Effective date: June 10, 2025

We consider ensuring the right to the protection of personal data a fundamental commitment of our company. We dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as with any other applicable EU legislation.

Since transparency is one of the key principles of this legal framework, we’ve prepared this document to inform you about how we collect, use, transfer, and protect your personal data when you interact with us in connection with our products and services, including through our website. We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in how we process your personal data or in legal requirements. Any such modifications will be posted on our website.

1. Data Controller – Who we are

The data controller is INVEST SPH S.R.L., a limited liability company organized and operating under Romanian law, with its registered office in Bucharest, Bld. RÂMNICU SĂRAT 8, Bl:21A, Sc:A, Et:4, Ap:30, Sector 3, registered with the Trade Register under no. J2024040637002, having the unique registration code 50876148, which can be contacted at office@gradinapovernei.ro.

This Privacy Policy explains how we apply the GDPR, as well as your rights regarding how your personal information is collected, processed, and stored through our website or through offline interactions with our staff.

2. What personal data do we collect?

2.1. Through the contact/booking form:

  • Full name
  • Email address
  • Phone number
  • Your message
  • Business name
  • Billing address

2.2. Through your activity on the site:

  • Behavioral data collected via cookies and analytics tools (in accordance with our Cookie Policy).

We do not collect sensitive data (as defined in GDPR) or knowingly collect data from minors. The website is intended for adult users.

3. Why and how do we process your data?

We process your personal data for various purposes, such as:

  • Responding to your messages;
  • Improving your website experience;
  • Sending tailored marketing messages;
  • Detecting fraud and ensuring security;
  • Complying with legal obligations.

3.1. Contact form data

Legal basis: Legitimate interest – responding to your inquiries and keeping communication records.

3.2. Website-collected data

Legal basis: Legitimate interest – improving the website experience and understanding user preferences.

4. Where and how long do we store your data?

Your data is stored by us and our service providers in line with applicable data protection laws. We will retain your personal data only as long as necessary for the processing purpose or as required by law (e.g. 10 years for legal, tax, or accounting reasons).

4.1. Contact form submissions

Stored on our email server for 3 years, then archived in a password-protected offline archive. The servers are located in Romania.

4.2. Website-collected data

Stored automatically according to our Cookie Policy.

5. Sharing personal data with third parties

We may share your data with third-party service providers when required to fulfill our contractual obligations (e.g. accountants, couriers, payment processors).

  • We do not sell your data to third parties.
  • We may disclose your data to comply with legal obligations (e.g. court orders).

6. Your rights under GDPR

You have the following rights:

  • Access: You can request details about your data and a copy of it.
  • Rectification: You can ask us to correct inaccurate data.
  • Erasure: You can request deletion of data that’s no longer needed or processed unlawfully.
  • Restriction: You can request limitation of processing in certain situations.
  • Portability: You can request transfer of your data to another provider.
  • Objection: You can object to processing for legitimate interests or direct marketing.
  • Withdraw consent: You can withdraw consent where processing is based on it.
  • Lodge a complaint: You can contact the Romanian data protection authority (ANSPDCP) at anspdcp@dataprotection.ro, or submit a complaint through this link.

We aim to respond to any valid request within 30 days (or 45 days for complex cases).

7. Changes to this Privacy Policy

We may update this Privacy Policy periodically:

  • Minor updates: The updated version will include a new effective date.
  • Major updates: We will notify you via email (if possible) or by a visible banner on the website.