ALMACALMA
Privacy Policy
Personal Data Privacy Policy
Last updated: February 2026
Your data privacy is important to us. This policy explains what data we collect, how we use it, and what your rights are, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Romanian legislation.
1. Who we are (Data Controller)
Your personal data is processed by:
Company Name: SC ALMACALMA SRL
Unique Registration Code (CUI): 50355760
Address: 106 Principala Street, Alma Vii Village, Mosna Commune, Sibiu County
GDPR Contact Email: contact@almacalma.ro
For the purposes of data protection legislation, we are the “Data Controller” of your personal data.
2. What data we collect and how we collect it
We collect data that you provide directly to us or that is generated automatically through your use of our services:
A. Data provided directly by you (via the booking form or email):
Identification data: First name, last name.
Contact data: Email address, phone number.
Billing data: Home address, Personal Identification Number (CNP – only if necessary for billing according to the Fiscal Code for individuals) or company details.
Booking details: Dates of stay, number of guests (including the names of accompanying guests).
B. Data collected automatically:
Video footage: Through surveillance cameras located outside the property (yard, parking lot, entrances), for the security of property and persons.
Technical data (via the website): IP address, browser type, pages visited (through cookies or server logs).
C. Data collected through partners:
Our website uses the 5StarDesk.net platform to manage bookings. The data entered there is transmitted to us so we can fulfill your reservation.
3. Purpose and Legal Basis for Processing
We process your data for the following purposes:
| Processing Purpose | Legal Basis (GDPR) |
| Processing the reservation and accommodation (confirmation, check-in, communication) | Performance of a contract (Art. 6.1.b) |
| Billing and financial reporting | Legal obligation (Fiscal Code) (Art. 6.1.c) |
| Fulfilling tourism obligations (Arrival announcement form for the Ministry of Tourism/Police) | Legal obligation (Tourism regulations) (Art. 6.1.c) |
| Location security (Outdoor video surveillance) | Legitimate interest to protect the property and guests (Art. 6.1.f) |
| Resolving requests/complaints | Legitimate interest or Performance of a contract |
4. Who has access to your data?
We do not sell or trade your data. We only share it with necessary partners for the proper conduct of our business, who act as data processors and are contractually bound to maintain confidentiality:
IT service providers: The booking platform (5StarDesk), website hosting provider.
Payment processors: Netopia/EuPlatesc (for online card payments), Bank (for bank transfers).
Accounting services: The firm managing our accounting.
Public authorities: Only if required by law (e.g., Police, National Agency for Fiscal Administration – ANAF, Ministry of Tourism).
5. How long do we keep your data?
We store your data only for as long as necessary:
Financial and accounting documents (invoices): 10 years (according to the Fiscal Code).
Arrival announcement forms: 5 years (according to tourism legislation).
Data from the booking platform: 3 years from the last interaction, for customer history or defense of rights in court (statute of limitations).
Footage from surveillance cameras: Maximum 30 days, after which it is automatically deleted by overwriting (unless there is a security incident that requires keeping it).
6. Data transfer outside the EU
As a general rule, we do not transfer data outside the European Economic Area (EEA). If our technology providers (e.g., email services, hosting) have servers outside the EU, we ensure the transfer is protected by adequate safeguards (e.g., Standard Contractual Clauses approved by the European Commission).
7. Your rights
Under the GDPR, you have the following rights:
Right of access: To request confirmation of whether we process your data and a copy of it.
Right to rectification: To request the correction of inaccurate data.
Right to erasure (“right to be forgotten”): To request the deletion of your data, if it is no longer necessary or if you withdraw your consent (and there is no legal obligation to keep it, such as invoices).
Right to restriction of processing: To request the “freezing” of processing in certain cases.
Right to data portability: To receive your data in a structured format.
Right to lodge a complaint: With the National Supervisory Authority for Personal Data Processing (ANSPDCP) – www.dataprotection.ro.
To exercise these rights, you can send a written request to contact@almacalma.ro. We will respond within a maximum of 30 days.
8. Cookie Policy (Briefly)
Our website uses cookies (small text files stored in your browser) to ensure the proper functioning of the site.
Necessary cookies: Essential for the operation of the website and the booking process.
Analytics cookies: (Optional, e.g., Google Analytics) Help us understand website traffic.
You can control or delete cookies from your browser settings.
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
9. Data Security
We have implemented technical and organizational measures to protect your data (use of secure HTTPS connections, restricted access to databases, physical security systems at the location). However, no data transmission over the internet is 100% secure.
