PRIVACY NOTICE ON THE USE OF THERME'S WIFI NETWORK

Through this Privacy Notice we would like to provide you with details about the processing of your personal data when you use our wifi data network.

When you visit the Therme Bucharest complex, we provide you with a wifi data network, that you can use throughout your visit.

Access to the wifi network is granted only by using an account that allows you to connect to our network in adequate security conditions.

For this processing activity we carried out a Data Protection Impact Assessment analysis in order to identify and mitigate the risks associated with the processing of these categories of data.

We recommend that you read this Privacy Notice together with the Privacy Policy to obtain as much information as possible on how we protect your personal data.

WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WE PROCESS?

In order to create your account and connect to the WiFi network, we process the following categories of data:

• Identification and contact data (first name and last name, email address, phone number);
• Device data (IP address, MAC address, device type, operating system type, browser type, network to which it has connected);
• Data about the websites you visit when you are connected to our network.

WHY DO WE PROCESS THIS PERSONAL DATA?

The required identification and contact data is necessary to manage the process of connecting to the data network.

The purpose of the registration data processing is to prevent and investigate illegal activities that may occur through our wifi network.

The information collected will only be accessed at the request of the competent authorities.

WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?

We rely on our legitimate interest as a legal basis for data processing in order to keep records of the use of our data network. These records are necessary for defending legal rights or other similar legitimate interests, where there are suspicions or allegations of unlawful use of the Therme data network, by the competent authorities.

WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?

Personal data may also be accessed by other third parties, to the extent that this is reasonably necessary in accordance with the purposes mentioned in this Privacy Notice.

IT service providers will mainly have access to this data.

For details about our data processors, please see the dedicated section of the Privacy Policy.

Your data may also be made available to the competent authorities only when there are requests to investigate illegal activities from them.

HOW DO WE MANAGE INTERNATIONAL DATA TRANSFER?

As a rule, for this processing activity, your personal data is stored and processed on servers and in physical locations in Romania and the European Union.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

The recorded data is automatically deleted after a period of 1 year.

WHAT ARE YOUR RIGHTS?

For using your personal data for the purposes aforementioned, you shall have the following rights:

• Right to be informed;
• Right of access;
• Right to rectification;
• Right to erasure, under the conditions stipulated by law;
• Right to restriction of processing;
• Right to data portability to another controller, under the conditions stipulated by law;
• Right to object to the processing of your personal data;
• Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly affects you to a significant extent, with the exceptions set out in data protection laws;
• Right to lodge a complaint with a supervisory authority.

UPDATING THE PRIVACY NOTICE

The information presented in this Privacy Notice will be reviewed periodically to reflect any changes in current processing activities.

Please, visit this page periodically to make sure you always have up-to-date information.

However, if we intend to significantly change the way we use your personal data, we will notify you in advance.

Last update: April 2022