• Română
  • English
WhatsApp
 

Privacy Policy GDPR

1. Identity of the Data Controller

The controller of personal data collected through the VR Space online booking system is:

  • Company name: Partipipal Events SRL
    • Registered office: Intrarea David Ionescu 3, camera 1, Sector 1, București
    • Tax Identification Number (CUI): 38538261
    • Trade Register No.: J2017019752402
    • GDPR contact email: loop@vrsolutions.tech
    • Phone: +40770632554

If you have any questions regarding the processing of your personal data, you may contact us at the email address above.

2. Personal Data Collected

Through the online booking system, we collect the following categories of personal data:

2.1. Data collected for all bookings
  • Full name
    • Email address
    • Phone number
    • Number of participants in the group
    • Booking date and time
    • Selected package and session duration
2.2. Additional data for corporate invoicing (B2B)
  • Company name
    • Tax Identification Number (CUI)
    • Trade Register number
    • Billing email address
2.3. Financial data

Payment data (bank card details) are processed exclusively by Netopia Payments S.A. Partipipal Events SRL does not store, access, or process your card details. Netopia acts as an independent data controller for payment transactions.

3. Purpose and Legal Basis for Processing

We process your personal data based on the following legal grounds under Regulation (EU) 2016/679 (GDPR):

3.1. Performance of a contract (Art. 6(1)(b) GDPR)

Contact and booking data are necessary to confirm and manage your reservation at VR Space. Without this data, we cannot fulfill your booking.

  • Booking confirmation
    • Contacting you regarding your booking (changes, cancellations, arrival confirmation)
    • Managing payments and any outstanding balance due upon arrival
    • Issuing the fiscal invoice through SmartBill
3.2. Legal obligation (Art. 6(1)(c) GDPR)

Billing data are processed in accordance with Romanian fiscal legislation (Law no. 227/2015 – Fiscal Code; Law no. 82/1991 – Accounting Law). Financial and accounting documents must be retained for 10 years.

3.3. Legitimate interest (Art. 6(1)(f) GDPR)

Where necessary, we process data for internal booking management, fraud prevention, and service improvement. Our legitimate interest does not override your fundamental rights and freedoms.

4. Data Recipients – Who We Share Data With

Your data may be accessed or transmitted strictly for the purposes described above, to:

4.1. Authorized VR Space employees and collaborators

Operational staff access booking data exclusively for scheduling and welcoming customers.

4.2. Netopia Payments S.A.

Authorized payment processor headquartered in Romania. Processes card data in accordance with its own privacy policy and PCI-DSS standards. VR Space does not receive or store card details.
Website: www.netopia-payments.com

4.3. SmartBill (Mediapost Hit Mail S.R.L.)

Electronic invoicing platform used for issuing fiscal invoices. Accesses identification data necessary for accounting documentation, in compliance with Romanian fiscal law.
Website: www.smartbill.ro

4.4. Public authorities

We may disclose data to tax authorities (ANAF), courts, or other competent authorities only where legally required.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

5. Data Retention Period

Booking and contact data: retained for 3 years from the booking date, after which they are deleted or anonymized unless a longer retention period is required by law.

Billing data: retained for 10 years from the date of invoice issuance, in accordance with Law no. 82/1991. These data cannot be deleted upon request during the mandatory retention period.

Payment data (card details): not stored by VR Space. Managed exclusively by Netopia in accordance with its own policy.

6. Your Rights

In accordance with GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): You may request a copy of the data we hold about you.
    • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
    • Right to erasure (Art. 17): You may request deletion of your data, except where legal retention obligations apply (e.g., accounting documents).
    • Right to restriction (Art. 18): You may request limitation of processing under certain circumstances.
    • Right to data portability (Art. 20): You may request the data you provided in a structured, commonly used format.
    • Right to object (Art. 21): You may object to processing based on our legitimate interest.

To exercise any of these rights, contact us at: [email@vrspace.ro — to be completed]. We will respond within a maximum of 30 calendar days.

6.1. Right to lodge a complaint with the supervisory authority

If you believe your rights have been violated, you may file a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

  • Website: www.dataprotection.ro
    • Email: anspdcp@dataprotection.ro
    • Address: 28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, Bucharest, Romania

7. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or disclosure:

  • Access to booking data is password-protected and restricted to authorized personnel
    • Communication with payment systems (Netopia) is secured through encrypted protocols (HTTPS/TLS)
    • Invoices issued through SmartBill are stored within the provider’s secure infrastructure
    • Periodic reviews of data access rights are conducted

In the event of a security incident that may affect your rights and freedoms, we will notify ANSPDCP within 72 hours and inform you accordingly.

8. Cookies and Similar Technologies

The website vrspace.ro uses cookies. A detailed Cookie Policy is available separately on the website.

The booking system stores reservation data locally in your browser solely for application functionality purposes. These data are not transmitted to third-party servers beyond those mentioned above.

9. International Data Transfers

Your data are processed and stored within the European Union. Netopia Payments and SmartBill are Romanian companies operating exclusively within the EU. We do not transfer data outside the European Economic Area.

10. Data Relating to Minors

VR Space services are available to individuals aged at least 8 years. Reservations may only be made by adults (at least 18 years old).

We do not knowingly collect personal data directly from minors. If a group includes children, the booking is made by the responsible adult, who accepts the terms on behalf of the entire group.

11. Changes to This Privacy Policy

This policy may be updated periodically to reflect legislative or operational changes. The updated version will be published on vrspace.ro together with its effective date.

We recommend reviewing this page periodically.

Last updated: February 2026