Privacy policy

As ensuring your protection with regard to the processing of personal data is an extremely important objective to us, we have taken all the necessary steps to comply with the standards imposed by EU Regulation 2016/679 ( and by any other normative act in force on the territory of Romania.

An important step in achieving this goal is to be informed about how your data will be processed (processing means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, deleting or destroying).

We reserve the right to change and update the Privacy Policy and the Cookie Policy.

  1. Who we are and how we can be contacted:

The data operator is the company HCR SRL, headquartered in Sf. Gheorghe, Varadi Joszef Street, no. 17, Covasna county, registered at the Trade Register under no. J14 / 388 / 19.07.2007, fiscal identification code RO22136845, (hereinafter referred to as “DINO PARC RÂȘNOV” or “Company”). For more information about the Company, please contact us at the e-mail address [email protected]

  1. Data collection / data types
  1. Collected automatically upon access (type)
  • IP address
  • Date and time of access
  • Time zone difference from Greenwich Meridian (GMT)
  • Content of the application (specific website)
  • Access status / HTTP status code
  • The volume of data transferred
  • Access requested on the website
  • Browser, language settings, browser version, operating system and surface
  1. Collected after subscribing to the newsletter:
  • Email Address;
  1. Collected after purchasing tickets to visit Dino Parc Rasnov:
  • Name and surname;
  • Email Address;
  • Phone number;
  1. Collected after purchasing products from the online store:
  • Name and surname;
  • Email Address;
  • Phone number;
  • Delivery address;
  1. Cookies
  2. What are they?
  3. This Website uses so-called “cookies”. Cookies are small text files that are stored in your terminal’s memory via your browser. They store certain information (eg: preferred language or website settings) that your browser may retransmit to us (depending on the lifetime of the cookie) on the next visit to our Website.
  1. What cookies do we use?
  • Cookies

Google Analytics (site analysis cookies) – used for site analysis purposes;
Google Tag Manager – used for site analysis purposes;
Cookie Consent – used to store user preferences;

Third party cookies

  1. On our Website, we use Google Analytics and Google Tag Manager as an analysis service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (hereinafter referred to as “Google ”). Google will analyze the use of our Website on our behalf. For this purpose we use cookies. Information collected by Google in connection with your use of our Website (eg URL, our web pages visited by you, your browser type, your language settings, your operating system, your screen resolution, etc.). ) will be transmitted to a Google server in the US, where they will be stored and analyzed. Those results will then be made available to us in a pseudonymous form.
  2. You may withdraw your consent to use web analytics at any time by downloading and installing the supplied Google Browser Plug-in.
  3. More information about Google Analytics is available in the Google Analytics Terms of Service, the Google Analytics Data Protection and Privacy Guidelines, and the Google Privacy Policy.
  1. Purpose of data processing
  1. For the purpose of performing the contract in the cases described in point 2, sections 3 and 4.
  2. For marketing purposes in the cases described in point 2, section 2 and point 3
  1. We may use that information to improve the products and services we provide to you.

To defend our legitimate interests

  1. To defend our legitimate interests (In the event of exceptional situations such as cyber attacks that may jeopardize the security of our platform or if the information is requested by the competent public institutions in order to resolve ongoing investigations, we reserve the right to process the information concerned)
  1. Legal basis of the processing
  1. In the case described in point 2 section 2 and 3, the legal basis is art. 6 para.1, lit. b) namely, the execution of the contract;
  2. In the case described in point 2 section 2 and in point 3, the legal basis is art. 6 para.1, lit. a) namely, the consent of the data subject;
  1. How long we keep your personal data

The length of time your data will be retained is limited and will be determined by the time required to fulfill the purposes for which the data is processed.

The personal data of the persons who purchased products will be stored according to the applicable legal provisions in financial-accounting matters, respectively 10 (ten) years from the end of the financial year in which the tax was paid.

Upon expiration of the period of storage of personal data, the Operator will delete / destroy this data from the means of processing and storage.

  1. Third parties

In order to achieve the purposes described above, the Company uses the services of several contractual partners, authorized persons or employees of the Company, and they may be provided with your personal data to be used exclusively within the limits of the obligations they have assumed. of Society. The personal data we disclose to our authorized persons is limited to the minimum personal information that is necessary for the provision of those services and we require these third parties not to use the personal data for any other purpose. We make every effort to ensure that all entities we work with store your personal data in a safe and secure manner.

Some of these are third parties who do not intend to process the data, but may have access to the data in the performance of their tasks or in their interactions with the Company, such as maintenance companies, financial auditors or legal advisers.

The personal data indicated above may be made available or transmitted to third parties in the following situations:

(i) public authorities, auditors or institutions competent to carry out inspections and controls on the Company’s business and assets, which require the Company to provide information in accordance with the Company’s legal obligations. These public authorities or institutions can be the National Authority for Fiscal Administration, the Romanian Police, the National Institute of Statistics; (ii) to comply with a legal requirement or to protect the rights and assets of our Company or other entities or persons, such as courts; (iii) third-party acquirers, to the extent that the Company’s business would be transferred (in whole or in part) and the data of the data subjects would be part of the assets that are the subject of such a transaction.

Outside third parties:

A: Google
Purpose: Web analytics

B: Mailchimp
Purpose: To send newsletters;


  1. If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
  2. We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
  1. Territoriality:

The processing of data is done only in Romania, Except for the pseudonymous data used in the site analysis function described in point 3. 1 “Third party cookies” which is made in the USA according to the procedure described and the data mentioned in point 7, Third Party Section outside the Country.

  1. Your rights

The right of access of the data subject

  1. The data subject shall have the right to obtain from the controller a confirmation as to whether or not personal data concerning him or her are being processed and, if so, access to such data and to the following information:
  1. processing purposes;
  2. the categories of personal data concerned;
  3. recipients or categories of recipients to whom personal data have been or are to be disclosed, in particular recipients from third countries or international organizations;
  4. where possible, the period for which personal data are expected to be stored or, if this is not possible, the criteria used to establish this period;
  5. the existence of the right to request the operator to rectify or delete personal data or to restrict the processing of personal data concerning the data subject or the right to oppose the processing;
  6. the right to lodge a complaint with a supervisory authority;

The right to rectification

  1. The data subject shall have the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning him. Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of personal data which are incomplete, including by providing an additional statement.

Right to erasure of data (“right to be forgotten”)

  1. The data subject shall have the right to obtain from the controller the deletion of personal data concerning him, without undue delay, and the controller shall have the obligation to delete personal data without undue delay if one of the following reasons applies. :

(a) personal data are no longer necessary for the purposes for which they were collected or processed;

(b) the data subject withdraws the consent on the basis of which the processing takes place in accordance with Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for the processing ;

(c) the data subject opposes the processing pursuant to Article 21 (1) and there are no legitimate reasons prevailing in respect of the processing or the data subject opposes the processing pursuant to Article 21 (2);

(d) personal data have been processed unlawfully;

(e) personal data must be deleted in order to comply with a legal obligation incumbent on the controller under Union or national law to which the controller is subject;

(f) personal data have been collected in connection with the provision of information society services referred to in Article 8 (1).

  1. If the controller has made his personal data public and is obliged to delete them pursuant to paragraph 1, the controller shall, taking into account the available technology and the cost of implementation, take reasonable measures, including technical measures, to inform operators who process personal data that the data subject has requested the deletion by these operators of any links to such data or of any copies or reproductions of such personal data.
  2. Paragraphs 1 and 2 (a) shall not apply in so far as processing is required:

(a) for the exercise of the right to freedom of expression and information;
(b) for compliance with a legal obligation which provides for processing under Union or national law applicable to the controller or for the performance of a task performed in the public interest or in the exercise of official authority with which the controller is vested;
(c) for reasons of public interest in the field of public health, in accordance with Article 9 (2) (h) and (i) and Article 9 (3);
(d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, in accordance with Article 89 (1), in so far as the right referred to in paragraph 1 is likely to make it impossible, or to seriously affect the achievement of the objectives of that processing; or
(e) to establish, exercise or defend a right in court.

The right to restrict processing

  1. The data subject shall have the right to obtain from the controller a restriction on processing where one of the following cases applies:

(a) the data subject disputes the accuracy of the data, for a period which allows the controller to verify the accuracy of the data;
(b) the processing is illegal and the data subject objects to the deletion of personal data, requesting instead that their use be restricted;
(c) the controller no longer needs the personal data for the purpose of processing, but the data subject requests them for the purpose of establishing, exercising or defending a right in court; or
(d) the data subject has objected to the processing in accordance with Article 21 (1), for the period during which it is verified whether the legitimate rights of the controller prevail over those of the data subject.

  1. Where processing has been restricted pursuant to paragraph 1, such personal data may, except in the case of storage, be processed only with the consent of the data subject or for the purpose of establishing, exercising or defending a right in court; or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  2. A data subject who has obtained a processing restriction pursuant to paragraph 1 shall be informed by the controller before the processing restriction is lifted.

The right to data portability

  1. The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the controller in a structured, commonly used and automatically readable format and shall have the right to transmit such data to another. operator, without obstacles on the part of the operator to whom the personal data were provided, if:

(a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or a contract pursuant to Article 6 (1) (b); and

(b) processing is carried out by automatic means.

  1. In exercising his right to data portability pursuant to paragraph 1, the data subject shall have the right to have personal data transmitted directly from one controller to another where this is technically feasible.
  2. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task performed in the public interest or in the exercise of official authority vested in the operator.
  3. The right referred to in paragraph 1 shall be without prejudice to the rights and freedoms of others.

The right to be notified in connection with the rectification, deletion or restriction of the processing of personal data

  1. The controller shall communicate to each consignee to whom the personal data have been disclosed any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18, unless where this proves impossible or involves disproportionate effort. The operator shall inform the data subject of those recipients if the data subject so requests.

Without affecting your right to contact the supervisory authority at any time, you can contact us in advance at the email address [email protected] and we will make every effort to resolve any issues.

You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are the following:

National Authority for the Supervision of Personal Data Processing
B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
E-mail: [email protected]