PRIVACY POLICY

ACCOMMODATE AT YOUR FAVORITE HOTEL IN THE CENTER OF OLD BUCHAREST

Sepcari Street no. 12-14, Old Center, Sector 3, Bucharest

Privacy policy for hoteloldtown.ro

Last updated April 17, 2019 *

Definitions

The reservation services, accommodation plus related services, the services on this web page offered to the Clients and / or Visitors of the Services will be called SERVICES

THE COMPANY is defined to be HYDRO POWER INVESTMENT SRL, Limited Liability Company with Unique Identification Code 29005405, having Romanian private capital.

VISITORS are all persons who access the Company’s Services

CUSTOMERS are all persons who benefit from the Services paid to the Company

These Services collect some Personal Data of Visitors and / or Customers

Owner and Data Control

The Owner of the Services is the Company

Email address of the owner: manager@hoteloldtown.ro

Email address for information and requests Data Protection: gdpr@hoteloldtown.ro

Types of data collected

Among the types of personal data that these Services collect, by themselves or by third parties, there are: name, surname, address, country, e-mail address, city, telephone number, booking details and stay in hotel, customer ID cookies and usage data and other data collected in this document.

Full details of each type of personal data collected are provided in the sections dedicated to this privacy policy or through specific explanatory texts displayed before the data is collected.

Personal data may be provided free of charge by the User or, in the case of Usage Data, collected automatically when using these Services.

Unless otherwise specified, all data requested by these Services is mandatory and failure to provide such data may make it impossible for the Service to function properly. In cases where these Services specify that certain data is not mandatory, users are free not to communicate this data, without affecting the availability or operation of the Service.

Visitors who do not know what data is required can contact the Company.

The use of Cookies by the Company is regulated by the Cookie Policy which can be accessed by clicking here.

Visitors and / or Customers are solely responsible for the data obtained by them from third parties sent to the Company and hereby confirm that they have the consent of third parties to transmit this Personal Data to the Company.

Data Processing Modes and Locations

Processing methods

The Company takes all necessary Security measures against access, disclosure, modification or unauthorized destruction of the Data.

Data processing is done using personal computers (PCs), servers and / or other IT (Information Technology) tools that fully comply with the procedures for the reasons indicated. In addition, in necessary cases, the Data may be disclosed to the various administrative persons of the Company (administration, sales, marketing, legal) and extraordinarily, strictly when necessary to third party Companies (hosting services, IT services, Internet service providers). called if necessary as Data Processors by the Company. The updated list of these third parties may be requested by Visitors / Customers at any time.

Legal basis for processing

The Company may process the Personal Data of Visitors and / or Customers under the following conditions:

  • Users have given their consent for one or more reasons;
  • The provision of Data is necessary for the contractual fulfillment with the Visitor and / or the Client or for any pre-contract between the parties;
  • Data processing is necessary as a result of the Company’s legal obligations;
  • Data processing is related to a task in the public interest or in the exercise of an official authority in which the Company has been invested;
  • Data processing is necessary for the purposes of legitimate interests pursued by the Company or by a third party.

In any case, the Company will be happy to clarify the legal basis for which the processing is performed, and especially if the provision of Personal Data is a legal or contractual requirement, or is a necessary requirement for concluding a contract.

Location

Personal data is processed in the offices, servers of the Company or in other places where the parties agree for the processing to take place.

Depending on the location of the Visitors and / or Clients, the transfer of Personal Data may be made in other states than the one in which it is located. To find out more about the transfer of Personal Data, Visitors and / or Customers can check the details contained about the processing of Personal Data.

Visitors and / or Customers are also encouraged to learn the legal basis for Data transfers to countries outside the European Union or to any international organization governed by international law or agreements between two or more countries, such as the United Nations, and on measures. taken by the Company to secure the Data.

If such a data transfer takes place, Visitors and / or Customers may check the relevant sections of this document or contact the Company for information using the data in the contact section above.

Data retention period

Personal data must be processed and stored for as long as required for the purpose for which they were collected.

So:

  • Personal Data collected for the operation of the contract between the Company and the Visitor and / or Client will be kept throughout the contract.
  • Personal data collected for the legal interests of the Company will be kept as long as they are needed for these interests. Visitors and / or Customers may find information about the Company’s legal interests in the relevant sections of this document or by contacting the Company.

The Company may be allowed to retain Personal Data for a longer period than the Visitors and / or Customers have given their consent as long as they have not withdrawn their consent. Moreover, the Company may be legally obliged to retain Personal Data for a longer period by applicable law or by a public authority.

After the retention period expires, Personal Data must be deleted. Therefore, the right of access, the right to request the deletion, the right to rectify or to carry the data cannot be enforced after the retention period has expired.

Purpose of processing

Data on the Visitor and / or the Client may be collected to allow the Company to provide the Services, but also to contact the Visitor and / or the Client, or for Analysis.

Visitors and / or Customers can find detailed information on these reasons for processing and on how Personal Data is used for each purpose, in the sections of this document.

Detailed information about the processing of Personal Data

Personal data is collected for the following purposes and services:

  • Analytical These help the Company to identify internet traffic on the Company’s pages and to observe the behaviour of the Visitors. We use our own services but also third party services such as Statcounter.com. The data is pseudo anonymized so that no direct connection can be made between the Visitor and his behaviour as an entity. Data collected in pseudo-anonymized format: loaded pages, visits, web browser information, searched keywords, number of visits, time, minute, second access, IP address, time spent, exit page, from which web page started access
  • Contact forms. Consent to use the Company’s Services, but also to send the various forms on the Company’s sites shown above, or correspondence with the Company by email, Facebook or other means of communication Visitors and / or Customers disclose Personal Data. Personal data collected includes name, surname, address, city, country, email address, telephone.

o Invoicing service, Contract. For invoicing, the Customer discloses personal data such as name, surname, address, but also email address and / or Facebook profile or other data necessary for the transmission of the fiscal document

The Rights of Visitors and / or Customers

Visitors and / or Customers may exercise certain rights regarding the Personal Data processed by the Company.

In particular, Visitors and / or Customers have the following rights:

Withdrawal of consent at any time.

Visitors and / or Customers have the right to withdraw their consent for the processing of Personal Data provided to the Company.

  • Objection to the processing of their Personal Data. Visitors and / or Customers have the right to object to the processing of their Personal Data if the processing is done on a legal basis other than the consent given. More details can be found in the sections below.

o Access to their Personal Data. Visitors and / or Customers have the right to know if their Personal Data is processed by the Company, to disclose certain aspects of the processing and to obtain a copy of their Personal Data that is being processed.

  • Verification and correction. Visitors and / or Customers have the right to verify the accuracy of their Personal Data and to request their updating or correction.
  • Restricting the processing of their Personal Data. Visitors and / or Customers have the right, in certain circumstances, to restrict the processing of their Personal Data. In this case, the Company will no longer process the respective Personal Data but will only archive them.
  • Their Personal Data may be deleted or otherwise destroyed. Users have the right, under certain conditions, to obtain the complete deletion of their Personal Data held by the Company. The data will be deleted within 28 days of the request and within the limits of the legislation so as not to affect the requirements before the Company’s legislator (for example keeping the fiscal invoices for the duration required by the Fiscal Code)
  • Receiving their Personal Data and transferring it to another controller. Visitors and / or Customers have the right to receive their personal data in a structured, common and computer-readable format, if technically feasible to be sent to another controller without hindrance. This provision is valid provided that the Personal Data is processed by automated means, and that their processing is based on the consent given by the Visitor and / or Customer, based on a contract in which the Visitor and / or Customer is a party or a pre-contract between the parties.
  • Filing a complaint. Visitors and / or Customers have the right to submit in the last resort a complaint against the Company to the authorities regulating the protection of personal data in case they cannot amicably resolve the issue with the Company.

Details regarding the objections to the processing

If the Personal Data are processed in the public interest, in the exercise of a public authority invested by the Company or for a legitimate interest of the Company, Visitors and / or Customers may oppose such processing by providing a reason related to their particular situation and to justify the objection.

Visitors and / or Customers should be aware that their Personal Data may be used in direct marketing activities by the Company without any justification. To learn more about how Personal Data can be used in this case, read this document carefully.

How to use these rights

Any request regarding the stipulated rights can be addressed directly to the company using the contact details in this document. These rights can be exercised free of charge and will be addressed to the Company as soon as possible and within a maximum of one month.

Additional information regarding the collection and processing of Personal Data

Legal Actions

The Personal Data of Visitors and / or Clients may be used by the Company in legal actions in Justice or in the stages that lead to possible actions in JUSTICE resulting from improper use of this document or other services during the visit to the site or the services offered. .

The Visitor and / or the Client acknowledges that the public authorities may request the Company to disclose the Personal Data without any notification to the Visitor and / or the Client.

Additional information about the Personal Data of Visitors and / or Clients

In addition to the information contained in this Privacy Policy, this document may provide additional data and particular information regarding the processing of Personal Data upon request.

System logs and maintenance

For reasons of operation and maintenance, the Company’s Services and other third parties may collect in files information about the interaction with the Services (System Logs) containing personal data (such as IP address, date, time of access, operating system / browser web).

Information not contained in this Privacy Policy

Whenever you have questions about the collection or processing of Personal Data you can request information from the Company. Please review the contact details at the beginning of this document.

How “Do Not Track” requests are handled

The services presented do not support requests such as “Do Not Track” Even if Visitors do not allow cookies, they will have personal data registered in the System Logs. This is absolutely necessary for server security reasons: cyber attacks are recorded and removed, people who try to access data illegally are checked and located. Moreover, even if you use proxy services, our servers will identify the real IP address for the reasons mentioned above. The log system is automatically archived and destroyed after a legal period.

To determine if third parties support and how they support “Do Not Track” requests, visit their privacy policies.

SECURITY BREAK / PERSONAL DATA THEFT

In case a Security breach and certain Personal Data in the possession of the Company are disclosed without authorization, the following will be done:

  • Immediate notification of the competent bodies regarding the protection of personal data
  • Immediate announcement of the Police and Cybercrime Bodies
  • Email notification of persons affected by the breach within a maximum of 7 days from the occurrence of the event, but after re-securing all Personal Data
  • Announcing on the web page the Security breach in maximum 7 days after the breach is produced in case the breach is large, after the total resecurity of the system

The maximum time of 7 days is necessary to fix any bugs, especially the zero day ones, so as to minimize the impact.

Alienation of Personal Data

In addition to the above provisions, the following are included:

  • If the Company sells a division or is sold in its entirety, or a new Legal Entity shares are included in the Company’s composition, the buyer will also receive the Personal Data. In this case, the buyer and the Company will notify the Visitors and / or Customers about the transaction both by email and on the web page as soon as possible.
  • In case the Company enters the insolvency or bankruptcy procedure, the Personal Data will be made known to the Judicial Administrator or the Liquidator, the information will be made known to the Visitors and / or Clients by email and on the website at the time of the appointment of the Judicial Administrator or Liquidator.

Changes to these Privacy Policies

The Company reserves the right to make changes to these Privacy Policies at any time by notifying Visitors and / or Customers on this page and if legally and technically feasible to contact each Visitor and Customer using any form of contact regarding the changes. It is recommended that you check this page as often as possible and look at the date of the last change, the date at the beginning and end of this document,

If the changes substantially affect the basic activity of the collection of Personal Data, the Company will be obliged to request a new consent.

Definitions and legal information (other than at the beginning of the document)

Personal Data (or Data)

Any information that directly, indirectly or in connection with other information – including a unique personal identification number) – identifies or makes identifiable a natural person.

Use of Data

Information collected automatically through the Company’s Services or through third parties may include: IP addresses, addresses or computer names, URIs (Uniform Resource Identifier), time of request, errors and requests on the server, country of origin,, name, surname, date of birth , time of birth, hometown, operating system, web browser, computer type, mobile phone, tablet or other information during reservations

Data Processor

The legal person, public authority, agency or other person who processes Personal Data on behalf of the data controller as described in this privacy policy.

Data Controller

The data controller is the Company as defined in this privacy policy

LEGAL INFORMATION

This privacy statement has been prepared on the basis of several pieces of legislation, including Article 13/14 of REGULATION (EU) 579 of 2016 GDPR (General Regulation on Data Protection).

This privacy policy applies to the Services as defined herein.

Last updated April 17, 2019

Do you need more travel information?

Contact

Subscribe to the newsletter

TOP

Șepcari Street, Nr. 12-14, Old Center, Sector 3

OLD TOWN HOTEL BUCHAREST

VOUCHER

Voucher with 10% discount from Old Town Boutique Hotel

SUBSCRIBE TO THE NEWSLETTER

Strada Șepcari, Nr. 12-14, Centrul Vechi, Sector 3

HOTEL CENTRU VECHI BUCUREȘTI

VOUCHER

Voucher cu reducere de 10% de la Old Town Boutique Hotel

ABONEAZA-TE LA BULETINUL INFORMATIV