Skip to content

Privacy Policy

Last updated: 2026-07-10

Imago Moments — Version 1.0. This is a translation of the Romanian original; in case of any discrepancy, the Romanian version prevails.

Chapter I: Introduction

This Privacy Policy describes how IMAGO CLUB S.R.L.processes personal data collected through the Imago Moments platform, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (“GDPR”), applicable Romanian legislation and other relevant regulations.

Imago Moments is a digital platform intended for organizing, managing, storing, processing and distributing digital content relating to private and professional events, including, but not limited to, weddings, baptisms, anniversaries, private parties, corporate events and other similar events.

This Policy applies to all persons who use the platform, interact with the services offered, or whose data is processed in connection with its operation.

Chapter II: Identity of the operator

The controller of personal data is IMAGO CLUB S.R.L., a company incorporated and operating in accordance with Romanian law.

The complete identification details, including the registered office, unique registration code, contact details and the means of exercising the rights of data subjects, are permanently available within the platform and form an integral part of this policy:

  • Company: Imago Club SRL
  • Tax ID (CUI): 17715050
  • Trade Register: J12/2348/2005 (Trade Register Office of the Cluj Tribunal)
  • Registered office: Str. Patriciu Barbu, Nr. 37, 400057 Cluj-Napoca, Cluj County, Romania
  • Privacy and data-subject rights: privacy@imagomoments.ro

Chapter III: Definitions

For the purposes of this Policy:

  • “Platform” means the Imago Moments software application, the website, the associated applications and all services provided through them.
  • “User” means any person who accesses, uses or interacts with the platform.
  • “Organizer” means the person who creates, administers or manages an event through the platform.
  • “Photographer” means the natural or legal person who uses the platform to manage and distribute photographs taken during an event.
  • “Data subject” means any identified or identifiable natural person whose data is processed.
  • “Biometric data” has the meaning provided in Art. 4(14) GDPR and means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that person.

Chapter IV: Categories of data subjects

The platform may process data belonging to the following categories of persons:

  • event organizers;
  • professional photographers;
  • event participants;
  • guests;
  • persons granted access to the content of an event;
  • persons captured in photographs;
  • legal representatives of minors;
  • users of the digital services offered by the platform;
  • persons who contact the operator.

Chapter V: Categories of data processed

Depending on the features used and the services contracted, the operator may process the following categories of data:

  • name and surname;
  • email address;
  • phone number;
  • user-account information;
  • data regarding authentication and use of the platform;
  • IP addresses;
  • data regarding the devices used;
  • technical logs;
  • photographic images;
  • selfies uploaded voluntarily by users;
  • data regarding events created and administered;
  • data regarding orders and contracted services;
  • information regarding payments and invoicing;
  • any other information provided voluntarily by users.

Chapter VI: Purposes of processing

Personal data may be processed for the following purposes:

  • creating and administering accounts;
  • providing the contracted services;
  • organizing and managing events;
  • uploading, storing and distributing photographs;
  • generating and administering digital albums;
  • identifying photographs in which a particular person appears;
  • providing features based on artificial intelligence;
  • processing orders and carrying out payments;
  • ensuring the security of the platform;
  • preventing fraud and abuse;
  • complying with legal obligations;
  • defending the rights and legitimate interests of the operator.

Chapter VII: Biometric data and facial identification

The platform makes available to users an optional feature that allows the identification of photographs in which they appear.

To use this feature, the user may voluntarily upload a selfie photograph.

In order to provide the requested service, the platform uses facial-analysis and facial-characteristic-comparison technologies through specialized technological services.

In the course of this process, biometric data that allow the identification of photographs relevant to the user may be generated and used.

Biometric data is used exclusively to provide the requested feature and is not used for commercial profiling, behavioural marketing, automated decisions with legal effect on the data subject, or for other incompatible purposes.

The processing of biometric data is carried out exclusively on the basis of the explicit consent expressed by the data subject. Consent may be withdrawn at any time.

Biometric data generated during the facial-identification process is automatically deleted within no more than 30 days from the date of the last facial processing. If an event’s photographs are reprocessed, the 30-day period is recalculated from the date of the last processing.

Chapter VIII: Use of artificial-intelligence technologies

The platform may use artificial-intelligence technologies to provide features intended for organizing and managing digital content.

These features may involve the analysis of images uploaded to the platform in order to provide the services requested by users.

The operator does not use users’ images and data to train artificial-intelligence models.

Chapter IX: Legal grounds for processing

The processing of personal data is carried out, as the case may be, on the basis of:

  • performance of the contract;
  • compliance with legal obligations;
  • the legitimate interest of the operator;
  • the consent of the data subject.

The processing of biometric data is carried out on the basis of the explicit consent of the data subject, in accordance with Art. 9(2)(a) GDPR.

Chapter X: Recipients of data

Data may be disclosed to:

  • providers of technological services;
  • providers of cloud services;
  • providers of payment services;
  • providers of IT services;
  • competent public authorities, where there is a legal obligation;
  • other recipients authorized under the law.

Chapter XI: Data storage and technological infrastructure

To provide the services, the operator primarily uses the infrastructure and services provided by Amazon Web Services (AWS), including services for storing and processing images, located in the European Union (eu-central-1 region, Frankfurt). In addition, for certain features, the operator relies on specialized providers of transactional email, payment processing, electronic invoicing, third-party authentication and maps/location services. The up-to-date list of processors is made available by the operator, on request, at privacy@imagomoments.ro.

The operator adopts appropriate contractual, technical and organizational measures to ensure an adequate level of data security.

International transfers. The primary infrastructure used for storing and processing images is located in the European Union (AWS, eu-central-1 region, Frankfurt). Certain specialized providers (transactional email, payment processing, invoicing, third-party authentication and maps/location) may process data outside the European Economic Area. In such cases, the transfer is carried out only on the basis of a valid transfer mechanism under Chapter V of the GDPR — namely an adequacy decision (Art. 45) or appropriate safeguards (Art. 46, such as standard contractual clauses), as applicable. Further information on the mechanism applicable to each provider is available on request at privacy@imagomoments.ro.

Chapter XII: Minors

The platform may be used at events attended by minors.

Persons who upload, distribute or administer photographs and content relating to minors are responsible for obtaining all agreements, authorizations and consents required under applicable legislation.

Chapter XIII: Storage periods

Data is retained for the period necessary to provide the contracted services, comply with legal obligations and protect the rights and legitimate interests of the operator.

Biometric data generated for the facial-identification feature is automatically deleted within no more than 30 days from the last facial processing, a period that is recalculated upon each reprocessing.

Chapter XIV: Rights of data subjects

Data subjects benefit from all the rights recognized by the GDPR, including:

  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object;
  • the right to withdraw consent;
  • the right to lodge a complaint with the competent authority.

To exercise these rights, data subjects may contact the operator at privacy@imagomoments.ro.

Chapter XV: Data security

The operator implements appropriate technical and organizational measures to protect data against unauthorized access, disclosure, destruction, loss or unauthorized alteration.

Chapter XVI: Right to image

The right to image is distinct from the rights governed by personal-data-protection legislation. Further details are available in the Right to Image Policy.

Users who upload and distribute images are obliged to respect the rights of the persons photographed and applicable legislation.

Chapter XVII: Supervisory authority

Data subjects have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing or to bring the matter before the competent courts.

Chapter XVIII: Amendment of the policy

The operator reserves the right to amend this Policy whenever necessary to reflect legislative, technical or operational changes.

The updated version will be published within the platform and will take effect from the date of publication.