**Who We Are**

Blue Sky Resort Eforie SRL, headquartered in the Municipality of Constanța, Strada Veniamin Costache, Nr. 33, Constanța County, with its operating point located at Strada Meduzei Nr. 1, Eforie Nord, Constanța, 905350, registered at the Trade Register Office under number J13/925/2018, CUI: RO39184200, email: bskyeforienord@gmail.com, phone number: +40739914704 (hereinafter referred to as "the company," "the platform," or "the operator") is a data controller of personal data.

This policy aims to inform the data subjects about the conditions under which personal data is processed by the platform. This policy is valid for all specific activities of the company conducted through our following websites.

Using the services provided by the company can only be done after acknowledging these policies.

The platform is not intended for minors under 16 years old and cannot be used by them.

**Definitions**

Within this policy, the terms mentioned will have the meanings specified below:

- **"personal data of the beneficiary/legal representative/conventional representative"** – all personal data, regardless of their form or medium, that are: I) provided either by the beneficiary or their legal or conventional representative II) provided, obtained, or brought to the attention in writing or verbally by the insurer of the vehicle under repair or another directly involved insurer or by public institutions/authorities/entities (police departments, prosecutor's offices, courts, etc.);

- **"supervisory authority"** – means an independent public authority established by a member state with the competence to oversee the protection of personal data within the EU, in whose jurisdiction the platform, as the operator, or a person authorized by the platform processes personal data;

- **"processing"** – means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination, or making available in any other way, alignment or combination, restriction, deletion, or destruction;

- **"operator"** – a legal person, as is the case with the platform, or a natural person who, alone or together with others, establishes the purposes and means of processing personal data;

- **"consent" of the data subject** – means any freely given, specific, informed, and unambiguous indication of the data subject's wishes, by which they signify agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning them;

- **"breach of personal data security"** – means a breach of security that leads, accidentally or unlawfully, to the destruction, loss, alteration, or unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or to unauthorized access to such data;

- **"regulation"** means Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

**General Provisions**

Since we value your information confidentiality, the operator commits to complying with the provisions of this policy, as well as the provisions mentioned in the regulation and the rules provided in domestic law regarding the processing of personal data, their security, and confidentiality.

If we make changes to this policy, we will notify you on this page and inform you (e.g., via email or through the platform). If you do not agree with our data privacy policy or do not agree with changes made to it, you can close your account by accessing the account settings and selecting account deletion or you can request the removal of the posted announcement and the deletion of personal data.

**Subject, Duration, Nature, Purpose, Type of Personal Data Processed**

Personal data means any data or information that helps us identify you directly (e.g., your first and last name) or indirectly (e.g., based on the profile we create to send you personalized offers). Certain information is less evident (such as your shopping preferences and habits, your computer's IP), but when associated with you, it helps us identify you and thus falls under the notion of "personal data."

Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sexual life, sexual orientation, political opinions, union membership, health information, and genetic and biometric data. We do not collect any information about beliefs, sexual life or orientation, political opinions, union membership, health information, genetic or biometric data, or criminal offenses.

**Data We Receive Directly from You:**

- **When you open an account on the platform:**  
You can only open an account on the platform if you provide us with the following personal data:
  - First and last name
  - Contact address
  - Email
  - Phone number  
The legal basis for processing is the establishment and initiation of a contractual relationship.

- **When you post an announcement on the platform:**  
Every time you post an announcement, we will process the following data:
  - First and last name
  - Email
  - Phone number

**Basis for Processing**

1. **When you make a payment for an invoice related to the services provided by us**  
Every time you make a payment to us, we may process the following data:
   - First and last name
   - Address
   - Bank account or card number  
   The basis for processing is the contractual relationship.

2. **Promotional Campaigns**  
For online campaigns conducted on the platform, we may collect, depending on the campaign, the following data necessary for your participation:
   - First and last name
   - Email
   - Phone number  
   The basis for processing is consent.

3. **Accounting and Reporting**  
We process your data (those indicated in the invoices) for maintaining accounting records, for annual financial audits, as well as for submitting tax and accounting declarations to tax authorities.  
   The basis for processing is the contractual relationship and legal obligation.

4. **Legal Defense**  
When we defend our rights in court to recover amounts owed or when we protect our interests against unjustified claims/complaints, we will process your data (provided to us by you) necessary for filing legal actions, other requests, and specific documents.  
   The basis for processing is our legitimate interest.

5. **Procedures Before Authorities**  
When we are required by legal provisions, we will provide the competent authorities and institutions with the data we hold that has been requested legally.  
   The basis for processing is legal obligation.

6. **Customer Assistance**  
We may process your voice from recordings of telephone conversations with you to respond to your assistance requests. We emphasize that we do not routinely analyze telephone recordings but exclusively in cases where complaints may arise regarding the services we provide.  
   The basis for processing is our legitimate interest.

**Automatically Collected Data**

7. **Creating Customer Profiles for Direct Marketing**  
Depending on your interactions and behavior on the platform, we may collect and process data through our partners (e.g., Google) to create your customer profile for sending subsequent personalized offers or placing promotional ads (through Google or Facebook).  
   For profiling, we may process the following data:
   - Based on your browsing behavior on the site (e.g., ads viewed)
   - Based on demographic data: age, gender, city
   - Based on activity history and monetary value  
   It’s important to note that you can oppose profiling at any time by simply informing us regarding targeted advertising through Facebook and Google.  
   The basis for processing is consent.

8. **Data Collected Through Cookies**  
When you visit the platform as a visitor or log into your customer account, we collect, using cookies, data obtained from your computer, phone, tablet, or other device used by you ("device"), online identifiers, which we use for profiling for direct marketing:
   - IP address
   - Internet browser you use and the version of your device's operating system
   - HTTP/HTTPS protocol data
   - Duration of your visit/activity on the platform's website
   - General location of the device (if geo-location is activated) from which you connect to the platform's site  
   It is very important to know that most devices give you the option to disable geo-location services directly from the settings of that device.  
   **Cookies** are files that a server sends to your device, placed on the platform's site or through downloads. The way we process cookies is detailed in the cookie policy available on the platform's website.  
   The basis for processing is the consent you likely provided via a pop-up, email, or SMS. It is important to note that you can withdraw your consent at any time.

9. **Advertising**  
Based on your navigation and behavior on the platform, monitored through cookies, we can provide you with online ads for some of our services that may interest you or for some of the announcements posted on the platform. Based on your navigation information on the platform, we can categorize you into an interest group with other similar customers, and thus deliver ads (banners) based on those interests.  
You can refuse the setting of a cookie module by adjusting your browser to generally disable the automatic setting of cookies. You can also disable cookies for advertising services from a service provider (e.g., Google) by setting your browser to block cookies from that specific domain. Opting out of online behavioral advertising will not stop the display of general ads that are not personalized according to your interests.  
   The basis for processing is the consent you granted, most likely through a pop-up, email, or SMS. It is important to note that you can withdraw your consent at any time.

10. **Personalized Offers**  
We can use your email address and mobile phone number to create customer lists and then use the encoded data from this list to correlate your data (and that of other customers in an interest group) with the data of individuals on Facebook, to send personalized offers to your Facebook account through targeted ads.  
Additionally, on the platform's website, we also use Facebook's custom audience services created using your pixel data. With the help of this service provided by Facebook, the platform, with the help of Google, can identify that you clicked on our Facebook ad and were redirected to the platform's website. The data collected with Facebook serves exclusively to compile statistics regarding the success and use of our advertising campaigns on Facebook.  
Separately, if you appreciate our Facebook page by giving a "like," we will receive this information without using it for any purpose other than to communicate with you and, if necessary, to send you some personalized offers through your Facebook account based on custom audiences.  
   The basis for processing is the consent you granted, most likely through a pop-up, email, or SMS. It is important to note that you can withdraw your consent at any time.

11. **Website Security and Maintenance**  
Typically, we use the following online identifiers for the maintenance and security of the platform's website:
   - IP address
   - Internet browser you use and the version of the operating system of the device with which you connect
   - HTTP/HTTPS protocol data
   - Location of the device (if geo-location is activated) from which you connect to the platform's site  
   This data is processed to ensure the proper functioning of the website, specifically:
   - Correctly displaying content
   - Retaining your authentication data (when you request it)
   - Improving the platform's website
   - Adjusting the device you connect/authenticate with to the website's requirements
   - Ensuring the website's security and protecting you against fraud or any security breaches related to the platform
   - Identifying and remedying defects that hinder the use of our website or your customer account.  
   The basis for processing is our legitimate interest in implementing, adjusting, and maintaining security measures for the website/platform. 

12. **Data Received from Third Parties**  
(Additional information would follow in this section to clarify what third-party data might be collected and how it is used.)

Here's the translation to English:

---

**Automatically Collected from Websites Promoting Real Estate Listings**

The platform has an application that periodically scans certain websites where anyone interested posts advertisements regarding their intention to sell or rent properties.

This application identifies, based on predetermined algorithms, whether a listing is present in our database, and if not, it copies it for inclusion on the platform. Only the data explicitly made public by you, typically name, phone number, and email address, is copied.

The legal basis for processing is our legitimate interest in creating a detailed database.

**How Long We Process Your Data**

The platform processes your data for the time necessary to fulfill the purposes for which it was collected and in accordance with our personal data retention policies. In certain cases, some legal provisions may require or allow us to keep the data for a longer period.

The data retention period mainly depends on the following:

- The period we need your data to provide you with services and fulfill our obligations to you and for the purposes mentioned above in this policy;
- If you have an open client account on the platform, we will retain your data as long as this client account is active, but no longer than 5 (five) years from the date of the last login to the account or the last activity on the platform; we will notify you before closing your client account and deleting all data associated with that account;
- If you have consented to the processing of your data for a longer period, we will maintain the data for the entire period unless you withdraw your consent in the meantime;
- If you call special phone numbers associated with certain listings and the phone call is recorded, we may retain the call recording for a maximum period of 1 year.
 
Legal or contractual obligations may require us to retain your data for a specific period, for example, the periods stipulated by law for defending our rights in court (generally, a period covering the statute of limitations).

If you deactivate your client account on the platform and expressly request total deletion, the data associated with your client account will be deleted or anonymized so that you can no longer be identified in our data recording systems, unless we are legally obligated to retain your data for a longer period or due to our legitimate interest.

In this way, we ensure you have full control over your personal data. We will collect and process your data again if you provide it to us again on the platform's website.

For the purposes for which you have given your consent for data processing, highlighted in the table above, we will process your data for that purpose until you withdraw your consent for that processing, unless we are legally required to retain this data for a longer period, for reporting to public authorities, or to defend our rights in court.

We inform you that we rely on your consent when we process your data to send you:

- Customized offers based on online behavioral advertising;
- Customized offers based on profiling we perform for direct marketing purposes, through communication channels such as SMS, email, and push notifications;
- Offers based on custom audiences (customer lists) on Facebook.

**Who We May Disclose Your Data To**

Your personal data may be transmitted to and processed by our trusted partners to provide you with services.

To deliver services on the platform, we will share your data with our trusted partners. We carefully select the partners and suppliers that perform operations supporting our activity on our behalf. We share with them only the personal data necessary to carry out the specific activities we entrust to them. The data collected through our listing centralization software will be made public on the platform since they are collected, in turn, from public sources.

When we outsource certain activities to our trusted partners, we make every reasonable effort to verify in advance that they ensure the protection of your data through strict data security measures, and we will enter into data processing contracts with each of them. Specifically, we transmit some data to third parties (our suppliers and partners) to perform the functions and services necessary for the operation of the platform's activities, such as:

- The provider that ensures our data storage services on external servers located in the EU;
- The provider of communication and email correspondence services located in the USA, which holds Privacy Shield certification;
- Real estate agents subscribed to the platform for the purpose of acquiring and promoting your goods.

We share your data with our partners for marketing purposes or to conduct marketing.

To provide you with services customized to your interests and preferences, we process certain data with some partners who help us address personalized offers to you, such as: (I) processing data through the Facebook platform to send you personalized offers through targeted ads using the custom audience feature on customer lists, or (II) processing data to send you personalized offers based on online behavioral advertising carried out with Google AdWords. The way Facebook or Google processes your data is presented in this data processing policy.

**Transmission of Data to Authorities and Public Institutions or Judicial Bodies**

We may transmit some of your personal data to the competent public authorities or institutions when required by law (e.g., investigating fraud; preventing money laundering; submitting declarations, financial situations to tax authorities, etc.), or we may transmit this data to the courts when we defend ourselves in court, or before other public authorities.

**Access by Auditors and Consultants**

We may transmit some of your personal data to providers of accounting, legal, human resources, audit, banking services.

**International Transfers**

As a rule, your data is not stored in a country outside the European Union or the European Economic Area (EEA). However, some data may be transferred to our partners who help us operate the platform's activities and are located outside the European Union. However, we have made reasonable efforts with each of these partners to ensure that adequate data protection measures are in place.

Specifically, our service provider who helps us send you email notifications, although located in the USA (outside the EU), holds Privacy Shield certification, ensuring an adequate level of data security recognized by the European Commission.

When we send you personalized offers through targeted ads, we use the custom audience feature managed by Facebook, Inc., located outside the EU/EEA, which is certified according to publicly available information in compliance with the requirements of the Privacy Shield (considered to provide an adequate level of protection for personal data transferred from the European Union to organizations in the United States). We recommend that you also consult Facebook's privacy policy on its website.

If we transfer your data to other partners/suppliers of the platform located in states that do not provide an adequate level of protection for the transmitted data, we commit to take all necessary measures to ensure that those partners/suppliers comply with the terms and conditions established in this policy. These measures may include, in addition, implementing data protection standards (e.g., ISO 27001), standard contractual clauses adopted by the European Union Commission, as well as direct control systems over these mechanisms.

**Data Security**

Here’s the translation:

---

The platform has implemented appropriate security measures to prevent your personal data from being lost, used or accessed accidentally, altered, or disclosed without authorization. We also limit access to your personal data to those employees, agents, contractors, and other third parties who have a legitimate business need to know the data. They will process your personal data under our instruction and are bound by confidentiality obligations.

We have implemented procedures to address any suspected breaches of personal data and will notify you and any competent regulatory authority regarding the breach when we are legally required to do so.

We may retain your data in physical or electronic format. In certain circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without informing you.

### Your Rights

In addition to the aforementioned, in certain circumstances, the data subject has specific rights under data protection laws regarding your personal data. These include:

**Right of Access**

You may request:

- Confirmation of whether we are processing your personal data;
- A copy of that data;
- Other information about your personal data, such as what data we hold, what we use it for, to whom we disclose it, if we transfer it abroad, how we protect it, how long we retain it, what rights you have, how you can lodge a complaint, where we obtained your data, and whether we have engaged in any automated decision-making or profiling, to the extent that this information has not already been provided to you in this policy.

**Right of Rectification**

You may request that we rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.

**Right of Deletion (Right to be Forgotten)**

You may request that we delete your personal data, but only if:

- It is no longer necessary for the purposes for which it was collected; or
- You have withdrawn your consent (where processing was based on consent); or
- You have a valid objection (see "Objection" below); or
- It has been processed unlawfully; or
- We must comply with a legal obligation to which the company is subject.

We are not obliged to comply with your request to delete your personal data if the processing of your personal data is necessary:

- For compliance with a legal obligation; or
- For establishing, exercising, or defending legal rights.

There are other circumstances in which we are not obliged to comply with your deletion request, although these two are likely the most common circumstances in which we would refuse this request.

**Right to Restriction**

You may request that we restrict (namely, retain without using) your personal data only when:

- Its accuracy is contested (see rectification), to enable us to verify its accuracy; or
- The processing is unlawful, but you do not want it deleted; or
- It is no longer necessary for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal rights; or
- You have exercised your right to object, and verification of compelling legitimate grounds is pending.

We may continue to use your personal data following a request for restriction, in cases where:

- We have your consent; or
- To establish, exercise, or defend legal rights; or
- To protect the rights of another natural or legal person.

**Right to Data Portability**

You may request that we provide your personal data in a structured, commonly used, machine-readable format, or you may request it to be "ported" directly to another data controller, but in any case, only when:

- The processing is based on your consent or the performance of a contract with you; and
- The processing is carried out by automated means.

**Right to Object**

You can object to any processing of your personal data that is based on "our legitimate interests," if you believe that your fundamental rights and freedoms take precedence over our legitimate interests.

Once you have objected, we have the opportunity to demonstrate that we have compelling legitimate interests that override your rights and freedoms.

**Right to Lodge a Complaint**

You have the right to lodge a complaint with the national supervisory authority for personal data processing. Please try to resolve any issues by discussing them with us first, although you have the right to contact the supervisory authority at any time.

**Right to Withdraw Consent**

You have the right to withdraw consent granted in cases where the platform processes personal data based on that consent.

The data subject will not be charged a fee or any other charge to access your personal data (or to exercise any of the other rights). However, the platform, as the data controller, may impose a reasonable fee if the request is clearly unfounded, repetitive, or excessive. Alternatively, the platform may refuse to act on a request received in these circumstances.

The platform has the right to request certain information to confirm the identity of the data subject making the request and to ensure the security of the personal data (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to individuals who are not entitled to receive it. We may contact you to request additional information regarding your request to expedite our response.

The platform will endeavor to respond to all legitimate requests within one month. Occasionally, it may take longer than one month if the data subject’s request is very complex or if the data subject has made multiple requests. In this case, the platform will notify you and keep you updated.

### Stay in Touch

We have appointed a data protection officer. The first point of contact for all matters arising from this policy, including requests to exercise subjects' rights, is the data protection department, which can be contacted in the following ways:

- By email at bskyeforienord@gmail.com
- By mail at Strada Meduzei Nr 1, Eforie Nord, Constanta, 905350 

If you have a complaint or are concerned about how we use your personal data, please contact us first, and we will try to resolve the issue as quickly as possible.

We wish you happy browsing!

---

### Cookie Policy

The information presented below aims to inform the visitor/user about the placement, use, and management of cookies used by the autocar.Ro website. Some useful links related to this subject are also included.

This website uses cookies to provide visitors with a much better browsing experience and services tailored to the needs and interests of each individual.

**The Role of a Cookie**

In what we call "Web 2.0," cookies play an important role in facilitating access and delivering the various services that users enjoy on the internet, such as:

- Personalizing certain settings, such as the language in which a site is viewed, the currency in which certain prices or fees are expressed, and saving options for various products (sizes, other details, etc.), authenticating users to the server (with the help of cookies, the server remembers that the user has logged in and will allow actions specific to logged-in users), and settings that the user has specifically made.

Cookies provide site owners with valuable feedback on how their sites are being used by users, allowing them to make them more efficient and accessible to users.

Cookies allow multimedia applications or other types from other sites to be included on a particular site to create a more valuable, useful, and enjoyable browsing experience.

They improve the efficiency of online advertising.

**What is a Cookie?**

An "internet cookie" (also known as a "browser cookie" or "HTTP cookie" or simply "cookie") is a small file made up of letters and numbers that will be stored on the computer, mobile terminal, or other equipment of a user accessing the internet.

The cookie is installed by a request issued by a web server to a browser (e.g., Internet Explorer, Google Chrome) and is completely "passive" (it does not contain software programs, viruses, or spyware and cannot access information from the user's hard drive).

Cookies are used by almost all websites and do not harm your system.

**Components of a Cookie**

A cookie consists of two parts: the name and the content or value of the cookie. Furthermore, the duration of existence of a cookie is determined; technically, only the web server that sent the cookie can access it again when a user returns to the website associated with that web server.

Cookies themselves do not require personal information to be used and, in most cases, do not identify individual internet users.

**Categories of Cookies**

There are two main categories of cookies:

- **Session Cookies** – these are temporarily stored in the browser's cookie folder so that it remembers them until the user exits the website or closes the browser window (e.g., during logging in/out of a webmail account or social networks).

- **Persistent Cookies** – these are stored on the hard drive of a computer or device (and generally depend on the pre-established lifespan for the cookie). Persistent cookies also include those placed by a different website than the one the user is visiting at that moment – known as "third-party cookies" – which can be used anonymously to remember a user's interests, so that the most relevant advertising can be delivered to users. Third-party providers must also comply with applicable laws and the privacy policies of the website owner.

Please note that third parties who advertise on our site (including, for example, advertising networks and external service providers such as web traffic analytics) may also use cookies, over which we have no control. These cookies may be performance/analytics cookies or targeting cookies.

Additionally, cookies can also be classified as follows:

- **Strictly Necessary Cookies** – these cookies are essential for you to use the site effectively, such as when you buy a product and/or service, and therefore cannot be turned off. Without these cookies, the services available on our site cannot be provided. These cookies do not collect information about you that could be used for marketing or remembering where you have been on the internet.

- **Preference Cookies** – preference cookies allow a site to remember information that changes the way the site behaves or

 looks for you, such as your preferred language or the region in which you are located. These cookies can also be used to remember changes you have made to text size, fonts, and other parts of web pages that you can customize.

- **Statistical Cookies** – these cookies help website owners understand how visitors interact with the sites by collecting and reporting information anonymously.

- **Marketing Cookies** – these cookies are used to track visitors to websites. The intention is to display ads that are relevant and engaging for the individual user and thus more valuable for publishers and third-party advertisers.

**How are Cookies Used?**

When you visit the site, the following types of cookies may be placed on your computer, mobile terminal, or other equipment:

- Cookies for the functionalities of the website
- Cookies for analyzing visitors (analytics)
- Cookies for advertising and marketing

**How can I Control Cookies?**

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences each time you visit a site, and some services and functionalities may not work.

You can adjust your cookie preferences via your web browser settings. The following links explain how to adjust your cookie preferences for some popular web browsers:

- [Internet Explorer](https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer)
- [Chrome](https://support.google.com/accounts/answer/95647?hl=en)
- [Firefox](https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored)
- [Safari](https://support.apple.com/en-us/HT201265)
- [Edge](https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy)

Due to the constant transmission of information between the browser and the website, if an attacker or unauthorized person intervenes during data transmission, the information contained in cookies can be intercepted. Although this happens very rarely, it can occur if the browser connects to the server using an unencrypted network (e.g., an unsecured Wi-Fi network).

Other cookie-based attacks involve incorrect cookie settings on servers. If a website does not require the browser to use only encrypted channels, attackers can exploit this vulnerability to "trick" browsers into sending information through unprotected channels. Attackers then use the information to unauthorizedly access certain sites. It is crucial to be careful in choosing the most suitable method for protecting personal information.

Guidelines for Safe and Informed Browsing Due to Cookie Use

Due to the flexibility of cookies and the fact that most visited websites use them, they are almost unavoidable. Disabling cookies will prevent users from accessing the most widespread and used sites, including YouTube, Gmail, Yahoo, and others.

Here are some guidelines (which you may ignore if you do not find them useful) to ensure you browse without worries while using cookies:

• Customize your browser settings regarding cookies to reflect a comfort level for you regarding security.

• If you don't mind cookies and are the only person using the computer, you can set long expiration dates for storing browsing history and personal access data.

• If you share access to the computer, consider setting the browser to delete individual browsing data each time you close the browser. This is a way to access sites that place cookies and delete any visit information upon closing the browsing session.

• Install and regularly update anti-spyware applications. Many spyware detection and prevention applications include detection of attacks on sites.

• Ensure your browser is always updated. Many cookie-based attacks exploit vulnerabilities in outdated browser versions.

Possibility and Method of Stopping Cookies

We warn you in advance that disabling and refusing to accept cookies may make certain sites impractical or difficult to visit and use. Also, refusing to accept cookies does not mean you will no longer receive or see online advertisements.

You can set your browser to prevent these cookies from being accepted, or you can set the browser to accept cookies from a specific site. However, for example, if you are not registered using cookies, you will not be able to leave comments.

All modern browsers offer the ability to change cookie settings. These settings are usually found in the “options” or “preferences” menu of your browser.

To understand these settings, the following links may be helpful, or you can use the "help" option of your browser for more details.

• Cookie settings in Internet Explorer

• Cookie settings in Firefox

• Cookie settings in Chrome

• Cookie settings in Safari

For cookie settings generated by third parties, you can also consult this site.

Useful Links

If you want to learn more about cookies and their uses, we recommend the following links:

• Microsoft Cookies Guide

• All About Cookies

• The IAB Romania Association provides the following site for more information regarding privacy related to online advertising.

•  Other Terms and Conditions

• Here’s the translation:

• ---

• **RESERVATIONS**  
  To make a reservation, click the "Book Now" button on the website or call the phone number 0739914704.

• **RATES**  
  The rates we can offer vary depending on the type of room you choose, availability, the day of the week, and the season.

• **CHECK-IN AND CHECK-OUT**  
  Check-in to rooms is available starting at 2:00 PM.  
  Check-out on the day of departure must be done by 11:00 AM.  
  Early check-in and late check-out are possible upon request, subject to availability. Any additional costs for these services are available at the reception.

• **QUIET HOURS**  
  Please maintain silence between 11:00 PM and 10:00 AM, which is considered a resting period (music is allowed until 11:00 PM). Since the comfort of each guest is important to us, we kindly ask you to respect the rest hours. If, for objective reasons, you arrive after 11:00 PM, please keep the noise to a minimum.

• **PETS**  
  Pets are not allowed on the premises.

• **SMOKING**  
  Smoking is not allowed in rooms or in the indoor areas of the property.

• **COMPLAINTS**  
  Complaints regarding the quality of the provided tourism services should be made on-site, throughout the duration of the guests' stay at the hotel. Subsequent complaints after the end of the stay will not be considered. Complaints regarding damage caused by theft or destruction of items brought by the guest must be reported to the manager within one hour of discovering the event.

• **PYNBOOKING**  
  By the terms "we," "our," "ours," "us," we refer to the Blue Sky Resort accommodation unit.  
  Data Controller: The Blue Sky Resort accommodation unit operates the reservation system through a data processor, as explained below. According to GDPR regulations, the accommodation unit is the data controller and determines the purpose and means by which data processing is carried out.

• **Blue Sky Resort Accommodation Unit**  
  Company: Blue Sky Resort Eforie S.R.L.  
  Address: Eforie Nord, Strada Meduzei Nr 1  
  CUI: RO39184200  
  Registration No.: J13/925/2018  

• **Data Processor**  
  PYNBOOKING operates the reservation system for the Blue Sky Resort accommodation unit and is committed to protecting the privacy of the data provided by the users of the system. PYNBOOKING is the data processor. PYNBOOKING is authorized by the Blue Sky Resort accommodation unit to process data on its behalf.

• **PYNBOOKING NET SRL**  
  Address: Bucharest, Str. Decebal, Nr. 12  
  CUI: RO 32956788  

• PYNBOOKING is a hotel management tool used by those who own and/or manage accommodation units, enabling users to make and manage reservations online. This document refers to the processing of personal data collected by accommodation units using the PYNBOOKING reservation system.

• **What types of personal data are requested from users**  
  Accommodation units using PYNBOOKING collect and store the information that users provide when making a reservation. They are asked for their name, address, phone number, and email address, financial data for processing payment when making a pre-payment, and the names of guests traveling with them. This may also include the IP address. This information is necessary and mandatory (unless otherwise specified in the designated fields) to fulfill the user's request and is stored in the PYNBOOKING system for processing the reservation. If the user refuses to provide this information, the request cannot be fulfilled. Users may be contacted by the accommodation unit's administrators regarding the reservation. Their personal data is also stored after their stay but will only be retained as long as necessary in accordance with legal obligations.

• **Personal data processed directly by third parties**  
  If users provide financial information (bank card details), it will be processed directly by providers with PCI level 1 certifications (euplatesc.ro, paypal, autorize.net).

• **Personal data of third parties (reservations for companions, friends, family members, etc.)**  
  In the event that a user provides a third party's data, it is presumed that they have that person's consent and have conveyed the information from this Privacy Statement, with the controller and data processor being exempt from any liability in this regard. However, we may conduct additional checks, taking appropriate measures in accordance with current legislation.

• **Purpose of using personal data**  
  Depending on users' requests, the collected data will be processed for the following purposes:  
  - Managing the reservations made, including processing payments (where applicable) and managing requests and preferences expressed by the user  
  - Managing users' enrollment in loyalty programs and obtaining membership status  
  - Contacting users for the purposes listed here  
  - Sending personalized commercial offers via electronic means if the user has given their consent  
  - Managing additional services  
  - Conducting surveys and evaluations regarding the quality of services offered  

• **Duration of retention of personal data**  
  Data is retained for the time necessary to fulfill the objectives listed above, except in cases where they are needed for a longer period, and this is permitted by law, or except where the user requests their deletion, withdrawing their consent. The criteria for determining the duration are:  
  - The period during which the user has a relationship with the data controller in which they provide services (for example, the period during which the user has an account in the reservation system or uses its services or the period prior to their stay)  
  - In cases where there is a legal obligation (certain laws require the data controller to retain data related to transactions for a specific period before being allowed to delete it)

• **Use of users' social media accounts**  
  In the event of registration or logging in through a user account on a social media platform, we may collect and access various information from the user’s profile on that social media network for internal administrative purposes and/or the purposes indicated above.

• **Security procedures**  
  In accordance with the General Data Protection Regulation (GDPR), PYNBOOKING ensures the reasonable implementation of necessary procedures to prevent unauthorized access and inappropriate use of personal data. We use appropriate systems and procedures to protect and maintain the safety of the information transmitted to us. We also use technical and security procedures and physical restrictions to prevent access to and use of personal data from our servers. Only authorized personnel have access to personal data, and only during the performance of their job duties.

• Data is processed in a way that ensures its security and mitigates the risk of being altered, lost, unlawfully processed, or accessed, depending on the nature of the technology, the information stored, and the risks to which they are exposed.

• **Users' rights over personal data**  
  Users have the right to access the data stored by the accommodation units where they have made reservations via the PYNBOOKING system. To do this, they should contact the accommodation unit where they made the reservation through the PYNBOOKING system.  

• Users have the right to request the deletion of the provided data at any time.  
  Users have the right to modify any incomplete or invalid data.  
  Users have the right to request the deletion of data when they are no longer necessary for the purposes for which they were collected and stored.  
  Users have the right to confirm the withdrawal of consent.  
  Users have the right to obtain the limitation of data processing when the conditions regarding the processing of personal data regulations allow it.  
  Users have the right to request the portability of their data.  
  Users will also be informed that they can lodge a complaint regarding the protection of their personal data with the relevant authorities at any time.

• **Reviews, ratings, feedback**  
  Users may be asked to provide feedback on the quality of accommodation services once their stay is complete for the purpose of improving services. The user's email address will be used for this purpose. If a review is completed, it may be published on the accommodation unit's website, on Facebook, Twitter, or Google Plus. No details regarding the user's identity will be published. Storing users' information may be necessary to fulfill the obligations the accommodation unit has towards them.

• **Legitimate interest in processing user data**  
  We may use users' information for legitimate purposes, such as administrative purposes, fraud detection, or legal purposes.  

• The data processed that we request to fulfill the purposes listed above cannot be used without the user's consent. Furthermore, if the user withdraws their consent, this will not affect the legality of the prior processing of their data. To revoke consent, the user must contact us through the previously mentioned channels. Similarly, in cases where data processing is required to fulfill a legal obligation or to execute a contractual relationship between us and the user, data processing will be legitimate as it is necessary to achieve those objectives.

• **Cookies**  
  The term "cookie" defines a small amount of information placed in the web browser on the computer or mobile device used by the users. Cookies are used to facilitate the booking process and contain information such as the search data and the language in which the reservation is made. There is a difference between temporary cookies and long-term cookies. Temporary cookies exist only until the web browser is closed. Long-term cookies are used for a longer time and are not automatically deleted when the browser is closed. We use long-term cookies in Google Analytics to analyze traffic and visitor behavior. By using the PYNBOOKING website or making reservations through PYNBOOKING, you consent to the use of cookies as described above.

• **Use of services by minors**  
  The services are not intended for individuals under 18 years of age, and we do not request them to provide personal data.

• Sure! Here’s the translation into English:

• ---

• **Disclosure of Personal Data**

• Personal data will be used and disclosed in the following cases:

• - To comply with applicable laws, including the laws of the user's country of residence.
  - To respond to a request in the event of legal proceedings.
  - To respond to requests from government authorities, including authorities outside the user's country of residence, and to fulfill national security requirements.
  - To enforce the terms and conditions.
  - To protect the rights, privacy, and data security of ourselves, our users, and third parties.

• We may use and disclose Other Data for any purpose, except in cases where current legislation does not permit it. In certain cases, we may combine Other Data with personal data (for example, the user's name with location). If we do so, we will consider and treat the data resulting from this combination as personal data as long as the combining process is exercised.

• **User Obligations**

• The user guarantees that they are legally responsible, of sound mind, and that the information provided is real, valid, complete, and up-to-date. The user is solely responsible for the accuracy of the data communicated and agrees to update the information when necessary.

• The user commits to inform third parties whose personal data they provide, when applicable, about the information in this document. They also agree to obtain the approval of third parties regarding the provision of personal data for the purposes outlined above.

• The user is responsible for false or invalid information provided through the website and for any damages, direct or indirect, caused to us or third parties as a result.

• **General Terms & Conditions**

• **Reservation Policy.**

• **Flexible & Guaranteed**

• If canceled at least 2 days before arrival, no fee will be charged.  
  If canceled later or in case of no-show, the first night’s stay will be charged.

• **Non-Refundable**

• In case of no-show, the deposit for the first night’s stay will be retained.  
  Online payment with a credit card via Euplatesc (Visa/Mastercard/Vacation Card).