PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA

LAST UPDATED: 15.04.2026

This privacy policy ("Privacy Policy" or "Policy") explains how CESSENA TRADE COMPANY S.R.L. ("Cessena" or "We") processes the personal data of visitors to the website https://nouavillas.com (the "Site") and of the people who contact us through the Site, in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable national legislation.

GENERAL PROVISIONS

Through this Privacy Policy, clear, transparent, and easy-to-understand information is presented regarding how Cessena collects, uses, stores, and protects the personal data of the Site's users ("User", "Users", or "You"). This Policy applies to all Your interactions with Us carried out through the Site. The terms, conditions, and definitions used in this Privacy Policy shall have the meaning assigned to them by the GDPR, including the concepts of "controller", "processor", "data subject", "personal data", "processing", "recipient", as well as any other terms defined by the GDPR and used in this Privacy Policy.

PERSONAL DATA CONTROLLER

The personal data controller is the person or entity that determines how Your personal data is collected, used, and managed. The personal data controller is the limited liability company CESSENA TRADE COMPANY S.R.L., headquartered in Timișoara, 2A Divizia 9 Cavalerie St., Building P+6E, Space No. 3, 2nd Floor, Timiș County, registered with the Trade Register under no. J1991001644357 and having the Unique Registration Code (CUI) 1823951.

The personal data controller can be contacted:

By mail, at the registered office address;
By e-mail, at: [email protected]

WHAT DATA WE PROCESS

Depending on how you interact with the Site, we may process the following categories of data:

Data provided directly by You

Contact form: First and last name, contact details (e-mail, phone number, address), company details (if applicable), message content, and any other information you choose to include.
Correspondence: questions, answers, and clarifications, as well as attachments sent by You.

Automatically collected data (technical data)

IP address, browser/device data, operating system, language settings;
Visited pages, date/time of access, traffic sources, other interactions with the Site;
Cookies and similar technologies (details on this can be found in the Cookie Policy);

We do not collect special categories of personal data, within the meaning of Article 9 of the GDPR, namely information regarding health status, racial or ethnic origin, political opinions, membership in political, professional or trade union organizations, religious or philosophical beliefs, sexual orientation, biometric or genetic data, or information regarding criminal convictions or the commission of offenses.

PURPOSES AND CATEGORIES OF PERSONAL DATA

In accordance with the provisions of the GDPR Regulation and depending on how you interact with the Site, the personal data processed by Us may be used for purposes such as:

Purpose	Target data	Legal basis
Contact form; Response to requests, communication and offering;	Identification data (Name, surname, designation), Contact data (e-mail/phone/address)	art. 6 para. (1) lit. f) GDPR – legitimate interest; art. 6 para. (1) lit. b) GDPR – pre-contractual steps.
Site administration and security; Fraud/abuse prevention	Technical data; Logs	art. 6 para. (1) lit. f) GDPR – legitimate interest;
Legal obligations (Archiving, accounting, requests from authorities)	Data required by law	art. 6 para. (1) lit. c) GDPR – legal obligations;
Statistical analysis and Site improvement	Technical data, cookies	art. 6 para. (1) lit. a) GDPR – consent expressed by You; art. 6 para. (1) lit. f) – legitimate interest, where the law allows (for example for strictly necessary data)

The site uses cookie technologies necessary for its operation, as well as, if you choose to use them, analysis and/or marketing cookie technologies. Cookies strictly necessary for the proper functioning of the Site can be used without expressing Your consent, to the extent and within the limits permitted by the legislation in force. Functional, analysis and/or marketing cookies may be used only through the express expression of Your consent, through the cookie banner that will be visible upon first accessing the Site. Your preferences can be changed at any time from your browser settings. The Cookie Policy can be studied by accessing the following link: [ LINK TO COOKIE POLICY ].

RECIPIENTS OF PERSONAL DATA

As a rule, Your personal data will be stored and processed internally, by Us. However, strictly as necessary and for the purposes set out in this Privacy Policy, we may disclose Your data to:

Hosting, website maintenance and IT service providers;
Web developers, marketing agencies, CRM providers, traffic analysis providers;
Security and site abuse prevention providers;
Real estate agents, sales consultants, or other partners involved in taking over and managing Your requests, to the extent necessary for the interest expressed by You;
External consultants (lawyers/accountants/auditors), when necessary;
Public authorities/courts, when we are requested to do so and we must fulfill a legal obligation, respectively when required to defend our legitimate rights.

In all cases where we use external processors or service providers, who will act as processors, we aim to have an adequate contractual framework, including regarding compliance with confidentiality and data protection obligations by our external partners. Cessena will not transfer Your personal data to third countries outside the European Economic Area. If such a transfer takes place, this transfer will be carried out strictly for the purposes set out in this Privacy Policy and will be carried out with the implementation of appropriate safeguards provided by the GDPR (e.g., standard contractual clauses approved by the European Commission) and, where appropriate, additional security measures.

STORAGE DURATION

Except in situations where European or national legislation requires a longer storage period, Your personal data is stored only for the period necessary to fulfill the purposes for which it was collected and processed. Technical and security data will be kept for a limited period of time, proportionate to the purpose for which they were stored and processed.

RIGHTS OF THE DATA SUBJECT

In accordance with the provisions of the GDPR, You, as a data subject of the personal data processing by Cessena, benefit from the following rights regarding the processing of personal data:

Right of access – The data subject has the right to obtain confirmation of the processing of their data and to receive a copy of it.
Right to rectification – The data subject has the right to request the rectification of inaccurate data or the completion of incomplete data.
Right to erasure of data ("right to be forgotten") – The data subject has the right to obtain the erasure of personal data, under the conditions provided by the GDPR. Cessena has the right to refuse the request for erasure in certain situations, such as when the processing is necessary to comply with a legal obligation, for the establishment, exercise, or defense of a legal claim, or for the exercise of freedom of expression and information.
Right to restriction of processing – The data subject can request the restriction of the processing of their personal data.
Right to data portability – The data subject has the right to receive the personal data concerning them, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller.
Right to object – The data subject has the right to object to the processing of personal data, under the conditions provided by the GDPR.
Right not to be subject to a decision based solely on automated processing.
Right to withdraw consent – In situations where personal data are processed based on consent, the data subject has the right to withdraw their consent.
Right to lodge a complaint – The data subject has the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing ("ANSPDCP").

To exercise any of Your rights, as well as for any other requests regarding the processing of Your personal data, you can contact us using one of the methods provided in this Privacy Policy. We will respond to any request regarding the processing of personal data within a maximum of one month from the date of receipt of the request, in accordance with applicable legislation. This period may be extended by up to two further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within one month of receiving the request and communicate the reasons for the delay. In certain situations, we may not be able to comply with a request regarding personal data, to the extent that this refusal is permitted by current legislation or the request is manifestly unfounded or excessive. In such cases, we will provide the User with a clear justification for the reasons for refusal, respectively inform them about the possibility of lodging a complaint with the competent supervisory authority or bringing an action before the courts.

You have the right to lodge a complaint with the supervisory authority regarding the processing of Your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows:

National Supervisory Authority for Personal Data Processing ("ANSPDCP")
Address: B-dul G-ral. Gheorghe Magheru Nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania;
Phone: +40.318.059.211 or +40.318.059.212
E-mail: [email protected]

Without prejudice to Your right to contact the supervisory authority at any time, we encourage you to contact us first to try to resolve any issue amicably. We are committed to making all reasonable efforts to respond promptly and efficiently to Your requests.

DATA SECURITY

We apply appropriate technical and organizational measures, proportionate to the nature of the processed data and the associated risks, to protect personal data against unauthorized disclosure or unauthorized access, accidental or unlawful destruction, loss, or alteration. In this regard, we may use security measures such as:

Limiting access to processed personal data only to authorized persons;
Using IT security systems;
Data encryption, where possible;
Continuous monitoring of risks;
Developing internal organizational measures, such as training authorized persons, confidentiality rules, incident management procedures, and periodic evaluation of security measures.

However, we cannot completely rule out the risk of security incidents caused by external factors or unforeseen vulnerabilities. If we identify a security incident affecting personal data and regarding which we have legal obligations, we will take all necessary measures to limit the effects and will transmit the notifications required by the applicable data protection legislation to the data subjects and/or the competent authority, as appropriate.

LINKS TO THIRD PARTIES

The Site may contain links to third-party sites, services, or platforms (including social networks). The processing of personal data by these third parties will take place according to their privacy policies, for which we assume no liability. We recommend reviewing the privacy policies applicable to each accessed site or service.

CHANGES AND UPDATES TO THE PRIVACY POLICY

We reserve the right to periodically modify and update this Privacy Policy, especially in the following situations: (i) when applicable legislative or interpretation changes occur (for example, in the field of data protection and electronic communications); (ii) when we change the Site's functionalities (for example, by introducing new features, analytics/marketing tools, and/or integrations with other third-party platforms); (iii) when we change our providers or the way we provide services.

The updated version will be published on the Site, and the "Last updated" date at the beginning of the document will be modified accordingly. Changes to the Privacy Policy will take effect upon their publication on the Site, and their validity is not conditional upon prior notification of the Site's Users. We encourage you to periodically review this Privacy Policy to stay informed about how we process Your personal data.

This Privacy Policy has been drawn up in accordance with the provisions of the GDPR, as well as those of the national legislation applicable in the field of personal data protection.