Penta Media » GDPR

Privacy Policy regarding the processing of personal data

Ensuring the right of protection for personal data is a fundamental commitment of Penta Media Advertising, therefore we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation ” Or “GDPR”)as well as with any other legislation applicable on the territory of Romania. As one of the key principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us about products and services, including our website or mobile applications.We reserve the right to periodically update and change this Privacy Policy to reflect any changes to the way we process your personal data or any changes to your legal requirements. In the event of any such changes, we will display on our website the amended version, for which reason please check the content of this Privacy Policy periodically.

A. Who we are and how can you contact us

Pentamedia is the trade name of S.C. PENTA MEDIA ADVERTISING S.R.L, a Romanian company, having its registered office in Hereclean Commune, Loc. Badon, Main st., no. 79/A, Sălaj county, number in the Trade Register J31/329/2011, tax code RO 26866010, with the correspondence address at Gheorghe Doja St., No.5, Block 16, Ground floor, Ap 1 (called hereinafter “Pentamedia” or “we“). For the purposes of data protection law, we serve as the operator when we process your personal data. As we are always open to find out your opinions, as well as to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact the Pentamedia Data Protection Officer at the e-mail address or or by post or courier to the address address Zalău, Gheorghe Doja St., No.5, Block 16, Sălaj county - mentioningFor Pentamedia Data Protection Officer..

B. What categories of personal data do we process?

We generally collect your personal data directly from you so that you have control over the type of information you provide to us. By way of example, we receive information from you as follows: When you come in direct contact with an operator of ours, you send us: e-mail address, name and surname.

Also in the contact page where you can send an e-mail and ask for data or price offers, you can tell us the name of the company you represent, your e-mail address, phone number, and areas of interest for outdoor advertising.

We do not collect or otherwise process sensitive data, included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data on minors under the age of 16.

C. What are the purposes and grounds of data processing?

We will use your personal data for the following reasons:

  1. In order to provide you the Pentamedia services that you requested  

This general purpose can include:

a) The make and customization of an offer or advertising solution

b) The processing of your orders, including the pick-up, validation, send and invoice issuing

c) The support services supply, including providing answers to your questions about your orders or about the Pentamedia products and services.

The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between Pentamedia and you. Also, certain processing subject to these purposes is required by applicable law, including tax and accounting law.

  1. For the improvement of our services

We always want to offer you the best experience related to outdoor advertising and collaboration with us. To do this, we may collect and use certain information about your site visitor behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order or campaign with us, and we may conduct studies, directly or through partners. and market research.

We base these activities on our legitimate interest in doing business, always making sure that your fundamental rights and freedoms are not affected.

  1. Marketing purposes

We want to keep you informed about the best offers for the products/services that interest you. In this regard, we can send you any type of message (such as: e-mail/SMS/telephone/mobile push/webpush/etc.) containing general and thematic information on products similar or complementary to those that you have purchased, information about offers or promotions, and other commercial communications such as market research and opinion polls, and we may display personalized recommendations on the website. In order to provide you with information of interest to you, we may use certain data regarding your visitor behavior, or your opinion about the services and products provided by our company. We always make sure that these processes are carried out in compliance with your rights and freedoms and that the decisions taken on the basis of them do not have legal effects on you and in a similar way, do not affect you to a significant extent.

In most cases we proceed with marketing communications only having your prior consent.

You can change your mind and withdraw your consent at any time by:

- Accessing the unsubscribe link in the message that you receive from us

- Contacting Pentamedia through above mentioned contact details

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will grant your request.

  1. In order to defend our legitimate interests

There may be situations in which we use or transmit information to protect our rights and business. These may include:

- Measures to protect the website and users of the Pentamedia platform from cyber attacks

- Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;

- Measures to manage various other risks.

The general basis of these types of processing is our legitimate interest in defending our commercial activity, ensuring that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

Also, in certain cases we base the processing on legal provisions such as the obligation to ensure the protection of goods and values provided by the applicable legislation in this matter.

D. For how long do we keep your data?

As a general rule, we will keep your personal data for as long as you have a commercial relation with us. You may request for us to delete certain information or close your account at any time, and we will comply with such requests, subject to the retention of certain information, including after closing your account, where required by applicable law or our legitimate interests.

E. To whom do we transmit your personal data?

Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients:

- courier service providers;

- payment/banking service providers;

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

F. In which countries do we transfer your personal data?

We currently store and process your personal data in Romania.

G. How we protect the security of your personal data?

We are committed to ensure the security of your personal data by implementing appropriate technical and organizational measures, according to industry standards.The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while ensuring data redundancy.

Despite the measures taken to protect your personal data, we warn you that the transmission of information via the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data may be seen and used by third, unauthorized parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.

H. What are your rights?

The General Data Protection Regulation gives you a number of rights in relation to your personal data. You may request access to your data, correct any errors in our files and/or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to address the court. Where applicable, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.More information on each of these rights can be obtained by consulting the table below. In order to exercise your rights, you can contact us using the contact details listed above.

Please note the following if you wish to exercise these rights:

Identity. We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such records using the email address associated with your interactions with us up to that time. Otherwise, we reserve the right to verify your identity by requesting additional information for the purpose of confirming your identity.

Fees. We will not charge you in order to exercise any rights with respect to your personal data, unless your request for access the information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount for such circumstances. We will inform you of any applicable fees before resolving your application.

Response time. We intend to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what worries you. This will help us act faster and shorten the response time to your request.

Third party rights. We must not comply with a request if it would infringe the rights and freedoms of third parties.


You can request:

  • To confirm if we are processing your personal data;
  • To provide a copy of this data;
  • To offer you other information about your personal data, like the data that we have, what do we use it for, to whom do we transmit it to, if we send them abroad and how do we protect them, for how long do we keep them, what are your rights, what is the procedure for a complaint, how did we get your personal data at the extent that these information were not provided in this document.


You can request to correct or complete your personal data that are incorrect or incomplete.

It is possible to try and verify data accuracy before their amendment.

Data deletion

You can ask for us to delete your data but only in the following cases:

  • They are no longer necessary for the purposes they were collected for
  • You withdrawn your consent (if the data processing was done by consent)
  • You exercise a legal right to oppose the processing of your data
  • Your data was illegally processed
  • We have a legal obligation to delete your data

We mustn’t comply to your request of deleting your data if the processing of your data is necessary for:

  • Compliance with a legal obligation
  • Exercising or defending a right in court

There are other certain circumstances where we are not obligated to comply with your request to delete your data but the ones mentioned above are the most probable occurrences where we will refuse to comply with your request.

Restricting data processing

You can request to restrict the processing of your personal data but only if:

  • Their accuracy is being contested (see Amendment section) in order to allow the checking of their accuracy
  • The processing is illegal but you don’t want the data to be deleted
  • The data is no longer necessary for the purposes they were collected for, but you need them in order to exercise or defend your rights in court.
  • You exercise your right to withdraw your consent and the verification of the prevalence of our rights is ongoing

We can still use your personal data after your request to restrict the processing if:

  • We have your consent
  • We have to exercise or defend a right in court
  • We need to protect the rights of Pentamedia or a third party

Data portability

You can ask for us to provide you with your personal data in a structured, commonly used and automatically readable format, or you can request that it be "ported" directly to another data controller, but in each case only if:

  • The processing of your data is based on your consent or the conclusion or execution of a contract with Pentamedia și
  • The processing is done by automatic means


You may oppose at any time, for reasons related to your particular situation, the processing of your personal data under our legitimate interest if you consider that your fundamental rights and freedoms prevail over that interest.

You may also object at any time to the processing of your data for direct marketing purposes (including profiling), without giving any reason, in which case we will terminate such processing as soon as possible.

Automatic decision making

You can request to not be the object of a decision based exclusively on automatic processing means, but only if that decision:

  • Produces legal effects on you
  • Affects you in a similar way to a significant extent

This right is not applicable if the decision taken by automatic means:

  • Is necessary in order to sign and perform a contract with you
  • Is authorized by law and there are adequate guarantees for your rights and freedoms
  • Is based on your explicit consent


You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone no: +40.318.059.211 or +40.318.059.212;

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issues amicably.   

Scroll to Top