THE NONCONFORMIST

1. Data Controller

This website is operated by a private individual, the author and curator of the artistic project The Nonconformist.

• Data Controller: Peter Grosspersky
• Country: Romania
• Email: then-onconformist@outlook.com

Under Regulation (EU) 2016/679 (GDPR), the above person acts as the data controller responsible for the processing of personal data through this website.

2. About The Nonconformist

The Nonconformist is a non-commercial artistic project and online photography portfolio. The website does not sell products, does not require user accounts, and does not provide paid services.

3. What personal data is collected

This website processes a minimal amount of data, strictly necessary for its functionality.

3.1. Local Storage (browser storage)

With your explicit consent, the website may store the following in your browser:

• your cookie / storage preferences
• local information related to the "like" feature (to prevent repeated likes from the same browser)

This data is processed in a pseudonymous manner and is not used to identify individuals. The website does not combine this data with other information to identify users.

3.2. Firebase (Google) processing

If you enable optional functionality, the website uses Firebase Firestore, a service provided by Google, to:

• store aggregated like counts for images
• without user accounts or persistent identifiers
• without behavioral profiling
• likes are associated with your device to prevent duplicate votes

Stored data includes only:

• image URL
• total like count
• technical timestamps

Important: Firebase processes technical metadata (IP address, connection data, browser information) in accordance with Google's privacy policies. While likes are not directly attributed to your personal identity, they are linked to your device to maintain vote integrity. This constitutes pseudonymous data under GDPR.

✅ No Firebase connections occur until you accept functional cookies.

3.3. Realtime Viewing Activity

If you enable optional functionality, the website may display an anonymous count of users currently viewing the same gallery or image. This "active viewers" feature uses Firebase Realtime Database, a service provided by Google, to:

• track ephemeral presence data (current gallery and image being viewed)
• without storing user IDs, IP addresses, or any personal identifiers
• without behavioral profiling or cross-session tracking

Stored data includes only:

• an auto-generated, temporary session identifier (random, non-identifying)
• the gallery and image currently being viewed
• a technical timestamp

This data is fully ephemeral: it is automatically deleted when you close the browser tab, navigate away from the gallery, or withdraw consent. A safety cleanup also removes any stale entries within 60 seconds. No historical viewing data is retained.

✅ This feature is strictly opt-in (requires functional cookies) and stores no persistent personal data.

4. What we do NOT collect

❌ This website does not collect:

• names
• email addresses (except if you contact us voluntarily)
• user accounts
• authentication data
• behavioral tracking across sites
• Google Analytics data
• advertising data
• newsletter subscriptions

✅ Third-party services (Firebase) are loaded ONLY after you accept functional cookies.

5. Legal basis for processing

Depending on the specific processing activity, personal data is processed based on the following legal grounds:

• Article 6(1)(a) GDPR – Consent, for optional functional features such as image likes enabled via Firebase.
• Article 6(1)(f) GDPR – Legitimate interest, for the publication of artistic photographs and the handling of user correspondence.

Each processing activity is limited to its stated purpose.

6. Cookies and similar technologies

This website does not use advertising or tracking cookies.

Only:

• essential technologies
• local storage for preferences and the "like" feature

Optional functionality is disabled by default and activated only after consent.

The website may perform minimal technical network requests (such as DNS resolution) required to load images hosted on external platforms.

7. International data transfers

Firebase is a service provided by Google LLC (United States). Google relies on Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers.

8. Data retention

• Local preferences remain stored until you clear them from your browser
• Like-related data is stored indefinitely or until the project is discontinued
• Realtime viewing activity is ephemeral and deleted automatically on disconnect (within seconds)

9. Your rights

Under the GDPR, you have the right to:

• access your data
• request deletion
• withdraw consent
• object to processing

10. Changes to this policy

This Privacy Policy may be updated from time to time. The current version will always be available on this website.

11. Contact

For any questions regarding this Privacy Policy or to exercise your rights, contact us at: then-onconformist@outlook.com

12. Photography and Artistic Expression

Images displayed on this website may include public spaces and individuals captured in street photography contexts. These images are published under:

• Artistic expression rights (Article 85 GDPR)
• Journalistic and artistic exemptions where applicable under EU and Romanian law
• Legitimate interest (Article 6(1)(f)) for documentary and artistic purposes

If you appear in a photograph and wish for it to be removed, please contact us at then-onconformist@outlook.com with:

• The specific image URL and gallery name
• Your reason for removal request

We will balance your rights against our artistic freedom and respond within 30 days in accordance with GDPR Article 17 (right to erasure).

13. Email Communications

If you contact us via email:

• We process your email address and message content solely to respond to your inquiry
• Legal basis: Legitimate interest (Article 6(1)(f)) or contract initiation (Article 6(1)(b))
• Retention: Emails are stored for up to 2 years or until the purpose is fulfilled
• Your rights: You may request deletion of your email correspondence at any time

14. Supervisory Authority

You have the right to lodge a complaint with the Romanian data protection authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, România
Website: www.dataprotection.ro

✔️ GDPR approach

This website follows the principles of:

• data minimization
• transparency
• user control
• data protection by design and by default