Product Benefits Comparation Integration Blog Affiliate About Free trial
English
EN English
RO Romanian
Login
Product Benefits Comparation Integration Blog Affiliate About Pricing Free trial
English
EN English
RO Romanian
Login
Legal

Privacy Policy

How we collect, use and protect personal data, in accordance with the GDPR.

Last updated: 12 June 2026

(1) The processing of personal data by PROTECT ADS is carried out in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation-GDPR), with Romanian Law nr. 190/2018 regarding measures on applying the GDPR and with Romanian Law nr. 506/2004 regarding the processing of personal data and the protection of private life in the electronic communications sector. This Privacy Policy forms an integral part of our Terms of Service.

The data controller

The controller of the personal data processed through the platform is PROTECT ADS S.R.L., a company with its registered office in Cluj-Napoca city, Tulcea Street, nr. 6, building M1, 2nd entrance, flat 38, Cluj County, Romania, Tax Registration Number (C.U.I) 47497543, EUID ROONRC.J12/297/2023, registered at the Trade Register under no. J12/297/25.01.2023. Data subjects can contact the controller for any aspect related to data protection at the e-mail address [email protected].

Categories of processed data

PROTECT ADS processes the following categories of data:

a). identification and contact data of the users’ representatives and contact persons: name, e-mail address, phone number, position/capacity;

b). data regarding the account and the use of the platform: the authentication e-mail address, the password (stored exclusively in encrypted/hashed form), billing data, the subscription history, technical access logs (logs, the user’s IP address);

c). technical data of the targeted third parties: the IP addresses from which clicks are performed on the users’ websites or applications, as well as technical data associated with the access (for example, information about the device and browser), processed for the purpose of detecting and blocking fraudulent hits;

d). data collected through cookies, according to our Cookie Policy.

Purposes and legal bases of the processing

The data are processed for:

a). the conclusion and performance of the contract, the creation and administration of the account, the provision of the services and of the technical support-basis: art. 6 paragraph (1) letter b) GDPR (performance of the contract);

b). billing, financial-accounting records and the fulfilment of other legal obligations-basis: art. 6 paragraph (1) letter c) GDPR (legal obligation);

c). the detection and prevention of click fraud, ensuring the security of the platform and the defence of PROTECT ADS’ rights-basis: art. 6 paragraph (1) letter f) GDPR (legitimate interest);

d). commercial communications (newsletter) and non-essential cookies-basis: art. 6 paragraph (1) letter a) GDPR (consent), which can be withdrawn at any time, without affecting the lawfulness of the processing prior to the withdrawal.

Recipients of the data

The data may be transmitted, to the extent strictly necessary, to: the payment processor Stripe; the e-mail and communication services provider Brevo; Google (analytics, advertising and integration API services with the advertising platforms); the hosting and cloud infrastructure providers (for example, Amazon Web Services); professional consultants (accountants, lawyers) and public authorities, when the law requires it. These providers process the data based on contracts which ensure compliance with the GDPR.

Transfer outside the European Economic Area

To the extent that certain providers process data outside the European Economic Area (for example, in the United States of America), the transfer is carried out only with adequate safeguards according to Chapter V of the GDPR, respectively adequacy decisions of the European Commission (including the EU-U.S. Data Privacy Framework) or standard contractual clauses approved by the European Commission.

Storage duration

The data related to the account are kept for the duration of the contractual relationship and, after its termination, for the duration of the applicable limitation periods (as a rule 3 years), for the establishment, exercise or defence of legal claims. The financial-accounting documents are kept for the durations imposed by the fiscal-accounting legislation. The IP addresses of the targeted third parties are kept for the duration necessary to provide the service to the user and are deleted within at most 90 days from the termination of the subscription. The data processed based on consent are kept until its withdrawal.

The rights of the data subjects

Data subjects benefit from the following rights, under the conditions of art. 15-22 GDPR: the right of access to data, the right to rectification, the right to erasure of data (“the right to be forgotten”), the right to restriction of processing, the right to data portability, the right to object (including to processing based on legitimate interest), the right to withdraw consent, as well as the right not to be subject to a decision based solely on automated processing which produces legal effects concerning them. These rights can be exercised through a request sent to the address [email protected], to which we will respond within at most one month from receipt, a term which can be extended by two months in complex cases, with the information of the data subject.

The right to lodge a complaint

Data subjects have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), with its headquarters in B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania, website www.dataprotection.ro, as well as to address the competent courts.

Data security

PROTECT ADS implements adequate technical and organisational measures for the protection of data, including: encryption of communications (TLS/HTTPS), storage of passwords exclusively in encrypted/hashed form, control and limitation of access to data on a need-to-know basis, periodic backups and monitoring of the systems. In case of a personal data breach likely to generate a risk for the rights and freedoms of natural persons, PROTECT ADS will notify the ANSPDCP within 72 hours from becoming aware of it and, if the risk is high, will also inform the data subjects, according to art. 33-34 GDPR.

Automated processing and special categories of data

PROTECT ADS does not process special categories of data (art. 9 GDPR) and does not adopt, regarding natural persons, decisions based solely on automated processing which produce legal effects concerning them, within the meaning of art. 22 GDPR. The automated filtering of clicks concerns the traffic on the users’ websites and does not produce legal effects concerning the data subjects.

Minors

The services provided by PROTECT ADS are not addressed to minors and we do not knowingly collect data of persons under 18 years old.

Processing on behalf of the user

When, through the provision of the services, PROTECT ADS processes personal data of the targeted third parties (in particular the IP addresses of the visitors of the user’s websites or applications), the user acts as controller and PROTECT ADS as processor within the meaning of art. 28 GDPR. The corresponding data processing agreement is set out in our Terms of Service.