The website https://hils.ro includes seven subdomains: https://hils.ro/brauner/, https://hils.ro/pallady/, https://hils.ro/splai/, https://hils.ro/sunrise/, https://hils.ro/titanium/, https://hils.ro/republica/ and https://hils.ro/nord.
EDIFICIA STAR CONSTRUCT S.R.L., a Romanian legal entity, with its registered office in Bucharest, Sector 3, 66 Theodor Pallady Boulevard, registered under unique identification code 32264612 and registered with the Trade Register Office attached to the Bucharest Tribunal under no. J40/11636/2013, is the owner and administrator of https://hils.ro/brauner/ and https://hils.ro/pallady/ (“Edificia Star Construct”).
BROOK BUILDING DEVELOPMENT S.R.L., a Romanian legal entity, with its registered office in Bucharest, Sector 3, 66A Theodor Pallady Boulevard, ground floor, Building 9, Apartment 7, registered under unique identification code 34131388 and registered with the Trade Register Office attached to the Bucharest Tribunal under no. J40/3832/2018, is the owner and administrator of https://hils.ro/splai/ (“Brook Building Development”).
FUTURE BUSINESS IDEAS S.R.L., a Romanian legal entity, with its registered office in Bucharest, Sector 3, 55 Traian Street, ground floor, Room 011, registered under unique identification code 27615512 and registered with the Trade Register Office attached to the Bucharest Tribunal under no. J40/207/2018, is the owner and administrator of https://hils.ro/republica/ (“Future Business Ideas”).
VALUE INVESTOR EXPERT S.R.L., a Romanian legal entity, with its registered office in Popești-Leordeni, 2 Cheiul Dâmboviței Street, Plot 4, Parcel 115/4, Villa D7, Ground Floor, Room 1, Ilfov County, registered under unique identification code 38527858 and registered with the Trade Register Office attached to the Bucharest Tribunal under no. J23/5867/2017, is the owner and administrator of https://hils.ro/titanium/ and https://hils.ro/nord (“Value Investor Expert”).
Edificia Star Construct, Brook Building Development, Future Business Ideas and Value Investor Expert shall hereinafter be jointly referred to as the “HILS Companies”.
The HILS Companies, as identified above, acting as joint controllers of personal data, designate Edificia Star Construct as the lead joint controller to represent them in their relationship with data subjects and with the National Supervisory Authority for Personal Data Processing, including for the purposes of this Privacy Policy.
The HILS Companies comply with the applicable legal provisions regarding the protection of personal data in the conduct of their entire activity and uphold respect, trust and confidentiality, ensuring the security of all personal information collected through the website and its subdomains.
The HILS Companies value the confidentiality of information belonging to visitors of the website https://hils.ro and its subdomains — https://hils.ro/brauner/, https://hils.ro/pallady/, https://hils.ro/splai/, https://hils.ro/sunrise/, https://hils.ro/titanium/, https://hils.ro/republica/ and https://hils.ro/nord — as well as of individuals whose personal data they receive in the course of providing their services.
This Privacy Policy explains how the HILS Companies collect and process personal information through the website and its subdomains, as well as in the course of their real estate development activities, while ensuring that your personal data is processed responsibly and in compliance with the applicable data protection legislation.
By providing personal information on the website https://hils.ro and its subdomains — https://hils.ro/brauner/, https://hils.ro/pallady/, https://hils.ro/splai/, https://hils.ro/sunrise/, https://hils.ro/titanium/, https://hils.ro/republica/ and https://hils.ro/nord — you agree to the information handling practices described in this Privacy Policy. We encourage you to read the section entitled “Your Rights” below in order to understand the choices available to you regarding your personal information.
I. OUR CONTACT DETAILS
If you have any comments, suggestions or questions regarding any information contained in this notice, or any other matters related to the processing of your personal data, please do not hesitate to contact us. Depending on your preference, you may reach us through any of the communication channels listed below:
Company name: EDIFICIA STAR CONSTRUCT S.R.L.
Address: 66 Theodor Pallady Boulevard, Sector 3, Bucharest, Romania
Phone number: +40 757 777 555
Email address: privacy@hils.ro
II. COMPLIANCE WITH PROCESSING PRINCIPLES
In carrying out their personal data processing activities, the HILS Companies always adhere to the following principles:
As a rule, your data is not transferred outside the European Economic Area. In exceptional situations, where necessary, any transfer of your personal data outside the European Economic Area will take place only with appropriate safeguards in accordance with applicable data protection legislation and with proper notification to you.
However, please note that in relation to the use of the WhatsApp Chat Widget, for any potential international data transfers carried out by the application provider (Meta Platforms Ireland Limited), you are kindly requested to consult its own policies. Any such transfers are carried out in accordance with the provider’s compliance policies and safeguards, and the HILS Companies assume no responsibility in this regard.
III. PERSONAL DATA WE PROCESS
The data we process consists of standard categories of personal data obtained directly from you or from third parties who were authorized to share such information with us. This may include the following categories of data:
Ordinary personal data, such as:
(i) Personal details: first name; last name; date of birth / age; citizenship; domicile / residence address; mobile/landline phone number; fax number; email address; personal identification number (CNP); other information contained in your identity document (including date of issue, date of expiry, place of birth), as well as any information you provide in messages sent through the communication channels available on the website.
(ii) Contact details, such as: domicile / residence address; mobile/landline phone number; email address.
(iii) Payment details, such as: billing address; bank account number or bank card number / IBAN; first and last name of the bank account or card holder (which may differ from yours if another person has made a payment on your behalf); card validity start date; card expiry date.
(iv) Insurance-related details, such as: insured/uninsured status; insurer (in the case of private insurance).
(v) Opinions and views, such as: any opinions and views you communicate to us, or any opinions and views you publicly post about us on social media platforms or through other public channels.
(vi) Data relating to purchases and interactions with us, such as: records of your interactions with us; details regarding your purchase history of services provided by us.
(vii) Your contact with us, such as: notes or recordings of phone calls made to us; data submitted through the contact form on the website; emails or letters sent to us; or any other records of communication with us.
(viii) Your voice recording and notes taken during a telephone call.
(ix) Information regarding your level of satisfaction with our services and/or with other service providers on the market.
We will collect your ordinary personal data, for example, when:
(i) You request an offer or purchase any of our properties;
(ii) You subscribe to newsletters, alerts or other services provided by the HILS Companies;
(iii) You subscribe to newsletters, alerts or other services provided by companies affiliated with the HILS Companies. In this regard, Edificia Star Construct, as lead joint controller, will send you marketing communications also concerning the services/offers provided by the following partner companies: Medikali Private Healthcare SRL, RIN Grand Estate SRL, RIN Hospitality Company SRL and DR. NEGOITA BODY CLINIC SRL. However, Edificia Star Construct will not disclose the email address to which such communications are sent to the affiliated companies, as all communications will be carried out exclusively by Edificia Star Construct;
(iv) You contact us through various channels, including the contact form available on the website, by telephone, or via the WhatsApp Chat Widget, in order to request information regarding our services;
(v) You visit or browse our website;
(vi) Where we transmit such data to our third-party providers or collaborators, to the extent that we have a legal basis for doing so, for example: public authorities or institutions, IT service and system providers, lawyers, consultants, accountants, etc.;
(vii) When your personal data is publicly available;
(viii) We use cookies (small text files stored in your browser) and other technologies such as web beacons (small, transparent image files used to track your activity on our website).
Our respect for your data also means that it receives appropriate human oversight by our staff. Under the current circumstances, you will not be subject to a decision based solely on automated processing of your data (including profiling) that produces legal effects concerning you or similarly significantly affects you.
IV. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
The purposes for which we process your personal data are as follows:
(i) For the sale of our properties or the provision of our services, including the performance of contractual steps and keeping you informed throughout the contracting process;
(ii) Communication with you by any means (for example: email, mobile or landline phone, text messages (SMS), post, messages sent via social media platforms or in person, including through the WhatsApp Chat Widget), newsletter subscriptions or providing other information that may be of interest to you;
(iii) Management of our communication systems, ensuring IT security, conducting security audits of our IT networks, issuing reports to competent authorities, or remedying system errors;
(iv) Compliance with our legal obligations, including those related to archiving, health and safety, record-keeping and any other obligations imposed by applicable legislation;
(v) Financial management, including issuing receipts, invoices and payment confirmations to you; receiving payments from you, including payments made by another person on your behalf; debt recovery; refunding amounts owed to you; sending notifications; preparing financial and operational reports, activity reports and financial statements related to contracts;
(vi) Establishing, exercising or defending legal claims before public authorities or other dispute resolution bodies;
(vii) Video surveillance of public areas for safety and security purposes, in accordance with applicable legal provisions;
(viii) Conducting surveys and requesting feedback in order to obtain your opinion regarding our services and to identify potential issues with existing services for the purpose of improving them;
(ix) Evaluation and training of our agents, improving customer assistance services and ensuring a higher quality of interaction with HILS Companies’ consultants;
(x) Verification and resolution of complaints arising from your interaction with a representative or consultant of the HILS Companies;
(xi) Administration of social media pages, as well as analyses and statistics regarding general public opinion.
Please note that while communications via WhatsApp may take place between you and us, the WhatsApp Business application is owned by Meta Platforms Ireland Limited, which may independently carry out personal data processing activities beyond our control.
V. LEGAL GROUNDS FOR PROCESSING YOUR DATA
The HILS Companies process your ordinary personal data based on the following legal grounds:
(i) Consent – The HILS Companies always obtain the data subject’s consent for the processing of their personal data for one or more specific purposes (e.g., in the case of marketing communications, or where you agree to have your calls recorded during telephone interactions with a consultant/representative of the HILS Companies).
(ii) Conclusion or performance of a contract with you – For example, in order to respond to your requests and carry out pre-contractual steps for the initiation, conduct or termination of negotiations aimed at concluding a promise to sell-purchase agreement or a real estate sale-purchase agreement at your request, or for the performance of a contract concluded with you.
(iii) Compliance with a mandatory legal obligation – For example, accounting and tax requirements subject to strict internal policies, such as document retention periods for financial/accounting records. We may process your data in order to comply with archiving obligations, obligations to provide information to public authorities upon request, or other legal requirements.
(iv) Our legitimate interest – For example, where we process your data to maintain network security, improve our services, or facilitate communication with customers or potential customers.
(v) Establishment, exercise or defence of legal claims – In situations where disputes arise between you and us that cannot be resolved amicably, we may process your personal data for the purpose of establishing, exercising or defending our rights before a court of law.
VI. USE OF THE WEBSITE AND PLUG-IN TECHNOLOGIES / THIRD-PARTY WEBSITES
The website and its subdomains contain links to social media networks or third-party websites that you may access directly. In such cases, the respective social media platforms or third-party websites may carry out personal data processing activities that are not under our control. The operators of these social media platforms and third-party websites act as independent controllers and have their own policies governing how they process personal data, including through the use of cookies.
We encourage you to consult the privacy policies of the relevant social media networks and third-party websites for complete information regarding how they process your personal data.
Our website also includes plug-in functionalities that allow direct contact through the WhatsApp Business application. By accessing this option, communication takes place directly between you and us. However, the WhatsApp Business application is owned by Meta Platforms Ireland Limited, which may independently carry out personal data processing activities beyond our control.
For the avoidance of doubt, Meta Platforms Ireland Limited acts as an independent controller for data processed through WhatsApp Business and has its own privacy policy governing such processing. You may consult it at https://www.whatsapp.com/legal/meta-terms-whatsapp-business for complete information on how your data is processed. The HILS Companies assume no responsibility regarding the protection of data processed by Meta Platforms Ireland Limited. If you prefer not to use the WhatsApp Business platform, you may contact us through other communication channels, such as email or telephone.
VII. TO WHOM WE DISCLOSE YOUR DATA
As a general rule, we do not disclose your personal data to other companies, organizations or individuals in any country (including Romania). However, in certain situations, we may disclose your data to other natural or legal persons.
We aim to be as transparent and specific as possible. Below are the categories of potential recipients:
(i) Public authorities – at their request or on our own initiative, in accordance with applicable legislation (e.g., tax authorities, labor authorities, etc.);
(ii) Accountants, auditors, lawyers and other external professional advisors, who are bound by law or by contract with us to maintain the confidentiality of your data;
(iii) Natural or legal persons providing services to us, acting as processors in various fields (for example: payment services, IT services, archiving or document destruction services, etc.), whom we contractually require to comply with applicable data protection legislation;
(iv) Our contractual partners, such as marketing service providers, insurers and other collaborators;
(v) Any relevant person, authority, bailiff or court in Romania, to the extent necessary for the establishment, exercise or defence of our legal rights;
(vi) Where it is in our legitimate interest to do so for the administration, expansion or development of our business, for example in the event of a sale or transfer of all or part of our shares, assets or business (including in cases of reorganization, dissolution or liquidation), in which case the personal data held by us may form part of the transferred assets. In such situations, potential purchasers will be subject to confidentiality obligations;
(vii) At the request of law enforcement or other competent authorities – We may use or disclose personal information when required to do so by law (including judicial or administrative decisions, subpoenas or other legal procedures).
VIII. HOW LONG AND HOW WE RETAIN YOUR DATA
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law.
Payment and invoicing data will be stored for a period of 5 or 10 years, in accordance with Law no. 82/1991 on accounting.
Where applicable legal provisions require the retention of personal data for a specific period, the HILS Companies will store such data for the duration mandated by law.
Data collected through the WhatsApp Chat Widget will be retained for a maximum period of 3 years from your last interaction with us, exclusively for documentation and statistical analysis purposes, as well as for defending our interests in the event of a dispute. Upon expiry of this period, the data will be deleted or anonymized, as appropriate.
Processing for marketing purposes will take place in accordance with our internal policies and will continue until you withdraw your consent. If you no longer wish for your data to be processed for marketing purposes, you may withdraw your consent at any time, and your data will no longer be processed for such purposes from the moment of withdrawal.
If you have any questions regarding data retention periods, you may contact us using the contact details provided in this Policy.
We make every effort to ensure that your data is stored securely. For electronic data storage, we use our own servers or those of specialized electronic archiving service providers.
We strive to implement reasonable organizational, technical and administrative measures to protect personal data within the HILS Companies.
To this end, we have adopted dedicated policies concerning physical and electronic security measures designed to protect our systems against unauthorized access and other potential security threats.
Where possible, we anonymize data that is no longer necessary in a manner that prevents identification of the data subjects, or we apply pseudonymization techniques to limit risks associated with the processing of personal data.
IX. YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM
We treat with seriousness and full commitment the rights you have in connection with the processing of your personal data. In summary, your rights are as follows:
(i) Right to be informed
When personal data is collected directly from you or obtained from another source, we are required to inform you about the purposes for which the data is used and about the rights you have.
(ii) Right of access
You have the right to request information regarding the personal data we hold about you, including details about the categories of data we process or control, the purposes for which they are used, the source from which we obtained them (if collected indirectly), and the recipients to whom the data has been disclosed, where applicable.
Upon request, we will provide you with a copy of your personal data. If you request multiple copies, we may charge a reasonable fee based on administrative costs.
(iii) Right to rectification
You have the right to obtain the rectification of your personal data that we process or control if it is inaccurate.
(iv) Right to erasure (“right to be forgotten”)
You have the right to request that we erase your personal data that we process or control. The HILS Companies aim to process and retain your data only for as long as necessary. We are required to comply with your request if:
However, this right does not apply where the data is still necessary:
(v) Right to restriction of processing
You may request that we restrict the processing of your personal data where:
(vi) Right to object
In certain circumstances, you have the right to object to the processing of your personal data by us or on our behalf. Where processing is not based on your consent, but on our legitimate interests or those of a third party, you may object at any time on grounds relating to your particular situation. In such cases, we will no longer process your personal data unless:
(a) we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
(b) the processing is necessary for the establishment, exercise or defence of legal claims.
If you object to the processing, please indicate whether you also request the erasure of your personal data; otherwise, we will only restrict its processing.
(vii) Right to data portability
You have the right to receive the personal data you have provided to us and, where technically feasible, to request that we transmit your personal data (which you have provided to us) to another organization/clinic.
The right to data portability applies where, cumulatively:
(a) we process your personal data by automated means;
(b) the processing is based on your consent or is necessary for the conclusion or performance of a contract to which you are a party;
(c) the personal data has been provided by you; and
(d) the transmission of the data does not adversely affect the rights and freedoms of others.
You have the right to receive your personal data in a structured, commonly used and machine-readable format.
Your right to receive personal data must not adversely affect the rights and freedoms of others. This may occur if transmitting your data to another organization also involves the transfer of personal data relating to other individuals (who have not consented to such transfer).
The right to have your personal data transmitted directly by us to another organization applies only where such transmission is technically feasible.
(viii) Right not to be subject to automated decision-making (including profiling)
You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or significantly affects you.
This right does not apply in the following exceptional cases, where the automated decision:
In the first two situations, the Company is required to implement appropriate safeguards to protect your rights, freedoms and legitimate interests, including at least your right to obtain human intervention, to express your point of view and to contest the decision.
(ix) Right to withdraw consent
Where we process your personal data based on your consent, you have the right to withdraw that consent at any time, at least as easily as you initially provided it. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
(x) Right to lodge a complaint with the supervisory authority
If you have concerns about how we process your data, we encourage you to contact us directly so that we may address your concerns. However, if you remain dissatisfied, you may contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro):
Address: 28–30 General Gheorghe Magheru Boulevard, Bucharest, Romania
Phone: +40 318 059 211 / +40 318 059 212
Fax: +40 318 059 602
Email: anspdcp@dataprotection.ro
(xi) Right to seek judicial remedy
If you consider that your rights under the Regulation have been infringed as a result of the processing of your personal data in violation of its provisions, and without prejudice to your right to lodge a complaint with the supervisory authority, you have the right to bring legal proceedings against the Company before the competent courts.
To exercise one or more of these rights, or to address any questions regarding these rights or any other aspects of how we process your data, you may submit a written, signed and dated request to the following email address: privacy@hils.ro. Printed forms are also available at our registered office, which you may complete to request the exercise of one or more of the above rights.
We will endeavor to respond to your request within one month. This period may be extended by two additional months due to specific reasons related to the right invoked or the complexity of your request. In any case, if the response period is extended, we will inform you of the extension and the reasons for it.
In certain situations, we may not be able to grant access to all or part of your personal data due to legal restrictions. If we refuse your access request, we will inform you of the reasons for such refusal.
In some cases, we may not be able to identify your personal data based on the identification information provided in your request. In such circumstances, if we cannot identify you as the data subject, we will not be able to process your request under this section unless you provide additional information enabling us to identify you. We will inform you accordingly and give you the opportunity to provide such additional details.
Please note that personal data processed directly by WhatsApp (Meta Platforms Ireland Limited) or social media platforms is subject to their own policies. The exercise of data protection rights in relation to such data must be carried out by contacting WhatsApp or the relevant social media provider directly.
X. SECURITY OF YOUR PERSONAL DATA
We strive to implement reasonable organizational, technical and administrative measures to protect personal data within the HILS Companies.
To this end, we have adopted dedicated policies regarding physical and electronic security measures designed to safeguard our systems against unauthorized access and other potential security threats.
Where possible, we anonymize data that is no longer necessary in a manner that prevents identification of the data subjects, or we apply pseudonymization techniques to limit the risks associated with the processing of personal data.
In the case of communication through the WhatsApp Chat Widget or via any social media platforms, we encourage you to consult the respective platforms’ data processing policies regarding the security measures they implement.
If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.
XI. DEFINITIONS OF CERTAIN TERMS
Supervisory Authority for Personal Data Processing:
An independent public authority which, under the law, is responsible for monitoring compliance with personal data protection legislation. In Romania, this authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).
Special Categories of Personal Data (Sensitive Data):
Personal data revealing racial or ethnic origin, political opinions, religious beliefs or philosophical convictions, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health, sex life or sexual orientation.
Personal Data:
Any information relating to an identified or identifiable natural person (the “data subject”). A natural person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as: a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity (e.g., first and last name; domicile or residence address; email address; telephone number; personal identification number – CNP).
Controller:
The natural or legal person who determines why (for what purpose) and how (by what means) personal data is processed. Under the law, primary responsibility for compliance with personal data protection legislation rests with the controller. In relation to you, we act as the controller, and you are the data subject.
Processor:
Any natural or legal person who processes personal data on behalf of the controller, other than the controller’s employees.
Joint Controller:
Two or more controllers who jointly determine the purposes and means of processing.
Data Subject:
The natural person to whom certain personal data relates (to whom the data “belongs”). In your relationship with us (the controller), you are the data subject.
Processing of Personal Data:
Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means; for example: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data. These are only examples. In practice, processing means any operation performed on personal data, whether carried out by automated or manual means.
XII. AMENDMENTS AND UPDATES TO THE PRIVACY POLICY
We reserve the right to modify our data protection practices whenever deemed appropriate and to update or amend this Privacy Policy at any time. For this reason, we encourage you to review this notice periodically.
Whatsapp