Privacy Policy
1. Data controller
Company name: {{DENUMIRE}}
VAT number: {{CUI}}
Trade register: {{REG_COM}}
Registered address: {{SEDIU}}
Email: {{EMAIL}}
Phone: +40 747 311 383
{{DENUMIRE}} (hereinafter "the Controller") processes personal data as data controller, in accordance with EU Regulation 679/2016 (GDPR) and Romanian Law no. 190/2018.
2. What data we collect
We collect personal data that you provide directly to us in connection with your booking or accommodation-related communications:
- Full name
- Phone number
- Email address (if provided)
- Stay details: dates, number of guests
- Communication history (WhatsApp messages, SMS, email, phone calls)
By visiting the website, our server may also record technical access data (IP address, browser type, pages visited, date and time) through standard technical mechanisms.
3. Purpose and legal basis for processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Managing and confirming accommodation bookings | Art. 6(1)(b) — performance of contract |
| Invoicing and accounting records | Art. 6(1)(c) — legal obligation |
| Communications about the booked stay (check-in, rules, confirmation) | Art. 6(1)(b) — performance of contract |
| Informing existing customers about offers or available dates | Art. 6(1)(f) — legitimate interest |
4. Retention periods
- Booking and invoicing data: 10 years (as required by tax and accounting legislation).
- WhatsApp / email / SMS communications: maximum 2 years from the last interaction.
- Technical access logs: maximum 90 days.
Upon expiry of retention periods, data is deleted or anonymised.
5. Cookies and technical data
The casafratila.ro website uses only technically necessary cookies required for its proper functioning (Google Fonts loading, browser session). These cookies do not collect personally identifiable data and do not require your prior consent under Article 5(3) of Directive 2002/58/EC.
The website does not currently use tracking, analytics (Google Analytics) or advertising cookies (Meta Pixel). If such tools are added in the future, this policy will be updated and your explicit consent will be requested through a cookie banner.
6. Recipients of your data
Personal data is not sold or transferred to third parties for marketing purposes. Data may be accessed by:
- The Controller's staff involved in managing bookings;
- Technical service providers (e.g. hosting, email) acting as data processors under agreements compliant with Article 28 GDPR;
- Public authorities, within the limits provided by law.
Data is not transferred outside the European Economic Area.
7. Your rights under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15) — to obtain confirmation that your data is being processed and a copy of it.
- Right to rectification (Art. 16) — to request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17) — to request deletion of your data under the conditions provided by law.
- Right to restriction of processing (Art. 18) — to request that processing be limited in certain situations.
- Right to data portability (Art. 20) — to receive your data in a structured format where processing is based on consent or contract.
- Right to object (Art. 21) — to object to processing based on the Controller's legitimate interest.
- Right not to be subject to automated decisions (Art. 22) — we do not make automated decisions with significant legal effects based on your data.
8. How to exercise your rights
You can send a request regarding your rights to {{EMAIL}} or by post to the Controller's registered address.
We will respond to your request within 30 calendar days of receipt. For complex or extensive requests, this period may be extended by a further 60 days, with prior notification to you.
9. Right to lodge a complaint
If you believe your rights have not been respected, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP), which is the competent supervisory authority in Romania:
- Website: dataprotection.ro
- Email: anspdcp@dataprotection.ro
- Address: B-dul Magheru 28-30, Sector 1, Bucharest, Romania
10. Changes to this policy
This policy may be updated periodically to reflect changes in legislation or our processing practices. The updated version will be published on this page with the date of the latest revision. We recommend checking this page periodically.
Last updated: 21 June 2026.