Privacy Policy

Personal Data Privacy Policy

 

1. General Information

Casa Bună Pension, Reciu Village, Gârbova Commune, Alba County, Romania, VAT ID RO39144290, through its website, processes your data in accordance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector and Emergency Ordinance 13/24.04.2012. The privacy of your personal data is one of the main concerns of our website. According to GDPR provisions, our company is obliged to manage, in safe conditions and only for specified purposes, the personal data you provide about yourself. We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process your personal data or any changes to legal requirements. In the event of any such change, we will display the modified version of the Privacy Policy on our website, which is why we ask you to periodically check the content of this Privacy Policy.

2. Definitions

  • personal data – any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity;
  • processing of personal data – any operation or set of operations performed on personal data, by automatic or non-automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination, or otherwise, alignment or combination, blocking, erasure, or destruction;
  • storage – keeping on any type of support of the collected personal data;
  • personal data filing system – any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;
  • controller – any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • processor – a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
  • third party – any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process data;
  • recipient – any natural or legal person, public authority, agency, or any other body to whom data are disclosed, whether a third party or not; public authorities that may receive data in the framework of a particular inquiry shall not be regarded as recipients;
  • anonymous data – data which, due to its origin or specific processing method, cannot be associated with an identified or identifiable person;
  • “business address” data – data that include the name, position, business address, telephone number, or e-mail address of an employee of an organization, in this capacity. “Business address” data are not considered personal data;
  • statistical data – data that have been obtained as a result of the processing by the controller of personal data but which cannot be used to identify a person and are used exclusively for statistical and/or informational, promotional purposes;
  • DPO – Data Protection Officer, who has the main role of ensuring compliance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR – General Data Protection Regulation);
  • GDPR – is the abbreviation of EU Regulation No. 679/2016 applicable from May 25, 2018, across the entire European Union as well as in any other state in the world where EU citizens’ personal data are used.

3. Processing of personal data and their confidentiality

In accordance with the requirements of the GDPR Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Law no. 677/2001 for the protection of individuals regarding the processing of personal data and the free movement of such data, amended and supplemented, and Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector and Emergency Ordinance 13/24.04.2012, through our website, we may collect from you personal data. We manage in safe conditions and only for specified purposes, the personal data you provide about yourself or another person. We use the personal data collected, including the IP address from which the Site is visited, browser configuration, and your location, for the following purposes (see Cookie Policy):

– For page customization
– To ensure that the web page is relevant to your needs.
– To help us create and publish the most relevant content for you.
– To improve the security of access to the services offered.

4. Categories of processed personal data

If you are a user of the site, your personal data that you provide directly in the context of using the site, such as the data you provide in the Contact, Reservation, and Gallery sections, will be processed.

1. Purposes and bases for processing

If you are a user of the site, we process your personal data as follows:

a) – for the Contact section: name, email, phone.
Basis: The processing of your data for this purpose is based on your consent if you choose to provide it.
You are not obliged to provide us with the data, but by refusing, we will not be able to respond to you.
b) – for the Reservation section: name, surname, date of birth, address, series and number of ID card, arrival date, departure date, purpose of the trip, signature, bank details, email, and phone.
Basis: The processing of your data for this purpose is based on the execution of a service contract.
c) – for the Gallery section: photo image.
Basis: The processing of your data for this purpose is based on your consent if you choose to provide it.

5. The duration for which we process your data

Personal data may be kept by the Company even after the fulfillment of the purposes for which they were initially collected, to the extent that the personal data will be processed exclusively for public archiving purposes, for scientific, historical research purposes, or statistical purposes, in compliance with GDPR provisions (art. 89), subject to the implementation by the Company of appropriate technical and organizational measures to respect and guarantee the rights and freedoms of the data subjects. After fulfilling the purposes for which the personal data were collected (and in the absence of the applicability of the situations mentioned in the previous paragraph), personal data will be destroyed, deleted, or anonymized from the Company’s databases/record systems (both electronic and in paper format), in compliance with applicable legal provisions and the Company’s Data Retention Policy.

6. Transfer of personal data

Personal data provided to the site owner will not be transferred outside the European Union.

7. How we protect the security of your personal data

Our company meets the security requirements of personal data. We use security methods and technologies, along with policies applied to employees, to protect personal data in accordance with current legal provisions. Despite the measures taken to protect your data, we draw your attention to the fact that the transmission of information via the internet or through other public networks is not completely secure, posing the risk that the data may be seen and used by unauthorized third parties. We cannot be responsible for such liabilities of systems that are not under our control.

8. The rights of individuals

– The right to be informed (art. 12-13): Informing the data subject about the categories of data collected, purpose, recipients, transfer;

– Data portability (art. 20): The data subject has the right to request data portability between Controllers;
– The right to be forgotten (art.17): When processing is no longer justified or when the data subject has withdrawn their consent;
– The right to object (art.21): The right of the data subject to object to or oppose certain types of processing;
– The right of access to data (art.15): The data subject may request access to their data to verify if the processing is justified;
– The right to rectify Data (art.16): The data subject can request the rectification of data if they are processed incorrectly;
– The right to restrict processing (art.18) The data subject may request the restriction of the use of data or data transfer;
– The right to object to profiling (art. 21) The data subject has the right not to be subject to a profiling decision when it is based on automatic processing;
– The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP, Bucharest, G-ral. Gheorghe Magheru Blvd. no. 28-30, sector 1, postal code 010336, www.dataprotection.ro , anspdcp@dataprotection.ro , phone: +40.318.059.211; +40.318.059.212, fax: +40.318.059.602) and the right to address the competent courts.

9. Links to other websites

Our website may provide links to websites that we do not control. After you click on a third-party link, you will be directed to that third party’s website. If you visit any of these connected websites, you should review their privacy policies. We are not responsible for the policies and practices of other sites. We do not assume any responsibility for the content, privacy policies, and notices or practices of third-party websites or services.

10. Data Protection Officer

We have designated a Data Protection Officer regarding all aspects related to personal data protection, and you can contact the Data Protection Officer regarding all matters related to the processing of your data and the exercise of your rights under applicable legal provisions, especially if you have questions or concerns about how we process your personal data.

Contact details of the Data Protection Officer:
–  Phone: 0771 054 497
–  Email: dpo@infomedpro.ro

Attention! Please exercise your rights wisely and note that the abuse of rights may lead to liability.

The contact details of the National Authority for the Protection of Personal Data are as follows:

National Supervisory Authority for Personal Data Processing
Adress: Bucharest, G-ral. Gheorghe Magheru Blvd. no. 28-30, sector 1, postal code 010336
Email address: anspdcp@dataprotection.ro
Phone: +40.318.059.211; +40.318.059.212
Fax: +40.318.059.602

11. Contact

The information presented is intended to inform the user more about the nature, use, and management of personal data used by our website.

If you need more information and it is not found in this section, you can contact us at dpo@infomedpro.ro

Policy updated on 01.03.2024

 

Close