Loading

Transformation & HealingPostul cu Apă

Legal · GDPR

Privacy Policy

Last updated: Aprilie 2026 · [DENUMIRE COMPANIE]

1. Data controller

The data controller is [DENUMIRE COMPANIE], headquartered at [ADRESA], VAT [CUI]. Email: postulcuapa@gmail.com. By using our services, you agree to the processing of data in accordance with this policy.

2. Data collected

We collect: Identification data (name, email, phone) — at booking, contact or newsletter. Medical data (blood type, weight, height, conditions) — exclusively for retreat bookings, with explicit consent. Payment data — securely processed by Stripe; we do not store card data. Navigation data — IP, browser, pages visited, via cookies (with your consent).

3. Purpose of processing

Data is processed for: contract execution (bookings and payments); communication regarding your booking or order; newsletter (only with explicit consent); improvement of services; compliance with legal obligations.

4. Legal basis

We process data based on: contract execution (art. 6 lit. b GDPR); explicit consent (art. 6 lit. a GDPR) — for newsletter and medical data; legitimate interest (art. 6 lit. f GDPR) — for platform security.

5. Your rights

Under GDPR, you have: the right of access; the right to rectification; the right to erasure; the right to restriction of processing; the right to data portability; the right to object; the right to withdraw consent at any time. Exercise your rights by writing to postulcuapa@gmail.com.

6. Data security

We implement appropriate technical and organisational measures: HTTPS connection, encryption of sensitive data, restricted access. The platforms used (Supabase, Stripe) comply with international security standards.

7. Cookies

We use cookies for site functionality, analytics (Google Analytics) and marketing (Facebook Pixel) — with your consent. You can manage cookie preferences from the consent banner displayed on your first visit.

8. International transfers

Some services (Stripe, Supabase, Google) may transfer data outside the EU. These transfers are carried out with appropriate safeguards (Standard Contractual Clauses or Privacy Shield certification).

9. Complaints

If you believe your rights are not being respected, you can file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP): www.dataprotection.ro