top of page

Privacy Policy

​Last updated: January 29, 2026 ​

This Privacy Policy describes how Cafe Del Mars ("we", "our café") collects, uses, and protects the personal data of visitors to our website www.cafedelmars.ro and of customers who make online reservations.

1. GENERAL INFORMATION

Data Controller:

  • Name: SIX OF WANDS S.R.L. / Cafe Del Mars

  • Unique Registration Code (CUI): RO48036041

  • Address: 8 Calea Moților, Cluj-Napoca, Cluj County, Romania

  • Email: contact@cafedelmars.ro

  • Phone: 0745885485 ​

2. PERSONAL DATA COLLECTED

2.1 Data collected through the reservation form

When you make an online reservation on our website, we collect the following data:

  • First and last name (mandatory)

  • Email address (mandatory) – automatically saved in our database

  • Phone number (mandatory)

  • Date and time of the reservation (mandatory)

  • Number of people (mandatory)

  • Special mentions/comments (optional)

2.2 Automatically collected data (website visitors)

When you visit our website, we automatically collect the following information through cookies and Google Analytics:

  • Full IP address

  • Browser type and version

  • Operating system

  • Time and date of access

  • Pages visited

  • Duration of the visit

  • Approximate geographic location (based on IP)

Important: Our website does not directly collect personally identifiable data (name, email, phone) for browsing alone, as we do not use contact forms, user accounts, or an online shop outside of the reservation system. ​​

3. PURPOSE OF DATA PROCESSING

We process your personal data for the following purposes:

  • Reservation processing: To confirm and manage your reservation, to contact you regarding your booking, and to provide the requested services.

  • Communication: To send you reservation confirmations, updates, cancellations, or other communications related to our services.

  • Service improvement: To analyze customer preferences and enhance the booking experience.

  • Website operation: To ensure the correct functionality of the website.

  • Analytics: To understand how our website is used and to improve it via Google Analytics.

  • Security: To protect the website against threats and prevent fraud.

  • Direct marketing (optional, only with separate consent): To send you offers, promotions, and news about the café. ​

4. LEGAL BASIS FOR PROCESSING

We process your data based on the following legal grounds:

  • Your consent (Art. 6(1)(a) GDPR) – for analytical cookies (Google Analytics).

  • Performance of a contract (Art. 6(1)(b) GDPR) – for processing and managing your reservations. Providing this data is necessary to complete the reservation; refusal to provide this data will make it impossible to process your booking.

  • Legitimate interest (Art. 6(1)(f) GDPR) – for website security. ​

5. GOOGLE ANALYTICS

We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google").

5.1 What data Google Analytics collects

  • IP address (pseudonymized)

  • Browser and device information

  • Pages visited and time spent on the site

  • Approximate geographic location

  • Traffic source

5.2 How we use this data

The data is used exclusively to understand how visitors interact with our website and to improve the user experience.

5.3 Cookies used

Google Analytics uses cookies to distinguish users and record sessions. For full details, please consult our Cookies Policy.

5.4 More information

  • How Google Analytics uses cookies

  • Google Privacy Policy

  • Data privacy in Google Analytics ​

6. DATA SHARING

We do not sell or share your personal data with third parties for marketing purposes.

We share data with:

  • Google Analytics: Google Ireland Limited processes data on our behalf for analytics services. Google is certified under the EU-U.S. Data Privacy Framework.

  • Hosting provider: For the storage and technical operation of the website.

  • Authorized personnel: Our authorized employees have access to reservation data to provide the requested services.

  • IT service providers: For the maintenance and security of the reservation system.

  • Authorities: When we are legally obligated to do so. ​

7. DATA TRANSFERS OUTSIDE THE UE

Google Analytics involves the transfer of data to Google servers located in the United States of America. Google is certified under the EU-U.S. Data Privacy Framework and provides adequate safeguards for the protection of your data in accordance with the GDPR through Standard Contractual Clauses (SCCs).

You can disable Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. ​

8. DATA RETENTION PERIOD

Reservation Data:

  • Active reservations: Kept until the reservation is completed.

  • Completed reservations: Kept for 12 months from the reservation date for statistics and service improvement.

  • Cancelled reservations: Kept for 6 months from the cancellation date.

Marketing Consent:

  • Until consent is withdrawn, or for a maximum of 3 years from the last interaction.

Google Analytics Cookies:

  • According to the periods specified in the settings of each cookie (usually between 1 month and 2 years). ​

  • Analytics data in Google Analytics: 14 months (default setting).

  • Security logs: 3–6 months. ​

9. YOUR RIGHTS

Under the GDPR, you have the following rights:

9.1 Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not we process your data and to receive a copy of it. You may request:

  • A copy of all data we hold about you.

  • Information on how we use your data.

  • Your reservation history.

9.2 Right to rectification (Art. 16 GDPR)

You can request the correction of inaccurate data or the completion of incomplete data.

9.3 Right to erasure - "the right to be forgotten" (Art. 17 GDPR)

You can request the erasure of your data under certain conditions.

When you can request erasure:

  • The reservation is completed and you no longer want us to keep the data.

  • You withdraw your consent for marketing.

  • You object to the processing and there are no overriding legitimate grounds.

When we CANNOT erase the data:

  • If you have an active reservation (necessary for the performance of the contract).

  • If we have a legal obligation to retain the data (e.g., litigation/accounting purposes).

  • For the establishment, exercise, or defense of legal claims.

9.4 Right to restriction of processing (Art. 18 GDPR)

You can request the limitation of data processing in certain situations.

9.5 Right to data portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used format.

9.6 Right to object (Art. 21 GDPR)

You can object to the processing of your data in certain situations.

  • Objection to direct marketing: You can object at any time to receiving marketing communications by:

    • Clicking "Unsubscribe" in any email received.

    • Contacting us via our email address.

    • Changing your preferences in your account (if applicable).

  • For Google Analytics: You can stop tracking by:

    • Installing the Google Analytics Opt-out Add-on.

    • Adjusting cookie settings in your browser.

    • Using our cookie banner.

9.7 Right to withdraw consent

You can withdraw your consent for Google Analytics cookies at any time via the cookie settings on the website or through your browser.

9.8 Right to lodge a complaint

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

ANSPDCP Contact Information:

10. EXERCISING YOUR RIGHTS

To exercise your rights or for any questions regarding the processing of your data, you can contact us at:

  • Email: contact@cafedelmars.ro

  • Phone: 0745885485

  • Postal Address: Mun. Cluj-Napoca, Calea Moților nr. 8, jud. Cluj

  • We will respond to your request within a maximum of 30 days from receipt. ​

11. DATA SECURITY

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted connections (SSL/HTTPS)

  • Restricted access to systems

  • Regular backups

  • Malware and attack protection

Organizational Measures:

  • Data access is restricted to authorized personnel only (on a need-to-know basis).

  • Confidentiality agreements signed with all employees.

  • Data breach management procedures.

  • Regular data protection training for staff.

Note: While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We encourage you to be cautious with the information you share online. ​

12. MINORS

Our website is not intended for children under the age of 16. We do not knowingly collect data from minors without the consent of parents or legal guardians. ​

13. CHANGES TO THIS POLICY

We reserve the right to update this Privacy Policy. Any changes will be published on this page along with the updated date. We recommend checking this page periodically. ​

14. LINKS TO OTHER WEBSITES

Our website may contain links to third-party sites (for example, social networks). We are not responsible for the privacy practices of those websites. We recommend reading the privacy policies of each site you visit. ​

15. CONTACT

For any questions regarding this Privacy Policy or how we process your data, please contact us:

Cafe Del Mars

  • Address: 8 Calea Moților, Cluj-Napoca, Cluj County, Romania

  • Email: contact@cafedelmars.ro

  • Phone: 0745885485 ​

By using our website, you confirm that you have read and understood this Privacy Policy and consent to the processing of your data as described above.

Café del MARS

+40745 885 485

Calea Moților 8

Cluj-Napoca, România

Legal

bottom of page