Terms and Conditions

Hermis is a Software-as-a-Service (SaaS) platform designed for the management of tourist accommodation establishments. The platform integrates Property Management System (PMS) modules, a direct Booking Engine, electronic invoicing (e-Invoice), and a digital accommodation registration form compliant with Romanian Government Decision No. 237/2001.

The features accessible to each user depend on the active subscription plan. Hermis reserves the right to add, modify, or discontinue features with prior notice to affected users.

The platform is intended exclusively for operators in the hospitality industry — hotels, guesthouses, hostels, and other tourist accommodation establishments authorized under Romanian law.

"Personal data" — any information relating to an identified or identifiable natural person, as defined in Article 4(1) of Regulation (EU) 2016/679 (GDPR).

"Special categories of data" — data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, or data concerning sex life, as defined in Article 9 of GDPR.

"Processing" — any operation performed on personal data, including collection, recording, organization, storage, modification, consultation, use, transmission, erasure, or destruction thereof.

"Data controller" — the accommodation establishment (hotel, guesthouse) that determines the purposes and means of processing guest personal data. "Data processor" — Hermis, which processes data on behalf of and in accordance with the controller's instructions. "Data subject" — the tourist, guest, or client whose data is being processed.

The Hermis platform may only be used by natural persons who are at least 18 years of age and possess full legal capacity, or by duly incorporated legal entities. By creating an account, you confirm that you meet these requirements.

You are required to provide truthful, complete, and up-to-date information at registration and throughout your use of the platform. Providing false, incomplete, or misleading data constitutes a breach of these terms and may result in account suspension or termination.

Minors may not use the platform independently. Access to and use of the service by minors is the sole responsibility of their legal representatives.

Through the use of the platform and in particular the digital accommodation registration module, the following categories of data are collected: full name, copy of identity document (national ID card, passport, or other travel document), and handwritten or electronic signature.

Additionally, identity document details are collected (document type, series, number, date of issue, issuing authority), residential address (country, county, city, street, number), nationality, as well as travel data (arrival date, departure date, purpose of travel, reservation number).

Contact information such as phone number and email address may be collected for the purpose of communicating with the guest during their stay and managing reservations.

Personal data is processed under the following legal bases provided by GDPR: legal obligation — Romanian Government Decision No. 237/2001 regarding access, records, and protection of tourists in accommodation establishments requires the collection and retention of certain guest data.

Legitimate interest — efficient reservation and hotel operations management, understanding guest profiles in order to improve the services offered, ensuring the security of information systems, and preventing unauthorized access.

Consent — for marketing communications, personalized offers, and newsletters, granted explicitly and revocable at any time without affecting the lawfulness of processing carried out prior to withdrawal.

The accommodation establishment (hotel, guesthouse) acts as the data controller, being the entity that determines the purposes and means of processing guest personal data. The controller bears primary responsibility for compliance with data protection legislation.

Hermis acts as the data processor, processing data exclusively on behalf of and in accordance with the documented instructions of the controller. Hermis does not access, use, or disclose guest personal data without the express authorization of the controller, except where required by law.

Data is stored on secure servers within the European Union, provided by Amazon Web Services (AWS), with appropriate technical and organizational measures implemented for data protection.

Data collected through the digital accommodation registration form is retained for a period of 5 (five) years from the date of registration, in accordance with Romanian Government Decision No. 237/2001. For example, a registration form completed on January 1, 2026 will be retained until January 1, 2031.

Copies of identity documents are automatically deleted within a maximum of 3 (three) business days from the date of the guest's check-out, as long-term retention of such documents is not required.

Upon expiration of the legal retention period, all associated personal data is permanently and irreversibly deleted from Hermis systems, including backup copies, within a maximum of 30 days from the expiration date.

Under GDPR, every data subject is entitled to the following rights: the right of access — obtaining confirmation of data processing, its purposes, data categories, recipients, and retention period; the right to rectification — correction of inaccurate data or completion of incomplete data without undue delay.

The right to erasure ("right to be forgotten") — requesting the deletion of data when it is no longer necessary for the purposes for which it was collected, consent has been withdrawn, or the processing is unlawful. This right does not apply where processing is necessary for compliance with legal obligations under HG 237/2001.

The right to restriction of processing — during verification of data accuracy or where processing is unlawful and the data subject opposes erasure. The right to object — on legitimate grounds related to the data subject's particular situation. The right to data portability — receiving data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, submit a written request to contact@hermis.app. A response will be provided within a maximum of 30 calendar days from receipt of the request. The first request in each calendar year is free of charge.

The user undertakes to use the Hermis platform exclusively for legitimate purposes and in compliance with applicable legislation. Any attempt to gain unauthorized access to data, features, or platform infrastructure is strictly prohibited.

The user is responsible for the accuracy, correctness, and currency of all information entered into the platform. Access credentials (username and password) are confidential and may not be shared with third parties.

Fraudulent registration, deliberate provision of false data, or use of the platform for illegal purposes grants Hermis the right to terminate the agreement without notice and to initiate legal proceedings for recovery of damages.

The operator (accommodation establishment) undertakes to process guest personal data in strict compliance with applicable legislation, including GDPR and HG 237/2001. The operator bears full responsibility for the accuracy, completeness, and legality of the data entered into the platform.

The operator agrees not to use the platform for illegal, immoral, or otherwise improper purposes inconsistent with hospitality industry best practices. Where fraudulent or negligent use of the platform by the operator causes damages to Hermis or third parties, the operator undertakes to fully indemnify Hermis.

Personal data may be disclosed to the following categories of recipients, exclusively under the conditions provided by law: the National Consumer Protection Authority, competent courts of law, notaries public, law enforcement agencies, or other authorized public authorities.

Hermis does not transfer personal data outside the European Economic Area (EEA) without ensuring adequate safeguards under GDPR, including standard contractual clauses approved by the European Commission or adequacy decisions.

All content on the Hermis platform — including databases, graphical interfaces, designs, registered trademarks, legal texts, documentation, and source code — constitutes the intellectual property of Hermis and is protected by Romanian and international copyright legislation.

Downloading, copying, reproducing, modifying, distributing, selling, or commercially exploiting any component of the platform without the prior written consent of Hermis is strictly prohibited. Violation of this provision shall give rise to civil and criminal liability under Romanian Law No. 8/1996 on copyright and related rights.

Hermis makes reasonable efforts to ensure the availability, security, and correct functioning of the platform. However, Hermis does not guarantee uninterrupted operation or the complete absence of errors under all circumstances.

The liability of Hermis toward the user is limited in accordance with the provisions of the commercial agreement signed between the parties. Hermis shall not be liable for indirect damages, including loss of profit, loss of data, business interruption, or damages resulting from the inability to use the platform.

Hermis is exempt from liability in force majeure situations, including: legislative changes, trade embargoes, natural disasters, pandemics, cyber attacks, infrastructure provider service outages, or any other unforeseeable and insurmountable event.

These terms and conditions are governed by Romanian law. Any dispute arising from or in connection with the use of the Hermis platform shall be resolved amicably. If the parties fail to reach an agreement within 30 days, the dispute shall be referred to the competent courts of Romania.

For complaints regarding the processing of personal data, you may contact the National Supervisory Authority for Personal Data Processing (ANSPDCP), headquartered at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania.

For any questions or requests related to these terms, you may contact us at contact@hermis.app. Last updated: March 14, 2026.