Book now

Privacy policy

Last update: 13.02.2026

This policy explains what data we collect, why we collect it, how we use it, how long we keep it and what rights you have. The policy applies when you use the Eridor Chalet website, when you contact us (phone, WhatsApp, email, form), when you make a reservation through the integrated system (Smoobu) and when you stay at Eridor Chalet.

1. Who is the data controller?

The data controller is Eridor Chalet, which administers the website and manages reservations and accommodations. For privacy-related requests, you can contact us as follows:

  • Phone / WhatsApp: +40 752 555 112
  • Email: eridorchalet@gmail.com
  • Location address: Gura Humorului, Voroneț, no. 395 E, Suceava, Romania
2. What data do we collect?

We only collect data necessary for communication, reservation, accommodation, billing and security.

  • Identification data: name, surname, series and number of the identity document, citizenship, date of birth (only if necessary for the accommodation form), signature (if required at check-in).
  • Contact details: email, phone, address (if required for billing).
  • Reservation data: check-in/check-out period, number of people, preferences, special requirements, messages sent to us.
  • Payment and billing data: amount, payment method, proof of payment, invoice data (individual or legal entity). We do not store full card data if payment is made through an external processor.
  • Technical data about website usage: IP address, browser type, operating system, pages accessed, traffic data. These may come from cookies or analytics services, if enabled.
  • Security data: video images from cameras located in outdoor common areas (e.g. entrance, courtyard), used for security.
3. Where do we get the data from?
  • Directly from you, when you fill out the contact form, when you email us, when you call or when you use WhatsApp.
  • From the integrated reservation system (Smoobu), when you make a reservation or a reservation request.
  • From payment partners, only to the extent necessary to confirm transactions (e.g. payment status).
  • From the documents presented at check-in, to the extent required by applicable legislation for tourist records.
4. Why we process data and what legal basis we use

We process data for clear purposes, on legal bases defined by the GDPR.

  • Reservation and accommodation: to register the reservation, confirm availability, manage check-in/check-out and provide accommodation services. Legal basis: performance of the contract.
  • Communication: to respond to messages, requests and questions. Legal basis: legitimate interest or contract performance, as applicable.
  • Payment and invoicing: to collect the advance payment, issue an invoice and keep accounting records. Legal basis: legal obligation and contract execution.
  • Legal obligations related to accommodation: completion of documents required by the authorities. Legal basis: legal obligation.
  • Security: to protect property and the safety of people, through outdoor video surveillance. Legal basis: legitimate interest.
  • Service improvement: to analyze requests and optimize website content. Legal basis: legitimate interest, and for non-essential cookies, consent (detailed in the Cookie Policy).
5. Who has access to data and to whom we disclose it

We do not sell or rent your data. We only disclose it when necessary for the operation of the services or when we are required by law.

  • Staff and collaborators who manage reservations and check-in/check-out, with access limited to the strictly necessary.
  • Reservation system provider (Smoobu), for booking and availability management.
  • IT service providers (hosting, maintenance), strictly for the operation of the website.
  • Payment processors or banks, for confirming and processing payments.
  • Public authorities, when we have a legal obligation (for example, tourist records, tax controls).
6. Transfers outside the European Economic Area

Some services used for bookings, email or traffic analysis may involve transfers outside the European Economic Area. If such a situation arises, we use legal protection mechanisms, such as standard contractual clauses and appropriate technical measures, depending on the provider.

7. How long do we keep data?

We only keep data for as long as we need it, depending on the purpose and legal obligations.

  • Reservation and communication data: during the management of the reservation and for a reasonable period after the stay, for clarifications, complaints or internal records.
  • Billing data and accounting records: according to the applicable legal deadlines for financial and accounting documents.
  • Data from accommodation documents: according to the deadlines required by applicable legislation for accommodation structures.
  • Video images (exterior surveillance): for a limited period, necessary for security purposes, then automatically deleted, except in cases where retention is required for the investigation of an incident.
8. Your rights

Under the GDPR, you have rights related to your personal data. In certain situations, some rights may be limited by legal obligations.

  • Right of access: you can request confirmation that we are processing your data and a copy of your data.
  • Right to rectification: you can request the correction of inaccurate data or the completion of data.
  • Right to erasure: you can request the deletion of data when there is no longer a legal basis for its retention.
  • Right to restriction: you can request the limitation of processing in certain situations.
  • Right to portability: you can request the transmission of the data provided by you, in a common format, where applicable.
  • Right to object: you may object to processing based on legitimate interest, for reasons related to your situation.
  • The right to withdraw consent: when processing is based on consent, you can withdraw it at any time.
  • Right to file a complaint: you can file a complaint with the ANSPDCP.
9. How to exercise your rights

Please send your request by email to eridorchalet@gmail.com, with the subject “GDPR Privacy”. To protect your data, we may request additional information to confirm your identity. We usually respond within the applicable legal deadline.

10. Data security

We use technical and organizational measures to protect data, such as access restrictions, passwords, internal procedures, backups and IT security measures. However, no system can guarantee absolute security, and you are obliged to use correct contact details and to maintain the confidentiality of messages or confirmations received.

11. Children’s data

Eridor Chalet accepts children for accommodation, but the website does not target children for the purpose of collecting data. If a parent or guardian believes that a minor has submitted personal data via the form without consent, they can contact us for deletion or correction, to the extent permitted by law.

12. Links to third-party sites

The website may contain links to external platforms (e.g. social media, Google Maps, booking providers). Each platform has its own policies. We do not control how third parties process data, and you should read their policies before using them.

13. Policy changes

We may update this policy when we change our services, providers, or legal requirements. We will post the date of the update at the top of the page. If the change is significant, we may post a notice on the website.

14. Contact

For questions or requests regarding privacy, you can contact us as follows:

  • Phone / WhatsApp: +40 752 555 112
  • Email: eridorchalet@gmail.com
  • Location address: Gura Humorului, Voroneț, no. 395 E, Suceava, Romania
Rezervă acum
+40 752 555 112
Book now
+40 752 555 112