Personal data protection policy

This policy concerns aspects related to personal data protection of the SZP INVEST S.R.L. company, with headquarters in Bucharest, no. 22B, Bucuresti-Targoviste Road, Building 3, Entrance B, ground floor, ap. 007, 1st District, registered with the Trade Register Office attached to the Law Court of Bucharest under no. J40 /3596/2000, unique registration number (CUI) RO12911080, hereinafter referred to as SZP. You can contact our Data Protection Officer at the following e-mail address: dpo@phoeniciabusinesscenter.ro

1. How do we use your information?

When using our site When using our site to search for our products and services and to view the information we provide, a number of cookies are used by us (cookies first party) and third parties (cookies third party) to allow the site to function, to collect useful information about visitors and to provide you with the best experience in using our site. Some of the cookies we use are strictly necessary for our site to work and we do not ask you for your consent to allow them in your computer.

Cookies and tracking tools

Cookies are small files that are stored on your computer or devices while navigating on another website. Cookies do not provide us with personal information of the visitor, but only some browsing habits that improve their browsing experience. They are only used in an internet browser. You can choose to refuse cookies or delete them from your Internet browser. At the same time, our website uses cookies to improve navigation, to provide visitors with a much better browsing experience and services tailored to the needs and interests of everyone. These cookies may come from the following third parties, but are not limited to: Adwords, Google Analytics, Google.com, Facebook, Twitter.

Newsletters

The newsletter is not pop-up type. Entering an email address and pressing the Send button represents your free consent. This newsletter feature is linked with MailChimp and managed by the Phoenicia Hotels group's marketing team.

When sending a request through our site

When you submit a request through our website to the email address specified on the site under "contact", we use this information to respond to your request, also providing the information about our services. We can send you an email several times after you make a request to ensure we have answered your question and to improve our users' experience.

Your request is stored and processed on our secured servers, and the content remains within the company. We do not use the information you provide to make decisions that may affect you. We keep emails coming from requests for three years, then safely archive them and keep them for five years, then delete them.

2. Purpose

The purpose of the Policy is to protect the personal data of the SZP company, its clients, partners and its collaborators, and persons involved in its projects.

3. What are your rights?

You have the right to information, the right to rectify, delete or restrict the processing of stored data, the right to oppose data processing, the right to portability of data, and the right to file a complaint in accordance with the data protection law at any time.

Right to information:

You may obtain information from us as to whether and to what extent we process your data.

Right of rectification:

If we process data that is incomplete or incorrect, you have the right to obtain rectification or completion of such data from us at any time.

Right of deletion:

You may obtain from us the deletion of data if we have unlawfully processed these data or if the processing of such data constitutes a disproportionate violation of your legitimate interests. Please note that immediate deletion may be banned for some reason, e.g. legal provisions on data retention.

Right to limit processing:

You may obtain limitations on the processing of your data if: • Deny the accuracy of the data for a period that allows us to verify the accuracy of the data, • Processing is illegal, and yet you oppose deleting the data and request instead, limit their use, • We no longer need data for the intended purpose, but you need this data to establish, exercise or defend legal requests, or • You oppose data processing.

Portability of data:

You have the right to receive the data you have provided us in a structured, frequently used and electronically readable format, and you may transmit this data to other responsible parties without any impediment on our part, provided that

• we process these data on the basis of a revocable statement of consent that you provide or execute a contract between us; and • Processing is done by automatic means.

If technically feasible, you are entitled to have your data transmitted directly to us by another operator.

Right of objection:

If we process data based on legitimate interests, you have the right to object to this processing for reasons related to your particular situation at any time. We will not process the data unless we can demonstrate compelling and legitimate reasons for processing that go beyond your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. You have the right to oppose the processing of your data for direct marketing purposes at any time, without specifying a reason.

Right of complaint:

If you believe we process your data in violation of the Romanian data protection law or European legislation, please contact us by e-mail at dpo@phoeniciabusinesscenter.ro to answer any questions.

In case of doubt, we may need additional information to confirm your identity. This serves to protect the rights and privacy of your data.

You have the right to file a complaint at:

National Supervisory Authority for Personal Data Processing (ANSPDCP), 28-30, Blvd. G-ral. Gheorghe Magheru, 1st District, 010336 Bucharest, Phone: 0318.059.211 Email: anspdcp@dataprotection.ro

4. Updates to this policy

The Personal Data Protection Policy will be reviewed periodically and, if necessary, updated.