The compliance with the right to personal data protection, as well as the right to privacy is one of the core missions of APEX ALLIANCE PROPERTY 4 SRL, owner of the hotel The Marmorosch Bucharest, Autograph Collection, and UAB Apex Alliance Hotel Management, the company managing the hotel.

Thus, we take all necessary steps to process your personal data in accordance with the principles established by the applicable data protection legislation in Lithuania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”). 

Personal data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The processing of personal data is performed by the data controller: APEX ALLIANCE PROPERTY 4 SRL with registered office in 15 Episcopul Chesarie Str., Wing C, Office No. 1, Room No. 5, Ground Floor, Sector 4, 40183 Bucharest, Romania, registered with the Romanian National Trade Register Office under no. J40/11494/30.08.2016, sole registration number 36474650, and data processor UAB Apex Alliance Hotel Management, with registered office in Šeimyniškių  str. 19, Vilnius, Lithuania, registered with the Lithuanian Company Registry under no. 304231032.

The data controller and data processor are managing the hotel Marmorosch Bucharest, Autograph Collection under a franchise contract with Global Hospitality Licensing S.A R.L. for the use of the hotel brand Autograph Collection by Marriott International.

Click on one of the links below to go to a specific section:

What kind of personal data we process?

If you are a client or potential client

We collect personal data from most of our interactions with you, as well as within other aspects of our business. The categories of data we process are the following:

  1. data required to make reservations (e.g. surname, first name, e-mail, telephone);
  2. data related to the arrival-departure sheet, required under national law (e.g. citizenship, address, date of birth, passport or national ID number);
  3. bank card details (card type, credit/debit card number, holder’s name and expiration date
  4. information about the client’s stay, including the arrival and departure dates, special requests, preferences;
  5. information you provide about your marketing preferences;
  6. personal data you provide to register and subscribe to the newsletter; 
  7. information about the vehicles you may bring on our premises, such as the registration number;
  8. data collected from access cards (entry and exit time);
  9. information collected by various contractual partners (travel agencies, event planners) and forwarded to Marmorosch Bucharest, Autograph Collection (rooming list, event guest list);
  10. data necessary to provide additional services, as appropriate;
  11. reviews and opinions about our services; 
  12. any other kind of information you choose to provide us with.

Also, video surveillance cameras and other security measures on our premises may capture or record guest images in public places (such as the hotel entrances, the restaurant or hallways) as well as your location data (through images captured by video surveillance cameras).  

You can always choose which personal data you want to provide us with. However, if you choose not to provide certain personal data, if the basis of our request is the compliance with a legal obligation, contractual obligations or obligations required in order to conclude an agreement, we will not be able to provide you with certain services, for example: i) if you do not wish to provide us with your surname, first name, e-mail address or phone number, if you wish to make a reservation, we will not be able to make the reservation, or (ii) in the arrival-departure sheet you will fill in when you arrive at our hotel, you will have to enter some personal data required by law, and if you do not wish to fill out those mandatory fields, we will not be able to accommodate you.

If you are a potential employee

We collect information from your resume and any other information submitted with your resume and/or during the interviews you have attended.

If you are a visitor at our location

We collect the surname, first name, ID series and number.

Video surveillance cameras may also capture or record visitor images in public places (such as the hotel or restaurant entrances or the hallways). 

If you are a user of our website

No personal data is required in order to read the information on the website. 

However, for the technical usage of the portal, we collect the website access time and date and the IP address used to access our website.

Some personal data are required for the use of certain services (e.g. online booking, job applications). For details, please refer to the section corresponding to the operation used on the website.   

If you are a representative or contact person of our suppliers or business partners

We collect the surname, first name, position, and any other data provided by you or the company you represent.

If you are an employee

Please read the Employee Privacy Policy, provided upon employment and available at any time within the Human Resources Department.

Personal data belonging to minors

We protect the privacy of data obtained from children under 16. If you are under the age of 16, you must obtain the consent or permission of your parents or legal guardian for any personal data you provide.

Sensitive data

The term “sensitive data” refers to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data, data concerning health or data concerning the sex life or sexual orientation.

Generally, we do not collect sensitive information, unless you wish to provide us with such information. 

For what purpose and on what basis do we process your personal data?

If you are a client

  1. Hotel and restaurant reservations or enquiries submitted by you for certain events organized or to be organized. 

Purpose: we process your personal data (i) to make a hotel/restaurant reservation for you (ii) to respond to the enquiries you submit.  

Basis: conclusion of an agreement 

  1. Check-in

Purpose: we process your personal data for your registration/accommodation at our hotel.

Basis: at the time of your check-in, in accordance with the legal provisions in force, you are required to fill in the arrival-departure sheet containing the minimum amount of data required to accommodate you. 

  1. Customer service (among others, this service refers to: the hotel shuttle service, the concierge service, the housekeeping service, the laundry service, etc)

Purpose: we process your personal data to give you the most enjoyable experience, according to your standards and the hotel standards. 

Basis: the performance of the hotel service agreement.

  1. Profiling

Purpose: in order to provide customized services, some of your special preferences (e.g. if you prefer the rooms on the upper or lower floors, if you like a certain type of wine, etc.) are stored, so that when you return, we will already know what you like 

Basis: consent

  1. Feedback: 

Purpose: we process your personal data to make sure you have had a pleasant experience at our facilities.

Basis: our legitimate interest in constantly improving the services we provide and in offering services that are as appropriate and compliant with our clients’ standards as possible.

  1. Marketing: 

Purpose: we process your personal data for marketing purposes, such as business newsletters and marketing communications on new products and services, or other offers that we think might be of interest to you.

Basis: we rely on the legitimate interest in promoting our services by sending offers we consider to be of interest to you (see “Right to object” in the “Your Rights” section) 

If necessary, in accordance with the applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we hereby notify you that you may at any time withdraw your consent provided for the processing for marketing purposes, in which case you will not receive any more marketing communications from us.

We will include an unsubscribe link that you may use if you no longer wish to receive messages from us. 

Also, when organizing certain events at our hotels and restaurants, we could take some photos, and some of them could also be shared online, to show others what our events are like. In any case, taking into account your right to privacy, we will do our best to keep you informed that photos will be taken (for objections related to our photos, see “Right to object” in the “Your Rights” section).

  1. Other communications: by e-mail, mail, phone or SMS 

Purpose: These communications will be made for a specific reason such as: (i) to respond to your requests, (ii) if you have not completed an online reservation or enquiry, we may send you an email to remind you to complete the reservation, (iii) to inform you of the manner in which your complaints and/or incidents during your stay have been resolved. 

Legal basis: our legitimate interest in providing services at the desired standards by solving any potential claims/complaints and in ensuring our full availability.

  1. Analysis, improvement and research: 

Purpose: to ensure an ongoing qualitative evolution of our services, we analyze each complaint/suggestion received from you, so we compile statistical reports to identify the problems and find the best solutions to solve them.

Basis: we rely on our legitimate interest in providing services consistent with your standards and the standards of the Marriott International Inc. hotel chain.

If you are a visitor at our location

Purpose: we process your personal data to ensure the protection of the property and persons within the hotel.

Basis: our legitimate interest in ensuring the protection of the property of clients/hotel/staff and the protection of the people within the hotel.

If you are a user of our websites,, 

Purpose: traffic monitoring, in order to identify errors and/or any other website malfunctions. 

Basis: we base this data processing activity on our legitimate interest, namely providing you with a fully functional website, by fixing any error, and by continually improving it.

If you are a representative or contact person of our suppliers or business partners

Purpose: to conduct contractual relations with our suppliers or business partners.

Basis: performance of an agreement.

If you are a potential employee

Purpose: Evaluating your job application.

Basis: conclusion of an agreement.

If you are an employee

Please see the Employee Privacy Policy, introduced at the time of employment and available at any time within the Human Resources Department.

For all of the above categories of people, we may also process your data in the context of the following activities:

  1. Restructuring, internal reorganization or sale of assets or shares:

Purpose: we process your data in order to perform the aforementioned operations.

Basis: the legitimate interest in performing the operations, particularly if this would be impossible without the processing of your data.

However, we assure you that this potential processing will be performed in accordance with this policy and by implementing certain measures in order to ensure the privacy of your data. 

  1. Security: 

Purpose: We process personal data for the safety of assets and the physical integrity of individuals. 

Basis: we rely on our legitimate interest in ensuring the protection of your property and that of the hotel, as well as the protection of the people within our hotel premises.  

  1. Legal grounds: 

Purpose: in some cases, we must process the information provided, which may include personal data, in order to settle legal litigations or complaints, for investigations and the compliance with the applicable legal regulations, to implement an agreement, or to comply with requests from public bodies, subject that these requests meet the conditions of the law.

Basis: the grounds of processing may be a legal obligation (if we have a legal obligation to disclose certain personal data to public authorities) or our legitimate interest in settling potential litigations and/or complaints.

To whom do we transmit your personal data?

To provide you with the expected level of hospitality and high-quality services, your data may be sent from one Marriott International Inc. Group hotel to another Marriott International Inc.  Group hotel or the company headquarters. We also provide your data to our service providers and other third parties, as detailed below:

  1. Suppliers: in order to provide the requested services, in some cases, we will need to forward some of your personal data to suppliers; they are processors and process the data on our behalf and according to our instructions (such as software, IT, accounting service, medical service providers). 
  2. Marriott International Inc. Group members: for similar purposes or in connection with those for which they were collected.
  3. Group events or meetings: if you visit our hotels as part of a group or conference, the information required for planning the meeting and event may be shared with the organizers of those meetings and events and, where appropriate, with the guests who are organizing or attending the meeting or event.
  4. Business partners: in some cases, we associate with other companies, to provide you with products, services, or offers. For example, we can arrange for you to rent a car or intermediate optional services for products beyond our offer. 
  5. Public authorities and/or institutions for: (i) complying with the legal provisions, (ii) responding to their requests, (iii) reasons of public interest (e.g.: national security). For example, under the regulations outlined in Section “FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA” letter b) any hotel facility is required to send daily the arrival-departure sheets of each client.    

The privacy of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the above is done only on the basis of a privacy commitment on the part of the recipients, to ensure that the data is kept safely and that such information is provided in accordance with the legislation in force and applicable policies. In any case, we will always send to recipients only the information strictly necessary to achieve that purpose.   

Do we collect personal data from third parties?

To provide you with the expected level of hospitality and the best services, we may collect information about you from our business partners and other third parties, as detailed below:

  1. Marriott International Inc. Group members: for similar purposes or in connection with those for which they were collected.
  2. Business partners: such as card partners, social networking services that are consistent with your own settings for these services, travel agencies, event planners

 In any case, we make sure that your data, collected from third parties, will be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary for our purposes. (see the “FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA” section).

Additionally, when we first contact you, we will let you know, first of all, the source from which we obtained your personal data.

Do we transfer your data outside the EU/EEA?

We will transfer your data to certain companies within the Marriott Group as well as their service providers as described in Marriott International Privacy Statement available on We may transfer your data to some suppliers located in countries other than the one you are located in and in some cases in countries outside the EU/EEA. 

Although the data protection laws in these countries may be different, we will take the necessary steps to make sure that your personal data are processed in accordance with the applicable law.

Providing us with the personal data of other natural persons

If you provide us with the personal data of other natural persons, please notify them before this disclosure and about how they are to be processed, as described in this privacy policy.

How long do we keep your personal data?

Your personal data are retained for the entire duration of the purposes detailed in this policy, if a longer retention period is not required or permitted by the applicable law.

We constantly review the need to retain your personal data, and to the extent that processing is no longer required and there is no obligation according to the law to retain your personal data, we will delete/destroy your personal information as soon as possible and in a manner that does not allow recovery or reconstitution (e.g. we will delete/destroy all data belonging to people who have not been hired following the interviews, unless there is a serious chance of future employment).

If personal information is printed on paper, it will be destroyed in a way that eliminates it completely, and if it is stored on electronic media, it will be erased by technical means, to ensure that the information can no longer be subsequently recovered or reconstituted.

What are your rights?

As a data subject, you have the following rights provided by GDPR:

  1. Right of access: you may request a confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and (ii) a copy of the personal data we hold about you (art. 15 from GDPR);
  2. Right to rectification: you may notify us of any changes to your personal data or you may ask us to correct the personal data we hold about you (art. 16 from GDPR);
  3. Right to erasure (“right to be forgotten”): in certain circumstances (such as (i) the data was collected unlawfully, (ii) the deadline for the data storage has expired, (iii) you have exercised the right to object or (iv) the data processing was performed on the basis of consent and you have withdrawn your consent), you may ask us to delete the personal data we hold about you (art. 17 from GDPR);
  4. Right to restriction of processing: in certain situations (such as when you contest the accuracy of such data or the lawfulness of the processing), you may request that we restrict the processing of your data for a certain period (art. 18 from GDPR);
  5. Right to data portability: requesting that we send your personal data to a third party or directly to you (art. 20 from GDPR);
  6. Right to object: in certain situations (such as processing based on a legitimate interest), you may request that we no longer process your data (art. 21 from GDPR).
  7. If we use your personal data based on your consent, you may withdraw this consent

If we use your personal data based on your consent, you may withdraw this consent at any time. In this case, your data will no longer be processed by us, unless a legal provision forces us to keep and archive them. In any case, we will let you know if there is such a legal provision and we will indicate it expressly. 

Is your data safe?

We take your personal security seriously, so we take important security measures, necessary to protect against unauthorized access to data or unauthorized data modification, disclosure or destruction. This requires the internal review of data collection, storage and processing practices, and of security measures, as well as physical security measures, to protect against unauthorized access to the systems where we store personal data.

We also request our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized data modification, disclosure or destruction.

Links to other websites

Our website contains links to third party websites. Please note that we do not take responsibility for the collection, use, storage, sharing or disclosure of data or information by such third parties. If you use or provide information to third party websites, the terms and privacy policy of those websites apply. We encourage you to read the privacy policy of the websites you visit before sending personal data.

The use of the Internet services provided by Marriott International Inc. is subject to the terms of use and privacy policy of the Internet providers. You can access these terms and policies by using the links on the service’s login page or by visiting the Internet provider’s website.

Questions or complaints

If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the aforementioned rights, you are welcome to contact us by sending an email to the following address: and we will reply within 30 days from receiving your request. 

Also, if you do not have access to electronic means or you do not wish to use them, you may submit a written request to our hotel address at Boulevard Dimitrie Pompeiu 2A, Bucharest, 020337 Romania.

If you are not satisfied with how your request was resolved, you may file a complaint with the National Supervisory Authority for Personal Data Processing.

Policy changes

This privacy policy may be amended from time to time, according to the changes in the data policy legislation or in our services or organization. If we make any material changes to this policy, we will publish a link to the revised policy on the homepage of our website. If we make significant changes that will impact your rights and freedoms (e.g. when we begin processing your personal data for purposes other than those specified above), we will contact you before we begin the processing.

To help you track the most important changes, we will include a change history below, so that you may recognize the changes to this policy.Last update: 7 June 2021.