Data Policy

Generalities

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document referred to as GDPR, the Regulation, or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, with its provisions being directly applicable starting May 25, 2018. This Regulation explicitly repeals Directive 95/46/EC, thereby replacing the provisions of Law no. 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons located within the territory of the European Union. From a material point of view, the Regulation applies to all controllers that process personal data. The Regulation does not apply to the processing of personal data concerning legal entities, in particular, businesses with legal personality, including the name and type of legal entity and the contact details of the legal entity.

Personal data is defined as any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing of personal data involves any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Identity of the Data Controller

Considering Article 4, point 7 of the Regulation, which defines the term "controller" as the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data, the controller processing personal data through this website is Brand Roots Agency SRL, with correspondence address in Cluj-Napoca, Str. Andrei Mureșanu nr. 31, Cluj, having the tax identification number 48817905, with contact email: contact@brandroots.agency & phone number: 0744780909.

Collection of Personal Data

Personal Data Collected

The operator of this website collects, stores, and processes the following personal data about / relating to you:

Name, surname
Contact details (such as email, phone)
IP
Data provided to the Operator by the data subject through the contact form or other means by which they get in touch with the Operator.

Given that the Regulation primarily prohibits “the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation” (according to Article 9(1)), the situations in which the processing of such data is permitted are then outlined:

there is the explicit consent of the data subject;
the processing is necessary for the fulfillment of obligations and the exercise of specific rights of the operator or the data subject in the field of employment and social security and social protection
the processing is necessary to protect the vital interests of the data subject or another natural person, when the data subject is physically or legally incapable of giving consent;
the processing is carried out in the course of their legitimate activities and with adequate safeguards by a foundation, association, or any other nonprofit body with a political, philosophical, religious, or trade union purpose, provided that the processing relates only to members or former members of that body or to persons with whom it has regular contact in connection with its purposes and that the personal data is not disclosed to third parties without the consent of the data subjects;
the processing relates to personal data which are manifestly made public by the data subject;
the processing is necessary for the establishment, exercise, or defense of a right in court, or whenever the courts are acting in their judicial capacity;
the processing is necessary for reasons of substantial public interest, based on Union law or national law, which is proportionate to the objective pursued, respects the essence of the right to data protection, and provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject;
the processing is necessary for purposes related to preventive or occupational medicine, the assessment of the employee’s work capacity, the establishment of a medical diagnosis, the provision of medical or social care or treatment, or the management of health or social care systems and services, under Union law or national law or based on a contract with a healthcare professional, and subject to the conditions and safeguards provided for in the Regulation;
the processing is necessary for reasons of public interest in the field of public health, such as protecting against serious cross-border health threats or ensuring high standards of quality and safety in healthcare and in medicines or medical devices, under Union law or national law, which provides for adequate and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; or
the processing is necessary for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes, proportionate to the objective pursued, respecting the essence of the right to data protection, and providing for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject.

Obtaining Consent

Generalities

For the processing of personal data to be lawful, the GDPR requires that it be carried out based on a legitimate ground, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or based on valid consent given in advance by the data subject. In the latter case, the operator is required to demonstrate that the individual has given their consent for the processing. Consent expressed under the Directive 95/46/EC remains valid if it meets the conditions set out by the GDPR.

Consent must be given through a statement or an unambiguous action that constitutes a freely given, specific, informed, and clear indication of the data subject's agreement to the processing of their personal data. If the consent of the data subject is provided in the context of a declaration, whether in electronic or written format, that also covers other matters, the request for consent must be presented in a way that clearly distinguishes it from the other matters, which can be done even by checking a box.

Cookies

On the Operator's websites, cookies are used. These do not harm your computer and do not contain viruses; rather, they help facilitate a more user-friendly, efficient, and secure experience on the site. They are small text files that are saved on your computer and stored by the browser used to access the site.

Many of the cookies used are called "session cookies," which are automatically deleted after your visit to the site. Others remain in your computer's memory until you delete them, allowing your browser to be recognized during a subsequent visit.

You can configure your browser to notify you about the use of cookies, allowing you to decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be set to automatically accept cookies under certain conditions, always reject them, or automatically delete cookies upon closing the browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you wish to use are stored in accordance with the provisions of Article 6(1)(f) of the GDPR, which states that processing is lawful only if and to the extent that it is necessary for the purposes of the legitimate interests pursued by the operator or by a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies to ensure optimization without technical errors. Other cookies used on the site are also stored and are described in this policy.

Cookies are diverse, with different variations, each serving a well-defined purpose or coming from a specific source. Thus, cookies can be classified into the following categories:

First-Party Cookies: These cookies are specific to the site accessed by a visitor. Primarily, they serve a purely statistical purpose, meaning that these cookies are used to calculate views/accesses to the site (or to a specific category of the site), the number of active sessions, and so on.
Third-Party Cookies: These cookies do not belong to and are not controlled by the accessed site. They are set by web domains that are not necessarily accessed directly by the user. Third-party cookies are inserted by website owners when there is a desire to interconnect multiple features offered online. A good example of this is the use of an existing video on YouTube within the interface of another website. By pressing the "play" button on the video, YouTube can also place cookies on the device being used to access it, without the user necessarily visiting www.youtube.com.
Session Cookies: These cookies are stored for the duration the browser remains open and are deleted immediately (or at most within a few seconds) after closing the browser. These cookies serve a purely administrative and functional purpose as they allow the user to benefit from the accessed website in a useful way.
Persistent Cookies: As the name suggests, these cookies are stored for a longer period of time. They have a specific duration for which they will exist on the user's device (ranging from a few minutes to years or even decades) and do not automatically delete when the web browser is closed. The purpose of these cookies is to track user interactions with a particular website. An example of this would be remembering login information on a specific website (Remember Username/Password). However, the user still retains full control over these persistent cookies, having the ability to delete or block them from their device at any time they wish.
Security Cookies: These cookies can only be used by sites that utilize the HTTPS protocol. These cookies contain encrypted data, which is useful in the case of online payments, online transactions, online/mobile banking services, etc.

On the operator's websites, the following cookies are used, with the following functionalities:

Google Analytics Cookies – 400 days for Chrome users / 7 days for Safari – from the first session – Consent Mode V2 is implemented;
Consent cookies from CookieScript – are strictly necessary and expire after one month;
lscache_vary – performance (functional) – used to manage and optimize the caching mechanism on sites that utilize LiteSpeed caching solutions. The cookie helps determine how to vary or serve cached content based on different parameters, such as user type, device type, or other criteria. – expires after 2 days
wpEmojiSettingsSupports – necessary cookie – expires at the end of the session – helps the browser validate that emojis are displayed correctly.

Cookies are used on the Operator's websites for the following purposes:

To store user preferences;
To make the user experience on this site a useful one;
To keep the site operational;
To be able to offer users all the available options on the website;
To collect data for purely analytical purposes.

In general, any application used to access web pages allows the saving of cookies on the device by default. These settings can be changed at any time by the user from the “Settings” menu of each application. Thus, the user can configure the web browser to no longer allow the storage of cookies, can allow cookies only from certain sites, can delete cookies that are already stored, and many other such actions. Detailed information about the possibilities and methods for managing cookies can be found in the settings area of the application (web browser).

Since the protection of personal data is an objective that must be met, it is advisable to be aware of any potential issues that cookies, or more specifically their use, may create.

Considering that cookies continuously transmit data in both directions (from the user to the website and vice versa), if an attacker or unauthorized person intervenes during the data transmission process, the information contained in the cookies may be intercepted, altered, or even blocked. Although this is very rare, it can happen. For example, if the browser connects to the server using an unencrypted network (an unsecured WiFi network), then an attacker can intercept the data transmission.

We reserve the right to make any additions or modifications to the content of this document. Please visit this page regularly to stay informed about these changes and any new applicable information.

We also inform you that each time we modify this section, we will indicate at the bottom of the page the date when the last update of this Policy took place.

Contact Form

If you contact us through the contact form, we will collect the data entered in the form, including the contact details you provide, to respond to your inquiries and any subsequent ones. We do not share this information without your permission. Therefore, we will process all the data you enter in the contact form only with your consent [in accordance with the provisions of Article 6(1)(a) GDPR]. You can revoke your consent at any time; an informal email in this regard will be sufficient. The data processed before we receive your request may be processed legally.

We will retain the data you provide on the contact form until:

you request the deletion of the data;
you revoke your consent for their storage, or if
the purpose for storing it is no longer valid.

Any mandatory legal provisions, especially those concerning mandatory data retention periods, are not affected by the above.

Contact via Email or Phone

If you contact us via email or phone, your request, including all personal data you provide, will be stored and processed by us for the purpose of resolving your inquiry, based on the consent you have expressed.

Therefore, we will process all the data you provide under the following legal provisions of the GDPR, namely:

only with your consent – in accordance with the provisions of Article 6(1)(a) GDPR.
for the execution of a contract or during the pre-contractual phase – in accordance with the provisions of Article 6(1)(b) GDPR.
for fulfilling the purpose and legitimate interest pursued by us, namely the effective processing of requests submitted by you – in accordance with the provisions of Article 6(1)(f) of the GDPR.

We will retain the data you provide in this way until:

you request the deletion of the data;
you revoke your consent for their storage, or if
the purpose for storing it is no longer valid, in all cases except for mandatory data retention periods.

on this website, however, the mandatory retention periods remain valid and will be observed.

The purpose of processing the collected data

Some of the data collected through the Operator's websites are used for:

Providing the services we offer for your benefit;
Optimal functioning and optimization of this platform (statistical and analytical) – We always aim to provide you with the best experience on our platform, which is why we may collect and use certain information regarding your satisfaction level while navigating this website. We may invite you to complete suggestion questionnaires or similar.
To defend our legitimate interests. There may be situations where we will use or transmit information to protect our rights and business activities. These may include: protective measures for our website and its users against cyberattacks; measures to prevent and detect fraud attempts, including transmitting information to the relevant public authorities; and measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and the need to comply with contracts or to fulfill the legitimate interests of the data controller (except where the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, especially when the data subject is a child).

User Rights

Your rights regarding personal data and the means to exercise them are: the right to information, the right of access, the right to rectification, the right to erasure of data, the right to restrict processing, the right to data portability, the right to object, the right not to be subject to a decision based solely on automated processing of data, the right to lodge a complaint and to address the courts, and the right to withdraw consent.

The right to information – you can request information regarding the processing activities of your personal data, regarding the identity of the controller and their representative, or concerning the recipients of your data;
The right of access – you can obtain from the controller a confirmation as to whether or not personal data concerning you is being processed and, if so, access to the respective data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the period for which the personal data will be stored or, if not possible, the criteria used to determine that period; the right to request the controller to rectify or erase personal data or to restrict the processing of personal data, or the right to object to the processing, etc.
The right to rectification – you can rectify inaccurate personal data or complete it;
The right to erasure of data – you can obtain the erasure of data if their processing was unlawful or in other cases provided by law;
The right to restrict processing – you can request the restriction of processing if you contest the accuracy of the data, as well as in other cases provided by law;
The right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a format that can be read automatically or you can request that the respective data be transmitted to another controller.
The right to object – you can object, in particular, to processing based on the legitimate interest of the controller;
The right not to be subject to a decision based solely on automated processing of data – you can request and obtain human intervention regarding the processing in question or express your own viewpoint regarding this type of processing;
The right to lodge a complaint and to address the courts – you can file a complaint regarding the manner of processing personal data with the National Supervisory Authority for Personal Data Processing and/or you can address the courts to enforce your rights;
The right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time. The withdrawal of consent will take effect only for the future, and processing carried out prior to the withdrawal will remain valid.

Obligations of the data controller

Hosting

Personal data recorded on this website is stored on the servers of Hetzner Online GmbH.

The processing of the provided and stored data complies with the following legal provisions:

6(1)(a) GDPR – the processing of data by Hetzner Online GmbH is based on your consent, obtained after proper and complete information;
6(1)(b) GDPR – the processing of data by Hetzner Online GmbH takes place for the purpose of fulfilling contractual obligations assumed;
6(1)(f) GDPR – the processing of data by Hetzner Online GmbH is carried out for the purposes of the legitimate interests pursued by the controller.

Regardless of the purpose for which the processing of personal data takes place, the principles of legality, fairness, and transparency are upheld, as well as the principle that personal data processed is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

For more information regarding the processing of personal data by Hetzner Online GmbH, please visit https://www.hetzner.com/legal/privacy-policy.

We have a contract/agreement/legal act (including the possibility of including and agreeing to the clauses from the Terms and Conditions of the website) concluded with Hetzner Online GmbH to ensure the processing of personal data in accordance with the legal regulations in the field. We fulfill our obligations under Article 28 of the GDPR by choosing an external service provider that offers sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing complies with the requirements set out in the regulation and ensures the protection of your rights.

Data Encryption

The Operator's websites use SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by the lock icon that appears in the browser's address bar and by the change from http:// to https:// in the respective browser address.

Once this type of encryption is activated, the transmitted or transferred data cannot be viewed by third parties.

According to the GDPR, if a breach of personal data security is likely to result in a high risk to your rights and freedoms, the operator of this platform will inform you without undue delay about this breach, unless the complementary provisions of the same Regulation (Article 34(3)) apply.

Data Protection Officer

The provisions of the GDPR do not apply (Article 37(1) – according to which the Controller and the person designated by the controller appoint a Data Protection Officer whenever:

the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
the main activities of the controller or the person designated by the controller consist of processing operations that, by their nature, scope, and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or
the main activities of the controller or the person designated by the controller consist of the large-scale processing of special categories of data under Article 9 or personal data relating to criminal convictions and offenses, as mentioned in Article 10) regarding the obligation to appoint a Data Protection Officer. For any information or clarifications regarding the operation of this platform, please contact us at the following details:

Name: Oana Lungu
E-mail: contact@brandroots.agency
Phone no.: 0744 780 909
Correspondence address: Cluj-Napoca, Str. Andrei Mureșanu, No. 31, Cluj County.

Records of Processing Activities

According to the GDPR Regulation, the controller or the person designated by the controller should maintain, for a reasonable period, records of the processing activities under their responsibility. Thus, these records will include the following information:

the name and contact details of the controller;
the purposes of the processing;
a description of the categories of data subjects and the categories of personal data;
the categories of recipients to whom the personal data have been or will be disclosed;
if applicable/possible:
the transfers of personal data
the anticipated time limits for the deletion of various categories of data;
a general description of the technical and organizational security measures;

The obligation detailed above does not apply to an enterprise or organization with fewer than 250 employees, unless the processing they carry out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.

Appropriate Technical and Organizational Measures

Considering the current state of technology, the context and purposes of processing, as well as the risks to the rights and freedoms of individuals, the controller implements appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of processing is processed.

Notification of the Supervisory Authority in Case of Personal Data Security Breach

According to Article 33(1) of the GDPR, in the event of a personal data security breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where feasible, within no more than 72 hours from the time we become aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

Informing the Data Subject about the Personal Data Security Breach

According to the provisions of Article 34 of the GDPR, if a personal data security breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay about the breach, except in situations where:

appropriate technical and organizational protection measures have been implemented, and these measures have been applied to the personal data affected by the personal data security breach, particularly measures that ensure the personal data becomes unintelligible to any person not authorized to access it, such as encryption;
further measures have been taken to ensure that the previously mentioned high risk to the rights and freedoms of the data subjects is no longer likely to materialize;
would require a disproportionate effort. In this case, a public notification is carried out or a similar measure is taken to inform the data subjects in an equally effective manner.

To receive a newsletter, it is necessary to provide a valid email address along with specific information that can identify the holder of this address. Additionally, your consent is required for sending the newsletter, and therefore, we inform you that any other personal data will be collected and stored only based on your agreement. The data collected in this way is processed solely for the purpose of sending the newsletter and will not be shared with third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Article 6(1)(a) of the GDPR.

Plug-ins and Tools

Google Web Fonts

This site uses Web Fonts provided by Google to ensure consistent font usage across the site.

When you access a page on this website, your browser will load the necessary web fonts for the correct display of text and fonts by establishing a connection with Google's servers. Thus,

The use of Google Web Fonts is based on Article 6(1)(f) of the GDPR, as there is a legitimate interest in ensuring the uniform presentation of fonts on this website. If consent has been expressly provided for this purpose (for example, consent to cookie storage), data will be processed exclusively based on Article 6(1)(a) of the GDPR.

For more information on how Google Web Fonts handles user data, please refer to the Privacy Policy available at: https://policies.google.com/privacy?hl=en. You can find more details regarding GDPR compliance when using Google Web Fonts in Google's statement from November 18, 2022 – https://fonts.googleblog.com/2022/11/your-privacy-and-google-fonts.html.

Google Maps

This site uses Google Maps, a mapping and localization service, through an API. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, United States.

To ensure data protection on our website, you will find that Google Maps has been deactivated when you first visit our site. A direct connection to Google’s servers will not be established until you manually activate Google Maps, meaning with your consent in accordance with Article 6(1)(a) of the GDPR. This prevents any data from being transferred to Google during your first visit to our site. Once the service is activated, Google Maps will store the IP address. Typically, this is then transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.

In light of the Judgment of 16 July 2020 (delivered in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the Court of Justice of the European Union ruled that the protection provided by the EU – US Privacy Shield is not adequate.

Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the European Commission's Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to controllers established outside the EU or the EEA. It has also issued a set of clauses for transfers from EU controllers to processors established outside the EU or EEA. For more information on these Clauses, we recommend visiting: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Google Maps uses Standard Contractual Clauses as an appropriate safeguard for data protection, in compliance with the level of protection guaranteed by the GDPR. For more information, please refer to Google's Data Privacy Statement at the following link: https://policies.google.com/privacy.

Through WhatsApp, we ensure efficient communication with our clients. For those residing in a country within the European Economic Area (which includes the European Union) and any other included country or territory (collectively referred to as the "European Region"), WhatsApp is operated by WhatsApp Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

According to WhatsApp's policy, which can be reviewed here: https://www.whatsapp.com/legal/#privacy-policy, WhatsApp Ltd., as part of Facebook Companies, collects and processes personal data in compliance with the security and privacy principles applicable at the European level (especially GDPR) or internationally.

Through WhatsApp, the following categories of personal data are processed:

data provided directly by users (such as those related to the user account – phone number, profile name, photo – user connections). Regarding transmitted messages, these are not stored on WhatsApp servers, except for those that could not be sent (for example, for an offline user) and are stored for a period of 30 days before being deleted.
data collected automatically (information regarding the user's 'last seen status,' user preferences stored through cookies, IP address, browser-related information, and some information related to transactions and payments – for the terms and conditions regarding payments, we recommend consulting https://www.whatsapp.com/legal/?eea=0#payments-in).

The legal basis for processing personal data through WhatsApp is represented by Article 6(f) of the Regulation, relying on our legitimate interest in the legality of the processing.

WhatsApp uses Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by the GDPR, as detailed in the information available here: https://www.whatsapp.com/legal/#privacy-policy-our-global-operations.

Advertising and Analytics

Google Analytics

This website uses the features of the Google Analytics service. The provider of this service is Google Inc., located in the United States, at 1600 Amphitheatre Parkway, Mountain View, CA 94043.

Google Analytics uses so-called cookies. Cookies are text files that are stored on your computer and allow for an analysis of users' usage of the website. The information generated by the cookies regarding your use of this platform is usually transferred to a Google server in the United States, where it is stored.

The storage of Google Analytics cookies and the use of this analytics tool are based on Article 6(1)(f) of the GDPR. The operator of this platform has a legitimate interest in analyzing user patterns to optimize both the online services offered and the operator's advertising activities.

Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the EEA. It has also issued a set of contractual clauses for data transfers from EU controllers to processors located outside the EU or the EEA. For more information regarding these clauses, we recommend visiting [this link](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro). The transfer of data to the United States is based on the Standard Contractual Clauses (SCC) of the European Commission.

IP Anonymization

On this website, we have activated the IP anonymization feature. As a result, the IP address will be shortened by Google in the member states of the European Union or in other states that have ratified the Convention on the European Economic Area before being transmitted to the United States. The complete IP address will be sent to one of Google's servers in the United States and will be shortened there only in exceptional cases. On behalf of the operator of this platform, Google will use this information to analyze your use of the platform, generate reports on website activity, and provide other services related to the use of the website. The IP address transmitted from your browser to Google Analytics will not be merged with other data held by Google.

Demographic Parameters Provided by Google Analytics

This website uses the "demographic parameters" feature provided by Google Analytics, which generates reports offering insights into the age, gender, and interests of website visitors. The sources of this information include interest-based advertising generated by Google, as well as visitor data obtained from third-party service providers. These data cannot be allocated to a specific individual. You have the option to disable this feature at any time by making relevant changes to your advertising settings in your Google account, or you can generally prevent your data from being recorded by Google Analytics.

Archiving period

Date regarding user levels or incidents stored by Google related to cookies, user IDs, or advertising IDs (for example, DoubleClick cookies, Android advertising ID) will be anonymized or deleted after a maximum of 14 months. For details, click the following link: https://support.google.com/analytics/?hl=en#topic=3544906.

This website has integrated Google Consent Mode v2, which is a technology that allows websites to adjust how cookies and other data storage methods are used based on the consent provided by users. The main purpose is to help websites comply with data protection regulations, such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), while optimizing the functionality and analysis of the site.

The benefits of integrating Google Consent Mode V2 are:

Compliance with regulations: It helps websites comply with international data privacy regulations.

Performance optimization: It allows the collection of useful data even in the absence of full consent, thereby improving marketing performance and web analysis.

Personalized experience: It helps maintain a personalized user experience by dynamically adjusting the website's behavior based on user preferences.

Google Consent Mode v2 is an essential tool for websites that want to balance the need for useful data for operations and marketing with respecting users' privacy rights. More information is available here: https://cookie-compliance.co/documentation/google-consent-mode/.

Conclusion

This personal data processing policy is generated in accordance with the provisions of Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as with other applicable national legal provisions.

We reserve the right to make any additions or modifications to this policy. We recommend regularly consulting the Policy for accurate and up-to-date information regarding the processing of personal data.

For more details regarding this GDPR Policy, as well as to exercise any of the rights mentioned above, a written notification can be sent to the contact details provided above.

Last updated: 17.09.2024

Data Policy

Generalities

Identity of the Data Controller

Collection of Personal Data

Personal Data Collected

Obtaining Consent

Generalities

Cookies

Contact Form

Contact via Email or Phone

The purpose of processing the collected data

User Rights

Obligations of the data controller

Hosting

Data Encryption

Data Protection Officer

Records of Processing Activities

Appropriate Technical and Organizational Measures

Notification of the Supervisory Authority in Case of Personal Data Security Breach

Informing the Data Subject about the Personal Data Security Breach

Newsletter

Plug-ins and Tools

Google Web Fonts

Google Maps

Whatsapp

Advertising and Analytics

Google Analytics

Conclusion

Do you have an issue related to intellectual property?

BrandRoots.Agency

Legal Terms

Contact us

Member of

Representative of