Through this Privacy Notice we want to provide you details about the processing of your personal data when you fill in various forms during your visit to the Therme Bucharest complex.
We made sure that the data we request for the completion of these forms is relevant and necessary in relation to the purposes for which they are used.
By printed forms we refer to the following types of documents:
The printed forms we fill in will also contain relevant and specific information regarding the processing of your personal data.
WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WE PROCESS?
When it is necessary to fill in one of the forms mentioned, we process the following categories of personal data:
Identification and contact details, such as first name and last name, address, telephone, the number of the RFID access bracelet allocated during the visit, signature.
Data specific to the purpose for which we request that data, such as:
When necessary, in order to fulfill our legal obligations or legitimate interests, together with filling in forms, we may ask you for a copy of your passport or other supporting documents, which will be kept together with the requested form, in accordance with our financial and accounting legal obligations.
WHY DO WE PROCESS THIS DATA?
This data is necessary for the following purposes:
- ensuring the people’s health and safety;
- prevention of financial losses;
- recovery of damages;
- defense of rights in court;
- keeping supporting documents that may be required by the competend authorities (e.g. ANAF);
- compliance with the internal regulations;
WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?
The processing of personal data is carried out according to the purposes for which they are collected, based on the following legal grounds:
WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?
Personal data may also be accessed by other third parties to the extent that this is reasonably necessary in accordance with the purposes set out in this Privacy Notice.
HOW DO WE MANAGE INTERNATIONAL DATA TRANSFER?
As a rule, for this processing activity, your personal data is stored and processed on servers and in physical locations within Romania and European Union.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Data retention periods may vary, depending on the purpose and may be influenced by legal provisions.
The criteria on which we set the retention of data are:
- legal retention periods, where applicable;
- contractual obligations to which you are party, if applicable;
- Therme’s legitimate interests.
We keep the data that are necessary for financial-accounting purposes, as required by national and European law, for at least 10 years after the issue of the supporting documents containing them. After the expiry of this period, the data will be deleted/destroyed within a maximum of 1 year, according to internal storage policies.
Data processed on the basis of legitimate interests are assigned retention periods in accordance with the purposes for which they were collected. We periodically evaluate storage periods to ensure that we retain your data only for as long as necessary in relation to the purposes pursued.
WHAT ARE YOUR RIGHTS?
For using your personal data for the purposes aforementioned, you shall have the following rights:
UPDATING THE PRIVACY NOTICE
The information presented in this Privacy notice will be reviewed periodically to reflect any changes in current processing activities.
Please visit this page periodically to make sure you always have up-to-date information.
However, if we intend to significantly change the way we use your personal data, we will notify you in advance.
Last update: April 2022