Last Updated: .2026

1) Who we are (Data Controller)

This website and the related services are operated by LOVE&LOBBY SRL, acting as data controller for the personal data processed through TheAlternativeSchool website and its programs, including, but not limited to the ones developed for the Bitter Almonds NGO.

Company details: LOVE&LOBBY SRL, RO 13147403, J/40/6010/2000
Address: Str. Triunghiului nr. 27, Sector 5, Bucharest, Romania, 051113
Contact (privacy requests): win@thealternativeschool.com and teodora.migdalovici@thealternativeschool.com
WhatsApp / phone: +40 744 105 015

If a specific program, partner document, or invoice indicates a different controller for a particular processing activity, this will be communicated clearly in that context.

2) What personal data we collect

Depending on how you interact with us (competitions, training, events, newsletters, partnerships), we may collect:

a) Data you provide directly

• Identification and contact data: name, email, phone number, address (when needed for participation, certificates, invoicing, shipping, or logistics).

• Professional data: employer/role, portfolio links, social media handles, biography/intro details (only when relevant to participation or public presentation).

• Application/competition data: submitted materials, entries, decks, videos, images, statements, and related communication.

• Event participation data: attendance confirmations, access lists, badges, and logistics info.

• Identity document data (if applicable): we do not request ID documents as a standard practice. If an ID or similar document is exceptionally required for a specific purpose (e.g., travel/logistics, eligibility verification, or legal compliance), we will request only what is strictly necessary and retain it only for as long as needed for that purpose.

b) Data collected automatically

• Technical and usage data: IP address, device/browser type, operating system, pages visited, approximate location derived from IP, referral source, and similar analytics/diagnostic data.

c) Data received from third parties

• If you interact with us via social media or partners, we may receive basic contact/professional details and communication content necessary to respond or manage your participation (as permitted by your settings and the platform/partner).

We do not intentionally collect “special categories” of data (e.g., health, religion). Please avoid sending such data unless strictly necessary.

3) Why we use your data (purposes)

We use personal data to:

1. Provide and manage our services: programs, competitions, training, events, selection processes, diplomas/certificates, and participant support.

2. Communicate with you: operational emails, updates, responses to inquiries, scheduling, and participant coordination (including international contexts when applicable).

3. Publicly celebrate talent and document our activities: publishing winners/participants, projects, photos, quotes, and event highlights on our website, social media, and press/partner communications (with appropriate safeguards and opt-out where applicable).

4. Improve and secure the website: analytics, performance, troubleshooting, fraud prevention, and platform security.

5. Send newsletters and promotional materials (only where you have opted in, or where legally allowed with an easy opt-out).

6. Meet legal and accounting obligations (e.g., invoicing, recordkeeping, compliance requests).

4) Legal bases (GDPR Article 6)

We process personal data under one or more of these legal bases:

• Contract (Art. 6(1)(b)): to manage your participation in programs/competitions/events, selections, certificates, and related services.

• Consent (Art. 6(1)(a)): newsletters/marketing where required; specific uses of your image/quote/profile where consent is the appropriate basis. You can withdraw consent anytime.

• Legitimate interests (Art. 6(1)(f)): to run and improve our platform, ensure security, keep a professional archive, and communicate about our activities and talent—balanced against your rights and expectations.

• Legal obligation (Art. 6(1)(c)): when we must keep certain data for legal, tax, or accounting reasons.

5) Talent visibility, photos, quotes, and public archives

Our mission includes discovering, promoting, and publicly celebrating talent. This may involve publishing:

• your name, role/company (if relevant), brief bio, submitted work extracts, photos/videos from events, and quotes/testimonials.

Your controls (opt-out / removal):
You may request removal of your picture, quote, name reference, or social media reference from our website or archive by emailing win@thealternativeschool.com and teodora.migdalovici@thealternativeschool.com and including the relevant links/context. We will address requests within a reasonable timeframe.

Please note: in some cases we may keep a minimal record (e.g., audit trail of your request or legal/accounting data) where legally required or necessary to defend legal claims.

6) Cookies and similar technologies

Our website uses cookies and similar technologies:

• Strictly necessary cookies (to make the site work and remember essential settings),

• Analytics cookies (to understand traffic and improve the site),

• Marketing/advertising cookies (where applicable).

You can manage cookies through the cookie banner (where available) and/or your browser settings. Disabling certain cookies may affect site functionality.

7) Sharing data (processors and partners)

We do not sell or rent personal data.

We may share data with trusted providers who help us operate the website and services, such as:

• hosting and infrastructure providers,

• email/newsletter providers,

• analytics providers,

• event tools (registration/access management),

• payment and ticketing providers (where applicable),

• professional advisers (legal/accounting) where needed,

• partners involved in hosting events or running international participation logistics (only the data necessary for the purpose).

Such parties process data under appropriate confidentiality and security obligations, and only on our instructions where applicable.

8) International transfers and access from outside the EEA

Some service providers or partners may process data outside the European Economic Area (EEA). Where this happens, we use appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses) to protect your data, in line with GDPR requirements.

Additionally, because our work involves international travel, personal data may be accessed by authorized team members while located outside the EEA (for example, to coordinate participants, events, or logistics). In such cases, we apply strict security measures (see Section 11), limit access to what is necessary, and avoid carrying unnecessary data on devices.

9) Data retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described above:

• participation and program administration data: for the duration of the program and a reasonable period afterward for follow-up, archiving, and integrity of records;

• newsletters: until you unsubscribe/withdraw consent;

• accounting and invoicing data: for as long as required by applicable law;

• security logs: for a limited period necessary for security and troubleshooting;

• exceptional ID/verification documents (if ever required): only for as long as strictly necessary for that specific purpose.

When data is no longer needed, we delete it or anonymize it, where feasible.

10) Your rights

Under GDPR, you may have the right to:

• access your data,

• rectify inaccurate data,

• request deletion (where applicable),

• restrict processing,

• object to processing based on legitimate interests,

• data portability (where applicable),

• withdraw consent at any time (where processing is based on consent),

• lodge a complaint with the supervisory authority.

How to exercise your rights:
Email win@thealternativeschool.com and teodora.migdalovici@thealternativeschool.com with your request and relevant context. We normally respond within one month, and may extend where legally permitted for complex requests.

Supervisory authority (Romania):
You may lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

11) Security

We take reasonable technical and organizational measures to protect personal data, including (where appropriate) access control, encryption, device security, and data minimization.

When personal data must be accessed during travel or outside our usual work environment, we apply additional safeguards such as strong passwords, encrypted storage, restricted access, and secure communication methods. However, no online transmission or storage system is 100% secure; we cannot guarantee absolute security.

12) Children / age

Our services are intended for users who are at least 16 years old or who have legal capacity to participate. If we learn that we have collected personal data from a child below the applicable age without appropriate authorization, we will take steps to delete it.

13) Changes to this policy

We may update this Privacy Policy when necessary to reflect operational, legal, or regulatory changes. The current version is the one published on this page.

14) Contact

For privacy questions, requests, or concerns, contact us at: win@thealternativeschool.com and teodora.migdalovici@thealternativeschool.com, or by post at the address listed in Section 1.

Cookie Banner – short text (copy-paste)

We use cookies to make this site work, to understand traffic (analytics), and—where enabled—to personalize content and ads. You can accept all cookies, reject non-essential cookies, or customize your choices.

Buttons (suggested): Accept all | Reject non-essential | Customize

Terms – alignment sentence (copy-paste)

For the purposes of personal data processing on this website and related services, the data controller is LOVE&LOBBY SRL, as detailed in the Privacy Policy.