top of page

Politica de confidențialitate

Privacy Policy (GDPR) – Pensiunea Casa Bobu

Website: www.pensiuneabobu.ro
Last updated: 20 January 2026

This Privacy Policy explains how Pensiunea Casa Bobu (“we”, “us”, “our”) collects and processes personal data when you visit our website, contact us, subscribe to our newsletter, or make an online booking and payment.

1) Data Controller Bobu Gheorghe

Data Controller: Pensiunea Casa Bobu
Address: 210 Izvorul Muntelui Street, 615100, Izvorul Muntelui, Romania
Email: pensiuneabobu@yahoo.com
Phone: +40 766 269 731
Company details: CUI: 41067881

2) What personal data we collect

We may collect and process the following categories of personal data, depending on your interaction with us:

A. Booking and customer data

  • Name and surname

  • Email address and phone number

  • Booking details (dates, number of guests, room type, special requests, messages)

  • Billing/invoicing details (where applicable)

B. Payment data

  • Online payments are processed through a payment service provider. We typically receive payment status and transaction references, but we do not store full card details on our servers (card data is handled by the payment provider, depending on your checkout solution).

C. Newsletter data (Mailchimp)

  • Email address (and optional name or preferences if you provide them)

  • Subscription status and engagement (opens/clicks), depending on Mailchimp settings

D. Website usage and technical data

  • IP address, device identifiers, browser type, operating system

  • Pages viewed, time spent, referral source, approximate location (city/region level)

  • Cookie identifiers and events related to analytics/marketing

3) Purposes and legal bases for processing (GDPR Article 6)

We process personal data only where we have a legal basis:

  1. To manage bookings and provide accommodation services
    Legal basis: Contract / steps prior to contract (Art. 6(1)(b))

    • handling reservations, confirmations, guest communication, stay administration

  2. To process payments and prevent fraud
    Legal basis: Contract (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f))

    • payment confirmation, chargeback handling, fraud and abuse prevention

  3. To comply with legal obligations
    Legal basis: Legal obligation (Art. 6(1)(c))

    • accounting, invoicing, tax record-keeping, and other obligations under Romanian law

  4. To operate, secure, and improve the website (Google Analytics)
    Legal basis: Consent for non-essential cookies (Art. 6(1)(a)) and Legitimate interests for basic security (Art. 6(1)(f))

    • website performance measurement (with consent), troubleshooting, security logging

  5. Marketing and advertising measurement (Meta/Facebook Pixel)
    Legal basis: Consent (Art. 6(1)(a))

    • measuring campaign effectiveness, remarketing (where enabled), building audiences (where applicable)

  6. Newsletter marketing (Mailchimp)
    Legal basis: Consent (Art. 6(1)(a))

    • sending offers and updates; you can unsubscribe at any time

4) Cookies and similar technologies

We use cookies and similar technologies. You can accept, reject, or customize cookies via our cookie banner (where implemented).

Cookie categories on our site may include:

  • Strictly necessary cookies: required for site functionality and security (no consent required)

  • Analytics cookies: used by Google Analytics to understand traffic and improve the website (consent required)

  • Marketing cookies: used by Meta/Facebook Pixel for advertising measurement and remarketing (consent required)

You can also control cookies via your browser settings. If you disable cookies, parts of the site may not function properly.

5) Google Analytics

We use Google Analytics to measure how visitors use our website (e.g., pages visited, session duration, traffic sources). This helps us improve content and usability.

  • Google may process data such as IP address and cookie identifiers.

  • Analytics cookies are placed only if you consent (where your cookie banner is configured accordingly).

  • You can withdraw consent at any time via cookie settings and/or your browser.

6) Meta/Facebook Pixel

We use Meta Pixel to measure ad performance and, depending on configuration, to support remarketing.

  • The Pixel may collect events such as page views and conversions, and may use cookies/device identifiers.

  • Marketing cookies are used only if you consent (where required).

7) Mailchimp Newsletter

If you subscribe to our newsletter, we use Mailchimp as our email marketing platform.

  • We process your email address and (if provided) your name/preferences to send newsletters.

  • Mailchimp may track engagement metrics (opens/clicks) depending on settings.

  • You can unsubscribe at any time by clicking the unsubscribe link in any email.

8) Who we share data with (recipients)

We do not sell your personal data. We may share it with trusted providers to operate our services:

  • Website hosting and technical providers (site operation and security)

  • Google (Google Analytics)

  • Meta (Facebook/Instagram advertising measurement via Pixel)

  • Mailchimp (newsletter distribution and list management)

  • Payment service provider(s) used for online booking payments

  • Professional advisors (accountant/legal counsel) where necessary

  • Public authorities when required by law

These providers act as processors (or independent controllers in some cases) under applicable contracts and safeguards.

9) International transfers (outside the EEA)

Some providers (e.g., Google, Meta, Mailchimp) may process data outside the EEA. Where required, transfers are protected using appropriate safeguards such as EU Standard Contractual Clauses and additional measures.

10) Data retention

We keep data only as long as necessary:

  • Enquiries (no booking): typically up to 12 months

  • Bookings and stay-related communications: for the duration of the relationship and as needed for dispute handling

  • Accounting/invoicing records: retained for the period required by Romanian law

  • Newsletter subscription data: until you unsubscribe (plus limited suppression records to respect opt-out)

  • Analytics/marketing data: according to cookie lifetimes and provider settings (and only where consent is given)

11) Your GDPR rights

You may have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion (in certain cases)

  • Restrict or object to processing (especially processing based on legitimate interests)

  • Data portability (where applicable)

  • Withdraw consent at any time (for analytics/marketing/newsletter)

To exercise these rights, contact us at [Insert contact email]. We may request identity verification.

12) Complaints

You can lodge a complaint with Romania’s supervisory authority:

ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal).

13) Security

We apply appropriate technical and organizational measures to protect personal data (access controls, secure hosting, limited access). No system is entirely secure, but we take reasonable steps to reduce risk.

14) Children

Our website and services are not directed to children under 16. If you believe a child has provided personal data, contact us so we can remove it where appropriate.

15) Changes to this policy

We may update this policy from time to time. Updates will be posted on this page with a revised “Last updated” date.

Optional short “Cookie Notice” (for the footer or banner)

We use necessary cookies to make our site work. With your consent, we also use analytics cookies (Google Analytics) and marketing cookies (Meta/Facebook Pixel) to measure performance and improve our services. You can manage your preferences at any time via cookie settings.

If you paste your legal entity/owner name, full address, and your booking/payment provider name (e.g., Stripe/PayPal/Netopia/other), I will finalize the remaining placeholders and align wording precisely to your actual checkout flow.

bottom of page