Privacy policy


Privacy Policy for hoteloldtown.ro

Last Updated April 17, 2019

Definitions

The reservation services, accommodation and related services, the services on this web site offered to Clients and / or Visitors of Services will be called SERVICES

COMPANY is defined as HYDRO POWER INVESTMENT SRL, Limited Liability Company with Unique Identification Code 29005405, having Romanian private capital.

VISITORS are all persons accessing the Company Services

CLIENTS are all persons who benefit from the Services paid to the Company

These Services collect some Personal Data of Visitors and / or Customers

Owner and Data Control

The Services Owner is the Company

Owner’s email address: manager@hoteloldtown.ro

Email Address for Information and Requests Data Protection: gdpr@hoteloldtown.ro

Types of collected data

Among the types of personal data that these Services collect, either by themselves or through third parties, are: name, surname, address, country, e-mail address, city, phone number, details of booking and stay hotel, client ID cookies and usage data and other data collected in this document.

Full details of each type of personal data collected are provided in the sections dedicated to this privacy policy or by specific explanatory texts displayed prior to data collection.

Personal data may be provided free of charge by the User or, in the case of Usage Data, automatically collected when using these Services.

Unless otherwise specified, all data required by these Services are mandatory and failure to communicate these data may make it impossible for the Service to function properly. In cases where these Services specify that certain data are not mandatory, users are free not to disclose such data, without consequences on the availability or operation of the Service.

Visitors who do not know what data are required may contact the Company.

The use of Cookies by the Company is governed by the Cookie Policy that can be accessed by clicking here.

Visitors and / or Customers are solely responsible for the data they have obtained from third parties sent to the Company and hereby confirm that they have the consent of third parties to transmit to the Company such Personal Data

Modes and locations of Data Processing

Processing methods

The Company takes all necessary security measures against unauthorized access, disclosure, modification or destruction of the Data.

Data processing is done using personal computers (PCs), servers and / or other IT (Information Technology) tools that fully comply with the procedures for the stated reasons. Additionally, in required cases Data may be disclosed to the various administrative personnel of the Company (Department of Administration, Sales, Marketing, Legal) and Extremely Extremely, when required by Third Party Companies (hosting services, IT services, Internet Service Providers) called if it is not required as Data Processors by the Company. The updated list of these third parties may be requested by Visitors / Clients at any time.

Legal basis for processing

The Company may process Visitor and / or Customers Personal Data under the following conditions:

  • Users have given their consent for one or more reasons;
  • The provision of the Data is necessary for the contractual fulfillment with the Visitor and / or the Customer or for any precontract between the parties;
  • Data Processing is required as a result of the Company’s legal obligations;
  • Data Processing is related to a task in the public interest or in the exaction of an official authority in the company has been invested;
  • Data processing is necessary for the purposes of legitimate interests pursued by the Company or by a third party.

In any case, the Company will be happy to clarify the legal basis for processing, and in particular whether the provision of Personal Data is a legal or contractual requirement or is a requirement for the conclusion of a contract.

Location

Personal Data is processed in the Company’s offices, servers, or other locations where the parties agree that processing takes place.

Depending on the location of the Visitors and / or Customers, the transfer of Personal Data may take place in countries other than the one in which they are located. To learn more about transferring Personal Data, Visitors and / or Customers can check the details of processing Personal Data.

Visitors and / or Customers are also encouraged to learn the legal bases of Data Transfers in countries outside the European Union or to any international organization governed by international laws or agreements between two or more countries such as the United Nations and the measures taken by the Company to secure the Data.

If such Data Transfer occurs, Visitors and / or Customers can check the relevant sections of this document or contact the Company for information using the data in the contact box above.

Date retention period

Personal Data must be processed and stored for as long as it requires the purpose for which it was collected.

So:

  • Personal Data collected for the operation of the contract between the Company and the Visitor and / or Client will be retained throughout the contract.
  • Personal Data collected for the Company’s legal interests will be kept as long as they are needed for these interests. Visitors and / or Customers may find information about the Company’s legal interests in the relevant sections of this document or contacting the Company.

The Company may be allowed to retain the Personal Data for a longer period than the Visitors and / or Customers have provided for as long as they have not withdrawn their consent. Furthermore, the Company may be legally obliged to withhold Personal Data for a longer period of time by applicable law or by a public authority.

After the retention period expires, Personal Data must be deleted. Therefore, the right of access, the right to request removal, the right of rectification or porting of data can not be enforced after the retention period has expired.

The purpose of processing

Visitor and / or Customer data may be collected to allow the Company to provide the Services, but also to contact the Visitor and / or the Customer, or for the Analyzes.

Visitors and / or Customers can find detailed information on these processing grounds and how Personal Information is used for each objective in the sections of this document.

Detailed information about processing your Personal Data

Personal Data is collected for the following purposes and services:

  • Analytical. These help the Company identify Internet traffic on Company’s pages and observe Visitor behavior. They use their own services but also third-party services such as Statcounter.com. The data is pseudo anonymized so that it is not possible to make a direct link between the Visitor and its behavior as an entity. Data collected in pseudo-anonymous format: uploaded pages, visits, web browser information, searched keywords, number of visits, time, minute, access point, IP address, time spent, exit page,
  • Contact forms. Consent to use the Company Services, but also the submission of the different forms on the Company’s websites shown above, or correspondence with the Company wearing by email, Facebook or other media, Visitors and / or Clients reveal Personal Data. Collected personal data include name, surname, address, city, country, email address, telephone.
    • Billing Service, Contract.For invoicing, the Customer discloses personal data such as name, surname, address, but also the email and / or Facebook profile or other data needed to submit the tax document

Visitor and / or Customer Rights

Visitors and / or Customers may exercise certain rights with respect to Personal Data processed by the Company.

In particular, Visitors and / or Customers have the following rights:

Rejection of consent at any time.

Visitors and / or Customers have the right to withdraw their consent to the processing of Personal Data provided to the Company.

  • Objection to the processing of their Personal Data. Visitors and / or Customers have the right to raise objections to the processing of their Personal Data if the processing is done on a legal basis other than the given consent. More details can be found in the sections below.
    • Access to their Personal Information. Visitors and / or Customers have the right to know if their Personal Data is processed by the Company, to reveal certain aspects of their processing and to obtain a copy of their Personal Data that is being processed.
  • Verification and Correction.Visitors and / or Customers have the right to verify the accuracy of their Personal Data and request their updating or correction.
  • Restricting the processing of their Personal Data. Visitors and / or Customers are entitled, under certain circumstances, to restrict the processing of their Personal Data. In this case, the Company will no longer process these Personal Data but only archive them.
  • To delete their Personal Data or otherwise destroyed.Users are entitled, under certain conditions, to obtain the complete deletion of their Personal Data held by the Company. The data will be deleted within 28 days of the request and within the limits of the legislation so that it does not affect the requirements in front of the Company’s legislator (eg keeping the tax invoices for the duration required by the Fiscal Code)
  • Receiving their Personal Data and transferring to another controller. Visitors and / or Customers have the right to receive their personal data in a structured format, shared and readable by a computer if feasible in a technically feasible way to be sent to another controller without any hindrance. This provision is valid provided that Personal Data are processed by automated means, and that their processing is based on consent given by the Visitor and / or the Client on the basis of a contract in which the Visitor and / or Customer is a party or a pre-contract between the parties.
  • Submitting a Complaint. Visitors and / or Customers have the right to ultimately lodge a complaint against the Company with the authorities that regulate the protection of personal data in case they can not solve amicably the issue with the Company.

Details on raising objections to processing

If Personal Data are processed in the public interest, in the exercise of a public authority invested by the Company or for a Company’s legitimate interest, Visitors and / or Customers may oppose such processing by providing a reason related to their particular circumstances and to justify the objection.

Visitors and / or Customers must know that their Personal Data may be used in marketing activities directly by the Company without any justification. To learn more about how Personal Data can be used in this case, read this document carefully.

How can these rights be used

Any claim regarding the rights may be addressed directly to the company using the contact details in this document. These rights may be exercised free of charge and will be addressed to the Company as soon as possible and within a maximum of one month.

Additional Information on the Collection and Processing of Personal Data

Legal Actions

Visitor and / or Customer Personal Data may be used by the Company in legal actions in Justice or in the stages leading to possible actions in JUSTICE resulting from improper use of this document or other services during the visit to the site or the services provided .

The Visitor and / or Customer is aware that public authorities may require the Company to disclose Personal Data without any notice to the Visitor and / or Customer

Additional information about Visitor and / or Customers’ Personal Data

In addition to the information contained in this Privacy Policy, this document may provide additional data and particular information regarding the processing of Personal Data upon request.

System logs and maintenance

For reasons of operation and maintenance, the Company Services and other third parties may collect information about the interaction with the Services (System Logs) containing personal data (such as IP address, date, time of access, operating system / navigator web).

Information not in this Privacy Policy

Whenever you have questions about collecting and processing your Personal Information, you may request information from the Company. Please see the contact details at the beginning of this document.

How to deal with “Not Tracked”

The services presented do not support “Do not watch” requests Even if Visitors do not allow cookies, they will have personal data logged in the System logs. This is absolutely necessary for Server Security reasons: it records and removes cyber attacks, checks and locates people trying to illegally access data. Moreover, even if you use proxy services, our servers will identify the real IP address for the above mentioned reasons. The log system automatically archives and destroys after a legal period.

In order to determine whether third parties bear and how to handle “Do not Track” requests, please visit their privacy policies.

SECURITY BREACH/ PERSONAL DATA

In the event that a Security breach and certain Personal Data in the possession of the Company are disclosed unauthorized, the following will be done:

  • Immediate announcement by competent authorities of the protection of personal data
  • Immediate announcement of the Police and Combating Cyber Crime Organs
  • Announcement by email of people affected by the breach within 7 days of the event producer, but after re-encryption of all Personal Data
  • Announcement on the web site of the Security Breach in maximum 7 days after the breach is produced if the breach is large, after the total re-encryption of the system

A maximum of 7 days is required to fix any bugs, especially zero days, to minimize impact.

personal data Intention

In addition to the above, the following are included:

  • If the Company sells a division or sells in its entirety, or when the Company enters into a new legal action, the buyer will also receive the Personal Data. In this case, the Buyer and the Company will notify Visitors and / or Customers about the transaction both by email and on the web page as soon as possible
  • If the Company enters into insolvency or bankruptcy proceedings, the Personal Data will be made known to the Judicial Administrator or the Liquidator, the information will be made known to Visitors and / or Clients by email and on the web site at the time of appointment of the Judicial Administrator or the Liquidator

Changes made to these Privacy Policies

The Company reserves the right to make changes to this Privacy Policy at any time by notifying Visitors and / or Customers on this page and if it is legally and technically feasible to contact each Visitor and Customer using any form of contact regarding the changes. It is recommended that you check this page as often as you can and look at the date of the last change, the date at the beginning and end of this document.

If the changes substantially affect the basic activity of collecting Personal Data, the Company will be required to seek a new consent.

Definitions and legal information (other than at the beginning of the document)

Personal Data (or Data)

Any information that directly, indirectly or in connection with other information – including a unique personal identification number) – identifies or identifies an individual.

Using Data

Information collected automatically through Company Services and through third parties may include: IP addresses, addresses or computer names, Uniform Resource Identifier (URI) addresses, time of request, server errors and requests, home country,, name, surname, birth date , birthday, hometown, operating system, web browser, computer type, mobile phone, tablet, or other information during booking

Data Processor

Legal person, public authority, agency, or other person processing Personal Data on behalf of the data controller as described in this privacy policy.

Data Controller

The Data Controller is the Company as defined in this privacy policy

LEGAL INFORMATION

This Privacy Statement was drafted on the basis of several laws, including Art 13/14 of GDPR (General Regulation on Data Protection) REGULATION (EU) 579 of 2016.

This Privacy Policy applies to the Services as defined herein.

Last Updated April 17, 2019