Privacy Policy

Back To Homepage

Privacy Policy and Personal Data Protection

Last updated: December 18, 2023

In this Privacy Policy and Personal Data Protection, hereinafter referred to as the Policy, you will find specific answers about how your personal data is collected and processed. If you have any questions or require clarification regarding the matters presented, you may send your inquiries to info@house3000realestate.ro or to the contact details provided below.

The objectives of our approach, in order of importance, concerning this Policy are as follows:

  1. Respecting your fundamental right to personal data protection and privacy.
  2. Complying with the legal provisions regarding personal data protection.
  3. Providing complete and accurate information about who, what, why, where, for how long, and how your personal data is processed, ensuring that you always have control over the personal data you entrust to us for achieving our purposes.

This is the current version and is valid as of now, updated on 20.03.2024.

How to Contact Us? What Does Our Policy Cover? What Personal Data Do We Collect from You, Why, and How Do We Process It? For What Purpose and How Do We Process the Data Collected Online, by Phone, or Directly from You? Who Is Responsible for Collecting and Processing Your Personal Data? From Whom and How Do We Collect Your Personal Data? What Are the Legal Grounds We Rely On to Process Your Personal Data? Do We Process Personal Data for Profiling or Automated Decisions? How Long Do We Retain Your Personal Data? To Whom Do We Disclose Your Personal Data? Is Your Personal Data Secure? Are We Certified and Do We Adhere to a Code of Conduct? What Are Your GDPR Rights? How Can You Exercise These Rights? How to Contact Us?

Data is collected and processed by S.C. HOUSE 3000 REAL ESTATE INVESTMENT S.R.L., headquartered at str. Publicist Constantin N Sarry 8, Constanța, registered with the Trade Register under no. J13/1710/28.05.2003, CUI RO 15469588, email info@house3000realestate.ro.

What Does Our Policy Cover?

This Policy: takes effect from the date of the last update. The last update of the Policy takes effect from 20.03.2024. Our Policy applies to the websites https://www.santamariabay.com/, https://www.lerosedellago.com/.

What Personal Data Do We Collect from You, Why, and How Do We Process It?

To carry out our current activities through the websites https://www.santamariabay.com/, https://www.lerosedellago.com/, you may complete various online forms, such as:

In the “Contact” section, you can communicate with us and request any information and clarifications related to us and our main activity. When you communicate with us, we process your name, email address, phone number, and any other data you provide in the content of the message to respond appropriately to your requests or inquiries. To promote our activity and/or our clients on our website or social media accounts, we create a portfolio of photo/video images and testimonials. For this purpose, we process your images and personal data provided when writing a testimonial: name and surname, residence, image, voice. To promote our activity and stay in touch with you, we have created presentation pages on social media (Facebook) and professional platforms (LinkedIn) where you can contact us through messages, likes, comments. When you communicate with us, we process your online identity and any other data you provide in the content of the message to respond appropriately to your requests or inquiries. This website uses cookies, both proprietary and third-party, to provide visitors with a better browsing experience and services tailored to individual needs and interests. The cookies used provide us with valuable feedback and help us improve the online experience.

For What Purpose and How Do We Process the Data Collected Online, by Phone, or Directly from You?

We process your personal data for:

  • Sending real estate offers requested by you.
  • Creating a portfolio of images/testimonials to promote our activity to other interested parties.

Who Is Responsible for Collecting and Processing Your Personal Data?

HOUSE 3000 REAL ESTATE INVESTMENT SRL is the operator responsible for collecting and processing personal data through the aforementioned websites.

From Whom and How Do We Collect Your Personal Data?

We collect your personal data directly from you, either through the forms you fill out on the website, through the emails you send us, or by any other remote communication means (mail, courier, etc.), by phone, or directly at our office.

What Are the Legal Grounds We Rely On to Process Your Personal Data?

  • Execution of orders/contracts for the sale of properties (processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract) – Art. 6, para. 1, lit. b) of Regulation 679/2016 (contract).
  • Conducting direct marketing activities based on the legitimate interest of HOUSE 3000 REAL ESTATE INVESTMENT SRL and improving client relationships (processing is necessary for the purposes of the legitimate interests pursued by the operator or by a third party) – Art. 6, para. 1, lit. f (legitimate interest).
  • Processing personal data through cookies is based on the consent of website visitors – Art. 6, para. 1, lit. a) (consent).

Do We Process Personal Data for Profiling or Automated Decisions?

We do not process your personal data to create a profile, nor do we use an exclusively automated process, without human intervention, to make decisions about you.

How Long Do We Retain Your Personal Data?

We retain personal data in accordance with applicable law for each processing purpose and limit it to what is strictly and legally necessary.

The data processed for creating a portfolio of images/testimonials to promote our activity are retained for the period strictly necessary to achieve the purposes for which they were collected or until you withdraw your consent. The data processed for sending personalized offers requested by you are retained along with the sales file if the sales contract is completed, and if not completed, for a maximum period of 6 months in case you reconsider.

Personal data that has become unnecessary or has reached its legal term is irreversibly deleted/destroyed from all databases and storage/archive media used.

Personal data processed based on your consent is irreversibly deleted/destroyed from all databases and storage/archive media used immediately after you submit a consent withdrawal request under Article 7, para. 3 of GDPR: “(3) The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject is informed thereof before giving consent. It shall be as easy to withdraw as to give consent.”

Exceptionally, personal data that has become unnecessary or has reached its legal term may be retained for longer periods if necessary for defending a right in court for the data subject or for us.

To Whom Do We Disclose Your Personal Data?

Depending on the purposes for which we process your personal data, we disclose the data to authorized persons managing client data processing (management, IT, accounting) and to notaries or other collaborators involved in the property contracting situation.

We do not disclose/transmit your personal data to third countries or international organizations, except for cookies for which you have given consent when accessing the website.

Is Your Personal Data Secure?

To process your personal data in conditions that safeguard your fundamental rights and freedoms, we have taken appropriate technical and organizational measures for data protection, including, but not limited to:

  • All our employees/representatives/authorized persons sign a confidentiality agreement regarding the protection of personal data processed by them to fulfill their work/contractual obligations.
  • We use only external services provided by suppliers who demonstrate that they ensure a high level of security for personal data processed on our behalf.
  • We implement technical and organizational security measures to protect the physical locations where we process personal data and the devices we use in our current activity.

All the technical and organizational measures we implement aim to protect your personal data against unauthorized or illegal processing and against accidental loss, destruction, or damage.

Are We Certified and Do We Adhere to a Code of Conduct?

In Romania, as of the date of this Policy update, no certification body authorized to certify our compliance with applicable personal data protection legislation has been established, nor has a Code of Conduct been developed and approved that we could adhere to. Therefore, we adopt, including as best practice measures, any possible security means to ensure a high level of protection for the personal data we process.

What Are Your GDPR Rights?

To comply with Regulation 679/2016, we guarantee you the following rights:

  • The right to withdraw consent at any time for the processing of personal data. The withdrawal of consent does not affect the legality of data processing carried out before its withdrawal.
  • The right to access the personal data we process, and we will provide you with confirmation if we process your personal data, and if affirmative, we will provide all mandatory information stipulated by Art. 15 GDPR, as well as a copy of this data if you request it, in the format you request and through the communication method specified by you in the request.
  • The right to obtain the rectification of inaccurate personal data concerning you, without undue delay, as well as the completion of incomplete personal data, including by providing a supplementary statement. We must communicate the rectification of your personal data to the recipients of your personal data (if any).
  • The right to request the deletion of personal data we process.

We are obliged to delete your personal data and will do so without undue delay if the following conditions stipulated by Art. 17, para. 1 and 2 of GDPR are met:

  1. The personal data is no longer necessary for the purposes for which it was collected or processed.
  2. You withdraw your consent on which the processing is based, and there is no other legal ground for processing.
  3. You object to the processing based on your particular situation, and there are no overriding legitimate grounds for processing (Art. 21, para. 1 of GDPR), or you object to processing for direct marketing purposes (Art. 21, para. 2 of GDPR).
  4. The personal data has been processed unlawfully.
  5. The personal data must be deleted to comply with a legal obligation under Union law or the law of the Member State to which we are subject.
  6. The personal data has been collected in connection with the offer of information society services directly to a child.

If we have made personal data public and are obliged to delete it, taking into account available technology and the cost of implementation, we will take reasonable steps, including technical measures, to inform operators processing your personal data that you have requested the deletion by these operators of any links to, or copies or replications of, that personal data.

We will refuse to delete your personal data in the following conditions expressly provided by Art. 17, para. 2 of GDPR:

  1. If the processing of personal data is necessary for exercising the right to freedom of expression and information.
  2. If the processing of personal data is necessary for compliance with a legal obligation that requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, if applicable.
  3. If the processing of personal data is necessary for reasons of public interest in the area of public health, in accordance with Article 9, para. 2, letters (h) and (i) and with Article 9, para. 3 of GDPR.
  4. If the processing of personal data is necessary for archiving in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89, para. 1, to the extent that the right to deletion may make it impossible or seriously impair the achievement of the objectives of that processing.
  5. If the processing of personal data is necessary for the establishment, exercise, or defense of legal claims.

Right to Restrict Processing

You have the right to request the restriction of processing in the following cases:

  • You contest the accuracy of the data, and we will restrict processing for a period that allows us to verify the accuracy of the data.
  • The processing is unlawful, and you oppose the deletion of personal data, requesting instead the restriction of its use.
  • We no longer need the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims.
  • You have objected to processing in accordance with Article 21 para. 1 of GDPR, for the period during which we verify whether our legitimate grounds override your rights.

If the processing was restricted for the reasons mentioned above, your personal data may, except for storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If you have obtained a restriction on processing from us, we will inform you before lifting the restriction.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit this data to another controller without hindrance from us, where:

  • The processing is based on consent.
  • The processing is based on a contract to which you are a party.
  • The processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of your right to data portability does not affect your right to data deletion, as stipulated in Article 17 of GDPR, since that right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Your right to data portability does not negatively affect the rights and freedoms of others.

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Article 6, para. 1, letters (e) or (f) of GDPR, including profiling based on these provisions.

We will cease processing personal data in the event of an objection unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

When we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing, and we will immediately cease processing your personal data for direct marketing purposes.

In the context of using information society services, you may exercise your right to object by automated means using technical specifications.

If we process your personal data for scientific or historical research purposes or for statistical purposes, you may object to the processing of personal data concerning you on grounds relating to your particular situation unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This right does not apply if the decision:

  1. Is necessary for entering into or performance of a contract between you and us.
  2. Is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests.
  3. Is based on your explicit consent.

In the cases referred to in points (a) and (c), we will implement suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.

Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with ANSPDCP. The contact details of the National Supervisory Authority for Personal Data Processing are: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, Email: anspdcp@dataprotection.ro, Phone: +40.318.059.211, +40.318.059.212, Fax: +40.318.059.602.

How to Exercise Your Rights?

You can exercise all your rights by submitting a request to our headquarters or via email using the contact details provided in this privacy policy.