and your communication preferences.
• Media data includes audio, video, and photos / pictures.
We also collect, use, and share aggregate Google Analytics data, such as statistical or demographic data.The aggregated data may be obtained from your personal data, but is not considered personal data in accordance with applicable law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users who access an GLITCH MEDIA’s services and/ or products.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, membership in trade unions / political parties, information about your health and biometric and genetic data). We also do not collect any information about criminal convictions and crimes.
If you do not provide us with personal data
If we need to collect personal data by law or for the performance of a contract we have with you or the organizations you are affiliated with and you are unable to provide such data when requested, we may not be able to perform the contract we have (for example, to provide you with goods or services). In this case, it may be necessary to cancel a product or service that you have with us, but we will notify you, if applicable, at that time.
3. How is personal data collected?
We use different methods to collect personal data including by:
• Direct interactions. We collect your data when you voluntarily provide us with contact details by filling in any forms in digital / physical format provided or by GLITCH MEDIA, by filling in the data on our website or on our services and/ or products' websites or by correspondence with us (including mail, telephone, e-mail or other method of communication). These include personal data that you provide when, for example, but not limited to:
- applications for our products or services;
- create an account on our website or on our services/ and or products’ websites;
- you subscribe to our services or publications;
- request GLITCH MEDIA offers or promotional materials;
- participate in an Event or course organized by GLITCH MEDIA;
- participate in a contest, competition, survey organized by GLITCH MEDIA;
- download our applications;
- candidates for a position within GLITCH MEDIA;
- provide feedback on our services and products;
- provide or offer to provide services for us.
Also, there are situations in which we collect media data at Events eventually organized by GLITCH MEDIA. For example, (i) if you accept the invitation to be a speaker at a presentation / workshop, etc.within an GLITCH MEDIA Event, we will collect media data, respectively: photos and videos if the event is recorded, (ii) if you choose to ask questions to the panel during a video recording event, then your intervention will be registered (iii) if during an Event, there is a photo panel and you will verbally request GLITCH MEDIA staff or GLITCH MEDIA collaborators to take photos. All media data collected will be collected during GLITCH MEDIA Events and only if you voluntarily take action in this regard.
• Third parties or public sources. We may receive personal data about you from various third parties or from public sources (public registries). These sources also include:
- Professional organizations and associations to which you are affiliated and which contract our services or products;
- Public authorities or institutions of any kind;
- Personnel recruitment companies;
- Credit institutions (for example, when you make a payment to us by payment order).
4. How we use personal data
We will only use your personal data when the law allows us to. Most often, we will use your personal data in the following situations:
• If we have to execute a contract concluded with you (or which we are about to conclude);
• If we need to execute a contract with an organization, association or company to which you are affiliated; (e.g. participate in a possible event organized by GLITCH MEDIA)
• If necessary for our legitimate interests (or those of a third party) and your fundamental interests and rights do not exceed those interests;
• If we have to comply with a legal or regulatory obligation;
• If you provide us with the express prior consent or on the basis of fair proof of your consent, provided by a third party who communicates this data to us;
• If we disseminate video or photo content from any GLITCH MEDIA Events, on the media channels of GLITCH MEDIA or of the partners for which GLITCH MEDIA organizes any Events, for professional, media communication or educational and / or scientific purposes.
The purpose for which we use your personal data
We have presented below, in a table format, a description of all the ways in which we intend to use your personal data and what are the legal bases on which the processing is based. We have also identified our legitimate interests, where appropriate.
Please note that we may process your personal data based on several legal grounds, depending on the specific purpose for which we use the data. Contact us if you need details on the specific legal basis on which we rely to process personal data, if several reasons have been set out in the table below.
Purpose / Activity
Category of personal data
The legal basis for the processing, including the legitimate interest, where applicable
Registration of a new client / participant / student
(a) Identity data
(b) Contact details
Concluding or executing a contract
Contract processing and execution, including:
(a) Administration of costs, fees, taxes;
(b) Event organization.
(a) Identity data
(b) Contact details
(c) Financial data
(d) Transaction dates
(e) Data for marketing and communication
(f) Media Data
(g) Profile data
(a) performance of a contract
(b) legitimate interest
(c) legal obligation
To manage the relationship with you, including:
(a) notices of changes to policies on terms and conditions, protection of personal data, other documents as appropriate;
(b) to solicit feedback or participate in surveys;
(c) to communicate to you requests or other matters relating to our partnership.
(a) Identity data
(b) Contact details
(c) Profile date
(d) Marketing and communication data
(a) performance of a contract
(b) legal obligation
(c) legitimate interest (to keep records up to date and to analyze how customers use our products and services)
To manage the business and this website (including troubleshooting, data analysis, testing, system maintenance, support)
(a) Identity data
(b) Contact Details
(c) Technical Data
(d) Profile data
(a) Necessary for legitimate interest (business administration, IT infrastructure management)
(b) Necessary for the fulfillment of a legal obligation
Fulfillment of legal reporting obligations to professional organizations and competent authorities
(a) Identity data
(b) Contact Details
(a) Necessary for fulfilling a legal obligation
Communication of suggestions and recommendations about GLITCH MEDIA products and services that are of interest
(a) Identification data
(b) Contact Details
(a) Required for legitimate interest (business administration)
(b) Based on consent
Media communication (online / offline)
(a) Media Data
(a) Execution of a contract
(b) Legitimate interest
We strive to provide you with options for the use of personal data, especially in terms of marketing and advertising.
We may use your identity, contact, technical, usage and profile data to form an image of what we think you would like or need or that may be of interest to you. This is how we decide what products, services and offers may be relevant to you.
You will receive marketing communications from us if you have requested information from us or participated in any Events or courses organized by us or if you have provided us with your data when you entered a contest or registered for a promotion and / or you have placed an order for services and / or products and, in each case, if you have not withdrawn your consent.
You can request that we stop sending you marketing messages at any time by e-mail to [email protected] or, if applicable, by unsubscribing via the UNSUBSCRIBE link in the newsletter.
If you opt out of receiving these marketing messages, we may continue to process your personal data, based on another legal basis, where we have at least two legal bases on which we process personal data.
Changing the Purpose
We will use your personal data only for the purposes for which we collected it, unless we reasonably believe that we must use it for another reason and that this reason is compatible with the original purpose. If you would like to receive an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.
If we have to use your personal data for undeclared purposes, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, if required or permitted by law.
5. Disclosure of Personal Data
We may share your personal data with the parties listed below for the purposes set out in the table in point 4 above.
- Internal third parties, as defined in the Glossary.
- External third parties, as defined in the Glossary.
- Third parties to whom we may choose to transfer or merge parts of our business or assets. Alternatively, we may seek to acquire or merge with other businesses. If there is a change in our business, then the new owners may use your personal data in the same way as described in this Policy.
We ask all our collaborators and partners to respect the security of your personal data and to treat them in accordance with the applicable legislation in force. We do not allow employees to use your personal data for their own purposes. They may use your personal data only if we give them permission to process it and only for the purposes mentioned by us.
6. Data security
We have implemented appropriate security measures to prevent accidental loss of your personal data, unauthorized use or access, modification or disclosure of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who are in dire need of such data. They will only process your personal data in accordance with our instructions and will be subject to confidentiality obligations in this regard.
7. Data retention
As long as we keep personal data
We will retain your personal data for as long as is necessary to fulfill the purposes for which we have collected it, including for the purpose of fulfilling any legal, accounting or reporting requirements.
In order to properly determine the retention period for personal data, we consider the value, nature and sensitivity of personal data, the potential risk of harm caused by unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these goals by other means.
8. Your rights
In certain circumstances, you have rights under applicable data protection law in respect of your personal data. Such rights are:
• The right to access your personal data.
• The right to rectify your personal data.
• The right to request the deletion of your personal data.
• The right of the opposition regarding the processing of your personal data.
• The right to request the restriction of the processing of your personal data.
• The right to request the transfer of your personal data (portability).
• The right to withdraw consent.
• The right not to be the subject of any individual decision or automated individual decision-making process (including, but not limited to, automated profiling).
You will not have to pay any fees to access your personal data (or to exercise any of the rights granted to you in connection with them). However, we may charge a reasonable fee if your request is manifestly unfounded, repeated or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we can ask of you
We may request specific information from you to help you confirm your identity and secure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who is not entitled to receive it.
We try to respond to all legitimate requests within thirty (30) days. Occasionally, it may take more than thirty (30) days if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you informed of the status of the request.
GLITCH MEDIA EVENTS
Event (s) means any event organized by us, including virtual events, in collaboration with our customers or partners, regardless of how it is organized, online (virtual), offline or in any combination of the two variants, respectively: conference, seminar, congress, webinar, workshop, presentation, conference with speaker in the hall and participants who connect online etc.
Legitimate interest means our interest in running and managing our business to enable us to offer you the best services and / or products, as well as the best and safest experience.We make sure that we consider and balance any potential impact on you (both positive and negative), respectively on your rights, before processing your personal data for our legitimate interests.We do not use your personal data for activities in which our interests are overburdened by the impact on you (unless we have your consent or if the applicable law does not provide otherwise).
Execution of the Contract means the processing of your data if it is necessary for the execution of a contract to which you are a party or to which an association or company to which you are affiliated is a party or to take action at your request before concluding such a contract.
Compliance with a legal or regulatory obligation means the processing of your personal data if it is necessary to comply with a legal or regulatory obligation to which we are subject.
Internal third parties are, as the case may be, other branches/ subsidiaries of GLITCH MEDIA and/ or other entities that act as operators or processors and that have their headquarters in Romania, associates, employees or collaborators of GLITCH MEDIA.
External third parties (listing not exhaustive)
• Service providers that provide IT systems administration and management services.
• Professional consultants including lawyers, accountants, bankers, auditors and insurers providing consulting, banking, legal, insurance and accounting services.
• Public regulatory authorities and institutions and other public authorities in Romania or the European Union.
• Collaborators or business partners with whom GLITCH MEDIA works in order to carry out its activity.
You have the following rights in connection with your personal data:
The right to access personal data, which provides that you have the right to a copy of personal data held by us and to verify that they are legally processed.
The right to rectification by which you can request the correction of personal data we hold about you. This allows you to request the correction of any incomplete or inaccurate data we hold about you. Please note that it may be necessary to verify the accuracy of the new data you provide to us.
The right to delete data (“the right to be forgotten”). This allows you to ask us to delete or remove your data.if there are no longer good reasons to continue processing. Please note, however, that we may not always be able to comply with your request of deletion, for specific legal reasons, which will be notified to you, if applicable, at the time of your specific request.
The right to object to the processing of personal data when we process data based on legitimate interest (ours or a third party) and when in your particular situation you consider that your fundamental rights and freedoms are violated. You may also object to the processing of your data for marketing purposes. In some cases we may demonstrate legitimate and compelling reasons justifying the processing and prevailing over personal interests, rights and freedoms.
The right to restrict processing. This right allows you to request that we suspend the processing of your personal data in the following cases: (a) whether you wish to establish the accuracy and correctness of the data; or; (b) if our processing of the data is illegal, but you object to the deletion; (c) if you need to keep the data, even if we no longer process it, because you need it to establish, exercise or defend rights in court; or (d) you objected to the processing of your data, but we must verify that we have mandatory legal reasons to process it.
The right to data portability. We will provide you or a third party of your choice with your personal data in a structured, commonly used format that can be read automatically. Please note that right applies to automatic data processing for which you have given us your consent or, if we have used the data, to execute a contract with you.
The right to withdraw consent when we base our processing on your consent. However, this right shall not affect the lawfulness of the processing carried out before the withdrawal of the consent in question.
The right not to be subject to any individual decision or automated individual decision-making process, including, but not limited to, the creation of profiles that produce legal effects that concern or affect you in a similar way.