PRIVACY NOTICE ON THE PURCHASE OF THERME PRODUCTS AND SERVICES

 

Through this Privacy Notice we want to provide you details about the processing of your personal data in the context of the purchase of Therme’s products and services both online (through the website or Therme applications) and physically, when you visit us.

We also inform you about the data processing activities when using our alternative systems of purchase and payment of products and services, such as automated systems that are found in the reception area of Therme Bucharest complex.

We recommend that you read this Privacy Notice together with the Privacy Policy to obtain as much information as possible on how we process your personal data.

WHAT ARE THE CATEGORIES OF DATA THAT WE PROCESS?

When you make online orders, we process the following personal data:

  • Identification and contact details - first name and last name, email address, phone number;
  • Billing data – first name and last name, billing address, postal code, any other information you want to be mentioned in the invoice;
  • Age limit required for placing the order and transmitting data to Therme;
  • Type of client – child/adult/student/senior;
  • Payment method, card type, bank;
  • Credit card details* – name of the cardholder, card number, expiration date and CVV;

*Bank data is not stored in Therme computer systems. The data is processed through an authorized payment processor that complies with the PC-DSS standard. Therme stores only the card token and its expiration date;

  • Details of products and services purchased and about your visit (e.g.:Therme cards, tickets purchased, number of visitors, date of visit, duration of visit, areas visited, etc.);
  • Zen points obtained or spent on orders placed or other data in your account. MyTherme, if you use an account to place your order;
  • Discounts you receive at the time of placing your order;
  • Order history.

When you purchase products and services directly from the Therme Bucharest complex, we can process the following personal data:

  • Information about the products and services purchased;
  • Age category;
  • Type of client – child/adult/student/senior;
  • Financial data on the method of payment (cash, credit card, Therme card, other types of cards used, card issuing bank, etc.) as well as the amounts paid; Zen points purchased or spent.
  • Bank card details*- name of the cardholder, card number, expiration date and CV V

*Bank data is not stored in Therme computer systems. The data is processed through an authorized payment processor that complies with the PC-DSS standard. Therme stores only the card token and its expiration date.

  • Other details discosed by online tickets or vouchers that you present to the cash registers.
  • The number of the access bracelet and the locker number allocated;
  • Data on the use of the access bracelet (e.g. information on transitions from one area to another, date when it was used, etc);
  • Date and time of visit, duration of visit;
  • First name and last name;
  • Signature;
  • Biometric data (writing speed, pressure, acceleration, starting and stopping points, sequences and time measurements) from the electronic signature
  • Billing data (first name and last name, address);
  • Data from ID cards, incuding copy of them, when necessary (for reversal).

In order to comply with the entry conditions in the Therme Bucharest complex, we may ask you to confirm the eligibility of the purchased tickets, by presenting  the following documents:

  • Identity documents (e.g.: ID card, passport, etc.) to check the minimum age required for access to age restricted areas;
  • Student card / student / pension card, to check the eligibility of offers for these categories of people;
  • Supporting documents for persons with disabilities, in order to benefit from the offers for people with special needs.

We may ask you to submit these documents (at the time of your visit) for our legitimate interest in allowing access to age-restricted areas or offering discounts to eligible people.

Refusal to submit these documents may result in refusal to grant the benefits purchased or in the process of being purchased.

The aforementioned supporting documents are not recorded or stored in our systems.

THE USE OF AUTOMATION SYSTEMS IN PURCHASING AND PAYMENT PROCESSES

1. Self check-in

Therme offers you a check-in device located in the cash register area that helps you purchase your tickets without the help of Therme staff, thus shortening the time spent at cash registers.

The system uses a computer interface that allows you to select the services you want and make the payment. The check-in system does not process any personal data other than that necessary in relation to the services selected and the details of the card payment.

After this point, the sales process continues at the cash registers, in order to get the bracelet and allow access to the Therme Bucharest complex.

The use of this service is optional and can be used as an alternative to the conventional sales process.

2. Vending machine

It is another IT system located in the cash registers area that you can use to activate tickets purchased online at the time of your arrival at the location. The system scans the QR code on the online ticket, reads and verifies the information on the ticket in the online store’s computer systems and releases the access bracelets. The sales process continues at the cash registers, in order to activate the bracelet and allow access to the Therme Bucharest complex.

3. Self check-out

This IT system is located in the exit areas and allows you to make the payment of the consumption recorded on the bracelet. Subsequently, the bracelet must be handed over to Therme staff at dedicated cash registers. Processing data refers to the data recorded on the bracelet throughout the visit and the details of the card payment.

4. Self invoice

This IT system can be used by you to request and generate your tax invoice. In this regard, the system allows you to scan the tax receipt to provide the necessary information regarding the payment. At the same time, for confirming the company’s data, the system is synchronized to the ANAF database.

The system allows entering additional personal data you want on your invoice, First name and last name, address (for individuals). First name and last name, serial number and ID number (for persons delegated in relation to a company).

WHY DO WE PROCESS THIS DATA?

 We need this information for the management of commercial relations and the fulfillment of legal obligations:

  • To process your orders and provide you with the services;
  • To issue the invoice and other supporting documents;
  • To process payments;
  • To verify the eligibility of entry conditions and special offers;
  • To inform you about the status of the order;
  • To identify you in the storage systems when there is a problem with your order;
  • To manage and resolve your requests regarding an order (refunds, complaints etc.);
  • To book services available in the location;
  • To provide discounts, loyalty benefits or other benefits according to marketing campaigns;
  • To improve Therme’s services;
  • To facilitate your access to the complex, etc.;
  • To defend our legitimate interests.

WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?

We process your data for the fulfillment of our contractual obligations toward you in the context of the purchase of Therme’s products and services as well as for the fulfillment of legal obligations arising from the sales activity.

We also process your data on the basis of our legitimate interests such as:

  • Improving the services by using data to create statistical reports on sales and customer preferences, etc. these reports are not directly aimed at you and are not intended to create profiles;
  • Facilitating the access to the location;
  • Booking and scheduling of services on location;
  • Compliance with the General Contractual Conditions;
  • Prevention and recovery of damages and financial losses, investigation and settlement of complaints, defense of rights in court, etc.;
  • Improving the processes of purchasing and paying for services.
  • Other similar legitimate interests.

Establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; (Art.9.2.f - GDPR)

WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?

Personal data may also be accessed by other third parties to the extent that this is reasonably necessary in accordance with the purposes set out in this notice.

For details, please see the dedicated section of the Privacy Policy.

HOW DO WE MANAGE INTERNATIONAL DATA TRANSFER?

As a rule, for this processing activity, your personal data is stored and processed on servers and in physical locations in Romania and the European Union.

To the extent that it will be necessary to transfer your personal data to organizations in third countries that do not provide an adequate level of protection, we will take additional protection measures. For more details, please see the “International data transfer” section of the Privacy Policy.

HOW LONG DO WE KEEP YOUR DATA?

We keep the data that is necessary for tax purposes according to the legal provisions under national and European law, at least 5 years after the issuance of the supporting documents containing them. After the expiry of this period, the data will be destroyed safely within 1 year according to the internal storage policy.

Data that is not subject to legal regulations are assigned retention periods in accordance with the purposes for which they are used. The need to retain these categories of data is reviewed periodically.

WHAT ARE YOUR RIGHTS?

For the purposes of using your personal data for the purposes mentioned, you have the following rights:

  • Right to be informed;
  • Right of access;
  • Right to rectification;
  • Right to erasure, under the conditions stipulated by law;
  • Right to restriction of processing;
  • Right to data portability to another controller, under the conditions stipulated by law;
  • Right to object to the processing of your personal data;
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly affects you to a significant extent, with the exceptions set out in data protection laws;
  • Right to lodge a complaint with a supervisory authority.

UPDATING THE PRIVACY NOTICE

The information presented in this Privacy notice will be reviewed periodically to reflect any changes in current processing activities.

Please visit this page periodically to make sure you always have up-to-date information.

However, if we intend to significantly change the way we use your personal data, we will notify you in advance.

Last update: April 2024