Privacy Policy

1. Who is responsible for this website?

The website is operated for Radio Galati Media / Radio Galati Media Network.

Address: Strada Domneasca 66A, Galati
Email: office@radiogalati.ro
Phone: +40 772 088 882

For privacy questions, access requests, account deletion requests, or complaints, contact us using the email address above.

2. What data we collect

Depending on how you use the website, we may process the following categories of data:

• Technical data: IP address, browser type, device type, operating system, pages visited, referring page, date and time of access, cookie consent choices, and basic server log data.
• Analytics data: aggregated page views, visits, referrers, countries or regions, device categories, and similar usage statistics.
• Communication data: information you send us by email, phone, contact forms, social media messages, or similar channels.
• Account data: name, business name, business role, email address, phone number, password authentication data, login history, account status, and security events.
• Business and billing data: company name, billing contact, invoice details, tax or VAT details where needed, billing address, payment status, and transaction references.
• Campaign booking data: campaign brief, requested dates, target area, budget range, station or channel preferences, advertising format, creative instructions, ad copy, brand assets, uploaded audio, images, videos, logos, and messages exchanged with our media team.
• Compliance review data: information needed to review whether an advertisement can lawfully and appropriately run, including substantiation for claims, proof of authorization, restricted category details, and records of approval, rejection, edits, cancellation, or scheduling.

3. Why we use your data

We use personal data only when we have a valid reason under applicable data protection law. Main purposes include:

• to load, secure, and maintain the website;
• to measure basic website usage and improve the site;
• to answer messages, listener requests, advertiser enquiries, and support requests;
• to create and manage advertiser accounts;
• to verify logins, prevent unauthorized access, detect abuse, and protect account security;
• to receive, review, schedule, produce, reject, amend, or complete advertising campaign bookings;
• to process payments, invoices, refunds, chargebacks, tax records, and accounting obligations;
• to review advertising materials for legal, editorial, technical, and brand safety requirements;
• to prevent abuse, spam, attacks, fraud, or technical misuse;
• to comply with legal duties and enforce our rights.

4. Legal bases

Where the GDPR applies, we rely on the following legal bases:

• Contract or pre-contractual steps when you ask us to provide a service, create an account, process a booking request, communicate about a campaign, or manage a paid order.
• Legitimate interests for operating, securing, and improving the website, measuring basic website performance, protecting the service from misuse, reviewing ad materials, keeping business records, and communicating with business customers.
• Consent where consent is legally required, for example for non-essential cookies, optional marketing communications, or similar technologies.
• Legal obligation when we must keep or disclose information under applicable tax, accounting, consumer, broadcasting, advertising, or data protection law.

5. Account registration and advertiser portal

When the advertiser portal is enabled, account registration will require you to provide accurate account and business details and to accept the Terms of Service and this Privacy Policy. Accounts are intended for businesses, agencies, event organisers, and authorized representatives who want to request advertising placements.

We may use your account details to confirm who is responsible for a booking, contact you about campaigns, manage approvals, prevent misuse, and keep legally required records. If you upload campaign assets, you should avoid including unnecessary personal data in those assets unless it is needed for the advertisement and you have the right to use it.

6. Payments, authentication, and external providers

For advertiser accounts, we use Auth0 by Okta to provide authentication, account login, password management, session security, and access control. Auth0 may process account identifiers, email addresses, login credentials or credential hashes, authentication logs, device and browser information, IP addresses, security events, and related account data for the purpose of providing secure account access. You can read Auth0/Okta’s privacy information here: Okta Privacy Policy and Auth0 Data Privacy and Compliance.

For payments, invoices, billing, payment status, fraud prevention, refunds, disputes, and chargebacks, we use Stripe. Stripe may process payment method details, billing details, transaction data, device information, fraud prevention signals, tax-related information, and information required by financial, legal, accounting, tax, and anti-fraud rules. Full payment card numbers are handled by Stripe and are not intended to be stored by us on our own website servers. You can read Stripe’s privacy information here: Stripe Privacy Policy and Stripe Privacy Center.

Auth0 and Stripe may act as our service providers or processors where they process personal data on our behalf, and they may also act as independent controllers for certain legally required, security, fraud-prevention, compliance, or payment-network purposes. Their own privacy policies explain how they collect, use, share, retain, and protect personal data in those roles.

When you register, log in, manage your account, submit a campaign booking, or complete a payment, you may be redirected to or interact with hosted pages, forms, scripts, or interfaces provided by Auth0 or Stripe. By using those account and payment features, you acknowledge that your data will be processed by those providers as necessary to provide authentication, payment, security, fraud prevention, and compliance services.

7. Analytics

We use privacy-friendly analytics systems to understand how the website is used. The analytics setup is intended to collect only what is necessary for simple audience measurement, such as page views, referrers, device type, browser, country-level location, and visit counts.

We do not use analytics to sell user data or track you across unrelated websites. Where analytics cookies or similar storage are used and consent is required, we will ask for your consent before using them.

8. Cookies and similar technologies

The website may use strictly necessary cookies or local storage for core features such as security, login sessions, fraud prevention, preferences, and consent choices. These are used only to make the site work properly.

Optional cookies or similar technologies, including analytics storage where legally required, are used only after consent. You can refuse optional cookies and still use the website, although some account, payment, or security features may require strictly necessary cookies.

9. Embedded content and third-party platforms

The website may link to or embed content from services such as Facebook, TikTok, maps, video platforms, or audio streaming services. These services may process your data under their own privacy policies when you open, interact with, or load their content.

We try to avoid unnecessary third-party tracking on our pages. When external embeds are added, we aim to use privacy-conscious settings where available.

10. Who receives data

We may share personal data only where needed with:

• hosting, security, analytics, email, storage, and technical service providers;
• Auth0 for authentication and account security;
• Stripe for payments, invoices, payment security, refunds, chargebacks, fraud prevention, and financial compliance;
• our internal media, production, sales, and accounting teams who need the data to review and perform a campaign;
• station partners or contractors involved in producing, scheduling, publishing, or reporting on a campaign;
• professional advisers, insurers, banks, auditors, or public authorities where legally required or necessary to protect our rights.

We do not sell personal data.

11. International transfers

Where data is processed outside the European Economic Area, we use appropriate safeguards where required, such as EU Standard Contractual Clauses, adequacy decisions, or other legally accepted transfer mechanisms.

12. How long we keep data

We keep personal data only as long as necessary for the purpose for which it was collected. Typical retention periods are:

• server logs: usually deleted or anonymised after a short security period;
• analytics data: kept in aggregated form for website measurement and trend analysis;
• messages and emails: kept as long as needed to answer and manage the conversation, unless legal duties require longer storage;
• account data: kept while the account is active and for a reasonable period afterwards for security, dispute, and legal record purposes;
• campaign booking data and ad assets: kept for as long as needed to perform, review, evidence, report, or defend the campaign and then deleted or archived according to business and legal requirements;
• legal, tax, accounting, invoice, payment, and contract records: kept for the period required by law.

13. Your rights

Under applicable data protection law, you may have the right to:

• access your personal data;
• correct inaccurate data;
• request deletion;
• restrict processing;
• object to processing based on legitimate interests;
• withdraw consent at any time where processing is based on consent;
• receive a copy of your data in a portable format where applicable;
• complain to a data protection authority.

To exercise your rights, email us at office@radiogalati.ro. We may need to verify your identity before acting on a request.

14. Children

The website and advertiser portal are not intended for children. Advertiser accounts may be created only by adults who are legally able to represent a business or organisation. We do not knowingly collect personal data from children without the required consent. If you believe a child has sent us personal data, contact us and we will review it.

15. Security

We use reasonable technical and organisational measures to protect the website and the data we process. Account access, payment flows, fraud prevention, and authentication are designed to use specialist providers where appropriate. No website or online service can be guaranteed to be completely secure, but we work to keep risk low.

16. Changes to this policy

We may update this Privacy Policy when the website, account features, payment tools, providers, or legal requirements change. The latest version will always be available on this page.