Respect for the right to protection of personal data as well as the right to privacy is one of the fundamental missions of Privo In SRL (Hotel Privo)
Thus, we take all necessary steps to process your personal data in accordance with the principles established by the applicable data protection legislation in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data concerning the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (“GDPR”).
Personal data means any information about an identified or identifiable individual (“the data subject”); an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, of his physical, physiological, genetic, psychic, economic, cultural or social identity.
The processing of personal data is made by: Privo In SRL (Hotel Privo) based in Mures, Gheorghe Doja no. 27, Târgu Mureş, registered under no. J26 / 870/2005 to the Trade Registry, CUI RO 17580450.
The entity Privo In SRL is a personal data controller within the meaning of the GDPR, respectively, establishes the means and purposes for the processing of personal data.
Click on one of the links below to go to a specific section:
- What kind of personal data do we process?
- Personal data of minors
- Special Data
- For what purpose and on what basis do we process your personal data?
- To what people do we pass on your personal data?
- Do we collect personal data from third parties?
- Do we transfer your data outside the EU / EEA?
- Other individual’s personal information provided by you
- How long do we keep your personal data?
- What are your rights?
- Is your data safe?
- Links to other websites
- Questions or complaints
- Changes in policy
WHAT DO WE DO OF PERSONAL DATA?
If you are a client or a potential customer
We collect personal data from our many interactions with you, as well as from other aspects of our work. We process the following categories of data:
- a) data required to make reservations (eg name, surname, e-mail, telephone);
- b) arrival-departure data required under national law (eg citizenship, address, date of birth);
- c) credit card details (card type, credit / debit card number, holder’s name, expiration date and security code);
- d) information about the client’s stay, including date of arrival and departure, special requirements, preferences;
- e) the information you provide about your marketing preferences;
- f) personal information provided by you for signing up and subscribing to the newsletter;
- g) information about the vehicles you may bring to our property, such as registration number;
- h) data collected from access cards (entry and exit time);
- i) information collected by various contractual partners (travel agencies, event organizers) and forwarded to Privo In SRL (rooming list, event invite list);
- j) data necessary for providing additional services, as the case may be;
- k) reviews and opinions about our services;
- l) any other information you choose to provide us with.
Also, surveillance cameras and other security measures on our property can capture or record guests’ images in public places (such as hotel, restaurant, or lobby entries) as well as your location data (by images captured by surveillance cameras).
You can always choose which personal data you want to provide to us. However, if you choose not to provide certain personal data, if the basis of our request is compliance with a legal obligation, contractual obligations or obligations to conclude a contract we will be unable to provide you with certain services, for example: i) if you do not want to give us your name, surname, e-mail address or phone number if you wish to make a reservation, we will not be able to make the reservation, or (ii) given that fact that in the arrival and departure notice that you will fill in when you arrive at our hotel you will need to enter certain legally required personal data, and if you do not you will want to fill in those mandatory fields, we will not be able to catch you in the hotel.
If you are potential employee
We collect information from your resume and any other information submitted with your resume and / or the interviews you have submitted.
If you are a visitor to our location
Colectăm numele, prenumele, seria și numărul actului de identitate.
Surveillance cameras can also capture or record visitors’ images in public places (such as hotel entrances or restaurants or halls).
If you are a user of our website www.hotelprivo.ro
No personal data is required to read the information on the site.
However, for the purpose of technical exploitation of the portal, Hotel Privo temporarily uses the following information that does not contain personal data and which automatically appears to the site administrator:
- a) Protocol Internet Protocol (IP)
- b) domain name (URL)
- c) access data
- d) client access file (file name and URL)
- e) the HTTP password of the response password
- f) the data of the web page from which access is made
- g) the quantity of bits consumed during the visit
- h) date of visit
- i) the data of the pages, respectively
- j) browser name.
Some personal data is required to use certain services (eg on-line reservations). For details, please refer to the section corresponding to the operation used on the site.
If you are a representative or contact person of our suppliers or business partners
We collect the name, surname, function, as well as any other data provided by you or the company that you represent.
If you are an employee
PERSONAL DATA OF MINORS
We protect the confidentiality of data from children under 16. If you are under the age of 16, you must obtain the consent or permission of your parents or guardian for any personal data you provide.
The term “special dates” refers to racial or ethnic origin, political opinions, religious confession or philosophical beliefs, or membership of trade unions and the processing of genetic data, biometric data, data on health or data on sexual life or sexual orientation.
Generally, we do not collect special information unless you want to give it to us. We collect special health data only on the basis of your consent and only for the purpose
of particular treatments. Access to this data is limited to health care professionals.
FOR WHAT PURPOSE AND ON WHICH BASIS DO WE PROCESS YOUR PERSONAL DATA?
If you are a customer
- a) Reservations for hotel, restaurant, or in the case of requests for offers submitted by you for certain events organized or to be organized.
Purpose: We process your personal data (s) to book a place in the hotel / restaurant and (ii) to answer your requests for offers.
Basis: conclusion of a contract
- b) Check-in
Purpose: We process your personal data for registration / accommodation in our hotel.
Basis: At the time of your check-in, in accordance with the legal provisions in force, you are required to fill in the arrival and departure notice that contains a minimum of data necessary to accommodate you.
- c) Customer service (this service refers, among other, to: transportation to/from the hotel, cleaning service, laundry service, etc.)
Purpose: We process your personal data to give you the most enjoyable experience and according to your standards and hotel standards.
Basis: execution of the hotel service contract.
- d) profiling
Purpose: In order to provide personalized services, some of your special preferences (for example: if you prefer rooms on the upper or lower floors, if you like a certain type of wine, etc.) are stored so that when you return, we will already know what you like
- e) Feedback:
Purpose: We process your personal data to make sure you have had a nice experience in our hotel.
Basis: Our legitimate interest in constantly improving the services we offer and providing services that are as appropriate and conform to our customers’ standards.
- f) Marketing:
Purpose: We process your personal data for marketing purposes, such as business newsletters and marketing communications on new products and services, or other offers that we think might be of interest to you.
Basis: We rely on the legitimate interest in promoting our services by submitting the offers we consider to be of interest to you (see “Right to oppose” in the “Your Rights” section)
If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we hereby notify you that you may at any time withdraw your consent for marketing, in which case you will not receive any marketing communications from us.
We will include a unsubscribe link that you can use if you do not want to send us any further messages.
Also, when organizing certain events in our hotel and restaurant, photos might be taken, and some of them could also be distributed in the online environment to show others what our events are like. In any case, taking into account your right to privacy, we will do our best to keep you informed that photographs will be taken (for objections to our photographs see “Right to Opposition” in “Your Rights” section).
- g) Other communications: by e-mail, mail, telephone or SMS
Purpose: These communications will be made for a specific reason such as: (i) to respond to your requests, (ii) if you have not completed an online booking or a call for offers, we may send you an email to remind you to complete the reservation, (iii) to inform you about the manner in which complaints and / or incidents occurred during your stay have been resolved.Legal Basis: Our legitimate interest in providing services at the desired standards by resolving any claims / complaints and ensuring our full availability.
- h) Analysis, improvement and research:
Purpose: In order to constantly ensure the quality development of our services, we take care to analyze each complaint / suggestion on your part, so we compile statistical reports to identify the problems and find the best solutions to remedy them.
Basis: We rely on our legitimate interest in providing services that meet your standards.
If you are a visitor to our location
Purpose: We process your personal data to ensure the protection of persons and belongings within the hotel.
Basis: Our legitimate interest in ensuring both the protection of the assets of the hotel / staff / guests as well as the protection of hotel guests.
If you are a user of our website www.hotelprivo.ro
Purpose: traffic monitoring to identify errors and / or any other site malfunctions.
Basis: We base this data processing activity on our legitimate interest, namely providing you with a fully functional site by repairing any error, and continually improving it.
If you are a representative or contact person of our suppliers or business partners
Purpose: to conduct contractual relations with our suppliers or our business partners.
Basis: Execution of a contract.
If you are a potential employee
Purpose: Evaluating your employment application.
Basis: conclusion of a contract.
If you are an employee
For all of the above categories of people, we can also process your data in the context of the following activities:
- a) Restructuring, internal reorganization or sale of assets or shares / shares:
Purpose: We process your data to perform the above mentioned operations.
Basis: The legitimate interest in performing the operations, especially if they would be impossible to do without the processing of your data.
However, we assure you that this eventual processing will be performed in accordance with this policy and by implementing a measure to ensure the confidentiality of your data.
- b) Security:
Purpose: We process personal data for the security of goods and the physical integrity of individuals.
Basis: We rely on our legitimate interest in securing the protection of your property and the hotel, as well as the protection of people in the perimeter of our hotel.
- c) Legal reasons:
Purpose: In some cases, we must process the information provided, which may include personal data, to resolve legal disputes or complaints, investigations and compliance with applicable legal regulations, to implement an agreement, or to comply with requests from the part of the public bodies to the extent that these requests meet the requirements of the law.
Basis: The reasons for the processing may be legal obligation (if we have a legal obligation to disclose certain personal data to public authorities) or our legitimate interest in resolving any disputes and / or complaints.
TO WHOM WE TRANSMIT YOUR DATA PERSONAL?
In order to provide you with high-quality services, we may pass on your personal information to our service providers and other third parties, as detailed below:
- a) Suppliers: In order to provide the requested services, in some cases we will need to pass on some of your personal data to our providers, and they have the capacity to process the data in on our account and in accordance with our guidelines (such as software providers, IT, accounting services, medical services, transport services).
- b) Group Events or Meetings: If you visit our hotels in a group or conference, the information required for meeting and event planning can be shared with the organizers of these meetings and events and, where appropriate, with the guests organizing or participating in the meeting or event.
- c) Business partners: In some cases, we associate with other companies to provide you with products, services, or offers. For example, we can arrange for you to hire a car or to provide optional and services that exceed our offer.
- d) Public authorities and / or institutions to: (i) comply with legal provisions, (ii) respond to their requests, (iii) for reasons of public interest (eg national security). For example, under the regulations outlined in Section “FOR WHAT PURPOSE AND ON WHICH BASIS DO WE PROCESS YOUR PERSONAL DATA”lit. b) any hotel unit is obliged to send every day the arrival and departure notification sheets of each customer.
The confidentiality of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the above is done only on the basis of a confidentiality commitment on the part of the recipients to ensure that the data is kept and that such information is provided in accordance with applicable law and applicable policies. In any case, we will always send to the recipients only the information strictly necessary to achieve that purpose.
DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
To provide you with the expected level of hospitality and to provide you with the best level of service, we may collect information about you from our business partners and other third parties, as detailed below:
- a) Business partners: such as card partners, social networking services that are consistent with your settings for these services, travel agencies, event organizers
In any case, we ensure that your data collected from third parties will be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary for our purposes. (see Section ” FOR WHAT PURPOSE AND ON WHICH BASIS DO WE PROCESS YOUR PERSONAL DATA “).
Additionally, when we first contact you, we will let you know, first of all, the source from which we obtained your personal data.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE EU / SEE?
We may transfer your data to some suppliers located in countries other than the one you are located in and in some cases in countries outside the EU / EEA.
Although data protection laws in these countries may differ from your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and in accordance with applicable law.
OTHER INDIVIDUAL’S PERSONAL INFORMATION PROVIDED BY YOU
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data is retained for the full duration of the purposes detailed in this policy if a longer period of retention is not required or permitted by applicable law. We constantly review the need to keep your personal data, and to the extent that processing is no longer required and there is no obligation under law to keep your personal data, we will delete / destroy your personal information as soon as possible and in a manner that they are not able to be recovered (for example, we will delete / destroy all data of potential employees who have been interviewed unless there is a serious prospect of future employment).
If personal information is printed on paper, it will be destroyed in a way that eliminates it completely, and if it is stored on electronic media, it will be erased by technical means to ensure that the information can no longer be subsequently recovered or reconstituted.
WHAT ARE YOUR RIGHTS?
As a person you are entitled to the following rights provided by GDPR:
- a) Right of access: You may request (a) confirmation that personal data are processed or not, and, if so, access to, and information about, the data and (ii) a copy of your personal data we hold (Article 15 of GDPR);
- b) Right to rectification: You can inform us of any changes to your personal data or you may ask us to correct the personal data we hold about you (Article 16 of GDPR);
- c) Right of waiver (“the right to be forgotten”): in certain circumstances (such as (i) the data being collected unlawfully, (ii) the expiry date for the data storage has expired, (iii) you have exercised the right to oppose, or (iv) data processing was done on a consent basis and you have withdrawn your consent), you may ask us to delete the personal data we hold about you (Article 17 of GDPR);
- d) Right to Restrict Processing: In certain circumstances (such as when you dispute the accuracy of such data or the lawfulness of the processing), you may require us to restrict your data processing for a certain period (GDPR Article 18);
- e) Right to data portability: ask us to send your personal data to a third party or directly to you (GDPR Article 20);
- f) Right of opposition: In certain circumstances (such as processing that has the legal basis for legitimate interest), you may request that we no longer process your data (Article 21 of GDPR).
If we use your personal data based on your consent, you may withdraw this consent at any time. In this case, your data will no longer be processed by us, unless a legal provision forces us to keep and archive it. In any case, we will let you know if there is such a legal provision and we will indicate it expressly.
IS YOUR DATA SAFE?
We take your personal security seriously, so we take important security measures necessary to protect against unauthorized access to data or unauthorized modification, disclosure or destruction. This requires internal review of data collection, storage and processing practices, and security measures, as well as physical security measures to protect against unauthorized access to systems where we store personal data.
We also require our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized modification, disclosure or destruction.
LINKS TO OTHER WEB SITES
QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the above mentioned rights, you are welcome to contact us by sending an e-mail to the following address: firstname.lastname@example.org and we we will reply within 30 days of receipt of the request.
Also, should you not have acces to electronic means or do not want to use them, you can make a written request which you can send or bring at the hotel’s reception located at 27 Gheorghe Doja Street, Târgu Mureş.
To the extent that you are not satisfied with the manner in which your application has been resolved, you may file a complaint with the National Supervisory Authority for Personal Data Processing.
To help you track the most important changes, we will include a change history below to recognize the changes made to this policy.
Last updated: July 25, 2018