MEDIA DESIGN Studio Laborator Colaborari Contact
Acceseaza programul ANTREPRENOR START pentru avantaje comerciale exclusive.
Ai nevoie de suport? Suna: +40 744 933 131

Media Design Legal

Data Retention Policy

Personal data retention periods, determination criteria, deletion at expiry and legal exceptions.

1. Storage limitation principle

Under GDPR Art. 5(1)(e), personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Media Design S.R.L. actively applies this principle: no category of data is retained longer than necessary and justified by at least one of the criteria listed in section 3.

2. Data categories and retention periods

The table below sets out the retention periods applicable to the main categories of data processed by Media Design S.R.L.:

Data category Retention period Legal basis
Client account data (profile, project history) Duration of contract + 3 years after closure General prescription period (Romanian Civil Code Art. 2517)
Invoicing data (invoices, receipts, contracts) 10 years from date of issue Romanian Tax Code Art. 53 + Law 82/1991
Contact form data (messages, offers) 2 years from last interaction Legitimate interest (commercial relationship management)
Newsletter / marketing data Until consent is withdrawn GDPR Art. 6(1)(a) consent
Server logs (IP, actions, errors) 90 days Legitimate interest (security, troubleshooting)
Analytics / marketing cookies Maximum 13 months CNIL recommendation + Romanian Law 506/2004
GDPR audit register (rights requests, breaches) 5 years from registration GDPR Art. 30 + accountability principle

3. Criteria for determining the retention period

The retention period for each data category is determined by cumulative assessment of:

  • Operational necessity: data are needed for service delivery or contractual relationship management;
  • Legal obligation: a legal norm requires a minimum or maximum retention period (Tax Code, Law 82/1991, fiscal legislation);
  • Legitimate interest: retention is necessary for establishing, exercising or defending legal claims, fraud prevention or system security, provided the interest overrides the data subject's rights;
  • Consent: for processing based solely on consent, the period corresponds to the duration of the consent granted.

4. Deletion at expiry

Upon expiry of the retention period, data are deleted or anonymized through:

  • Automated deletion (cron job): an automated process runs weekly, identifies records for which the retention period has expired, and deletes data from the active database and from backup systems that have exceeded their own backup retention period;
  • Quarterly manual review: every 3 months, the data protection contact reviews the retention report and confirms the automated process has functioned correctly.

Deletion is irreversible. Deleted data cannot be recovered except from backups that have not yet exceeded their own retention period.

5. Anonymization as an alternative to deletion

In certain situations, Media Design S.R.L. may opt for anonymization instead of deletion where data have statistical or analytical value in aggregated form. Data are considered anonymized only when re-identification of the individual is not possible by any reasonable means, including combination with other available data. Anonymized data no longer constitute personal data and are not subject to this policy.

6. Requests for early deletion

Under GDPR Art. 17, the data subject may request deletion before the retention period expires. Requests are submitted via the dedicated form. We will process the request within 30 days and apply deletion to all data not covered by a legal exception.

7. Exceptions to deletion

Deletion cannot be applied in the following situations:

  • Legal obligations: invoicing data, contracts and fiscal documents must be retained as required by law even if the data subject requests deletion;
  • Legal defence: data needed for the establishment, exercise or defence of legal claims may be retained for the duration of proceedings + 1 year;
  • Public interest: in exceptional situations provided by law (criminal investigation, administrative proceedings).

In any case of partial or total refusal of a deletion request, we will inform you in writing of the reasons for the refusal and of your right to lodge a complaint with ANSPDCP.

8. Archived vs. active data

Data that have exceeded the active-use period but cannot yet be deleted (e.g., invoicing within the 10-year period) are moved to a restricted archive where:

  • access is limited to persons with an administrator role and only on the basis of documented justification;
  • data are not used for any active processing (analytics, marketing, profiling);
  • all access is recorded in the audit trail.

9. Contact

For questions or requests related to this policy:

  • Email: contact@mediadesignro.ro
  • Phone: +40 744 933 131
  • Postal address: MEDIA DESIGN S.R.L., Str. Lt. Col. Pretorian Nr. 3, Bl. N116, Sc. A, Ap. 7, Zalău, Sălaj county, postal code 450131, Romania

Last updated: 1 June 2026.

Newsletter

By submitting this form your data is processed by Media Design SRL to send you our occasional newsletter + share relevant updates, on the basis of GDPR Article 6(1)(a) + Article 12 Law 506/2004 -- explicit consent, for a period of until you unsubscribe (one click in any email). Your GDPR rights + full details in our Privacy Policy.

*

Aboneaza-te la newsletter-ul nostru si fii la curent cu cele mai recente tendinte in design digital.

"Sunt aici sa preiau greutatea organizarii de pe umerii tai. Rolul meu este sa armonizez munca tuturor acestor specialisti pentru ca proiectul tau sa fie livrat la timp si la standardele promise. Iti ofer garantia unei comunicari transparente si a unui parteneriat in care nu exista surprize neplacute."
Radu Project Manager