Through this Privacy Notice, we want to provide you with details regarding the processing of your personal data, in your capacity as a representative, employee, or party involved in a contract between Therme and your company.
This Privacy Notice applies to the processing activities carried out by us, as a data controller, having the legal responsibility to inform you adequately about the purposes, legal grounds, rights you have or other relevant information.
WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WE PROCESS?
Depending on the purpose and nature of the contractual relationships, we may process the following personal data:
Identification and contact details:
Data collected at Therme locations:
Other personal data:
WHY DO WE PROCESS THIS PERSONAL DATA?
Personal data is necessary for purposes such as:
WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?
We process your data, for the aforementioned purposes, on the following legal grounds:
- Protection of property and people;
- Securing of IT systems;
- Securing of restricted spaces;
- Preventing financial losses;
- Defending Therme’s rights;
- Issuing financial reports;
- Issuing and storing documents resulting from the activity performed;
- Protecting Therme reputation;
WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?
Your data may also be disclosed to other third parties such as IT service providers, payment processors, financial-accounting service providers, marketing service providers, occupational safety and health service providers, security and protection service providers, applications and web tools providers, website and mobile app developers, market research providers, consultants, lawyers, legal advisors, auditors or similar entities.
Personal data may be accessed by third parties only if this is reasonably necessary in accordance with the purposes mentioned in this information Note.
HOW DO WE HANDLE INTERNATIONAL DATA TRANSFER?
As a rule, your personal data is processed in Romania, within European Union and other countries that provide adequate level of protection, similar to the General data Protection Regulation no. 679/2016.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Data retention periods may vary, depending on the purpose for which they are processed and may be influenced by the type and nature of the contract, legal provisions or our legitimate interests.
Therefore, the criteria on which we determine the retention of data are:
- legal retention periods, where applicable;
-contractual obligations to which you or the company you represent is a party ;
- Therme's legitimate interests.
We keep the data that is necessary for financial and accounting purposes, according to the legal provisions of national and European law, at least 10 years after the issuance of the supporting documents containing them. After the expiry of this period, the data will be destroyed safely within 1 year, according to the internal storage policies.
Data that is not subject to legal regulations are assigned retention periods in accordance with the purposes for which they were collected.
We periodically evaluate storage periods to ensure that we retain your data only for as long as necessary in relation to the purposes pursued.
The erasure will only take place to the extent that such personal data are no longer necessary for other purposes.
WHAT ARE YOUR RIGHTS?
For the purposes of using your personal data for the purposes aforementioned, you shall have the following rights:
UPDATING THE PRIVACY NOTICE
The information presented in this Privacy notice will be reviewed periodically to reflect any changes in current processing activities.
Please visit this page periodically to make sure you always have up-to-date information.
However, if we intend to significantly change the way we use your personal data, we will notify you in advance.
Last update: April 2022