Thank you for your interest in our services!
The security and confidentiality of your personal data represent a priority for us.
|CONTROLLER IDENTIFICATION DATA. CONTACT DATA
The controller processing personal data collected by this webpage is the company POIANA CAILOR S.R.L, Romanian nationality, with office in Bucharest, District 6, Calea Giulesti no. 333, Building C14, basement, Room 13, with registration number at the Trade Register J40/1605/2021, CUI 43649991.
For any inquiry/reports/complaints/ regarding your personal data and additional information, you can contact us in writing, at the address of our office or by e-mail, at firstname.lastname@example.org.
|ESSENTIAL NOTIONS, according to the definitions of the European Regulation no. 679/2016 (GDPR)
“personal data“ means any information regarding a natural person, identified or identifiable (“data subject”); a natural person identifiable is a person who can be identified, directly or indirectly, especially, by reference to an identification element, such as a name, an identification number, localization, an online identification element, or one or more specific elements, own to his/her physical , physiological, genetic, mental, economic, cultural or social identity;
“processing” means any operation or set of operations carried out on personal data or on sets of personal data, with or without the use of automatic means, such as collection, registration, organization, structure, storage, adaption or modification, extraction, consulting, use , disclosure by communication, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction;
|CONTENT AND PURPOSE. SCOPE
By this document, we ensure for all the users and visitors of this webpage, the information and obtaining consent evidence, expressly/implicitly, deducted from the circumstances resulted from site navigation and the voluntary transmission of data to us, on available/displayed communication means on it.
The provisions of this document apply to data processing made through this webpage and also to data processing by third party pages/ways, the context to which reference is made – for example, recruitment announcements published on third party webpages/data processing by and in the context of online advertising and marketing promotion activities/by social networks – direct/indirect processing by external sources that make an explicit reference to this policy.
|PERSONAL DATA COLLECTED DIRECTLY FROM THE WEBPAGE OR FROM ONLINE IN GENERAL
The data processed depend on the section/function accessed on site, as well as the manner and the purpose for which you communicate with us through the site.
The data collected through cookie modules, automatic upon accessing/navigating different sections/accessing various functions – for details, please read the Cookies Policy.
Filling in the contact form available on site:
name, surname, e-mail address, telephone number (required), gender (to the extent to which it is implicit in the name or e-mail address).
Distinct from them, the data provided voluntarily by the data subject, without the request of the controller, by filling in the space for the message itself (for example, date of birth/age/occupation/job/workplace, implicitly provided in the context of requests for information/offers for events).
Sending messages of any kind or making phone calls using the contact addresses displayed on the site (otherwise than by the contact form):
contact data related to the chosen communication means and, eventually, gender (to the extent to which it is implicit in the name or e-mail address), any data included in the content of the message itself, first and last name, data related to the CVs submitted, data on the function occupied within a company (in case of company representatives addressing collaboration initiatives), data deducted from the nature/purpose of the events in order to request offers/information.
Launch of booking requests by third party website with a touristic profile:
name, surname, e-mail address, telephone number, card type, credit/debit card number, cardholder’s name, expiration date and security code, period of stay, (mandatory), car registration number (optional), sex , (if it implicit from the first name/email address),
For online group bookings, will be requested only the data of the person making the booking, with indicating the number of persons from the group, as well as the name and surname of the persons from the group.
Upon check-in/use of facilities and concrete services from the location, strictly necessary, additional data will be collected.
In case of events, as a rule, will be collected only the data of the organizer – mentioned above for booking – to which are added, unrequested/inherent data considering the nature and the purpose of the event (event dedicated to a certain ethnic group/weddings/baptisms, holidays/position, workplace, occupation, profession in case of team buildings, profile conferences etc.).
Newsletter subscription/adhering to our online community/activating marketing cookies used on our sites: e-mail – voluntarily provided, associated to a distinct and retractable consent – for details, please consult the Cookies Policy.
The submission of inquiries/reports/complaints on your personal data, name, surname, gender (to the extent to which it may be deducted from your name or e-mail), contact data related to the chosen communication means or other contact data (if one wants to receive the answer in any other way) and another identification attribute (only under the conditions described below, under the Section Inquiries/Reports/Complaints on personal data)
Registration for promotions, contests and campaigns – under the processing conditions mentioned in the Official Regulation related to each event organized by the Operator.
Publishing testimonials/interactions on social network pages
Public data associated to the user account of the data subject – is related to the nature of the interaction and your consent on the message itself.
Visiting and interacting with/Publication of testimonials in social networks administered by the Controller (Facebook, Instagram, LinkedIn):
own username on the page, public data associated to the personal data, implicitly accessibly by the interaction with the website, data included in the message itself/images/video publicly voluntarily launched on these pages, subject to the consent and liability of who launches them.
Such data will be publicly displayed/deleted from the page, upon the company’s disposal. You may delete at any moment/you may request at any moment the deletion of the information associated with/published on our pages. We do not take responsibility in relation to third party takeover from our own pages.
Our company does not create distinct data bases from the data published on these pages, however, may implicitly use the data collected directly by these third-party pages within audience and marketing analyses.
For more information on the processing of data through these pages, you may consult their own Privacy Policies.
|PROCESSING GROUNDS AND PURPOSES
Data related to cookies – for details, please see Cookies Policy
The data related to the contact form submitted on site and any type of message sent to the contact addresses displayed on site:
- Grounds – your consent, your legal or contractual obligation, our prevailing legitimate interest
- Purpose: for managing, solving, providing answer, investigating/valorisation or any request/report/complaint/offer received by contact forms, for recruiting procedures, for engagement in negotiations on side of the collaboration offers/initiatives received or requested, in order to prove conformity in execution of the contracts/in complying with the legislation specific to consumer protection, if the communication received enters such areas, to protect our legitimate rights and interests in case of conflict/correlative litigation, to be presented when needed to the public authorities.
Data related to requests/reports/complaints on personal data
- Grounds: our legal obligation to be liable and to adopt the measures imposed, our legal obligation to produce and keep evidence of processing conformity, our prevailing legitimate interest
- Purpose: to ensure the effective exercise of your legitimate rights and interests on data processing, security and confidentiality and to fulfil our obligations and guarantee the prevailing legitimate interest to avoid sanctions by the surveillance authority, to protect our legitimate rights and interests in case of conflict/correlative litigation, to be presented in case of a control by public authorities/upon their request.
Data related to newsletter subscription/adherence to online marketing communications
- Grounds: your consent, our legal obligations to test the conformity of the processing, our prevailing legitimate interest
- Purpose: to present and promote products, services, collaborators, events and to build and preserve a community around some common values, to defend our legitimate rights and interests in case of conflict/correlative litigation, to be presented upon a check by/request of public authorities.
Data related to social media testimonials/interactions
- Grounds: your consent, our legal obligations to test the conformity of the processing, our prevailing legitimate interest
- Purpose: to promote products, services, collaborators, events, through the positive feedback of former clients, to adjust marketing approaches, to permanently improve products and services, to carry out collaborations of any kind, measures and security and privacy policies, to defend legitimate rights and interests in case of conflict/correlative litigation, to be presented upon a check by/request of public authorities.
Data related to online booking
- Grounds: your consent, our legal/contractual obligations, our prevailing legitimate interest
- Purpose: to ensure the execution of the contractual commitments in relation with you, to ensure the execution and testing of the conformity for the activity carried out, according to relevant legislation depending on the nature of the service and the quality of consumer of the service beneficiary, to protect our legitimate rights and interests in case of conflict/correlative litigation, on the context of concluding, executing, terminating the agreements, to be presented within the checks carried out by State authorities and institutions, to be provided to the authorities according to their requests.
Date related to their promotions, contests and campaigns
- Grounds: your consent, our legal obligations, our prevailing legitimate interest
- Purpose: to promote our products and services this way, to ensure the execution and the test of the conformity of the activity carried out within these events/actions, according to the related legislation, to test the conformity of the processing in these contexts, to defend our legitimate rights and interests in case of conflict/correlative litigation, to be presented within the checks carried out by State authorities and institutions, to be provided to the authorities according to their requests.
|DURATION OF THE PROCESSING
Data collected involuntarily/unsolicited by the operator and for which there are no legal grounds for processing, will be erased the moment the collection is observed, without informing the data subject to this end;
For the data provided through the contact form/communication ways displayed on the website:
- failing to sign an agreement between the parties, for which there are no grounds for storing except for the consent of the data subject, for a period of 1 month from providing an answer to the communication/within one month from receiving the request for which no answer was provided;
- signing an agreement between the parties, during the agreement period, together with the related agreements and any other documents that regard negotiation, conclusion, execution, termination and litigation related to the agreement and 3 years after agreement termination/definitive solving of the litigation between the parties, if the communication context/nature/purpose is of interest.
For the data related to bookings/signing agreements/solving aspects related to them through the website/third party profile pages/communication ways available through/displayed on the website: 3 years from the termination in any way of the relation between the parties, with the possibility to extend until the solving of the litigation that could arise in connection to them.
For agreements including accommodation, the duration for storing the data related to the Accommodation documents is 5 years of completion, according to the Government Decision no. 237/2001 for approving the Standards on tourist access, record and protection in touristic accommodation structures.
For the data related to the CVs submitted for recruitment, during the recruitment period and for 1 year after the completion of the process without the recruiting of the data subject, if he/she has given consent;
The CVs of the persons hired will be attached to their employee personal files and kept, during the contract, and upon termination of the labour contract in any way, will be stored for a period of 75 years according to the legal term.
For data processed for marketing purposes and for those resulted from social media interactions – until the withdrawal of the data subject’s consent/the solving within the legal term of the request to delete data.
For the data related to documents by which the controller makes proof of the processing compliance in relation with ANSPDCP (inquiries/reports/complaints of the data subject personally submitted or by proxy, the proof of the solving manner, obtaining consent and so on) – 3 years from their production/completion of those procedures, regardless of the duration established for basic purposes, strictly so that the controller can prove, when needed, to A.N.S.P.D.C.P the performance of a compliant processing and the observance of the data subject rights/for application of sanctions to those who are guilty with the non-compliance of the data subject rights.
For the data included in payment and financial/accounting documents – 3 years from the termination of relations in any way between the parties/definitive solving of the litigation between the parties or for longer periods of time, according to the legal-fiscal-financial-accounting obligations of the company.
|DATA RECIPIENTS. INTERNATIONAL DATA TRANSFER
As a rule, the company will disclose the data subject of this document only to the employees and authorized internal collaborators, in a limited and justified manner, external collaborators, who act as outsourced departments/or as suppliers and service providers interposed in the agreements you conclude with the company.
All these beneficiaries have previously signed commitments and data processing agreements, so that it is possible to implement and observed proper security and privacy of your data.
The company does not transfer data to other countries.
This webpage has inputs and reference to third party pages and social networks, which are not under our control or administration, only in a limited and circumstantial context that refers to our own pages on such third-party pages and social networks.
These pages can be subject, without our consent or possibility to restrict data transfers to other state members or outside the EU.
For more details, please access the privacy policies related to these pages and networks.
|RIGHTS OF THE DATA SUBJECTS
Right to access – the right to obtain a confirmation from us whether your personal data are processed or not and, if yes, to obtain access to such data and to information on the way they are processed.
Right to data portability – the right to data portability in a structured format, currently used and that can be automatically read and the right for this data to be directly transmitted to another controller, given that this is technically possible.
Right to opposition – the right to oppose personal data processing. When data processing is carried out for direct marketing, you have the right to oppose processing at any moment. Depending on the circumstances, the opposition to processing may lead to the impossibility of providing services/answers for which there are other collection grounds/denouncing the contracts concluded with the company.
Right to rectification – the right to request and obtain, without unjustified delays, the rectification of inaccurate data/data updates/completion of incomplete data. The company may execute data updates from its own initiative.
Right to be forgotten – if one of the following reasons applies:
- the data is no longer necessary for fulfilling the purposes for which it has been collected or processed;
- you exercise the right to withdraw your consent and there is no other legal ground for processing;
- you oppose the processing and there are no legitimate reasons to prevail;
- personal data has been illegally processed;
- personal data must be deleted in order to comply with a legal obligation;
Right to restrict processing – the right to, without obtaining the deletion of the data, request their marking and limited processing, in the following cases:
- the accuracy of the data we process is challenged for a period which allows the verification of the data accuracy;
- the processing is illegal, and the data subject opposed the deletion of the personal data, requesting in exchange the restriction;
- the company no longer needs person data for processing, but the data subject requests them in order to observe, exercise or defend a right in court;
- you oppose processing for the period of time during which will be verified whether the legitimate rights of the company prevail on your rights as data subject.
Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing, if you consider that the company is violating the legal provisions in terms of data processing.
Right to solving your requests/referrals/complaints on personal data within a reasonable period of time and to be informed regarding any potential measures adopted/failure to adopt measures about the request.
Right to be informed in case of breaching the security of your data, likely to put your rights and interests at high risk, save for exceptions provided by law.
|INQUIRIES/REPORTS/COMPLAINTS ON PERSONAL DATA
Any inquiries/reports/complaints regarding personal data will be addressed in writing, at the email address email@example.com and by providing a contact address to which the answer/information related to it can be communicated also in writing. The same will be applied in case of inquiries/reports/complaints related to prior inquiries/reports/complaints.
Upon addressing any inquiries/reports/complaints, the claimant will properly identify, in order to prevent privacy data to be compromised, adopting some measures upon the request of some wronged/unauthorized persons or risking/breaching in any way the legitimate rights and interests of the data subjects in relation with the data for which the request is drafted.
In case of requested submitted by a proxy, the proper identification of the proxy and the verification of his/her quality will be carried out (including directly from the data subject)
The requests sent by phone or the request with only the phone number as available contact data will not be considered, until they will be sent in writing, under the conditions mentioned before.
If the request made as such as to raise suspicion of the controller regarding the identity of the applicant or regarding the legal nature of the request, the controller may suspend the solving until the provision of some additional reasonable information/data in order to confirm the identity and/or the quality of the applicant.
We subordinate these requirements to our legal obligation and our legitimate interest to prove the observance of your rights according to GPR and all legal norms in terms of data protection.
Solving of any inquiry/report/complaint will be done within a reasonable term, but maximum within 30 days from its receipt.
This term may be extended by two months when necessary, considering the complexity and the number of requests, with the motivated briefing of the data subject on the reason of the extension within 30 days.
The answer and/or any communication imposed by the specifics of the request will be communicated in writing to the data subject or his/her proxy, the same way the controller received the request or in any other written form, expressly and reasonably requested, by the data subject/his/her proxy.
Version 1.1 published on 13 July 2021