Personal Data Privacy Policy
1. General Information
Casa Bună Pension, Reciu Village, Gârbova Commune, Alba County, Romania, VAT ID RO39144290, through its website, processes your data in accordance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector and Emergency Ordinance 13/24.04.2012. The privacy of your personal data is one of the main concerns of our website. According to GDPR provisions, our company is obliged to manage, in safe conditions and only for specified purposes, the personal data you provide about yourself. We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process your personal data or any changes to legal requirements. In the event of any such change, we will display the modified version of the Privacy Policy on our website, which is why we ask you to periodically check the content of this Privacy Policy.
2. Definitions
- personal data – any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity;
- processing of personal data – any operation or set of operations performed on personal data, by automatic or non-automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination, or otherwise, alignment or combination, blocking, erasure, or destruction;
- storage – keeping on any type of support of the collected personal data;
- personal data filing system – any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;
- controller – any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- processor – a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
- third party – any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process data;
- recipient – any natural or legal person, public authority, agency, or any other body to whom data are disclosed, whether a third party or not; public authorities that may receive data in the framework of a particular inquiry shall not be regarded as recipients;
- anonymous data – data which, due to its origin or specific processing method, cannot be associated with an identified or identifiable person;
- “business address” data – data that include the name, position, business address, telephone number, or e-mail address of an employee of an organization, in this capacity. “Business address” data are not considered personal data;
- statistical data – data that have been obtained as a result of the processing by the controller of personal data but which cannot be used to identify a person and are used exclusively for statistical and/or informational, promotional purposes;
- DPO – Data Protection Officer, who has the main role of ensuring compliance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR – General Data Protection Regulation);
- GDPR – is the abbreviation of EU Regulation No. 679/2016 applicable from May 25, 2018, across the entire European Union as well as in any other state in the world where EU citizens’ personal data are used.
3. Processing of personal data and their confidentiality
In accordance with the requirements of the GDPR Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Law no. 677/2001 for the protection of individuals regarding the processing of personal data and the free movement of such data, amended and supplemented, and Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector and Emergency Ordinance 13/24.04.2012, through our website, we may collect from you personal data. We manage in safe conditions and only for specified purposes, the personal data you provide about yourself or another person. We use the personal data collected, including the IP address from which the Site is visited, browser configuration, and your location, for the following purposes (see Cookie Policy):
4. Categories of processed personal data
If you are a user of the site, your personal data that you provide directly in the context of using the site, such as the data you provide in the Contact, Reservation, and Gallery sections, will be processed.
1. Purposes and bases for processing
If you are a user of the site, we process your personal data as follows:
5. The duration for which we process your data
Personal data may be kept by the Company even after the fulfillment of the purposes for which they were initially collected, to the extent that the personal data will be processed exclusively for public archiving purposes, for scientific, historical research purposes, or statistical purposes, in compliance with GDPR provisions (art. 89), subject to the implementation by the Company of appropriate technical and organizational measures to respect and guarantee the rights and freedoms of the data subjects. After fulfilling the purposes for which the personal data were collected (and in the absence of the applicability of the situations mentioned in the previous paragraph), personal data will be destroyed, deleted, or anonymized from the Company’s databases/record systems (both electronic and in paper format), in compliance with applicable legal provisions and the Company’s Data Retention Policy.
6. Transfer of personal data
Personal data provided to the site owner will not be transferred outside the European Union.
7. How we protect the security of your personal data
Our company meets the security requirements of personal data. We use security methods and technologies, along with policies applied to employees, to protect personal data in accordance with current legal provisions. Despite the measures taken to protect your data, we draw your attention to the fact that the transmission of information via the internet or through other public networks is not completely secure, posing the risk that the data may be seen and used by unauthorized third parties. We cannot be responsible for such liabilities of systems that are not under our control.
8. The rights of individuals
– The right to be informed (art. 12-13): Informing the data subject about the categories of data collected, purpose, recipients, transfer;
9. Links to other websites
Our website may provide links to websites that we do not control. After you click on a third-party link, you will be directed to that third party’s website. If you visit any of these connected websites, you should review their privacy policies. We are not responsible for the policies and practices of other sites. We do not assume any responsibility for the content, privacy policies, and notices or practices of third-party websites or services.
10. Data Protection Officer
We have designated a Data Protection Officer regarding all aspects related to personal data protection, and you can contact the Data Protection Officer regarding all matters related to the processing of your data and the exercise of your rights under applicable legal provisions, especially if you have questions or concerns about how we process your personal data.
Attention! Please exercise your rights wisely and note that the abuse of rights may lead to liability.
The contact details of the National Authority for the Protection of Personal Data are as follows:
11. Contact
The information presented is intended to inform the user more about the nature, use, and management of personal data used by our website.
If you need more information and it is not found in this section, you can contact us at dpo@infomedpro.ro