Privacy policy
PERSONAL DATA PROCESSING DECLARATION
The company TOP LOFT HOTELS SRL, legal entity with registered office in Brasov, Str. Republicii Nr. 30, as controller, wishes to inform you about the processing of your personal data in the context of operations related to the provision of services TOP LOFT HOTELS SRL to customers, for the purposes specified below.
By the nature and procedures of the services provided by TOP LOFT HOTELS SRL, their users (“Clients” or “Users”) transmit certain personal data used to ensure the provision and performance of services in accordance with the legal provisions and procedures, in optimal conditions and in safety.
Protecting the personal data of TOP LOFT HOTELS SRL customers and keeping them safe is one of the important concerns of TOP LOFT HOTELS SRL and its agents, partners, subcontractors involved in providing services.
This Privacy Policy Statement reflects the privacy policy applied to all users of TOP LOFT HOTELS SRL services/products so that they are informed and can make an informed decision on how their personal data that is collected through the use of the service is or will be used and the rights they have.
PERSONAL DATA
Personal data means both non-personal data and personal data – information relating to an identified or identifiable natural person. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, including, but not limited to: (i) name, surname, address, e-mail, telephone (e.g. fixed, mobile, fax); (ii) information of a financial nature (e.g. income, etc.); (iii) various information required or requested by authorities specific to the provision of services/products; (iv) information resulting from video/audio monitoring in case the Customer visits one of the locations where TOP LOFT HOTELS SRL services/products are provided or contacts support services; (v) signature; (vi) any other information derived from them as a result of processing performed by TOP LOFT HOTELS SRL (ex, customer segmentation according to different criteria, the unique identifier generated at the level of TOP LOFT HOTELS SRL for each individual customer, information specific to the services/products offered by TOP LOFT HOTELS SRL, etc.) and any other information that is necessary for the performance of TOP LOFT HOTELS SRL activities; (vii) iP or activities performed when browsing our website or using TOP LOFT HOTELS SRL applications/services). Processing of personal data means any operation or set of operations which is performed upon personal data, by automatic or non-automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination or otherwise, alignment or combination, blocking, archiving, erasure, destruction, etc.
INFORMATION COLLECTION
We may collect and process your personal data for the purposes of fulfilling our contractual obligations to you, managing and administering your accounts (if applicable), recruiting and developing staff, or for compliance with applicable law. If you have consented to such use, we will also use your information to provide you with products and/or services that we believe may be of interest to you.
The website, through the policies adopted, including internal regulations, emphasizes the importance of protecting personal data, will ensure that it will respect the rights of data subjects under the GDPR and will make every effort to ensure that your data is processed in compliance with the requirements of the GDPR.
This Policy is intended to adequately inform you about the processing of your data in the context of using the services of the Site.If you are under the age of 16, please do not provide us with personal data.
We collect the following data:
We collect and process your data when you interact with the Company through the Website, namely the information you provide to us by filling in the booking form or contact form on the Website.The personal data we collect through the contact form and further process are: [nume] [adresa de email].The personal data we collect through the reservation form and further process are: [nume] [prenume] [adresa de email] [numarul de telefon de contact] and some optional personal data to facilitate the accommodation booking process:[tara] [compania] [adresa postala] [scopul sederii] [oras/locatie] [cereri speciale] [stat/regiune] [cod postal].
PURPOSES OF PROCESSING PERSONAL DATA
By accepting this Policy you agree to the inclusion of your personal data in the Company’s database.The Company cannot be held liable for the inaccuracy of the data you have provided, your failure to update such data and/or your negligence with regard to data security, i.e. correspondence transmitted via email/mail and/or SMS messages and cannot be held liable in the event that third parties have come into possession of your data.The company keeps, in accordance with the specifications of the regulation on the protection of personal data, all information collected for the purpose of contractual or pre-contractual relations as well as a record of transactions carried out in electronic format and which are necessary for the establishment, exercise or defense of a right in court. To this end, a minimum set of data concerning your identity will be processed for the sole purpose of complying with the legislation in force with regard to the keeping of records, inventory, selection, storage and use of the documents held.
THE GROUNDS FOR PROCESSING PERSONAL DATA
TOP LOFT HOTELS SRL processes personal data for the purposes mentioned above, on the following grounds: 1. Execution of the contract and preliminary steps for this contract (art. 6(1) b GDPR) – for data collected through the order form or data received as a result of customer relationship services; 2. Legal obligations (Art. 6(1) c GDPR – for data required for invoicing; 3. Consent (art 6 (1) a GDPR) for data used for marketing to website visitors (e.g. newsletter subscription, marketing cookies, etc.); 4. Legitimate interest (art 6 (1) f GDPR for data used for marketing to current customers (according to art. law 506/2004 art 12 (2)), security of own website (recital 49 GDPR) and data used internally for optimization of own website (and anonymized or pseudonymized, as appropriate).
IS IT COMPULSORY FOR THE USER TO COMMUNICATE THE DATA? WHAT ARE THE CONSEQUENCES IN CASE OF REFUSAL?
The processing of personal data requested by TOP LOFT HOTELS SRL from users/potential users in order to provide the services are considered strictly necessary for the provision of services in accordance with the legal provisions and procedures of TOP LOFT HOTELS SRL. Refusal to provide such data makes it impossible for us to provide the services. The user may opt not to have his/her data processed for direct marketing purposes.
RECIPIENTS OF PERSONAL DATA
For the fulfillment of the purposes mentioned above, the company may disclose Customer data, where strictly necessary on a need-to-know basis, to the following categories of third parties:
– regulatory and legal authorities;
– contracting partners.
These contractual partners also carry out their commercial activity in Romania, and they may be provided with your personal data to be used within the limits of the obligations they have assumed towards the company. The personal data that we disclose to the persons entrusted by us with their processing are limited to the minimum necessary personal data in order to perform the respective services and, at the same time, we ask them not to use personal data for any other purpose.We make every effort to ensure that all entities we work with store your personal data in a safe and secure manner. Some of them are also operators who also do business in Romania, such as payment service providers acting as agents.
Some of them are third parties that do not have the role of processing personal data, but may have access to them in order to fulfill their obligations or in their interaction with society, such as technical maintenance companies, financial auditors or legal service providers.
Personal data mentioned above may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions with powers of control over the services, activities or assets of a company, which request a company to provide information, based on legal obligations incumbent on a company; (ii) for the fulfillment of a legal requirement, including those related to the provision of services, or for the protection of the rights and assets of our company or other entities or persons, such as courts of law; (iii) acquiring third parties, to the extent that the activity of the company would be (wholly or partially) transferred and the personal data of the data subjects would be part of the assets representing the subject of the transaction. Also, for the purposes of the processing regulated above, we may provide your personal data to companies that are part of the TOP LOFT HOTELS SRL group, companies that will be subject to the company’s instructions regarding the processing of your personal data.
TRANSFER OF PERSONAL DATA OUT OF THE COUNTRY
In the context of the operations described above, Customers’ personal data may be transferred out of the country to countries in the European Union (“EU”) or the European Economic Area (“EEA”). Thus, we hereby inform Customers that any transfer made by the Company to an EU or EEA member state will comply with the legal provisions of the General Data Protection Regulation 2016/679 adopted by the European Parliament (“GDPR”).
PROCESSING DURATION
We will store the personal data of the Customers only for the period of time necessary to achieve the purposes of processing, as mentioned above, and in compliance with the legal regulations in force including, but not limited to, the provisions on archiving.
WHAT HAPPENS TO USERS’ PERSONAL DATA AFTER PROCESSING STOPS
After the above-mentioned processing duration expires and the company no longer has legal grounds or a legitimate interest with regard to the processing of your personal data, the personal data will be deleted in accordance with the company’s procedures, which may involve archiving, anonymization, destruction.
AUTOMATED DECISION MAKING AND PROFILING
Personal data mentioned herein may be subject to automated decision-making processes, including profiling.
SECURITY OF PERSONAL DATA PROCESSING
The company constantly evaluates and improves the security measures implemented in order to ensure a safe and secure processing of personal data.
THE DATA SUBJECT’S RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA
In the context of processing personal data of users / potential users, the data subject has the following rights:Pursuant to the Regulation, you enjoy the following rights in relation to the processing of personal data: the right regarding access to the collected data. In the event that your personal data is processed by the Company, we will provide you with access to that data and a range of information in accordance with the GDPR. We will provide you upon request with a copy of your data subject to the processing;
Right to rectification. You have the right to obtain from the Company, upon request and free of charge, the rectification of your inaccurate data, while at the same time having the right to obtain the completion of your data that are incomplete, including by providing an additional statement;
The right to erasure (“right to be forgotten”) You have the right to obtain from the Company the erasure of your data if one of the grounds provided for by the GDPR applies.
Right to restriction of processing. You have the right to obtain from the Company the restriction of the processing of your data; Right to data portability. You have the right to receive from the Company the personal data you have provided to us and the right to request us, as far as technically possible, to transmit your data to another personal data controller;
The rights you enjoy may be exercised, under the terms of the Regulation, by means of a written request, dated and signed, sent by post to the Company’s address in the preamble or to the Company’s e-mail address (……….), to which we will reply within the time limit provided for by the GDPR. In order to respond to such a request you will need to prove your identity and provide us with any other details that will help us to respond to your request.
We would like to inform you that, based on the legal provisions, we have the possibility to refuse, with justification, abusive requests and/or certain requests that do not fall within the limits provided by the rules in force and also that we have the right to charge a reasonable fee proportionate to your request.
In the event that you consider that the processing of your data is not carried out in compliance with all the requirements imposed by the Regulation, you may apply to the National Supervisory Authority for the Processing of Personal Data (hereinafter referred to as “ANSPDCP”) – www.dataprotection.ro and/or to the competent courts.
CHANGES TO THIS STATEMENT ON THE PROCESSING OF PERSONAL DATA
TOP LOFT HOTELS HOTELS SRL reserves the right to modify this Privacy Policy Statement without prior notice, in accordance with the legislation in force. Insofar as this Declaration is modified, TOP LOFT HOTELS SRL will publish an updated version on the website. Please review the Declaration – Privacy Policy from time to time, either on the website www………. or in the locations where the services are available, in order to be aware of the latest version of the same.