Privacy Policy

1. Introduction

Eden Suites Timișoara (“we”, “us”) respects your privacy and is committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian law. This policy describes what data we collect, how we use it and your rights.

2. Data we collect

In the context of our accommodation business, we may collect:

• Identification and contact data: name, email address, phone number, country of residence.
• Booking-related data: check-in/check-out dates, number of guests, preferences (e.g. self check-in request).
• Payment data: we do not process card data directly on our site; payments are made via third-party platforms (Booking.com, Airbnb, bank transfer or on site). We do not store full card details.
• Communications: content of messages sent via WhatsApp, Viber, email or contact form, for the purpose of managing bookings and guest relations.

3. Purpose of processing

We use your data to:

• Manage reservations and stays at Eden Suites.
• Communicate regarding your booking, check-in/check-out and services (e.g. airport transfer).
• Comply with legal obligations (e.g. guest register, tax reporting).
• Improve our services and respond to your requests.

4. Legal basis

We process data on the basis of: performance of contract (booking/accommodation), legal obligations and, where applicable, your consent (e.g. newsletter, optional).

5. Cookies and similar technologies

Our site may use:

• Essential cookies: necessary for the site to function (e.g. language preference).
• Analytics cookies: to understand how the site is used (e.g. Google Analytics), in accordance with provider policies and consent where required.

You can manage cookie preferences in your browser settings. Blocking certain cookies may affect site functionality.

6. Sharing data

We may share data with:

• Booking platforms (Booking.com, Airbnb, etc.) to the extent you provide data directly or through us for reservation.
• Service providers (e.g. hosting, email) who assist our operations, under strict confidentiality obligations.
• Public authorities where required by law.

7. Retention

We retain data for as long as necessary for: performance of contract, legal obligations (e.g. tax documents, guest register) and, where applicable, dispute resolution. After these periods, data is deleted or anonymised.

8. Your rights

Under GDPR you have the right to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection and the right to lodge a complaint with a supervisory authority (e.g. ANSPDCP in Romania). To exercise your rights, contact us at the email address shown on the site.

9. Security

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration.

10. Changes

We may update this policy. Significant changes will be communicated on the site or, where applicable, by email. We encourage you to check this page periodically.