Privacy Policy

Last updated: 06.05.2026

This policy explains how we collect, use and protect the personal data of visitors and customers of Ioana Boutique Hotels, in accordance with Regulation (EU) 2016/679 (GDPR) and Law no. 190/2018 on implementing GDPR in Romania.

1. Data controller

INSIDE MEDIA COMMUNICATION SRL
CUI: 17904203 · Nr. Reg. Com.: J40/14770/26.08.2005 · EUID: ROONRC.J2005014770404
Registered office: București, Sectorul 2, Strada Hambarului, Nr. 6, Parter, Camera 1
Email: contact@opusvilla.ro · Phone: +40 723 60 60 25
Website: www.ioana-hotels.ro

2. What data we collect and why

a) Data you provide directly

Context	Data collected	Purpose
Contact form	Name, email, phone, message	Replying to your request, follow-up
Gift voucher purchase	Name, email, phone, amount, optional message	Order processing, voucher issuance, email delivery
Membership purchase	Name, email, phone, optional company	Order processing, membership issuance, email delivery
Direct booking	Check-in data required by law (name, ID number, address)	Legal obligation — accommodation, tourist register

b) Data collected automatically

IP address, browser type, operating system, pages visited, time of visit (server logs)
Essential technical cookies (session, preferences)
Optional cookies (analytics, external integrations) — only with your explicit consent via the cookie banner

c) Payment data

Online payments are processed exclusively through EuPlătesc (a PCI-DSS certified processor). We do not store your card details — we only receive the transaction confirmation (approval code, status, amount). For details, see the EuPlătesc privacy policy.

3. Legal basis for processing

Processing type	Basis (Art. 6 GDPR)
Processing voucher / membership / booking orders	Art. 6(1)(b) — performance of a contract
Replying to the contact form	Art. 6(1)(b) — pre-contractual measures
Invoicing, accounting, tourist register	Art. 6(1)(c) — legal obligation (Tax Code, GO no. 28/2008)
Site security, fraud prevention, logs	Art. 6(1)(f) — legitimate interest
Marketing (newsletter, offers)	Art. 6(1)(a) — explicit consent (withdrawable anytime)
Non-essential cookies	Art. 6(1)(a) — explicit consent via banner

4. Who we share data with

EuPlătesc (Euro Payment Services SRL) — online payment processing
Hosting provider — site and database storage (under a processing agreement per Art. 28 GDPR)
Email provider (Google Workspace) — sending transactional emails
Google LLC — Google Maps and Google Fonts (technical IP data, when you open the contact page / map)
Public authorities — upon express and lawful request (police, tax authority, etc.)

We do not sell or transfer your data to third parties for marketing purposes.

5. Retention periods

Data type	Period
Commercial documents (vouchers, memberships, invoices)	10 years — per the Tax Code
Bookings and tourist register	3 years — GO 28/2008
Contact form messages	Max. 12 months after resolution
Newsletter / marketing	Until you withdraw consent
Server logs, audit	Max. 12 months
Non-essential cookies	As set (see cookie banner)

6. Your rights

In accordance with the GDPR (Art. 15–22), you have the following rights, which you may exercise free of charge:

Right of access — to find out what data we hold about you
Right to rectification — to correct inaccurate data
Right to erasure (“right to be forgotten”) — within the limits of the law
Right to restriction of processing
Right to data portability — to receive your data in a structured format
Right to object — especially to marketing
Right to withdraw consent at any time (without affecting the lawfulness of prior processing)
Right to lodge a complaint with the ANSPDCP (Romanian Data Protection Authority)

To exercise your rights: send a written request to contact@opusvilla.ro with the subject “GDPR Request”. We will respond within 30 days.

7. Security

We apply reasonable technical and organisational measures to protect data:

Encrypted HTTPS (TLS) connections for all forms and pages
Admin passwords stored using modern hashing (bcrypt)
Payments processed exclusively via a PCI-DSS provider — we do not store card data
Restricted access to the database and logs, only for authorised staff
Daily data backups

8. Cookies

By default we only use strictly necessary cookies for the site to function (session, CSRF, language preference).

For non-essential cookies (Google Maps when you open the map, Google Fonts) we ask for your consent via the banner shown on your first visit. You can change your settings anytime via the “Cookies” link in the site footer.

9. Changes

This policy may be updated periodically. The current version is shown with the date of the last change at the top of the page. For significant changes, you will be notified by email (if you have an account) or via a banner on the site.

10. Contact

For any question regarding the processing of personal data, you can contact us at:

Email: contact@opusvilla.ro
Phone: +40 723 60 60 25
Address: București, Sectorul 2, Strada Hambarului, Nr. 6, Parter, Camera 1

← Back to home