Through this Privacy Notice, we want to provide you details about the processing of your personal data in the context of participating in marketing events organised by Therme and its processors.
By marketing events we mean any event of contest, campaign, image promotion, products and services organised through the online platforms (website, social networks - Facebook, Instagram, Youtube etc.) and physically, in the locations of Therme Bucharest complex or in other places where the events take place.
We also refer to both public and private events.
We recommend that you read this Privacy Notice together with the Privacy Policy, in order to obtain as much information as possible on how we protect your personal data.
Further information on the processing of your personal data will be also provided in the regulations of competitions and campaigns, image releases or other documents used when events are being organised.
WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WE PROCESS?
Before we organise an event, we will always make sure that we only ask you for the data that is necessary to fulfill the purposes pursued. We do not collect excessive data for which there is no well-defined purpose.
Depending on the nature of the event, we process the following categories of personal data:
WHY DO WE PROCESS PERSONAL DATA?
We process this data for:
WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?
Depending on the context in which we process your data, we may use several legal grounds.
We use consent as a legal basis when we ask for your consent to collect and process data, for example to register or participate in an event. We use this legal basis only if we can fulfill all conditions of consent, such as the possibility to withdraw your consent at any time of processing. The performance of a service or the performance of a contract is not conditional on participation in consent-based activities.
The performance of a contract is another basis on which we rely in the event that the processing of your data is carried out on the basis of a contract to which you are a party. For example, the processing of your image in the media used in Therme campaigns may be carried out both under an image contract or other similar type of agreement.
Fulfillment of our legal obligations following the conduct of events (e.g. data processing for financial-accounting purposes, archiving etc.).
We may also process your data on the basis of our legitimate interests, such as:
When we use legitimate interest as a legal basis for our activities, we are committed to protecting your data so that the processing does not override your fundamental interests or rights and freedoms.
WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?
Where necessary, personal data may also be accessed by other third parties, to the extent that this is reasonably necessary in accordance with the purposes mentioned in this Privacy Policy.
Marketing partners and processors, event collaborators and organisers, application providers and web tools providers will have access mainly to this data.
For details about our data processors, please refer to the dedicated section of the Privacy Policy.
Also, your data that is used to promote Therme’s image, products and services may be disclosed in public spaces such as: social networks, websites, physical locations that can be accessed by an unlimited number of people, magazines, publications, billboards, etc.
HOW DO WE MANAGE INTERNATIONAL DATA TRANSFER?
As a rule, your personal data is processed in Romania, within European Union and countries that provide an adequate level of protection.
Depending on the nature, context and location of the marketing event, your personal data may also be disclosed to international destinations that do not provide an adequate level of protection, such as the United States. In this situation, for the protection of your data, we will take additional protection measures.
To learn more about the conditions under which we may transfer your data to third-party destinations, please refer to the “International data transfer” section of the Privacy Policy.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Data retention periods vary depending on the purpose for which they are processed and may be influenced by the nature of the event and the legal grounds we use.
Therefore, the criteria on which we establish data retention are:
We keep the data that is necessary for financial and accounting purposes, according to the legal provisions of national and European law, at least 10 years after the issue of the supporting documents containing them. After the expiry of this period, the data will be deleted/destroyed within 1 year, according to internal storage policies.
Data processed on the basis of legitimate interests are assigned retention periods in accordance with the purposes for which they were collected. We periodically evaluate storage periods to ensure that we retain your data only for as long as necessary in relation to the purposes pursued.
WHAT ARE YOUR RIGHTS?
Depending on the legal grounds on which we process your data, you have the following rights:
UPDATING THE PRIVACY NOTICE
The information presented in this Privacy Notice will be reviewed periodically to reflect any changes in current processing activities.
Please visit this page periodically to make sure you always have up-to-date information.
However, if we intend to significantly change the way we use your personal data, we will notify you in advance.
Last update: April 2022