Privacy Policy

1. Data Controller Identity

TRIDENT DIGITAL MEDIA SRL acts as both a Data Controller (for data collected on our own website) and as a Data Operator / Data Processor (when processing personal data on behalf of our clients in the context of lead generation campaigns and digital advertising services).

2. Scope & Activities Involving Personal Data

As a digital advertising and lead generation agency, our activities that involve personal data include:

• Website visitors: We collect data from visitors to tdmedia.io via analytics and tracking tools.
• Lead generation for clients: We design, run, and optimise advertising campaigns (Meta Ads, Google Ads) that collect personal data (names, email addresses, phone numbers, etc.) from individuals who interact with client advertisements. In this context we act as a Data Processor on behalf of our clients, who are the Data Controllers of that lead data.
• Client data: We process contact and business information of our clients and prospective clients.
• CRM & pipeline data: We use GoHighLevel CRM to manage leads and client communications.

3. Categories of Personal Data Collected

3.1 Data collected on our website (tdmedia.io)

• Identity & contact data: name, email address, phone number, company name (via contact/booking forms).
• Usage & technical data: IP address, browser type and version, operating system, pages visited, time on site, click behaviour, scroll depth, referring URL — collected automatically via cookies and analytics tools.
• Advertising interaction data: ad impressions, clicks, conversions, retargeting identifiers (collected via Meta Pixel, Google Tag Manager, and Google Ads conversion tracking).
• Communications: content of messages submitted via contact or booking forms.

3.2 Data processed as Data Processor (on behalf of clients)

When running lead generation campaigns for clients, we may process on their behalf:

• First name, last name, email address, phone number of leads.
• Location data, job title, company name (where collected by client campaign forms).
• Advertising interaction data (ad clicks, form submissions, conversions).

In these cases, our clients are the Data Controllers and our processing is governed by a Data Processing Agreement (DPA) entered into with each client.

4. Legal Basis for Processing (GDPR Art. 6)

• Consent (Art. 6(1)(a)): Non-essential cookies, marketing communications, retargeting. You may withdraw consent at any time.
• Contract performance (Art. 6(1)(b)): Processing necessary to deliver our services to clients and to respond to your enquiries.
• Legitimate interests (Art. 6(1)(f)): Website analytics, fraud prevention, improving our services, business development communications with prospects.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable Romanian and EU law (e.g. accounting, tax obligations).

5. Processing Tools & Sub-processors

We use the following tools and platforms in our operations. Where these tools process personal data on our behalf, appropriate Data Processing Agreements (DPAs) are in place:

5.1 Analytics & Measurement

• Google Analytics 4 (GA4) — Google LLC — Website traffic analysis, user behaviour, conversion measurement. Data may be transferred to the US under Google's Data Processing Terms. Google Privacy Policy
• Google Tag Manager (GTM) — Google LLC — Tag deployment and management for tracking scripts on our website. Google Privacy Policy
• GoHighLevel Analytics — HighLevel Inc. — CRM analytics, pipeline tracking, lead management. GoHighLevel Privacy Policy

5.2 Advertising Platforms

• Meta Ads (Facebook / Instagram) — Meta Platforms Ireland Ltd. — Campaign management and the Meta Pixel, which tracks user behaviour and conversions for retargeting and lookalike audience creation. Meta acts as an independent Controller for data processed on its platforms. Meta Privacy Policy
• Google Ads — Google LLC — Campaign management, Google Ads conversion tracking, and remarketing tags. Google Privacy Policy

5.3 CRM & Communication

• GoHighLevel CRM — HighLevel Inc. (USA) — Lead and client relationship management, email and SMS communications, landing page hosting. Data is processed in the US under Standard Contractual Clauses. GoHighLevel Privacy Policy

6. Purpose of Processing

• Responding to enquiries and delivering our advertising services.
• Running and optimising paid advertising campaigns (Meta Ads, Google Ads) for clients, including lead generation.
• Tracking campaign performance and reporting to clients.
• Retargeting website visitors and building lookalike audiences.
• Managing leads and client relationships via CRM.
• Website analytics and improving user experience.
• Sending service-related and marketing communications (with consent where required).
• Complying with legal and tax obligations.

7. Data Sharing & Recipients

We do not sell personal data. We may share personal data with:

• Our clients: Lead data collected in the course of client campaigns is delivered to the respective client who is the Data Controller of that data.
• Sub-processors / service providers: Google (Analytics, Ads, Tag Manager), Meta (Ads Platform), GoHighLevel — all subject to DPAs or equivalent safeguards.
• Legal & regulatory authorities: Where required by Romanian or EU law (e.g. ANAF, ANSPDCP).
• Professional advisors: Lawyers, accountants, auditors, under obligations of confidentiality.

8. International Data Transfers

We are based in Romania (EU). Some of our sub-processors (Google LLC, HighLevel Inc.) are based in the USA. Data transfers to the USA are carried out under appropriate safeguards:

• Google: EU Standard Contractual Clauses (SCCs) and participation in the EU-US Data Privacy Framework.
• GoHighLevel: Standard Contractual Clauses (SCCs).
• Meta: SCCs and EU-US Data Privacy Framework participation by Meta Platforms Ireland Ltd.

9. Data Retention

• Website contact/enquiry data: Up to 3 years from last contact.
• Client and contract data: Duration of contract plus 5 years (Romanian accounting law requires 5-year retention).
• Lead data (processed for clients): As defined in the client DPA; typically delivered to client immediately and deleted from our systems within 30 days of campaign end.
• Analytics data (GA4): 14 months (as configured in Google Analytics).
• CRM data (GoHighLevel): For the duration of the client relationship plus 1 year.
• Financial/accounting records: 10 years (Romanian law requirement).

10. Your Rights Under GDPR

As a data subject located in the EU/EEA, you have the following rights:

• Right of access (Art. 15): Request a copy of personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18): Request that we limit how we process your data.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or direct marketing — we will stop unless we have compelling legitimate grounds.
• Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
• Rights related to automated decision-making (Art. 22): We do not make solely automated decisions with legal or significant effects on individuals.

To exercise any right, contact us at agencytdmedia@gmail.com. We will respond within 30 calendar days. You also have the right to lodge a complaint with the Romanian data protection authority:

11. Cookies & Tracking Technologies

Our website uses cookies, pixels, and similar tracking technologies. For full details including a list of all cookies used and your opt-out options, please see our Cookie Policy.

12. Meta Pixel & Google Ads — Special Notice

We operate the Meta Pixel and Google Ads conversion tracking on this website. These tools may collect and share with Meta and Google the following data from your visit: pages viewed, actions taken, your IP address (anonymised), browser fingerprint, and advertising identifiers. This data is used for:

• Measuring the effectiveness of our advertisements.
• Retargeting visitors who have previously viewed our website.
• Creating lookalike audiences for prospecting campaigns.

You can opt out of this tracking via our cookie consent banner, or through your Facebook Ad Settings and Google Ad Settings.

13. Security

We implement appropriate technical and organisational measures (TOMs) to protect personal data, including: access controls, data minimisation, encrypted communications (HTTPS), and regular review of third-party sub-processor security standards. However, no internet transmission is 100% secure.

14. Children's Privacy

Our services and website are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have done so, please contact us immediately.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or our business practices. The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.

16. Contact & Data Subject Requests