The data controller for personal data collected through azuriaviscri.ro is SUPERSONA MEDIA SRL, with registered office at Str. Dej nr. 39, Sector 1, București, 012282, tax code RO41492709.
Data protection contact: [email protected].
At booking we collect: first/last name, email, phone, city (optional), stay period, number and ages of children (optional), special requests (optional), chosen payment method.
For online payments, card data is NOT collected or stored by us — it is processed directly by Stripe Payments Europe Ltd. (see stripe.com/privacy).
For admin and (future) newsletter accounts: email and hashed password.
We process data exclusively to: · Perform the accommodation contract (process booking, communicate, check-in/out, invoicing). · Comply with legal obligations (10-year accounting record retention per Romanian Fiscal Code). · Send transactional messages (confirmation, reminder, cancellation). · With your consent only: marketing communications (offers, news).
Lawful bases (per GDPR Art. 6): · Contract performance — for all data needed to confirm and run the booking. · Legal obligation — for accounting and fiscal duties. · Consent — exclusively for newsletter/marketing. Withdrawable any time via the unsubscribe link.
Data is accessible to inn staff strictly within the scope of their duties.
We use the following processors (Art. 28 GDPR), all with contractual safeguards and GDPR compliance: · Stripe Payments Europe Ltd. (Ireland) – card payment processing. · SMTP2Go (New Zealand, with standard contractual clauses) – transactional email delivery. · Cloudflare Inc. (USA, with EU SCCs) – CDN, DDoS protection, DNS. · DigitalOcean Inc. (EU) – server hosting (Frankfurt).
We do not sell or share data with third parties for commercial purposes.
· Booking data (name, contact, period) — 10 years from end of fiscal year (Romanian Fiscal Code). · Marketing data (newsletter consent) — until consent withdrawal. · Technical/IP logs — 90 days. · Payment data (Stripe) — per Stripe policy (typically 7 years).
Under GDPR (EU Reg. 2016/679), you have these rights: · Access (Art. 15). · Rectification (Art. 16). · Erasure ("right to be forgotten" – Art. 17), except for data we are legally required to retain. · Restriction (Art. 18). · Portability (Art. 20). · Object (Art. 21). · Withdraw consent (Art. 7) for consent-based processing.
To exercise any right, send a request to [email protected]. We respond within 30 days max.
If you believe processing of your data infringes GDPR, you may lodge a complaint with: The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest Tel: +40 318 059 211 · Email: [email protected] www.dataprotection.ro
We use cookies and similar technologies. Details at /cookies.
We apply reasonable technical and organisational measures: HTTPS sitewide, in-transit encryption via Cloudflare, database in private network, daily backups, role-based access (owner/employee), admin action audit log.
Despite our best efforts, no measure is 100% impenetrable. We will notify of any incident as required by GDPR (Art. 33–34).
We may update this policy. The current version is published on this page with the date of last modification. Substantive changes will be announced via email to active guests.
The data controller for personal data collected through azuriaviscri.ro is SUPERSONA MEDIA SRL, with registered office at Str. Dej nr. 39, Sector 1, București, 012282, tax code RO41492709.
Data protection contact: [email protected].
At booking we collect: first/last name, email, phone, city (optional), stay period, number and ages of children (optional), special requests (optional), chosen payment method.
For online payments, card data is NOT collected or stored by us — it is processed directly by Stripe Payments Europe Ltd. (see stripe.com/privacy).
For admin and (future) newsletter accounts: email and hashed password.
We process data exclusively to: · Perform the accommodation contract (process booking, communicate, check-in/out, invoicing). · Comply with legal obligations (10-year accounting record retention per Romanian Fiscal Code). · Send transactional messages (confirmation, reminder, cancellation). · With your consent only: marketing communications (offers, news).
Lawful bases (per GDPR Art. 6): · Contract performance — for all data needed to confirm and run the booking. · Legal obligation — for accounting and fiscal duties. · Consent — exclusively for newsletter/marketing. Withdrawable any time via the unsubscribe link.
Data is accessible to inn staff strictly within the scope of their duties.
We use the following processors (Art. 28 GDPR), all with contractual safeguards and GDPR compliance: · Stripe Payments Europe Ltd. (Ireland) – card payment processing. · SMTP2Go (New Zealand, with standard contractual clauses) – transactional email delivery. · Cloudflare Inc. (USA, with EU SCCs) – CDN, DDoS protection, DNS. · DigitalOcean Inc. (EU) – server hosting (Frankfurt).
We do not sell or share data with third parties for commercial purposes.
· Booking data (name, contact, period) — 10 years from end of fiscal year (Romanian Fiscal Code). · Marketing data (newsletter consent) — until consent withdrawal. · Technical/IP logs — 90 days. · Payment data (Stripe) — per Stripe policy (typically 7 years).
Under GDPR (EU Reg. 2016/679), you have these rights: · Access (Art. 15). · Rectification (Art. 16). · Erasure ("right to be forgotten" – Art. 17), except for data we are legally required to retain. · Restriction (Art. 18). · Portability (Art. 20). · Object (Art. 21). · Withdraw consent (Art. 7) for consent-based processing.
To exercise any right, send a request to [email protected]. We respond within 30 days max.
If you believe processing of your data infringes GDPR, you may lodge a complaint with: The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest Tel: +40 318 059 211 · Email: [email protected] www.dataprotection.ro
We use cookies and similar technologies. Details at /cookies.
We apply reasonable technical and organisational measures: HTTPS sitewide, in-transit encryption via Cloudflare, database in private network, daily backups, role-based access (owner/employee), admin action audit log.
Despite our best efforts, no measure is 100% impenetrable. We will notify of any incident as required by GDPR (Art. 33–34).
We may update this policy. The current version is published on this page with the date of last modification. Substantive changes will be announced via email to active guests.