PRIVACY POLICY

Translation from Romanian language

  PRIVACY POLICY

This Privacy Policy defines how we, Fidelitas Hotel (Fidelitas Import Export SRL), collect, store and use your personal data when accessing or interacting with our website www.hotelfidelitas.ro and from where we obtain or collect your data.

This Privacy Policy is applicable from the date of 25.05.2018.

Content

 

  • Summary
  • Details about our company
  • What information do we collect when you visit our website
  • What information do we collect when you contact us
  • What information do we collect when interfering with our website
  • How do we collect information about you from third parties
  • The disclosure and additional uses of your data.
  • Duration of the storage of your data
  • Security of your information.
  • Transfer of your data outside the European Economic Area
  • Your rights on personal data
  • Your right to object to the processing of data for specific purposes
  • Sensitive personal data
  • Changes of our privacy policy
  • Confidentiality of minors

 

 

 

  • Summary

 

This section summarizes the way we get, store, and use your data. This summary is only intended to provide an overview of the privacy policy. This section is not a complete description and it is necessary to read the additional chapters in this document for additions.

  • Data operator: FIDELITAS IMPORT EXPORT SRL
  • How do we collect or obtain information about you:
    • When you provide the relevant data (e.g. by contacting us, by filling out the booking form)
    • When you visit our website, some data are collected through cookies and other similar technologies

The following personal data are collected on our site: last name and first name, address, phone no., e-mail, IP no., cookie information, device information (for example, device type and web browser), information on how you use our website (what pages you have accessed), the date/time you visited the website and what you clicked, the geographic location from which you visited our website (based on the IP address).

  • How we use your data: for business and administrative purposes (especially to contact you), to improve your business and website, to accomplish our contractual obligations, promote our goods and services, analyze your use of our site, and our legal rights and obligations.

 

  • Disclosure of user data to third parties: the minimum required for business operation, partners, compliance with legal obligations and compliance with any contractual obligation to you.

 

  • Are the user data sold to third parties? (in other cases than selling or buying the business/company): No

 

  • How long is your information stored: no more than necessary, depending on our legal obligations (e.g. to maintain accounting records) or any other legal basis for the use of information (e.g.  consent, contractual obligations, legitimate interests) and some additional factors described in the main section entitled “The length of time for the storage of your data.”

 

  • How are your data secured: by using technical and organizational solutions such as: storing information on secure servers and allowing access to your personal data only when necessary.
  • Using cookies and related technologies: We use cookies and similar information gathering technologies, such as web beacons on our website, including essential, functional, analytical and targeting cookies.

 

  • Transferring your personal data outside of the European Economic Area: Under certain circumstances, we transfer your information outside the European Economic Area. When we do this, we will ensure that adequate safeguards are in place.

 

  • Use of automated and profiling decision making processes: we do not use automated and/or profiling decision making processes.

 

 

  • Your rights in relation to your personal data

 

    • you have the right to access your data and receive information about their use;
    • you have the right to request the correction and/or completion of the information;
    • you have the right to request the deletion of data;
    • you have the right to restrict the use of data;
    • you have the right to receive data in a portable format;
    • you have the right to oppose the processing of your data;
    • you have the right to withdraw your consent to process your data;
    • you have the right not to make a significant decision about yourself based on the automatic processing of your data, including profiling;
    • you have the right to appeal to the Surveillance Authority (www.dataprotection.ro);

 

  • Sensitive personal information: we do not intend to collect what is commonly referred to as “sensitive personal data.” Please do not send sensitive personal information about you . For more information, see the main section entitled ” Sensitive personal information“.

 

 

  • Our details

 

The data operator of our website is: FIDELITAS IMPORT EXPORT SRL, Trade Register No.  J12/2568/1992, S.R.C. RO 251010, with its headquarters in Cluj-Napoca Mun., str. I.C. Brătianu, no. 51-53, Cluj County and the place of business in Sfantu Gheorghe Mun, str.  Berzei, no. 14, Covasna County (Hotel Fidelitas).

You can contact your data operator by writing to the registered office, place of business or e-mail at office@fidelitashotel.ro.

If you have any questions about this privacy policy, please contact your data operator.

 

  • What information do we collect when you visit our website

 

We collect and use information from website visitors in accordance with this section and the section entitled ” Disclosure and additional uses of your data.”

Information about the Web server log

We use a third-party server to host our web site called PCAMBULANTE S.R.L. Our website server automatically registers the IP address you use to access our website as well as other information about your visit, such as the pages you visit, the requested information, the date and time of application, the source of our site access, (for example, the website or URL (link) that referred to our site) and the version of browser and operating system.

Use of information in the website server’s logs for IT security purposes

We and our provider collect and store server logs to ensure IT network security. We do not make and do not allow our provider to make any attempt to identify you based on the information collected through the server logs.

Use website history information to analyze site usage and improve our website

We use the information gathered from our server log to analyze how our site users interact with our website and its features. For example, we analyze the number of visits and unique visitors we receive, the time and date of the visit, the visit location, and the operating system and browser used.

We use the information gathered from the analysis of this information to improve our website. For example, we use the information we collect to modify the information, content and structure of our website and individual pages, depending on what most users are attracted to and the amount of time spent on certain pages on our site.

Cookies and similar technologies

Cookies are data files that are sent from a website to a browser to record user information for different purposes. We use cookies and similar technologies on our website, including essential, functional, analytical and targeting cookies and web beacons.

You may reject some or all of the cookies we use on our website by modifying your browser settings, but by rejecting them you may affect the operation of the website or some of the features of website. For more information about cookie modules, including changing your browser settings, visit www.allaboutcookies.org .

 

  • The information we collect when you contact us

 

We collect and use the information from people who contact us in accordance with this section and the section entitled ” Disclosure and additional uses of your information”.

E-mail

When you send a message to one of the email addresses displayed on our site, we collect your email address and any other information you provide in that email (such as your name, your phone number and the information contained in any signature block of the email).

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: to answer questions and messages we receive and to keep track of mailing.

Legal basis for processing: it is required to conclude a contract or to start the employment process in a contract at your request. (Article 6 (1) (b) of the General Data Protection Regulation).

The reason why a contract is required: if your message is about providing services or taking action upon your request, before we supply our goods and services to you, we will process your information to do so).

Transfer and storage of your information

We use a third-party email provider to store the emails you send us. Our email provider is G-mail. The emails you send to us will be stored on Google servers.

Phone:

When you contact us by phone, we collect your phone number and any information you provide during the conversation with us. We do not record phone calls.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: to answer questions and messages we receive and to keep track of mailing.

Legal basis for processing: it is required to conclude a contract or to start the employment process in a contract at your request. (Article 6 (1) (b) of the General Data Protection Regulation).

The reason why a contract is required: if your message is about providing services or taking action upon your request, before we supply our goods and services to you, we will process your information to do so).

Transfer and storage of your information

The information about your call, such as your phone number, the date and time of your call, are processed by our phone service provider located in Romania. The information about your call will be stored by our European Economic Area phone service provider.

Post office

If you contact us by mail, we will collect all the information you provide to us in any postal communications you send to us.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: to answer questions and messages we receive and to keep track of mailing.

Legal basis for processing: it is required to conclude a contract or to start the employment process in a contract at your request. (Article 6 (1) (b) of the General Data Protection Regulation).

The reason why a contract is required: if your message is about providing services or taking action upon your request, before we supply our goods and services to you, we will process your information to do so).

 

 

  • The information we collect when you interact with our website

 

We collect and use data from people interacting with certain features of our website in accordance with this section and the section entitled Disclosure and additional uses of your Information.

Reservation on our website

When you make a reservation, we collect the following information: last name and first name, address, phone number, e-mail address, and any other information you provide to us when filling out the reservation form.

If you do not provide the mandatory information required by the reservation form, you will not be able to make a reservation with us.

Legal basis for processing: required to execute a contract or to take action on your request before concluding a contract (Article 6 (1) (b) of the General Data Protection Regulation.

The reason for making a contract: reservation on our website is necessary to allow you to access the services you have purchased from us]

Transfer and storage of your data

The information you provide us via the booking form on our website will be stored in the European Economic Area.

 

  • Information collected or obtained from third parties

 

This section sets out how we collect or collect information about you through third parties.

Information received from third parties

We do not receive information about you from third parties.

If we receive information about you by mistake

If we receive information about you by mistake from a third party and / or we do not have a legal basis for processing this information, we will delete your information.

Information obtained by us from third parties

Under certain circumstances (for example, to verify the information we hold about you or to obtain the missing information we need to provide you with a service), we will get the data about you from some sources available to the public, both from EU and non-EU, such as customer online databases, media publications, social media, and websites (including your site, if you have one).

Legal basis for processing: it is necessary to conclude a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).

The reason for concluding a contract: if you have entered into a contract or asked to enter into a contract with you in certain circumstances, we will obtain information about you from public sources to enable us to understand your business and provide services to a sufficient standard for you.

For example, we will obtain and/or verify your email address from your website if you ask us to email you and we do not have or need to confirm your email address.

Legal basis for processing: our legitimate interests (Article 6 (1) (b) of the General Data Protection Regulation).

Legitimate interests: under certain circumstances, we will have a legitimate interest in obtaining information about you from public and private sources.  For example, if you have violated or we suspect that you have breached any of our legal rights, we will have a legitimate interest in obtaining and processing information about you from these sources, to investigate and prosecute any suspected or potential violation.

 

  • Disclosure and additional use of your data

 

This section sets out the circumstances in which we will disclose your data to third parties and any other additional purposes for which we use your data.

Disclosure of your information to service provider

We use a number of third parties to provide us with services that are necessary to run our business or to help us run our business and process your information for us on our behalf. They shall include the following:

IT RESPONSIBLE:  NETFACE.RO, Sfantu Gheorghe, str. Stadionului, 15/19/57, Covasna County, J14/468/2008, 24406031.

SERVER SERVICES: PCAMBULANTE SRL, Cluj Napoca, Aleea Băița, no. 1, ap. 36, Cluj County, J12/1378/2005, RO17470910.

SOCIAL MEDIA PLATFORMES: Facebook

STATISTICAL AND ANALYTICAL SERVICES: Google Analitics, Facebook pixel

MAILING SERVICES:  G-Mail

PHONE SERVICE: RDS&RCS

Your information will be shared with these service providers where it is necessary to provide the service you request, whether this request is to access our website or service booking from us.

Legal basis for processing: legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest based on: if we share your information with these third parties in a context other than if it is required to conclude a contract (or as a result of your request to do so), we will share your information with such third parties to enable us to administer and manage our business effectively.

Legal basis for processing: it is necessary to conclude a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).

The reason we need to conclude a contract: we may share information with our service providers to enable us to accomplish our obligations under that contract or to take the steps that you have requested before entering into a contract with you.

Disclosure of your information to other third parties

We disclose your information to third parties in certain circumstances, as shown below.

Providing information to third parties, such as Google Inc. Google collects information by using Google Analytics on our website. Google uses this information, including IP addresses and cookie information, for many purposes, such as improving Google Analytics service.  Information is shared with Google on an aggregated and anonymous basis. To learn more about what information Google collects, how it uses this information, and how to control information sent to Google, see the following page: https://www.google.com/policies/privacy/partners.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interests: performing contractual obligations to Google under the Google Analytics Terms and conditions ( https://www.google.com/analytics/terms/us.html).

You can opt out of Google Analytics by installing the browser plugin here: https://tools.google.com/dlpage/gaoptout .

Sharing your information with third parties that are either related to or associated with the operation of our business, if necessary for us. These third parties include accountants, counselors, affiliates, business partners, independent contractors and insurers. Further information on each of these third parties is given below.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: effective operation and management of our business.

We will disclose your information to a potential or real buyer or seller, in the context of a business sale or acquisition, merger or a similar, real or potential event.

Legal basis for processing: legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: We allow access to information with a prospective buyer, seller, or similar person to enable such transaction.

Disclosure and use of your information for legal reasons

Indication of possible criminal acts or threats on public safety to a competent authority

If we suspect that criminal or potential behavior has occurred, we will, in some circumstances, need to contact a competent authority such as the police. This could be the case, for example, if we suspect that a fraud or a cyber crime has occurred or if we receive threats or malicious communications to us or to third parties.

In general, we will only need to process your information for this purpose if you have been involved or affected by such an incident, one way or another.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: prevention of crime or suspected criminal activity (such as fraud).

In connection with the potential application or enforcement of our legal rights

We will use your information in connection with the implementation or enforcement of our legal rights, including, for example, the exchange of information with debt collection agencies if you do not pay the amounts due when you are contractually bound to do so. Our legal rights may be contractual (if we have a contract with you) or non-contractual (such as our legal rights under copyright or tort law).

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: to impose our legal rights and to take action to ensure our legal rights.

In connection with a dispute or a legal or potentially legal proceeding

We may need to use your information if we are involved in a dispute with you or a third party, for example either to resolve the dispute or as part of a mediation, arbitration or court order or a similar process.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: resolving disputes and possible litigation.

For the continued observance of laws, regulations and other legal requirements

We will use and process your information to comply with the legal obligations to which we are subject. For example, we may need to disclose your information based on a court order or a summons if we receive one.

Legal basis for processing: compliance with a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation.

Legal obligation: legal obligations to disclose information that is part of the Romanian laws or whether it has been incorporated into Romanian legal framework (for example, in the form of an international agreement that Romania has signed).

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: If legal obligations are part of the laws of another country and have not been integrated into the legal framework of Romania, we have a legitimate interest in complying with these obligations.

 

  • Duration of the storage of your data

 

This section determines how long we keep the collected data. We have set specific retention periods wherever possible. If this was not possible, we set the criteria we use to determine the retention period.

Retention period

Criteria for establishing retention periods

In any other circumstances, we will retain your information only as long as it is necessary, taking into account the following:

  • the purpose(s) and use of your information both now and in the future (for example, if it is necessary to continue storing that information in order to continue to accomplish our obligations under a contract with you or to contact you in the future);
  • if we have a legal obligation to continue processing your information. (such as any record keeping obligations imposed by the relevant law or regulations);
  • if we have any legal basis to continue processing the information (such as your consent);
  • how valuable your information is (both now and in the future);
  • any agreed industrial practices on the length of information storage;
  • the levels of risk, cost and responsibility involved in continuing to hold information;
  • how difficult it is to make sure that information can be current and accurate;
  • any relevant surrounding circumstances (such as the nature and status of our relationship with you);

 

 

  • Security of your information.

 

We take appropriate technical and organizational measures to secure your information and protect it from unauthorized or unlawful use and accidental loss or destruction, including:

  • sharing and providing access to your data to the minimum extent required, subject to confidentiality restrictions, where applicable and anonymously, whenever possible;
  • using secure servers for storing information;
  • verifying the identity of any person requesting access to information before giving them access to information;
  • use of the Secure Sockets Layer (SSL) standard to encrypt any information you send us through any forms on our website

Transmitting information to us by email

The transmission of information on the Internet is not entirely secure and if you send us information via the Internet (by email, through our website or by any other means), do so entirely at your own risk.

We cannot be responsible for any expenses, loss of profits, damage to reputation, damages, debts or any other form of loss or damage suffered by you as a result of your decision to transmit information by such means.

 

  • Transfer of your data outside the European Economic Area

 

Your information will be transferred and stored outside the European Economic Area (EEA) under the conditions outlined above. We will also transfer your information outside of the EEA or an international organization to comply with the legal obligations to which we are subject (for example, compliance with a court order). If we are obliged to do so, we will ensure that there are adequate safety measures and protection is in place.

 

  • Your rights on personal data

 

Subject to certain restrictions on certain rights, you have the following rights with respect to your data that you may exercise by sending an email to us:

    • request access to your information and information about the use and processing of your information;
    • request correction or deletion of your data;
    • request limited use of your data;
    • receive the information you provide us in a commonly used and readable device (for example, a CSV file) and the right to transfer that information to another data controller (including a third-party data controller);

 

  • object to the processing of your data for certain purposes (for more information, see the section below, entitled “Your right to object to data processing for certain purposes”); and

 

  • withdraw your consent to the use of your data at any time in which we rely on your consent to use or process this information. Please note that if you withdraw your consent, this will not affect the lawfulness of use and processing of your data based on your consent prior to the time you withdraw your consent.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to file a complaint with a supervisory authority. For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro.

Checking your identity if you request access to your information

If you request access to your information, we are legally required to use all reasonable measures to verify your identity before doing so.

These measures are designed to protect your information and reduce the risk of identity fraud, identity theft or unauthorized general access to your information.

 

  • Your right to object to the processing of data for specific purposes  

 

You have the following rights with respect to your data that you can exercise by sending an email:

  • object to the use or processing of information by us to perform a task in the public interest or in our legitimate interest, and
  • object to the use or processing of your data for direct marketing purposes

 

 

  • Sensitive personal data

 

“Sensitive personal data” is information about an individual who discloses racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership of a trade union, genetic information, biometric information for the purpose of sole identifying an individual, health or information on the sexual life or sexual orientation of a natural entity.

We do not knowingly or intentionally collect sensitive personal information from individuals and you should not send us sensitive personal information.

If, however, you intentionally or by mistake send us sensitive personal information, you will be deemed to have explicitly given us your consent to process sensitive personal information in accordance with Article 9 (2) (a) of the General Regulation on data protection. We will use and process your sensitive personal information for the purpose of deleting them.

 

  • Changes of our privacy policy

 

We periodically update and modify our privacy policy.

Minor changes of our privacy policy

If we make minor changes to our privacy policy, we will update the Privacy Policy with a new effective date mentioned at the beginning of the Privacy Policy. The processing of your information will be governed by the practices set forth in the new version of the Privacy Policy as of its effective date.

Major changes of our privacy policy or the purposes for which we process your information.

If we make major changes to our privacy policy or intend to use your data for a new purpose or for a purpose different from the purposes we originally collected, we will notify you by publishing an ad on our website.

We will provide you with information about the change in question and about the purpose and any other relevant information before using your information for the new purpose.

Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.

 

  • Confidentiality of minors

 

Since we care about the safety and privacy of children online, we do not knowingly contact or collect information from people under the age of 18. The website does not aim to request information of any kind from people under the age of 18.

We may receive information about people who are under the age of 18 by fraud or deceiving a third party. If we are notified of this, as soon as we verify the information, when the law so requires, we will immediately obtain the appropriate parental consent to use this information or, if we cannot obtain the consent of the parents, we will delete the information from our servers. If you want to let us know about people under the age of 18, please do so by sending an email to office@fidelitashotel.ro.