AMBER STUDIO S.A. (Joint Stock Company) PRIVACY POLICY
We take privacy very seriously and we are committed to protecting the personal data that we may collect about you. Through this privacy policy, we inform you about how your data is being collected, used, disclosed, transferred, and stored. By visiting our website at www.amberstudio.com(“Website”), you agree that the information you provide, including your personal information, will be handled as described in this Policy.
WHO WE ARE?
The data controller is Amber Studio S.A., a company duly registered under the Romanian Law, having our headquarters in Romania, Bucharest, 1st District, 15 Charles de Gaulle Square, Charles de Gaulle Building, floors 10 and 11 (“Controller” or “Amber Studio”).
DEFINITIONS
Personal data - shall mean information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, Internet identifier and information collected through cookies and other similar technology.
Policy - this Privacy Policy.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT THIS DATA?
We only collect the Personal data that is relevant to our activity and that it's also adequate. Accordingly, in our activity, we may collect the following Personal data of yours:
- Name - when you fill in the contact form;
- E-mail address - when you fill in the contact form and to be able to send you our newsletter;
- The name of the company you work for/you are representing - when you fill in the contact form;
- Your Role within the company - when you fill in the contact form;
- IP address and device identifiers (such as your device ID, advertising ID, MAC address, IMEI) - when you access our Website;
- Information about your device (such as device name and operating system, browser information, including browser type) - when you access our Website;
- Information that we receive if you decide to connect to a third-party social network or platform (such as Facebook, Twitter, LinkedIn, Medium, Vimeo);
- Information from your CV - when you apply for a job;
- Cookies.
PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE
Use of the Website
Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
- in order to provide the users with electronic services in the scope of providing access to the Website and its functionalities - the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
- in order to identify potential abuses - the legal ground for processing is the Controller's legitimate interest (Article 6(1)(f) GDPR) which consists in taking actions to prevent unauthorised actions of the user in the Website;
- for analytical and statistical purposes - in such case the legal ground for processing is the Controller's legitimate interest (Article 6(1)(f) GDPR) which consists in analysing users' activities and preferences in order to improve the functionalities applied and services provided;
- if necessary, for the purpose of establishing, exercising or defending potential legal claims - the legal ground for processing is the Controller's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of the Controller's rights;
- for marketing purposes of the Controller and other entities, in particular related to presenting behavioural advertisement - the rules of processing the Personal data for marketing purposes are described below.
Marketing
The Controller processes your Personal data in order to carry out marketing activities, which may consist in:
- sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
- conducting other activities related to direct marketing of goods and services (sending commercial information by e-mail and by phone) - the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR) in connection with the expressed consent of data subject.
In order to carry out marketing activities, the Controller in some cases uses profiling. This means that thanks to automatic data processing the Controller evaluates selected factors concerning you.
In order to analyse your behaviour or to create a forecast for the future. This allows for better adjustment of the displayed content to your individual preferences and interests.
Newsletter
Subscribing to a newsletter involves the processing of your Personal data, such as your e-mail addresses. Providing the e-mail address is required in order to provide the newsletter service, and its failure results in the inability to send the newsletter. This form of communication with you may include profiling.
Personal data shall be processed:
- in case of sending marketing content to you within the newsletter - the legal basis for such processing, including the use of profiling, is the Controller's legitimate interest (Article 6(1)(f) GDPR) in connection with the expressed consent to receive the newsletter;
- for analytical and statistical purposes - the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of your activity, as well as of your preferences in order to improve functionalities and services provided;
- if necessary, in order to establish and assert claims or to defend against claims - the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.
Contact form
The type of information that we collect about you includes your name, e-mail address, and any other information that you choose to submit to us by filling the contact form that you find on the Website. In case you won't fill the contact form with all the requested information, you won't be able to contact us.
Personal data shall be processed :
- in order to handle a request submitted by a contact form, the legal basis for processing is the Controller's legitimate interest (Article 6(1)(f) GDPR) in responding to the request; as regards the data voluntarily provided in the contents of the request sent to the Controller, the legal basis for the processing is consent (Article 6(1)(a) GDPR);
- for analytical and statistical purposes - the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of providing statistics on user requests submitted through the Website, to improve its functionality;
- if necessary, in order to establish and assert claims or to defend against claims - the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.
Cookies
We also collect information about your use of our Website through cookies. For additional information, please see our section entitled “Cookie Policy”.
Lead Ad Form
In addition, we collect information through Facebook's lead ads because we want to find the people who are interested in our business and promote our products and services to them. Through the Lead Ad Form we collect your name, e-mail address and phone number. Facebook's lead ads are built with privacy in mind and we take care to respect their privacy policy and act accordingly. Everyone can edit their contact information before submitting this form, and the information isn't sent to us until the person clicks “submit”. In case you won't fill the contact section with all the requested information, your message will not be generated and sent to the recipient.
Social media
The Controller processes your Personal data when you visit the Controller's profiles held in social media (Medium, Vimeo, Facebook, Instagram, YouTube, LinkedIn, Twitter). The data is processed solely in connection with running the profile, including for the purpose of informing you about the Controller's activity and promoting various events, services, and products. The legal basis for the processing the Personal data by the Controller for this purpose is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting in promoting its own brand.
The information indicated above does not apply to the processing of Personal data by respective controllers of the above-mentioned social media platforms (Medium, Vimeo, Facebook, Instagram, YouTube, LinkedIn, Twitter).
So, the type of information that we collect about you depends upon your particular interaction with us. By providing personal information to us, you agree to the terms and conditions of this Privacy Policy and you confirm that you have read and understood them.
HOW YOUR PERSONAL DATA ARE RETAINED?
We may retain, use and store the personal data you provide us with, for as long as you are being our client, until you request us to delete such data and also for the period necessary to fulfil all the purposes described in this Privacy Policy, in compliance with the applicable laws. We want to inform you that a longer retention period could be required to resolve disputes, or answer regulatory or police requests. In such cases, the collected information will be used and stored until the request is closed.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
We may retain, use and store the personal data you provide us with, for as long as you are being our client, until you request us to delete such data and also for the period necessary to fulfil all the purposes described in this Privacy Policy, in compliance with the applicable laws. We want to inform you that a longer retention period could be required to resolve disputes, or answer regulatory or police requests. In such cases, the collected information will be used and stored until the request is closed.
- The right of access. You have the right to obtain from Controller confirmation as to whether or not it processes your personal data, as well as information regarding the specifics of the processing;
- The right to data portability refers to the your right to receive the personal data you have provided us to, in a structured format, currently used and automatically readable, and to the right to transmit these data directly to another controller if this is technically feasible. The right to data portability applies only if the processing of data is “done by automatic means” - electronic devices and, therefore, does not cover most documents on paper (possibly only if they are scanned and loaded into a database), so this right has to be taken into account only with respect to data processed by electronic means. It is recommended to create technically the possibility of a possible transfer to the extent that the data subject wishes to dispose of his / her legal right;
- The right to rectification refers to the correction, without undue delay, of inaccurate personal data stored. The rectification must be communicated to each recipient to whom the data was transmitted, unless this proves impossible or involves disproportionate (demonstrable) efforts.
- The right to erasure (“the right to be forgotten”) means the right of the data subject to request that his or her personal data to be deleted without any delay, if one of the following reasons applies: they are no longer necessary for the purposes for which they were collected or processed; withdraws consent and there is no other legal basis for processing; opposes processing and there are no legitimate reasons to prevail; personal data has been processed illegally; personal data must be deleted for compliance with a legal obligation; personal data was collected in connection with the provision of information society services.
- The right to restrict processing can be exercised if the person disputes the accuracy of the data for a period that allows verification of the correctness of the data; processing is unlawful and the person opposes the deletion of personal data, but instead calls for restriction; if the operator no longer requires personal data for processing, but the person requests them for the establishment, exercise or defense of a right in court; if the person opposed the processing for the period of time that it is verified that the legitimate rights of the operator prevail over the person's rights.
- The right to complain. If you believe that the processing of Personal data is in breach of the provisions of the GDPR or any other legislation relating to the protection of Personal data, you may lodge a complaint with the data processing supervisory authority having jurisdiction over your habitual residence, place of work or place of the alleged infringement.
- The right to object to processing for marketing purposes - if applicable, you may at any time object to the processing of Personal data for marketing purposes, without having to justify such objection.
- The right to withdraw consent. To the extent that your data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller by e-mail address: dataprivacy@amberstudio.com. However, it does not affect the lawfulness of processing based on consent before its withdrawal.
If you wish to exercise these rights, you shall fill in a written, dated and signed petition to the following e-mail address: dataprivacy@amberstudio.com. You may state your wish to be informed at a specific address, which may also be an electronic mail address, or through a mail service that ensures confidential receipt of the information.
SECURITY OF YOUR INFORMATION
We have implemented commercially reasonable security measures to help protect your Personal data from loss, misuse, or unauthorized access or disclosure; unfortunately, however, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal data, we cannot ensure its security. You use the Website and provide us with information on your initiative and risk. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem at the e-mail address: dataprivacy@amberstudio.com.
TRANSFER OF DATA OUTSIDE THE EEA
If Personal data are transferred by the Controller to other entities established outside the EEA, the Controller shall ensure that the transfer always precedes by the transfer impact assessment and the transfer is based on a valid legal basis from the GDPR according to Chapter V of the GDPR.
CHANGES
We reserve our right to modify this Privacy Policy at any time. As a result, please have in mind to check this document at certain periods of time. By continuing to access or use our Website after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using our service.
The current version of the Policy has been adopted and is effective as of the 22nd of August 2022.
APPLICABLE LAW
We apply the provisions of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- LAW no. 190/ 2018 on measures to implement the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
- Law no. 506/2004 regarding the processing of personal information and protection of private life in the field of electronic communications and o any other applicable privacy laws that regulate the processing of information relating to you and grant you various rights in relation to your personal data.