politica sulla riservatezza

Last updated: 5 May 2026  ·  Data controller: SC Landmark Smart Rentals SRL ("Matisse", "we", "us")

This Privacy Policy explains what personal data we collect when you visit matisse.ro, contact us, or stay with us at Matisse Bucharest Old Town, why we collect it, how we use and protect it, and the rights you have under the EU General Data Protection Regulation (GDPR).

At a glance

  • We collect only the data needed to answer your enquiry, manage your booking, run the website and meet our legal obligations.
  • We do not sell your personal data, ever.
  • You can ask us to access, correct, delete or export your data at any time by writing to info@matisse.ro.
  • Cookies and analytics are governed by our separate Informativa sui cookie.

1. Who we are

The website matisse.ro and the Matisse Bucharest Old Town property are operated by SC Landmark Smart Rentals SRL, a Romanian limited liability company.

  • Registered address: Str. Smârdan 11, sector 3, Bucharest, Romania
  • VAT: RO 165 11 966
  • Email: info@matisse.ro
  • Phone: +40 774 411 001

2. What data we collect and why

2.1. When you browse the site

We automatically receive limited technical information sent by your browser: IP address, approximate location, browser type and version, device type, referring page, the pages you visit on our site and the time of each request. We use this data to operate and secure the site, prevent abuse and improve content. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR) in operating a functional, secure website.

Cookies and analytics tools may collect additional information; for full details see the Informativa sui cookie. Non-essential cookies are set only with your consent.

2.2. When you contact us

If you write to us, fill in a contact form, or message us on WhatsApp, we collect the data you provide: name, email, phone number (if provided), and the content of your message. We use this data to respond to your enquiry. The legal basis is our legitimate interest in answering questions about our services, or — when your enquiry leads to a booking — the performance of a contract (Art. 6 (1) (b) GDPR).

2.3. When you book a stay

Bookings are processed through our booking engine partner, SiteMinder / DirectBook, or — for corporate and group enquiries — through our internal team. We receive from the booking engine: your name, contact details, dates of stay, room type, special requests and the booking reference. Card data is processed directly by the booking engine and the acquiring bank; we do not store full card numbers. The legal basis is the performance of a contract (Art. 6 (1) (b) GDPR) and our legal obligations under Romanian tax and hospitality law (Art. 6 (1) (c) GDPR).

2.4. When you leave a review

Reviews submitted on third-party platforms (Booking.com, Google, Tripadvisor) are displayed on our site only with the same identifiers (first name, country, score) shown on the source platform. We do not link the review to internal booking data unless you explicitly identify yourself in the review text.

3. Sensitive data

We do not knowingly collect sensitive personal data (data about racial or ethnic origin, religious or philosophical beliefs, health, sexuality, etc.). Please do not send such information through our forms or email. If you do so, you give your explicit consent for us to delete it; we will not use it for any other purpose.

4. How long we keep your data

  • Booking records: 10 years, as required by Romanian accounting law.
  • Email correspondence: up to 3 years from the last contact, then deleted unless attached to an active matter.
  • Marketing consent records: for as long as your consent is valid, plus 3 years for evidence of consent.
  • Website analytics: up to 14 months (Google Analytics default), unless you withdraw consent earlier.
  • Cookie consent records: 12 months, after which we ask again.

5. Who we share your data with

We share data only with parties who help us deliver our service. Each of them processes data under a contract that meets GDPR requirements:

  • Hosting and email providers for technical operation of the site and our inbox.
  • Booking engine partner (SiteMinder / DirectBook) for online bookings.
  • Channel managers and OTA platforms (Booking.com, Expedia, Airbnb) when a booking originates from them.
  • Accounting and audit professionals bound by professional confidentiality.
  • Public authorities, only when we are legally required to do so (tax authorities, police, courts).

We do not sell, rent or trade your personal data with anyone for marketing purposes.

6. International transfers

Your data is stored within the European Economic Area (EEA), primarily on servers located in Romania and other EU member states. Some of our partners (for example, Google for analytics or Meta for advertising) may transfer data to the United States; in such cases we rely on the EU–US Data Privacy Framework or the European Commission's Standard Contractual Clauses to safeguard the transfer.

7. How we protect your data

  • HTTPS / TLS encryption for all data exchanged with the site.
  • Access to personal data is limited to staff who need it for their role.
  • Booking and payment processing are handled by PCI-DSS-compliant providers; we do not store card numbers on our servers.
  • Backups are encrypted and retained no longer than necessary.
  • Security incidents that may affect your data are reported to the Romanian Data Protection Authority within 72 hours, as required by law, and to you when the law obliges us to do so.

8. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") when there is no overriding reason for us to keep it.
  • Restrict the processing of your data in certain circumstances.
  • Object to processing based on legitimate interest, including for marketing purposes.
  • Data portability: receive your data in a structured, machine-readable format and have it transmitted to another controller.
  • Withdraw consent at any time when processing is based on consent — without affecting the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP, www.dataprotection.ro) or the supervisory authority of your country of residence.

To exercise any of these rights, write to info@matisse.ro. We will reply within one month. We may ask for additional information to verify your identity before disclosing personal data.

9. Marketing communications

We do not send marketing emails unless you ask us to (for example, by ticking an opt-in checkbox on a form). If you do receive marketing from us, every email contains an unsubscribe link. You may also unsubscribe at any time by emailing info@matisse.ro with the subject "UNSUBSCRIBE".

10. Children

Our site and services are not directed at children under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page always shows the current version. Material changes will be communicated via a notice on the site or by email, where appropriate.

12. Contact and complaints

For any question about this policy or about how we handle your data, contact us first:

SC Landmark Smart Rentals SRL
Str. Smârdan 11, sector 3, Bucharest, Romania
Email: info@matisse.ro
Phone: +40 774 411 001

If you are not satisfied with our response, you can lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro.