LAST UPDATED: 15.04.2026
This privacy policy ("Privacy Policy" or "Policy") explains how CESSENA TRADE COMPANY S.R.L. ("Cessena" or "We") processes the personal data of visitors to the website https://nouavillas.com (the "Site") and of the people who contact us through the Site, in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable national legislation.
Through this Privacy Policy, clear, transparent, and easy-to-understand information is presented regarding how Cessena collects, uses, stores, and protects the personal data of the Site's users ("User", "Users", or "You"). This Policy applies to all Your interactions with Us carried out through the Site. The terms, conditions, and definitions used in this Privacy Policy shall have the meaning assigned to them by the GDPR, including the concepts of "controller", "processor", "data subject", "personal data", "processing", "recipient", as well as any other terms defined by the GDPR and used in this Privacy Policy.
The personal data controller is the person or entity that determines how Your personal data is collected, used, and managed. The personal data controller is the limited liability company CESSENA TRADE COMPANY S.R.L., headquartered in Timișoara, 2A Divizia 9 Cavalerie St., Building P+6E, Space No. 3, 2nd Floor, Timiș County, registered with the Trade Register under no. J1991001644357 and having the Unique Registration Code (CUI) 1823951.
The personal data controller can be contacted:
Depending on how you interact with the Site, we may process the following categories of data:
We do not collect special categories of personal data, within the meaning of Article 9 of the GDPR, namely information regarding health status, racial or ethnic origin, political opinions, membership in political, professional or trade union organizations, religious or philosophical beliefs, sexual orientation, biometric or genetic data, or information regarding criminal convictions or the commission of offenses.
In accordance with the provisions of the GDPR Regulation and depending on how you interact with the Site, the personal data processed by Us may be used for purposes such as:
| Purpose | Target data | Legal basis |
|---|---|---|
| Contact form; Response to requests, communication and offering; | Identification data (Name, surname, designation), Contact data (e-mail/phone/address) | art. 6 para. (1) lit. f) GDPR – legitimate interest; art. 6 para. (1) lit. b) GDPR – pre-contractual steps. |
| Site administration and security; Fraud/abuse prevention | Technical data; Logs | art. 6 para. (1) lit. f) GDPR – legitimate interest; |
| Legal obligations (Archiving, accounting, requests from authorities) | Data required by law | art. 6 para. (1) lit. c) GDPR – legal obligations; |
| Statistical analysis and Site improvement | Technical data, cookies | art. 6 para. (1) lit. a) GDPR – consent expressed by You; art. 6 para. (1) lit. f) – legitimate interest, where the law allows (for example for strictly necessary data) |
The site uses cookie technologies necessary for its operation, as well as, if you choose to use them, analysis and/or marketing cookie technologies. Cookies strictly necessary for the proper functioning of the Site can be used without expressing Your consent, to the extent and within the limits permitted by the legislation in force. Functional, analysis and/or marketing cookies may be used only through the express expression of Your consent, through the cookie banner that will be visible upon first accessing the Site. Your preferences can be changed at any time from your browser settings. The Cookie Policy can be studied by accessing the following link: [ LINK TO COOKIE POLICY ].
As a rule, Your personal data will be stored and processed internally, by Us. However, strictly as necessary and for the purposes set out in this Privacy Policy, we may disclose Your data to:
In all cases where we use external processors or service providers, who will act as processors, we aim to have an adequate contractual framework, including regarding compliance with confidentiality and data protection obligations by our external partners. Cessena will not transfer Your personal data to third countries outside the European Economic Area. If such a transfer takes place, this transfer will be carried out strictly for the purposes set out in this Privacy Policy and will be carried out with the implementation of appropriate safeguards provided by the GDPR (e.g., standard contractual clauses approved by the European Commission) and, where appropriate, additional security measures.
Except in situations where European or national legislation requires a longer storage period, Your personal data is stored only for the period necessary to fulfill the purposes for which it was collected and processed. Technical and security data will be kept for a limited period of time, proportionate to the purpose for which they were stored and processed.
In accordance with the provisions of the GDPR, You, as a data subject of the personal data processing by Cessena, benefit from the following rights regarding the processing of personal data:
To exercise any of Your rights, as well as for any other requests regarding the processing of Your personal data, you can contact us using one of the methods provided in this Privacy Policy. We will respond to any request regarding the processing of personal data within a maximum of one month from the date of receipt of the request, in accordance with applicable legislation. This period may be extended by up to two further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within one month of receiving the request and communicate the reasons for the delay. In certain situations, we may not be able to comply with a request regarding personal data, to the extent that this refusal is permitted by current legislation or the request is manifestly unfounded or excessive. In such cases, we will provide the User with a clear justification for the reasons for refusal, respectively inform them about the possibility of lodging a complaint with the competent supervisory authority or bringing an action before the courts.
You have the right to lodge a complaint with the supervisory authority regarding the processing of Your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows:
Without prejudice to Your right to contact the supervisory authority at any time, we encourage you to contact us first to try to resolve any issue amicably. We are committed to making all reasonable efforts to respond promptly and efficiently to Your requests.
We apply appropriate technical and organizational measures, proportionate to the nature of the processed data and the associated risks, to protect personal data against unauthorized disclosure or unauthorized access, accidental or unlawful destruction, loss, or alteration. In this regard, we may use security measures such as:
However, we cannot completely rule out the risk of security incidents caused by external factors or unforeseen vulnerabilities. If we identify a security incident affecting personal data and regarding which we have legal obligations, we will take all necessary measures to limit the effects and will transmit the notifications required by the applicable data protection legislation to the data subjects and/or the competent authority, as appropriate.
The Site may contain links to third-party sites, services, or platforms (including social networks). The processing of personal data by these third parties will take place according to their privacy policies, for which we assume no liability. We recommend reviewing the privacy policies applicable to each accessed site or service.
We reserve the right to periodically modify and update this Privacy Policy, especially in the following situations: (i) when applicable legislative or interpretation changes occur (for example, in the field of data protection and electronic communications); (ii) when we change the Site's functionalities (for example, by introducing new features, analytics/marketing tools, and/or integrations with other third-party platforms); (iii) when we change our providers or the way we provide services.
The updated version will be published on the Site, and the "Last updated" date at the beginning of the document will be modified accordingly. Changes to the Privacy Policy will take effect upon their publication on the Site, and their validity is not conditional upon prior notification of the Site's Users. We encourage you to periodically review this Privacy Policy to stay informed about how we process Your personal data.
This Privacy Policy has been drawn up in accordance with the provisions of the GDPR, as well as those of the national legislation applicable in the field of personal data protection.