Cookie Policy
Last updated: 2026-04-22 — v2.0
This policy is drawn up in accordance with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC on privacy and electronic communications (ePrivacy), Law no. 506/2004 on personal data processing and privacy in electronic communications, as amended by Law no. 235/2015 and EGO no. 13/2012.
1. Data Controller
The sezlong.online platform is operated by:
DPA TECH SOLUTIONS SRL
[REDACTED], [REDACTED], [REDACTED], România
CUI: 54485223 | Reg. Com.: J2026024656007 | EUID: ROONRC.J2026024656007
Established: 2026-04-15
Email: contact@sezlong.online
Phone: +40750443490
DPO: [REDACTED] — [REDACTED]
2. What are Cookies?
Cookies are small text files placed on your device (computer, tablet, mobile phone) when you visit a website. They allow the website to recognise you on subsequent visits and to store your preferences or information about the current session.
Cookies do not contain executable programs, viruses or spyware and cannot access information on your device other than what was previously stored by it.
3. Types of Cookies Used
A. Strictly Necessary Cookies
Legal basis: Art. 5(3) ePrivacy Directive / Law 506/2004. No consent required — indispensable for platform operation.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
| sb-auth-token | User session authentication token (JWT) | Session | sezlong.online / Supabase |
| sb-refresh-token | Authentication token refresh | 7 days | sezlong.online / Supabase |
| __Host-csrf | CSRF (Cross-Site Request Forgery) protection | Session | sezlong.online |
| cookieConsent | Stores your cookie consent choice | 1 year | sezlong.online |
| locale | Language preference / selected regional domain | 1 year | sezlong.online |
| reservationDraft | Temporarily saves data from an unfinished booking form | Session | sezlong.online |
| captcha_verified | Anti-bot CAPTCHA verification | Session | sezlong.online |
B. Functional Cookies
These cookies enhance the user experience. Activated based on your consent (Art. 6(1)(a) GDPR).
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
| theme | Visual theme preference (light/dark mode) | 1 year | sezlong.online |
| mapPreferences | Last section viewed on the beach map | 30 days | sezlong.online |
| recentBeaches | Recently viewed beaches (for quick suggestions) | 30 days | sezlong.online |
| dismissedBanners | Banners or notifications dismissed by the user | 90 days | sezlong.online |
C. Analytics Cookies
These cookies help us understand how you interact with the platform. Activated based on your consent (Art. 6(1)(a) GDPR). Data is collected in aggregate and does not personally identify you.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
| _va (Vercel Analytics) | Anonymous visitor identifier — traffic statistics | 1 year | Vercel Inc. |
| _vcs | Current Vercel Analytics session | Session | Vercel Inc. |
| _ga | Google Analytics visitor identifier (if enabled) | 2 years | Google LLC |
| ga_XXXXXX (stream) | Google Analytics 4 session state | 2 years | Google LLC |
| _gid | Distinguishes users — Google Analytics | 24 hours | Google LLC |
Note on Vercel Analytics: Vercel Analytics is configured in "privacy-first" mode and does not use cross-site tracking cookies. Data is processed by Vercel Inc. (USA) under the European Commission's Standard Contractual Clauses.
D. Marketing / Advertising Cookies
The platform does not currently use any third-party marketing or advertising cookies (e.g. Meta Pixel, Google Ads). If we implement such technologies in the future, this policy will be updated and you will be notified as per section 11.
4. Consent Banner
On your first visit to the platform, we will show you a consent banner (Cookie Consent Banner) that allows you to: accept all cookies (strictly necessary + functional + analytics); reject non-essential cookies (accept only strictly necessary); customise your choice by category.
Your choice is stored in the cookieConsent cookie for 1 year. You can change your preferences at any time by accessing the "Manage Cookies" link in the site footer.
Consent principles respected:
- Consent is freely given, specific, informed and unambiguous (Art. 7 GDPR)
- No "cookie wall" — rejection of non-essential cookies does not block access to the platform
- It is as easy to withdraw consent as to grant it
- Non-essential cookies are not activated before consent is expressed
5. Managing Cookies in Your Browser
You can control and/or delete cookies directly from your browser. Note: disabling strictly necessary cookies will affect platform functionality.
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Options → Privacy & Security → Manage Website Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
- Opera: Settings → Privacy → Cookies
Detailed instructions: youronlinechoices.eu or allaboutcookies.org
6. International Transfers
Our service providers process data collected through cookies primarily within the European Union/European Economic Area (EU/EEA). Where transfers occur outside the EU/EEA (e.g. Vercel Inc., Google LLC), we ensure these are carried out in accordance with Art. 46 GDPR, through Standard Contractual Clauses adopted by the European Commission. The adequacy rule (Art. 45 GDPR) applies where the Commission has issued a corresponding decision.
7. Your Rights Regarding Cookies
Under GDPR, you have the right to:
- Withdraw consent at any time, without affecting the lawfulness of prior processing — via the cookie management panel or by contacting the DPO
- Access information about data collected from you through our cookies
- Request deletion of data collected through cookies (where no contrary legal obligations exist)
- Lodge a complaint with ANSPDCP: anspdcp@dataprotection.ro / dataprotection.ro
To exercise your rights, contact the DPO at [REDACTED].
8. Cookies and Third Parties
Certain third-party services integrated into the platform may place their own cookies, governed by their own privacy policies:
| Third party | Policy URL |
|---|---|
| Supabase Inc. | supabase.com/privacy |
| Vercel Inc. | vercel.com/legal/privacy-policy |
| Google LLC | policies.google.com/privacy |
The Operator is not responsible for cookies placed directly by third parties through their services.
9. Cookies on Associated Domains
This policy applies to all domains operated by S.C. DPA Tech Solutions S.R.L. under the sezlong.online platform, including:
- sezlong.online (and subdomains: campbeach.sezlong.online etc.)
- sunbed.online
- xaplostra.online
- shezlong.fun
- plaja.online
- szl.my
10. Cookies in Mobile Applications
If you access the platform through a mobile application, similar technologies to cookies may be used (device identifiers, local storage). The same consent principles apply.
11. Cookie Policy Changes
We reserve the right to update this policy at any time. Substantial changes will be communicated via the consent banner or by email, at least 15 days before they take effect. The date of the last change is displayed in the header of this document.
12. Contact
DPA TECH SOLUTIONS SRL
Email: contact@sezlong.online
DPO: [REDACTED] — [REDACTED]
Phone: +40750443490
Web: https://sunbed.online
This policy is compliant with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC (ePrivacy), and Law no. 506/2004, as amended by Law no. 235/2015.