Privacy Policy

Last updated: June 12, 2026

      Summary: We only collect data necessary for reservations. We do not sell your data. We keep it for a maximum of 24 months. You have the right to request deletion at any time.
    

1. Who We Are

Data Controller

The controller of personal data is:

ASTERISC COMIMPEX S.R.L.
Tax ID (CUI): 38447
Trade Registry No.: J1991016151402
Address: Str. Maica Domnului nr. 54, Sector 1, Bucharest, Romania
Email: restaurant@ceaun.ro
Phone: +40 756 090 680

In accordance with Regulation (EU) 2016/679 (GDPR), ASTERISC COMIMPEX S.R.L. is the controller that determines the purposes and means of processing data collected through the website and reservation system of Restaurant Ceaun.

Service Providers (Data Processors)

To operate the reservation system, we use IT service providers (web hosting, software maintenance, email services, security services such as Google reCAPTCHA). These providers act as data processors under GDPR and process data solely based on the controller’s instructions.

We do not sell personal data.

2. What Data We Collect

2.1. Through the Reservation Form

Data	Required?	Purpose
Full name	Yes	Reservation identification
Phone number	Yes	Confirmation and contact
Email address	No (optional)	Electronic confirmation
Number of guests	Yes	Table allocation
Date and time	Yes	Scheduling
Customer note	No (optional)	Special requests

2.2. Automatically Collected Data

Our reservation system automatically collects the following technical data:

Data	Purpose
IP address	Security and abuse prevention
reCAPTCHA security score	Anti-spam protection
Technical information for abuse prevention	Security
Creation/confirmation timestamp	Reservation tracking
Reservation status	Internal management
Language (ro/en)	Interface personalization
Reservation source (web/manual)	Internal statistics

2.3. Data Collected via Google Analytics / Tag Manager

We use Google Analytics and Google Tag Manager for traffic analysis (only with your consent). These services may collect:

IP address (anonymized)
Browser and device information
Pages visited and time spent
Visit source

This data is processed by Google in accordance with their Privacy Policy.

2.4. Purposes of Processing

Managing reservations
Confirmation and communication with the customer
Fraud and abuse prevention
Internal statistics

3. Legal Basis for Processing

Purpose	GDPR Legal Basis
Processing reservations	Art. 6(1)(b) — Performance of a contract (pre-contractual measures)
Security, abuse prevention (reCAPTCHA, IP)	Art. 6(1)(f) — Legitimate interest
Marketing communications (only if opt-in is checked)	Art. 6(1)(a) — Consent
Traffic statistics (Google Analytics)	Art. 6(1)(a) — Consent (cookie banner)

4. Who We Share Data With

4.1. Service Providers (Processors)

Provider	Service	Data Location
Brevo (Sendinblue)	Email delivery	EU (France)
Google Ireland Ltd.	reCAPTCHA (spam protection)	EU/USA*
Google Ireland Ltd.	Google Analytics / Tag Manager	EU/USA*

*USA transfer under EU-US Data Privacy Framework adequacy decision

4.2. We Do Not Sell Your Data

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. How and How Long We Keep Data

      Retention period: Data is kept for a maximum of 24 months, after which it is automatically deleted.
    

Data Type	Storage	Retention Period
Reservation data (name, phone, email, details)	Secure database	Maximum 24 months
Technical data (IP, reCAPTCHA)	Secure database	Maximum 24 months
Analytics cookies	Client browser	Maximum 2 years (or until consent is withdrawn)

Automatic deletion is performed by a scheduled process that removes data older than 24 months.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

      Right of access — you can request a copy of your data
Right to rectification — you can correct inaccurate data
Right to erasure (“right to be forgotten”) — you can request deletion of your data
Right to restriction — you can limit processing in certain situations
Right to data portability — you can receive your data in a structured format
Right to object — you can object to processing (including marketing)
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
Right to lodge a complaint with ANSPDCP — if you believe your data is being processed unlawfully (see section 7)

    

How to Exercise Your Rights

Send an email to restaurant@ceaun.ro with the subject “GDPR Request” and specify what you need. You can also contact us by phone at +40 756 090 680. We will respond within 30 days.

7. Complaints

If you believe your data protection rights have been violated, you have the right to file a complaint with:

National Supervisory Authority for Personal Data Processing (ANSPDCP)

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Phone: +40 318 059 211
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

8. Data Security

We implement appropriate technical and organizational measures:

SSL/TLS encryption (HTTPS) for all data in transit
reCAPTCHA protection against automated attacks
Restricted access to personal data (authorized staff only, with role-based permissions)
Automatic deletion of data after retention period

9. Cookies

This website uses cookies for functionality and analytics:

Cookie	Provider	Purpose	Duration
_grecaptcha	Google	Anti-spam verification	Session
ceaun_cookie_consent	Ceaun	Cookie preference storage	180 days
_ga	Google Analytics	Unique visitor identification	2 years
_ga_*	Google Analytics	Session persistence	2 years
_gid	Google Analytics	User distinction	24 hours

Analytics cookies are loaded only with your consent (via the cookie banner). For detailed information, see our Cookie Policy.

10. Policy Changes

We may update this Privacy Policy periodically. Changes will be published on this page with an updated date.

11. Contact

For any questions about this policy or your data:

Email: restaurant@ceaun.ro
Phone: +40 756 090 680
Address: Str. Maica Domnului nr. 54, Sector 1, Bucharest, Romania

This policy complies with Regulation (EU) 2016/679 (GDPR) and Romanian Law No. 190/2018.