Notice to visitors

Dear Guest/ Invitee/ Visitor, We process your personal data in a legal, fair, and transparent manner, ensuring their security and confidentiality under the conditions presented below. By presenting and/or staying at the location[1] subsequent to the communication of this document:
  • you attest that you have been informed about these conditions,
  • declare that you agree with the processing carried out in this way, both for your own data and that of the minors accompanying you (strictly for the data collected regarding minors),
  • understand and assume that in addition to your consent, other legal grounds for processing are applicable in the context of our relations,
  • understand and assume that in case you make reservations on behalf of and for other people/ you are the organizer of an event taking place at the location/ bring guests/ invitees to the location, you have the responsibility to communicate this document to the people in your group/ your guests/ invitees. This document will be available to you and your guests/ invitees also at the location (e.g., reception/ front desk/ restaurant)
For more details, you can consult our Privacy Policy and Video Surveillance Policy available on the web page In the context of consulting the web page, you can also access our Cookie Policy.
  1. Operator Data
The company POIANA CAILOR S.R.L, of Romanian nationality, headquartered in Bucharest Sector 6, Calea Giuleşti Nr. 333, Building C2, room no. 15, Floor 1, having the Order Number at the Trade Register J40/1605/2021, CUI 43649991, E-mail, attention to the Data Protection Officer.
  1. Collected Data
  • In the context of accommodation services (and services adjacent to accommodation): data from the reservation made in advance and the accommodation form, data from the ID card/ passport/ identification document presented, gender, phone, e-mail, bank account, geolocation data related to the stay (implicitly), citizenship, date and place of birth, signature;
  • In the context of other services (including restaurant)/ activities you opt for at the location, without accommodation: data from the reservation made in advance (if applicable), name, surname, e-mail address, phone number, gender (implicitly), bank account in the context of card payments;
  • In the context of activities carried out based on a Declaration of Acknowledgment and Assumption of Risk and Liability, additionally: data from the ID card/ passport/ identification document presented, date and place of birth, signature;
  • In the context of presentation and access to the location: visual images (including within the premises, in supervised spaces) and the license plate number of your car, captured through video cameras; the first and last name in the context of access control;
  • Data you voluntarily provide us/ in the context of specific service instructions/ access to activities at the location;
  • Contextually/ unsolicited, special data/ or not (regarding race, ethnicity, religion, political orientation, philosophical beliefs or of a similar nature, membership in trade or professional groups, profession, marital status, habits and preferences, any other data pertaining to physical, physiological, economic, cultural, or social identity that can be used for direct or indirect identification of you) inherent/ deductible from the nature/ purpose/ context of the event/ conference you participate in, the service/ activity you opt for;
  • Strictly when necessary, data regarding health status (e.g., if you show signs of infection with Covid-19/ conditions that could endanger the safety of other guests during the stay or which would involve urgent measures for your safety/ conditions upon which access to certain services/ activities at the location is conditioned);
  • Geolocation data (location, date, time at a certain moment) – in the context of reservations/ through monitoring bracelets in the adjacent forest area (provided strictly upon your request)
  • For visitors other than the guests/ invitees of the guests: the data related to presentation and access to the location, mentioned above, the company/ employing authority and the function in case you act as a representative, as well as other data imposed by the title and purpose for which you are present at the location;
  • In case you opt for marketing communications: e-mail address.
  1. The purposes and grounds for processing
The purposes of processing:
  • Data collected in the context of contracting services/ activities and related communications: negotiation, signing, and execution of contracts and managing any related aspects of these stages;
  • Data collected in the context of presentation and access to the location, as well as those related to surveillance cameras: access control and location security (including in terms of health measures that would be imposed in epidemiological/ risk contexts); investigating incidents at the location; prompt intervention in case of incidents;
  • The rest of the data specified in point 2 are not processed for other purposes:
  • For all collected data: fulfilling the legal obligations of the company, given by the specificity of the activity and the operations carried out, providing to authorities and courts within the controls/ at their request; defending the prevailing legitimate rights and interests of the company, including in case of litigations and disputes.
The grounds for processing
  • your consent (the direct one; for marketing; monitoring bracelets and implicitly, for the rest of the data), according to Art. 6 para. (1) let. a) GDPR)
  • the conclusion and execution of the contract assumed towards you, according to Art. 6 para. (1) let. b) GDPR
  • fulfilling the obligations that are incumbent upon us according to the law, according to Art. 6 para. (1) let. c) GDPR
  • presentation in case of control/ requests from authorities, according to Art. 6 para. (1) let. c) and f) GDPR
  • for health and safety measures at the location/ epidemiological investigations/ access to specific services and activities, according to Art. 6 para. (1) let. d) GDPR
  • exercising our legitimate rights and interests of promoting and selling services, settlement of disputes/ differences, according to Art. 6 para. (1) let. e) GDPR.
  1. Duration of processing and storage
  • data from reservations/ voucher purchases/ contracts/ contractual communications: 5 years from the termination in any manner of the relations between the parties
  • for contracts with an accommodation component, the duration of data storage from the Accommodation Forms: 5 years from completion, according to the law
  • for data contained in financial/ accounting documents, for the durations provided by law/ in the absence of a longer legal minimum stipulation, 5 years
  • in case of requests regarding personal data – 3 years from the communication of the response
  • data captured through cameras – 20 days from recording
  • data collected through monitoring bracelets: for the duration of wearing, maximum 5 days after;
  • in case of incidents/ conflicts/ disputes, the above terms can be extended until the investigation/ definitive resolution /for the duration requested by authorities.
  1. Recipients. Data transfer
Your data will be strictly accessible to internal employees and collaborators expressly designated in the processing flow, as well as to external collaborators acting as outsourced departments/ intermediaries in execution/ providers of legal/ tax-accounting/ security services, etc., in the context of fulfilling our legal obligations/ those disposed of by authorities and defending our legitimate rights and interests. Some of the collected data are processed on our behalf by the parent company of the belonging group and a series of other data can be transferred intra-group, depending on the logistical and personnel allocations necessary in the context of negotiation, conclusion, execution, termination, and resolution of any aspects of interest within our contractual framework.
  • As a rule, we do not transfer data outside the EU. Data provided for marketing communications and data related to Cookies from our web page are processed by a third provider, outside the EU space. For transfers that are not assimilated according to GDPR to those within the EU, and which might be subject to higher risks for your legitimate rights and interests (e.g., risk in the context of the transfer, difficulties in exercising rights and for compelling the operator/ person empowered by the operator to respect the rights or to pay compensations) we ensure adequate guarantees of processing compliance on a contractual basis with the data recipient.
For more information regarding the data collected online, please consult our Privacy and Cookies Policy, available on the site.
  1. Your rights
The right of access – to obtain confirmation from us whether or not your data are being processed and regarding the conditions of the processing. The right to data portability, if this is technically feasible the right to request the direct transfer of data to another operator. The right to oppose data processing – When data processing is aimed at direct marketing, you have the right to oppose the processing at any time. Depending on the circumstances, the opposition may lead to the impossibility of providing the services/ honoring the request, for which there are also other grounds for collection. The right to rectification of incomplete/ inaccurate/ data that has changed over time – The company may also update data on its own initiative. The right to erasure of data (“right to be forgotten”) – if they are no longer necessary for the purposes for which they were collected, you withdraw your consent/ oppose the processing and there is no other ground for processing, the data have been processed unlawfully or must be erased to comply with a legal obligation. The right to restriction of processing – the right without obtaining the deletion of the data to request their marking and limited processing, in the following cases:
  • the accuracy of the data we process is contested, for a period that allows the verification of the accuracy of the data;
  • the processing is unlawful, and the concerned person opposes the deletion of personal data, requesting instead the restriction;
  • the company no longer needs the personal data for the purpose of the processing, but the concerned person requests them for the establishment, exercise, or defense of legal claims;
  • you oppose the processing for the interval of time in which it is verified whether the legitimate rights of the company prevail over your rights as the data subject.
The right to file a complaint with the National Supervisory Authority for Personal Data Processing – in case you consider that the company violates the legal provisions in the field of data processing. The right to be informed – in the event of a breach of your data security, of a nature to put your rights and interests at high risk, with the exceptions established by law. The request must be formulated in writing, with adequate identification. We will respond within a maximum of 30 days from receipt. This term may be extended with your prior and motivated information, by two months, when the law allows us. In the context of exercising your rights regarding the data collected through cameras:
  • we will comply with a request for transfer/ deletion of data strictly if the data of other persons can be separated/ confidentially appropriately and at reasonable costs
  • the right to rectification – in principle, inapplicable in relation to the specificity of the processing.
If you agree to receive information on campaigns/ promotions/ events you can respond in the sense: I agree to receive promotional offers and information regarding the services provided by the operator at a given time. [1] The “Singureni Manor” premises