Data Subject Request

1. About this page

Here you can submit a request to exercise your rights under EU Regulation 2016/679 (GDPR). For details on each right, see the Data Subject Rights (GDPR) page.

2. Which rights you can exercise

• Access (Art. 15) — receive a copy of the data we hold about you;
• Rectification (Art. 16) — correct inaccurate or incomplete data;
• Erasure (Art. 17) — "right to be forgotten", with the exceptions provided by law;
• Restriction (Art. 18) — suspension of processing in certain situations;
• Portability (Art. 20) — receive data in a structured, machine-readable format;
• Objection (Art. 21) — object to processing based on legitimate interest or direct marketing;
• Automated decisions (Art. 22) — not be subject to solely automated decisions;
• Withdrawal of consent — for processing based on consent.

3. How to send the request

3.1 Through the dedicated form

The fastest way is the online form at /legal/cookie-data-request, which is being extended to cover all Art. 15-22 rights (technical Slice in progress).

3.2 By email

Send a request to contact@mediadesignro.ro with the subject "GDPR Data Subject Request" and include:

• your full name;
• the email address associated with your account (if you have one);
• the right you wish to exercise (e.g., "I request access to my personal data");
• any additional relevant context (which service or interaction the request refers to).

3.3 By postal mail

Send a written request to:

MEDIA DESIGN S.R.L. (attn. Data Protection Officer)
Str. Lt. Col. Pretorian Nr. 3, Bl. N116, Sc. A, Ap. 7, Zalău, Sălaj county, postal code 450131, Romania

4. What information to include in the request

To process your request quickly and accurately, it is helpful to include:

• Your identity — first name, last name, email address;
• Right exercised — specify explicitly (access / rectification / erasure / etc.);
• Specific details — for rectification: which data are inaccurate and what is the correct value; for erasure: the reason (if based on Art. 17(1)(a-f));
• Context — which service / interaction the request refers to (contact form, client account, ticket, etc.);
• Preferred response format — email (default) or postal mail.

5. Identity verification

To protect your data, we may ask you to confirm your identity before processing the request. Verification is done proportionally — for an account holder, via the associated email; for more sensitive requests (complete erasure), possibly through additional steps.

We will not ask for more data than necessary for verification (minimization principle, GDPR Art. 5(1)(c)).

6. Response timeline

We will respond to your request without undue delay and in any case within 30 days of receipt (GDPR Art. 12(3)). In complex cases, we may extend the period by up to 60 days, with prior notification.

7. Cost

Processing your request is free of charge. We may charge a reasonable fee based on administrative costs only if the request is manifestly unfounded or excessive (e.g., repetitive).

8. Justified refusal

If we cannot confirm your identity or if the request is manifestly unfounded / excessive, we will inform you of the refusal, the reasons, and your right to lodge a complaint with ANSPDCP or seek judicial remedy.

9. Complaint to ANSPDCP

If you are not satisfied with how we handled your request:

Romanian Data Protection Supervisory Authority (ANSPDCP)
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, Bucharest, postal code 010336, Romania
Phone: +40 318 059 211 / +40 318 059 212
Email: anspdcp@dataprotection.ro
Web: www.dataprotection.ro

Last updated: 1 June 2026.