VRΛJΛ MΛRII • by the Sea • Health Oasis •

We protect your data

Privacy Policy

Last updated: 06/03/2026

Privacy Policy

Vraja Mării by the Sea ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, services, and wellness facilities.

This policy is in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romanian Law no. 190/2018 on the implementation of GDPR.

1. Data Controller

The data controller responsible for your personal data is:

Vraja Mării by the Sea Eforie Sud, Constanța County, Romania Email: office@complexvrajamarii.ro Phone: +40 241 747 916

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: first name, last name, date of birth
  • Contact data: email address, phone number, county, city
  • Health and medical data: medical history, evaluation forms, treatment preferences (collected only with explicit consent)
  • Account data: login credentials, consent records, profile preferences
  • Technical data: IP address, browser type, device information, cookies
  • Usage data: pages visited, features used, timestamps

3. How We Collect Your Data

We collect personal data through:

  • Direct interactions: when you create an account, fill out forms, request a stay, or contact us
  • Automated technologies: cookies, server logs, and analytics tools
  • Third-party providers: Google OAuth authentication services

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR) — for marketing communications, health data processing, and cookie usage
  • Contract performance (Art. 6(1)(b) GDPR) — to provide our services and manage your bookings
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws and regulations
  • Legitimate interest (Art. 6(1)(f) GDPR) — for website security, fraud prevention, and service improvement

For special categories of data (health/medical data), we rely exclusively on your explicit consent (Art. 9(2)(a) GDPR).

5. How We Use Your Data

Your personal data is used for the following purposes:

  • Creating and managing your user account
  • Processing stay requests and bookings
  • Conducting initial medical evaluations and treatment planning
  • Sending marketing communications (only with your consent)
  • Improving our website and services
  • Ensuring security and preventing fraud
  • Complying with legal and regulatory obligations

6. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service providers: hosting providers (Vercel), authentication providers (Google), email service providers
  • Medical professionals: doctors and therapists within our facility, only for treatment purposes
  • Legal authorities: when required by law or to protect our legal rights

All third-party processors are bound by data processing agreements in compliance with GDPR.

7. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Certification under approved frameworks

8. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: for the duration of your account, plus 30 days after deletion
  • Medical data: up to 10 years as required by Romanian medical regulations
  • Marketing consent records: for the duration of your consent, plus 1 year
  • Technical logs: up to 12 months

9. Your Rights

Under GDPR, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restrict processing — limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at office@complexvrajamarii.ro.

10. Cookies

We use cookies to enhance your experience. For details, please see our Cookie Policy.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission (TLS/SSL)
  • Secure authentication mechanisms
  • Access controls and role-based permissions
  • Regular security assessments

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through our website and request re-consent where required. The version date at the top of this page indicates when the policy was last updated.

13. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: office@complexvrajamarii.ro Phone: +40 241 747 916

You also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):

Website: www.dataprotection.ro Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, București, Romania