Privacy Policy

Last updated: 12 November 2025

1. Introduction and Controller Information

MYG Media SRL ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data in compliance with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

Data Controller:

MYG Media SRL
Bulevardul George Enescu, Nr. 23, Bloc G45, Scara B, Ap. 6
720246 Suceava, Romania
Registration: RO50059004
Email: max@myg-media.com

2. Information We Collect

2.1 Personal Data You Provide

When you contact us, request services, or interact with our website, we may collect:

  • Name and contact information (email, phone number)
  • Company name and business details
  • Job title and professional information
  • Communications with us (emails, messages, consultation notes)
  • Information about your business needs and project requirements

2.2 Automatically Collected Data

We automatically collect technical information when you visit our website:

  • IP Address: Your IP address is collected for security, fraud prevention, and to comply with legal obligations. IP addresses are also logged when you submit forms (contact, newsletter) for security purposes.
  • Geographic location data (derived from IP address)
  • Browser type, version, and language settings
  • Operating system and device information
  • Pages visited, time spent, and navigation patterns
  • Referral source and exit pages
  • Date and time of access
  • Cookies and similar tracking technologies (see Section 6)

IP Address Retention: IP addresses from form submissions are retained for 12 months for security and fraud prevention purposes, then automatically deleted. Website access logs containing IP addresses are retained for 90 days.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): For newsletter subscriptions, marketing communications, and optional cookies
  • Contract Performance (Art. 6(1)(b)): To provide services you've requested and manage client relationships
  • Legitimate Interests (Art. 6(1)(f)): For website analytics, security, and business development
  • Legal Obligation (Art. 6(1)(c)): For compliance with tax, accounting, and legal requirements

4. Third-Party Services and Data Processors

IMPORTANT: AI Service Providers

We use the following AI service providers to deliver our services. These providers may process data on servers located outside the EU:

4.1 OpenAI (ChatGPT API)

Purpose: AI development, chatbot functionality, natural language processing
Data Location: United States
Legal Basis: Standard Contractual Clauses (EU Commission approved)
Privacy Policy: https://openai.com/privacy

4.2 Anthropic (Claude API)

Purpose: Advanced AI processing, content generation, automation
Data Location: United States
Legal Basis: Standard Contractual Clauses
Privacy Policy: https://www.anthropic.com/privacy

4.3 Google (Gemini API)

Purpose: AI analysis, data processing, machine learning operations
Data Location: United States / EU (varies by service)
Legal Basis: Standard Contractual Clauses
Privacy Policy: https://policies.google.com/privacy

4.4 Analytics and Hosting

  • Google Analytics: Website analytics and user behavior analysis
  • Vercel: Website hosting and content delivery (EU & US servers)

Data Transfer Safeguards: All data transfers to third countries (outside EU/EEA) are protected by EU-approved Standard Contractual Clauses (SCCs) or adequacy decisions in accordance with GDPR Article 46.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and delivering our AI development and consulting services
  • Responding to inquiries and providing customer support
  • Processing and managing service contracts
  • Sending service-related communications and updates
  • Analyzing website usage and improving user experience
  • Marketing communications (only with your consent)
  • Complying with legal obligations and preventing fraud
  • Protecting our rights and enforcing our terms of service

5.1 AI Training and Model Development

Third-Party AI Models:

  • OpenAI API: Data sent via API is NOT used for model training (per OpenAI's enterprise policy as of March 2023)
  • Anthropic Claude: API data retention per your contract tier - typically NOT used for training
  • Google Gemini: Enterprise configurations allow opt-out of data retention

We configure all third-party AI services with maximum privacy settings. However, we cannot control third-party data processing beyond published policies. See AI Transparency Disclosure for details.

Custom AI Training (Client Projects):

  • Training data isolated per client - never shared across projects
  • Client data used for AI training ONLY with explicit written consent
  • No personally identifiable information (PII) used without anonymization
  • Training data deleted per retention schedule (specified in service agreement)
  • You can request deletion of all training data at any time

Your Right to Opt-Out: You can opt out of AI training data usage by emailing max@myg-media.com with subject "AI Training Opt-Out".

6. Cookies and Tracking Technologies

We use the following types of cookies and similar tracking technologies:

6.1 Essential Cookies (No Consent Required)

Session Cookies: Maintain your session and ensure website functionality
Security Cookies: Protect against fraud and unauthorized access

6.2 Functional Cookies (With Consent)

Language Preferences: Remember your language selection
User Preferences: Store your settings and preferences

6.3 Analytics Cookies (With Consent)

Google Analytics: Understand how visitors use our website, track page views, session duration, and user behavior

6.4 Marketing/Advertising Cookies (With Consent)

Track advertising effectiveness and deliver relevant marketing content

You can manage your cookie preferences through our cookie banner or your browser settings. For more details, see our Cookie Policy.

7. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Limit how we process your data
  • Right to Data Portability (Art. 20): Receive your data in a structured format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise any of these rights, contact us at: max@myg-media.com

We will respond to your request within one month.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Client Data: Duration of contract + 7 years (Romanian legal requirements)
  • Contact Inquiries: 3 years from last contact
  • Marketing Consent: Until consent is withdrawn or 2 years of inactivity
  • Analytics Data: 26 months (Google Analytics default)
  • Cookies: As specified in our Cookie Policy (typically 12-24 months)

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • HTTPS encryption for all data transmission
  • Secure hosting infrastructure with Vercel (SOC 2 compliant)
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Data minimization principles
  • Employee confidentiality agreements
  • Incident response procedures

In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of alleged infringement.

Romanian Data Protection Authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The "Last updated" date at the top indicates when changes were made. Material changes will be communicated via email or prominent notice on our website.

13. Contact Us

For any questions about this Privacy Policy or how we handle your personal data:

MYG Media SRL
Data Protection Contact
Email: max@myg-media.com
Address: Bulevardul George Enescu, Nr. 23, Bloc G45, Scara B, Ap. 6, 720246 Suceava, Romania

This Privacy Policy complies with GDPR (Regulation EU 2016/679), Romanian Law 190/2018, and ePrivacy Directive (2002/58/EC).