GDPR — Your Rights

Last updated: April 10, 2026

1. Our Commitment

i-vory Studio is fully committed to complying with the General Data Protection Regulation (GDPR — EU 2016/679). We process personal data with transparency, minimization, and robust security.

2. GDPR Principles We Apply

• Lawfulness, fairness, transparency: we clearly explain why we collect your data.
• Purpose limitation: we use your data only for the purposes communicated.
• Data minimization: we collect only what is strictly necessary.
• Accuracy: we keep data accurate and up to date.
• Storage limitation: we delete data when no longer needed.
• Integrity and confidentiality: we protect data from unauthorized access.
• Accountability: we can demonstrate compliance at any time.

3. Your Rights

Right of Access

You can request a copy of all the personal data we hold about you.

Right to Rectification

If the data is incorrect or incomplete, you can request correction.

Right to Erasure («Right to Be Forgotten»)

You can request complete deletion of your data, unless a legal obligation (e.g., invoicing) requires retention.

Right to Restriction

You can request temporary suspension of processing.

Right to Portability

You can receive your data in a structured, machine-readable format (e.g., JSON).

Right to Object

You can object to processing for direct marketing or automated decision-making.

Right to Withdraw Consent

If processing is based on consent, you can withdraw it at any time.

Right to Complain

You can file a complaint with the Romanian Data Protection Authority (ANSPDCP — A.N.S.P.D.C.P.):

• Website: dataprotection.ro
• Address: B-dul G-ral. Gheorghe Magheru 28-30, Bucharest.
• Email: [email protected]

4. How to Exercise Your Rights

Email us at [email protected] specifying:

• Which right you are exercising.
• Your full name and contact details.
• Any identification required to verify the request.

We respond within a maximum of 30 days of receiving the request.

5. Data Breach Notification

If a breach occurs that affects your data, we notify the ANSPDCP within 72 hours and inform you directly if the risk is high.

6. Contact

For any GDPR-related question: [email protected]