Privacy & Cookie Policy
Last updated: 2026-04-27
1. Who runs this site
brasovaeroport.ro is an unofficial informational guide to Brașov-Ghimbav International Airport (GHV). It is not operated by the airport authority.
The data controller for this site is reachable at:
- Email:
[email protected] - Contact form: /en/contact/
For postal correspondence or formal data-subject requests, write to the email above and we will provide a postal address.
We have not appointed a Data Protection Officer because our processing does not meet the thresholds in GDPR Art. 37(1). For privacy questions, use the contact details above.
2. What we collect and why
| Category | Data | Legal basis | Retention |
|---|---|---|---|
| Contact form submissions | Name, email, message | Art. 6(1)(b) — taking steps at your request before contract | 2 years |
| Server access logs | IP address, user-agent, requested URL, referrer, timestamp | Art. 6(1)(f) — legitimate interest (security, abuse detection) | 30 days |
| Analytics (Google Analytics 4) | Browser-level interaction events, anonymised IP, device class | Art. 6(1)(a) — your consent | 14 months (configured at the GA4 property level) |
| Advertising (Google AdSense) | Cookies and identifiers used to personalise and measure ads | Art. 6(1)(a) — your consent | Per Google retention policy (varies; up to 13 months for cookies) |
We do not collect special-category data (Art. 9), do not knowingly collect data from children under 16, and do not perform automated decision-making with legal effects.
3. Cookies and similar technologies
The site uses three categories of cookies. The exact cookies emitted on a typical visit are:
3.1 Strictly necessary (no consent required)
| Name | Set by | Purpose | Lifetime |
|---|---|---|---|
cw_consent | brasovaeroport.ro | Stores your consent decision so we don’t re-ask on every page | 12 months |
3.2 Analytics — only set after you accept
| Name | Set by | Purpose | Lifetime |
|---|---|---|---|
_ga | Google Analytics 4 | Distinguishes unique browsers | 2 years |
_ga_<container-id> (e.g. _ga_930GMDYHDJ) | Google Analytics 4 | Session state for the specific GA4 property | 2 years |
3.3 Advertising — only set after you accept
Google AdSense and its advertising partners may set cookies named __gads, __gpi, __eoi, IDE, NID, ANID, DSID, FLC, AID, TAID, _gcl_au, and others. The exact set depends on which ads are served. See Google’s advertising cookie types for the authoritative list.
If you reject analytics or advertising cookies, none of the cookies in §3.2 or §3.3 are set, and the related scripts are not loaded.
4. Who we share data with
We do not sell your personal data. Recipients are limited to:
- Google Ireland Ltd / Google LLC — for analytics (GA4) and advertising (AdSense), only after consent. Google may transfer data to the United States; transfers are covered by the EU-US Data Privacy Framework adequacy decision (2023) and Google’s Standard Contractual Clauses.
- Cloudflare, Inc. — DNS and CDN. Processes IP addresses transiently to deliver the site. Covered by Cloudflare’s published SCCs.
- Hetzner Online GmbH — hosting provider (servers in Germany). EU-located.
- Romanian authorities — only where compelled by valid legal process.
5. Your rights under GDPR
You have the right to:
- Access the personal data we hold about you (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data (“right to be forgotten”) (Art. 17)
- Restrict processing (Art. 18)
- Receive your data in a portable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time, as easily as you gave it (Art. 7(3)) — use the “Cookie preferences” link in the footer of any page, or clear the
cw_consentcookie in your browser settings - Lodge a complaint with your supervisory authority. In Romania this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), 28-30 G-ral Gheorghe Magheru Bd., District 1, Bucharest
To exercise any of these rights, write to [email protected]. We respond within 30 days as required by Art. 12(3).
6. Security
We use HTTPS for all traffic, restrict server access via SSH key authentication, and apply HTTP security headers (HSTS, X-Frame-Options, Referrer-Policy, Content-Security-Policy). No system is fully secure; if a breach affecting personal data occurs we will notify the supervisory authority within 72 hours per Art. 33 and, where required, affected users per Art. 34.
7. Children
The site is not directed at children under 16. We do not knowingly collect their data. If you believe we have collected such data, contact us and we will delete it.
8. Changes to this policy
This policy may be updated. The last-updated date at the top of the page reflects the most recent change. Material changes are announced via a banner on the homepage for at least 30 days.
9. Contact
Questions about this policy: [email protected] or the contact form.