Privacy policy

Who we are

Our identification data is as follows:
Address: Baia Sprie town, 121 George Coşbuc Street, Maramureş;
Sole Registration Code RO12510917;
Trade Register no.: J24/714/1999;

This Privacy Policy defines how we, Turist Suior S.R.L., Baia Sprie, collect, store and use your personal data when you access or interact with our website, with the front desk of the resort or with our employees.

We comply with the legal provisions regarding the protection of personal data and implement technical and organizational measures to protect all operations directly or indirectly related to personal data, which prevent unauthorized or illegal processing, as well as accidental or illegal loss or destruction.

The privacy policy describes the categories of personal data we process, the manner and purposes for which we collect them, in which situations we transfer personal data and the various rights and options you have in this regard. When you use our services, respectively access our website, you agree to the terms and conditions of this Privacy Policy regarding the provision of services to customers.

Considering the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data, as a controller we inform you of the following:

The purposes, what information we collect and the basis of the processing of personal data

a) When you access our website,, some data is collected through cookies. Cookies are small files that the browser places locally on the user’s hard drive. We use cookies to better understand how you use the site, to personalize this experience and make your next visit more pleasant. You can refuse the use of cookies by selecting the appropriate settings on your browser, please note that if you do this you may not be able to use the full functionality of this website.

  • Our website server automatically records the IP address you use to access our website as well as information about your visit, such as pages accessed, information requested, date and time of request, source of access to our site (e.g. website or URL) and browser and operating system version.
  • The legal basis for processing: compliance with the legal obligations to which we are subject (article 6 paragraph (1) subparagraph (c) of the Data Protection Regulation.
  • The legal obligation: recording access to our website using server log files is a technical measure to ensure an adequate level of security, to protect the information collected from our website in accordance with article 32, paragraph (1) of General Data Protection Regulation.

b) Analyzing information collected from our server log to determine how our website users interact with our website and its features. For example, we analyze the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit and the operating system and browser used.

  • We use the information collected to improve our website. For example, we use the information we collect to change the content and structure of our website and individual pages based on what attracts the most users and the length of time they spend on certain pages on our website.
  • The legal basis for processing: our legitimate interests (article 6, paragraph (1), subparagraph (f) of the General Data Protection Regulation).
  • Legitimate interest: improving our website for users and learning about the preferences of website users so that our website can better respond to their needs and wants.

c) Communication by email or by the Contact form on the website

  • When you send a message to the email address displayed on our website, or send email through the contact page on our website, we collect your email address, name, town, telephone number and any other information you provide in that email.
  • The legal basis for processing: our legitimate interests (article 6, paragraph (1), subparagraph (f) of the General Data Protection Regulation);
  • Legitimate interest: to be able to respond to the questions and messages we receive and to keep records of correspondence, to conclude a collaboration contract or to start the employment process in a contract at your request (article 6, paragraph (1), subparagraph (b) of the General Data Protection Regulation)

d) The direct collection of information by contracting our services at the front desk or the cash registers in Șuior Resort, when we collect your data from the identity card: last name, first name, personal identification number, address.

  • The legal basis for processing: the performance of a contract or to take steps at the request of the data subject before the conclusion of a contract (article 6, paragraph (1), subparagraph (b) of the General Data Protection Regulation).

e) The collection of video images within the Resort, on the slopes, through the Video Surveillance System

  • The legal basis for processing: our legitimate interests (article 6, paragraph (1), subparagraph (f) of the General Data Protection Regulation);
  • Legitimate interest: in order to ensure the security of people and goods, security and protection within the resort as well as on the slopes.

Storage term of personal data

Turist Suior SRL has implemented technical and organizational measures to organize the process and the specific criteria for keeping your personal data (including according to our archiving procedures).

We will stop processing personal data when it is no longer reasonably necessary for the Permitted Purposes, subject to our legal obligations (e.g. To keep accounting archives) or any other legal basis for using the information (e.g. Consent, contractual obligations, legitimate interests), or when you withdraw your consent (if applicable) and:

(i) there are no more legitimate and compelling reasons that justify further processing by Turist Suior SRL (including legal obligation) and that prevail over your interests, rights and freedoms or

(ii) if they are no longer necessary for us to establish, exercise or defend a right in court.

Recipients of personal data

To fulfil the above-mentioned purposes, Turist Suior SRL uses the services of several contractual partners. We may provide your personal data to contractual partners, service providers.

Some of them are third parties that do not have the role of processing personal data, but may have access to them in order to fulfil their obligations or in their interaction with Turist Suior SRL, such as technical maintenance companies, financial auditors or legal service providers. We make every effort to ensure that all entities we work with store your personal data safely and securely.

Personal data may be made available or transmitted to third parties in the following situations:

(i) public authorities, auditors or institutions with expertise in inspection activities regarding the activities or assets of the Company, who request the Company to provide information, based on the legal obligations incumbent on the Company. Such public authorities or institutions can be the National Agency for Fiscal Administration, the Ministry of Finance, the National Anticorruption Directorate, units of the Ministry of Internal Affairs

(ii) to comply with a legal requirement or to protect the rights and assets of our Company or other entities or persons, such as courts of law

(iii) acquiring third parties, to the extent that the Company’s activity would be (totally or partially) transferred, and the personal data of the data subjects would be part of the assets representing the subject matter of the transaction.

(iv) and third parties (including Google, Facebook) display ads on visited web pages. Third-party providers, including Google, use cookies to serve ads based on a user’s previous visits to the website.

How is personal data secured?

By using technical and organizational solutions such as: storing information on secure servers, encrypting data transfers to and from our servers using SSL technology, allowing access to your personal data only when necessary and only by authorized persons, we take responsibility for ensuring the confidentiality, integrity and availability of personal data.

Turist Suior SRL informs you that it constantly evaluates and improves the security measures implemented in order to ensure the processing of personal data safely and securely.

Transfer of personal data outside the European Economic Area

We will only transfer your personal data outside the European Economic Area if we are required to do so by law or in certain circumstances. When we do this, we will ensure that appropriate safeguards are in place, third parties transferring your personal data outside the European Economic Area have self-certified as compliant with the EU-US Privacy Shield.

The automated decision-making process and profiling

Your personal data are not subject to automated decision-making processes, including profiling, by Turist Suior SRL.

Google collects information through our company’s use of Google Analytics on our website. Google uses this information, including IP addresses and cookie information, for several purposes, such as improving the Google Analytics service. The information is shared with Google on an aggregated and anonymous basis. To learn more about what information Google collects, how it uses this information and how to control the information sent to Google, see the following page:

The legal basis for processing: our legitimate interests (article 6, paragraph (1), subparagraph (f) of the General Data Protection Regulation);

Legitimate interests: fulfilment of contractual obligations to Google according to:

You can opt out of Google Analytics by installing the browser plug-in here:

The rights of the data subject regarding the processing of personal data

In the context of the processing of your personal data, you have the following rights:

a) The right of access to processed personal data: you have the right to obtain confirmation that your personal data is being processed or not, and, if so, you have access to the type of personal data and the conditions of its processing, by formulating a request in this sense to the controller;

b) The right to request the rectification or deletion of personal data: you can request, by sending a request to this effect to the controller, the rectification of personal data that is inaccurate, the addition of personal data in the situation where it is incomplete or the deletion of your personal data in situations where (i) the personal data is no longer necessary for its original purpose (and there is no new legal purpose for the processing), (ii) the legal basis for the processing is the data subject’s consent, and the data subject withdraws its consent, and there is no other legal basis for the processing,

c) The right to request restriction of processing: you have the right to obtain the restriction of processing in situations where: (i) you consider that inaccurate personal data is being processed, for a period that allows the controller to verify the accuracy of your personal data; (ii) the processing is illegal, but you do not want the deletion of your personal data, only requesting the restriction of its use; (iii) in the situation where the controller no longer needs your personal data for processing them for the purposes mentioned above, but you request the data for establishing, exercising or defending a right in court or (iv) you have objected to the processing, for the period of time in which it is checked whether the legitimate grounds of the controller prevail over the rights of the data subject;

d) The right to withdraw your consent for processing, where the processing is based on your consent, without affecting the lawfulness of the processing carried out up to the time of withdrawal of consent;

e) The right to object to the processing of your personal data on grounds related to your particular situation, where the processing is based on a legitimate interest, and to object at any time to the processing of your personal data for direct marketing purposes, including profiling;

f) The right not to be the subject of a decision based exclusively on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects it to a significant extent;

g) The right to data portability, i.e. the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format and the right to transmit this data to another controller, in the situation where the processing is based on your consent or the performance of a contract and is carried out by automatic means;

h) The right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) and the right to address the competent courts.

Processing (ANSPDCP) and the right to address the competent courts.

The exercise of the rights mentioned above can be done at any time. In order to exercise these rights, we recommend that you use the following contact details:

Our details

Personal data controller: S.C.Turist Suior S.R.L., J24/714/1999 from Baia Sprie, 121 George Coşbuc Street; e-mail:,

The personal data protection officer for the data controller is Coza Adina. You can contact the data protection officer by mail at the address: Baia Sprie, 121 George Coşbuc Street or by e-mail: