PRIVACY PROTECTION AND PERSONAL DATA PROCESSING

NOTICE TO USERS 

DINING ASSOCIATION S.R.L., the owner of the patio.ro website, considers data privacy to be an essential part of its business and respects the privacy of its users and customers. 

DINING ASSOCIATION S.R.L. processes and stores personal data within the EU and is able to demonstrate compliance at any time. This Privacy Policy complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding the protection of natural persons with respect to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “GDPR”. 

Our website complies with the General Data Protection Regulation (“GDPR”), Regulation (EU) 2016/679, which is a binding legal act. This Privacy Policy is managed by the Data Protection Officer / DPO within DINING ASSOCIATION S.R.L., who holds overall responsibility for ensuring compliance. 

DINING ASSOCIATION S.R.L. shall be considered the data controller and will determine the purposes and methods of processing the data entered and collected. 

PRINCIPLES 

The data protection policy of DINING ASSOCIATION S.R.L. is based on the following data protection principles: 

Personal data shall be processed lawfully, fairly, and transparently.  

The collection of personal data shall be adequate, relevant, and limited to the information necessary for the purpose of processing, and the data shall not be further processed in a manner incompatible with those purposes.  

Personal data shall be accurate and, where necessary, kept up to date.  

All personal data shall be kept confidential and stored in a manner that ensures the required level of security.  

Personal data shall not be disclosed to third parties unless this is necessary for the provision of services in accordance with the relevant agreements.  

Data subjects have the right to request access to their personal data, rectification and erasure of such data, objection to or restriction of data processing, as well as the right to data portability.  

PURPOSE OF PROCESSING AND TYPES OF DATA PROCESSED 

DINING ASSOCIATION S.R.L. processes personal data in order to fulfil its contractual obligations in its relationship with you, if you have requested services offered by our company. 

The personal data processed for this purpose is as follows: 

name  

email address  

phone number  

Users of the patio.ro website may interact with us by completing contact forms. The personal data provided for this purpose is: 

name  

email address  

DISCLOSURE OF PERSONAL DATA 

Personal data shall not be disclosed to third parties, except where disclosure is necessary in order for us to provide our services. 

For the purpose stated above, your personal data may be disclosed to contractual partners in order to provide high-quality services. 

We will not disclose personal data to third parties for the purpose of allowing them to market their products and services to our customers. 

If users do not want us to disclose personal data to these companies, they are asked to contact us at: info@patio.ro. 

DURATION OF PROCESSING 

Data processed on contractual grounds will be retained until the legal retention periods have been fulfilled. 

The processing of your personal data provided for communication purposes will continue until the date on which you withdraw your consent to processing. 

After the processing period indicated above has expired or after you withdraw your consent, if we no longer have legal or legitimate grounds to process your data, the data will be deleted from the database. 

TECHNOLOGIES USED 

The patio.ro website uses cookies or similar technologies to ensure the best user experience, analyze trends, administer the website, track client use of the website, and collect demographic information about the user base as a whole. 

Cookies are small text files placed on the client’s device in order to track usage and record preferences. 

Our cookies do not contain information that can identify individuals. 

We automatically collect certain information through the use of cookies and tracking technologies, such as: 

Internet Protocol (IP) addresses  

browser type  

Furnizor Internet (Internet Service Provider – ISP)  

referring/exit pages  

pages viewed on our website, such as HTML pages or graphics  

operating system  

date/time  

clickstream data 

This information is used to analyze overall trends and administer the website. 

Website users can control the use of cookies at browser level. If the user chooses to disable cookies, this may limit certain features and functions of our website and services. 

SECURITY OF DATA PROCESSING 

DINING ASSOCIATION S.R.L. takes all necessary organizational and technical measures to protect the confidentiality and security of your personal information collected through the patio.ro website. 

We will process data securely and will implement and maintain appropriate technical measures to protect personal data against accidental or unlawful destruction or loss, alteration, disclosure, or unauthorized access, especially where processing involves the transmission of data over a network, as well as against any other form of unlawful processing. 

Questions regarding the security of personal data may be sent to: info@patio.ro. 

RIGHTS OF DATA SUBJECTS 

The GDPR grants individuals whose personal data is being processed the following general rights: 

The right to be informed  

The right of access  

The right to rectification  

The right to erasure  

The right to restrict processing  

The right to data portability  

The right to object  

Rights related to automated decision-making and profiling  

RIGHT TO BE INFORMED 

This refers to the obligation to provide “fair processing information”, usually through a privacy notice. It highlights the need for transparency regarding how we use personal data. 

Under Article 13, “Information to be provided where personal data are collected from the data subject”, Paragraph 1, the following information must be provided: 

The right to be informed  

The right of access  

The right to rectification  

The right to erasure  

The right to restrict processing  

The right to data portability  

The right to object  

Rights related to automated decision-making and profiling  

RIGHT TO BE INFORMED 

This refers to the obligation to provide “fair processing information”, usually through a privacy notice. It highlights the need for transparency regarding how we use personal data. 

Under Article 13, “Information to be provided where personal data are collected from the data subject”, Paragraph 1, the following information must be provided: 

the identity and contact details of the controller and, where applicable, of the controller’s representative  

the contact details of the Data Protection Officer (DPO)  

the purposes of the processing of personal data, as well as the legal basis for processing  

the legitimate interests pursued by the controller or by a third party  

the recipients or categories of recipients of the personal data  

the intention to transfer personal data to a third country and the safeguards ensuring that such transfer is lawful and does not prejudice the interests of the data subject  

In addition, at the time when the personal data has already been obtained, according to Article 13, paragraph 2, the controller must provide the data subject with a series of additional information, necessary to ensure the transparency of the processing: 

whether the request is part of a legal or contractual requirement or obligation, and the possible consequences of failing to provide the data  

the data retention period or the criteria used to determine that period  

the right to rectification, erasure, restriction, and objection  

the right to data portability  

the right to withdraw consent at any time, where applicable  

the right to lodge a complaint with a supervisory authority  

In addition, at the time when the personal data has already been obtained, according to Article 13, paragraph 2, the controller must provide the data subject with a series of additional information, necessary to ensure the transparency of the processing: 

the purpose of processing the personal data  

the categories of personal data concerned  

the recipients to whom the personal data has been disclosed  

the period for which the personal data will be stored  

the right to rectification, erasure, objection, or restriction  

the right to lodge a complaint with a supervisory authority  

where the personal data is not collected from the data subject, any available information regarding its source  

RIGHT OF ACCESS 

Under Article 15, “Right of access by the data subject”, the following types of information may be requested: 

the data is no longer necessary for the purposes for which it was collected or processed  

the data subject withdraws the consent on which the processing is based  

the data subject objects to processing under Article 21(1), the right to object  

there are uncertainties regarding the lawfulness of the processing of personal data  

the data must be erased in order to comply with a legal obligation to which the controller is subject  

the personal data belongs to children under the age of 16

RIGHT TO RECTIFICATION 

Under Article 16, “Right to rectification”: 

“The data subject shall have the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by providing a supplementary statement.” 

THE RIGHT TO ERASURE 

Under Article 17, Paragraph 1, the Right to erasure — also known as the “right to be forgotten” — the data subject has the right to obtain from the controller the erasure of personal data without undue delay, and the controller has the obligation to erase personal data where one of the following grounds applies: 

the data is no longer necessary for the purposes for which it was collected or processed  

the data subject withdraws the consent on which the processing is based  

the data subject objects to processing under Article 21(1), the right to object  

there are uncertainties regarding the lawfulness of the processing of personal data  

the data must be erased in order to comply with a legal obligation to which the controller is subject  

the personal data belongs to children under the age of 16  

RIGHT TO RESTRICTION OF PROCESSING 

Under Article 18, the Right to restriction of processing, the data subject has the right to obtain from the controller restriction of processing in one of the following cases: 

the accuracy of the data is contested, for a period enabling the controller to verify the accuracy of the data concerned  

the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instea  

the controller no longer needs the personal data for processing purposes, but the data subject requires it for legal proceedings  

the data subject has objected to processing under Article 21(1), for the period during which it is verified whether the legitimate grounds of the controller override those of the data subject  

RIGHT TO DATA PORTABILITY 

Under Article 20, the data subject has the right to transmit personal data to another data controller. 

The data controller must provide the data subject with a copy of the personal data in a structured, commonly used, and machine-readable format. 

Furthermore, the data controller must not prevent the transmission of personal data to a new data controller. 

The right to data portability applies only where: 

the data is processed by automated means  

the data subject has given consent to the processing  

the processing is necessary for the performance of a contract  

THE RIGHT TO OBJECT 

Under Article 21, the data subject has the right to object to: 

the processing of personal data for direct marketing purposes  

the processing of data for profiling purposes  

the processing of data by automated means  

processing for scientific or historical purposes 

RIGHTS RELATED TO AUTOMATED DECISION-MAKING AND PROFILING 

Under Article 22, individuals have the right not to be subject to a decision where that decision is based on automated processing and produces legal effects or similarly significant effects concerning the individual. 

The rights mentioned above may be exercised at any time by submitting a written, dated, and signed request, or an electronic request, to the Controller at the following email address: 

info@patio.ro 

Requests may also be sent by post to the registered office of DINING ASSOCIATION S.R.L.: 

Str. Balanței 46(S1), Petrești 

We will process the request and respond as soon as possible, depending on the complexity and number of requests received. 

If you would like any further information regarding the above, including how to exercise your rights, please send us a written, dated, and signed request using the contact details mentioned above. 

CHANGES TO THIS POLICY 

This policy may be updated from time to time, for example as a result of changes to relevant legislation. 

If material changes are made, customers will be notified by email or through the website before the changes take effect. 

We encourage customers to check this page periodically to stay informed about the latest updates to our privacy practices. 

HOW CAN YOU CONTACT US? 

If you have any questions, complaints, or comments regarding this Privacy Policy or our personal data collection practices, please contact us at: 

E-mail: info@patio.ro 
Phone: 0724 258 147 

patio.ro is owned by DINING ASSOCIATION S.R.L. processes and stores personal data within the EU and is able to demonstrate compliance at any time. 

Tax ID.: 36189122 
Trade Register No.: J2022004520236 
Address Str. Balanței 46(S1), Petrești 
IBAN: RO76BTRLRONCRT0350788701, Banca Transilvania 

Last updated: 11.06.2026