GDPR POLICY
1. Introduction
This GDPR Policy explains how we collect, use, and protect your personal data when you visit our website artachalet.com or use our accommodation services. Data processing is carried out in accordance with Regulation (EU) 2016/679 on the protection of natural persons regarding the processing of personal data and the free movement of such data (GDPR), as well as with applicable national legislation, including Law No. 190/2018 on measures for the implementation of GDPR in Romania.
​
​
2. What data do we collect?
We may collect the following personal data:
-
Name and surname
-
Email address
-
Phone number
-
Payment details (processed via secure third-party providers)
-
IP address and device information
-
Accommodation preferences
-
Any other information you voluntarily provide through contact forms or direct communication
​
​
3. How do we collect data?
We collect personal data when:
-
You make a booking via our website, by email, or by phone
-
You contact us through the website’s contact form or social media
-
You visit our website (via cookies and similar technologies)
-
You interact with us through promotional campaigns or events
​
​
4. Legal basis for data processing
Your data is processed based on the following legal grounds, in accordance with Regulation (EU) 2016/679:
-
Performance of a contract (Art. 6(1)(b)) – for managing bookings and accommodation services
-
Your consent (Art. 6(1)(a)) – for marketing communications or optional cookies
-
Legitimate interest (Art. 6(1)(f)) – for improving user experience
-
Legal obligations (Art. 6(1)(c)) – for tax documentation and compliance with applicable regulations
​
​
5. How do we protect your data?
​
-
We implement appropriate technical and organizational measures to protect personal data, in line with Art. 32 of GDPR
-
We use encryption and secure storage methods
-
We limit access to data only to authorized personnel
-
We work only with partners who comply with GDPR standards
​
​
6. Who do we share your data with?
We do not sell or transfer personal data to third parties, except in the following cases:
-
IT service providers maintaining our website and digital infrastructure
-
Payment processors (e.g., banks, online payment services)
-
Legal authorities, when required by law
-
Online booking platforms used by Arta Chalet
7. Transfer of data outside the EU
If we use services from providers outside the EU/EEA, we ensure they provide an adequate level of data protection, in accordance with Art. 44-49 of GDPR.
8. Your rights
Under Regulation (EU) 2016/679, you have the following rights:
-
Right of access (Art. 15) – request information about your processed data
-
Right to rectification (Art. 16) – correct inaccurate data
-
Right to erasure (“right to be forgotten”) (Art. 17) – request data deletion under certain conditions
-
Right to restrict processing (Art. 18) – request limitation of data processing
-
Right to data portability (Art. 20) – request the transfer of data to another controller
-
Right to object (Art. 21) – object to data processing for direct marketing
-
Right to lodge a complaint – you can submit a complaint to the National Authority for the Supervision of Personal Data Processing (ANSPDCP) at www.dataprotection.ro
To exercise these rights, contact us at: hello@artachalet.com
9. Cookies and similar technologies
Our website uses cookies to enhance user experience. You can manage cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.
10. Data retention period
We retain personal data only as long as necessary for the purposes for which they were collected, in compliance with applicable legal requirements:
-
Booking data: 5 years (as per tax regulations)
-
Contact data: 12 months after the last interaction
-
Cookie data: according to the specific Cookie Policy
11. Changes to the Privacy Policy
This policy may be updated periodically to reflect legislative changes or modifications in our data processing practices. Any updates will be published on this page.
Last updated: 13th of January 2025