Information note regarding the processing of personal data within grandhotelorient.ro from 15.09.2023
Who is the company that manages grandhotelorient.ro?
ORIENT COMPANY SRL (hereinafter referred to as “grandhotelorient.ro”, “Grand Hotel Orient, “we” or similar) is a company from Romania, with headquarters in the Municipality of Brăila, Rubinelor Street no. 1, Brăila County , Romania registered at the Trade Register under number J09/501/1991, fiscal code RO2238239.
The document below is very important, because it explains why we need certain personal data to be able to provide certain services. Please read it carefully, because we have tried to explain here a series of useful principles and concepts both in the interaction with our website and in the interaction with the online environment in general.
We will also describe below what rights you have in relation to the personal data that we process for you, as well as what actions you can take to better understand and control the amount of personal data that is processed online.
What is personal data and how do we obtain it?
According to the GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
Personal data refers to information about natural persons, not legal entities. The distinction is important because, for example, the registration number from the Trade Register, the fiscal code or other identification elements of some companies are not personal data. Moreover, when an e-mail address or a telephone number clearly refers to a legal entity (e.g. office@ e-mails or telephones from a company’s public call center), then we do not speak about personal data.
It does not matter if the processing of this personal data is done through an automated system or through a non-automated system (e.g. manual processing), if it is part of a structured data record system.
ORIENT COMPANY SRL obtains this data as follows:
Direct from the customer
ORIENT COMPANY SRL collects personal data directly from the client, usually the information provided when signing the contract or during its execution:
First name, last name, date of birth
Postal and email address
Phone number and identity data
Details of transactions made (reservations, prices, payment methods, etc.)
ORIENT COMPANY SRL may also request other personal data for specific purposes, for example when the customer provides a copy of an identity document at the time of concluding a contract, with his consent.< /span>
Also, ORIENT COMPANY SRL receives any information or content created by the client and actively provided by him (specific content, images, etc.). In addition, in order to be able to offer the best products and services, ORIENT COMPANY SRL may sometimes request information regarding the customer’s experience during the use of the products and ORIENT COMPANY SRL services. This information can be comments or suggestions, but also recommendations for improvement.
In certain situations, grandhotelorient.ro can also collect customer data by automatic means. For example, personal data may be collected through cookies, web or telephone beacons, when the customer interacts with grandhotelorient.ro’s advertisements and mobile applications or when they visit the websites and other IT systems of ORIENT COMPANY SRL or who are in contractual relations with ORIENT COMPANY SRL. The data thus collected may include: IP address, browser type, operating system, identification number of the mobile device used, geographic location, redirect URLs, information about the actions taken or the interaction with ORIENT COMPANY SRL.
From external sources
In order to offer products and services, ORIENT COMPANY SRL may legitimately collect data about the customer and from external sources when consulting:
public databases (such as that of the Trade Register or the Ministry of Public Finance)
as well as databases that help identify possible areas of risk in a future contractual relationship;
Personal data may also be collected from sources such as: third-party data aggregators, ORIENT COMPANY SRL partners, public sources and third-party social networking sites, online platforms that offer access to the applications of ORIENT COMPANY SRL or of the partners of ORIENT COMPANY SRL (if there is the client’s agreement for his personal data to be communicated to ORIENT COMPANY SRL).
ORIENT COMPANY SRL may combine various personal data of the client, coming from different sources (a website, an event, etc.), just to serve the interests of the client in a personalized way and legitimate in order to offer the best possible services.
Who is responsible for personal data in the case of group offers or those serving multiple users?
In the case of group offers or products and services serving multiple users, the account holder is responsible for the data they provide. The options expressed by the owner regarding personal data will be applicable to all users in the created group (unless another user has indicated his own option to us in advance). in case of discrepancies between the users’ and the account holder’s options, the holder will indicate the option that prevails.
Why do we process personal data?
ORIENT COMPANY SRL will process the customer’s personal data only to ensure the best possible relationship with him during the performance of the contract. The processing of personal data may be based on the client’s consent, may be related to the contract or imposed by a legal obligation.
The legitimate interest of ORIENT COMPANY SRL may be the basis of a processing of personal data, the Customer being able to object. Along with the legitimate interest, the processing may be based on the client’s consent, the need to carry out the contract or a legal obligation on the part of ORIENT COMPANY SRL.
When ORIENT COMPANY SRL asks the client for consent for processing, he has the option to have his personal data processed only for the specified purposes.
Only if there is agreement to this effect, ORIENT COMPANY SRL will process personal data in order to inform about:
– the products and services of ORIENT COMPANY SRL, offers, promotions or special events
– the products and services of ORIENT COMPANY SRL affiliates or business partners of ORIENT COMPANY SRL
Since it is necessary to offer products and services, ORIENT COMPANY SRL will process personal data in order to:
– honoring customer requests/orders/questions, processing payments made for ORIENT COMPANY SRL products and services
– check customer eligibility for specific offers and products
Because it is a legitimate interest that does not infringe the client’s rights, ORIENT COMPANY SRL will process personal data in order to:
customize the experience within ORIENT COMPANY SRL and from the online environment belonging to ORIENT COMPANY SRL, to request feedback on the Customer’s experience or to evaluate the effectiveness of communication with it, to personalize the interactions customers have with staff or with the Customer Relations department
create and maintain Customer accounts, including administering any loyalty or consumer reward programs associated with the Customer account
provide the necessary protection, identification and prevention of debts, abuses, claims and other obligations and to comply with applicable law
evaluate potential risks of fraud or late payment, including by checking against dedicated databases
to identify any remaining debits as a result of non-execution of obligations from previous or ongoing electronic communications contracts
evaluate the Customer’s solvency and commercial risk in the event of concluding a contract
improve the products and services of ORIENT COMPANY SRL, by evaluating the number of users who access or use the products and services of ORIENT COMPANY SRL, which are the characteristics of the products and services that present the more customer interest, what types of offers customers want and how online products and services work technically
develop customer profiles on the basis of which ORIENT COMPANY SRL can later identify cases of fraud.
ORIENT COMPANY SRL may record telephone conversations with ORIENT COMPANY SRL representatives in order to identify customer needs and improve the services offered by ORIENT COMPANY SRL. The customer is informed of this at the time of requesting a conversation with an operator of the Customer Service of ORIENT COMPANY SRL and has the possibility to refuse the conversation.
What we collect and store
While you visit our site, we will track:
Pages visited on the grandhotelorient.ro website.
Location, IP address and browser type: we will use them for the purpose of traffic source analysis
We respond to your requests and complaints
We process payments and prevent fraud
We comply with all legal obligations we have, such as calculating taxes (taxes)
Improving our offers for the services we offer
We send you marketing messages, if you choose to receive them
We generally store information about you for as long as we need it for the purposes for which we collect and use it, but we do not keep it any longer unless we are legally required to legal view. For example, we will store booking information for 5 years for tax and accounting purposes. They include first and last name, email address and address. We will also store comments or reviews, if you choose to leave them.
Who has access from our team
Our team members have access to the information you give us. For example, both administrators and front desk staff can access:
Customer information, such as name, email address and accommodation information;
Information on reservations made;
Our team members have access to this information to help honor reservations, process refunds, and provide support to you.
ORIENT COMPANY SRL will be able to use the information it collects about the customer, the device used or the use of products and services and in other ways only in compliance with the law.
What are the rights of customers regarding the processing of personal data?
The client has specific rights in terms of data protection, and ORIENT COMPANY SRL provides an environment that facilitates their exercise (the right of access, rectification, objection, deletion, receiving personal data or submitting a complaint).
ORIENT COMPANY SRL has taken the necessary precautions to ensure the customer that his data protection rights are properly respected.
The customer has the following rights:
1. The right to information – art. 13 and 14 GDPR. It allows the data subjects to know, right from the moment of collection, how that data will be used, to whom it will be disclosed or transferred, what rights the data subjects have with regard to the processed data, etc.
2. The right of access to data – art. 15 GDPR. It allows you to obtain, from us, a confirmation that personal data concerning you is being processed or not and, if so, access to the respective data and other useful information.
3. The right to delete data – art. 17 GDPR. It allows you to obtain from us the deletion of your personal data without undue delay. There are, however, exceptions to this rule, such as the idea that some data are processed to give the public the right to information, that they are processed for statistical or archiving purposes, that they are processed to fulfill a legal obligation or that we process them for establishing or defending a right in court.
4. The right to rectification of data – art. 16 GDPR. It allows you to obtain from us, without undue delay, the rectification or completion of inaccurate personal data concerning you.
5. The right to data restriction – art. 18 GDPR. It is a temporary right. In some situations, between the moment when, for example, we take the decision to delete certain data (we no longer need the personal data for the purpose of processing) and the actual deletion of the data, you send us a request by which you oppose the deletion, giving reasons the fact that you need this data to establish, exercise or defend a right in court. As a result of such a request, we will “freeze” the data, stopping their processing for a certain period of time.
6. The right to data portability – art. 20 GDPR. You have the right to receive the personal data that concern you and that you have provided to the operator (who processes them under a contract or based on your consent, by automatic means) in a structured format, currently used and which can be read automatically and you have the right to transmit this data to another operator, without hindrance from us. In other words, your personal data will be provided to you, in a structured format, so that you can decide whether to download it or, on the contrary, to send it to another operator.
7. The right to opposition – art. 21 GDPR. You have the right to object, for example, to the processing of your personal data, when it is processed for direct marketing purposes. To make it clearer how you can exercise this right, it should be mentioned, for example, that in all newsletters that come from grandhotelorient.ro (regardless of whether we are talking about newsletters that only provide information or newsletters that promote orienthoteliergroup services or products. ro) you will always have the possibility to unsubscribe. We offer this possibility in absolutely all situations, regardless of whether the law obliges us to do so or not (not all emails from us are considered direct marketing), because we think it is important that your interaction with grandhotelorient.ro only exists for a while you want it.
8. The right not to be subject to a decision based solely on automatic processing, including profiling, which produces legal effects concerning the data subject or similarly affects him in a significant measure. grandhotelorient.ro does not carry out such profiles that are followed by automated decisions with legal or similar significant effect for the person concerned. When we carry out such profiles, we will notify you and modify this information note.
9. The right to submit a complaint to the National Supervisory Authority for the Processing of Personal Data. G-ral Blvd. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania. +40.318.059.211 / +40.318.059.212, firstname.lastname@example.org.
These rights may be limited, in certain circumstances defined by law (for example, the customer will be able to opt out of receiving marketing communications, but will not be able to request ORIENT COMPANY SRL to the personal data necessary for the execution of the contract are deleted). Such restrictions will be individually verified and communicated to the customer accordingly.
The right to disable can be exercised as follows:
by following the opt-out instructions in relevant marketing communications
if he has an account within an application belonging to ORIENT COMPANY SRL, he can change his activation/deactivation preferences in the relevant account editing section
via a request to Customer Service
The customer will continue to receive administrative communications from ORIENT COMPANY SRL, such as order confirmations or notifications regarding the activities in his account (e.g. account confirmations and password changes ), even if they opt out of receiving marketing communications.
ORIENT COMPANY SRL informs the client that he can object at any time to a processing performed on the basis of legitimate interest. Any opposition will be analyzed and resolved according to the law.
Time period: We will try to respond to your request within a maximum of 30 days and may extend this period for specific reasons related to the complexity of your request. In all cases, if this period is extended, we will inform you about the extension period and the reasons that led to it.
Access restriction: In certain situations, we may not be able to provide you with access to all or some of your personal data due to legal requirements. If we deny your access request, we will inform you of the reason for the denial.
No identification: In some cases, we may not be able to search your personal data because of the identifiers you provide in your request. In such cases, if you do not we can identify you as a data subject, we are unable to comply with your request to enforce your legal rights described in this section unless you provide additional information that allows you to be identified. We will inform you and give you the opportunity to provide such additional details.
Exercising your legal rights: To exercise your legal rights, please access your Account from grandhotelorient.ro, where you will be able to receive instant answers to your requests. If you are not satisfied with this answer, please contact us in writing (including electronically) at the contact details provided in the Contact section.
How does the GDPR apply to children?
ORIENT COMPANY SRL does not knowingly request or collect personal data of children under the age of 18 when offering specific services unless explicit consent is obtained beforehand of the parent or guardian) or under the age of 16 in the rest of the situations. If children’s personal data is collected, it is processed carefully and only with specific safety measures.
What does the automatic processing of personal data entail?
Any decision taken exclusively on the basis of automatic processing will be previously consented to or necessary for the conclusion of the Contract.
ORIENT COMPANY SRL personalizes communication with its customers using personal data related to customer history, previous choices or product or service preferences.
The customer will not be subject to any decision based solely on automated data processing that produces legal effects concerning or significantly affects him, unless the customer has explicitly agreed to the processing or the processing is necessary for the conclusion or performance of a contract concluded with ORIENT COMPANY SRL (as in the case of identifying eligibility for certain offers) to prevent fraud and debit situations, or ORIENT COMPANY SRL is obliged by law to use personal data in this way.
In all cases, the client has the opportunity to request an explanation of the logic behind the automatic decision mechanism, as well as, where appropriate, the client can request human intervention in issuing the decision that looks.
Can your personal data be processed by third parties for other purposes?
If the client expresses his agreement in this regard or there is a legitimate interest in the use of his personal data, ORIENT COMPANY SRL will be able to communicate this data to third parties.< /span>
As a rule, ORIENT COMPANY SRL will not communicate the client’s personal data to a third party that intends to use it for direct marketing purposes, unless there is the client’s consent in this sense.
ORIENT COMPANY SRL may, however, communicate the client’s personal data to third parties, without his consent, in the following situations and to the following entities:
Affiliates: personal data may be communicated to affiliated companies of ORIENT COMPANY SRL for the purpose of carrying out current and business activities
Service providers: ORIENT COMPANY SRL can contract service providers, agents or contractors to provide services on its behalf, including asset and service management services at the customer’s disposal. ORIENT COMPANY SRL requires these third parties to comply with all applicable data protection laws and specific security requirements regarding the Customer’s personal data. ORIENT COMPANY SRL may transfer such personal data when providing electronic communications services, warranty-related services, service exchange (in case of eligibility).
Consultants or external partners of ORIENT COMPANY SRL who provide assistance to the company (e.g. external lawyers, debt recovery agencies, call center)
Public authorities: ORIENT COMPANY SRL can communicate the customer’s data in case it is required to do so by law or in case it considers, in good faith, that the respective disclosure is reasonably necessary for the proper conduct of legal processes, investigations or to respond to any complaints or requests from the authorities
How do we protect your personal data?
ORIENT COMPANY SRL applies appropriate security measures to guarantee the safety of the client’s personal data and has implemented specific durations, so that personal data is kept as long as necessary to fulfill the stated purpose.
To guarantee the safety of personal data, ORIENT COMPANY SRL has implemented a series of security measures that are in accordance with industry standards. They do not cover those personal data that the customer chooses to communicate in public spaces online or offline.
Retention of data
ORIENT COMPANY SRL will keep personal data as long as necessary for the stated purpose, taking into account the need to answer questions or solve problems, to offer new services or improved and to comply with applicable legal requirements. Therefore, ORIENT COMPANY SRL can keep personal data for a reasonable period of time after the last interaction of the customer with ORIENT COMPANY SRL, in accordance with the legislation in force.
When the client’s personal data are no longer necessary for the purpose for which they were collected or which was agreed upon and there is no legal obligation to keep them, ORIENT COMPANY SRL will destroy them or delete in a safe way.
How can I learn more about this regulation?
For any question regarding personal data or for the exercise of legal rights, the customer can contact the ORIENT COMPANY SRL data protection officer using the dedicated address: email@example.com. Also, on www.grandhotelorient.ro, the client is provided with specific ways to express his options.
All available options will be presented and all messages will be answered as required by law. However, the customer should be aware that, for technical reasons, it may take several days to implement his requests or options, if there are no ongoing campaigns. If there are ongoing campaigns, it is possible that the customer’s option can be implemented by ORIENT COMPANY SRL only for future campaigns. During the time required to implement the option, ORIENT COMPANY SRL will continue to process the Customer’s personal data based on the previously expressed options.
How do these regulations apply to legal entities?
In the case of clients who are legal entities, for the purpose of processing the personal data of its users as mentioned above, ORIENT COMPANY SRL will obtain the express consent of the account holder for the types of data processing personal or for categories of personal data for which the law imposes such a condition. in this sense, the client, a legal entity, undertakes that before transferring personal data of users and the contact person to ORIENT COMPANY SRL, to obtain their consent for the processing carried out by ORIENT COMPANY SRL in the execution of the contract and for data processing mentioned in previous articles. By transferring the personal data of the users and the contact person to ORIENT COMPANY SRL, the legal entity client certifies that the consent of the users and the contact person has been obtained for the processing of their personal data by ORIENT COMPANY SRL according to the provisions above and assumes full responsibility in connection with it. At the same time, like group offers, the client will select the user options in communication with ORIENT COMPANY SRL.
We reserve the right, at our discretion, to change our privacy practices and to update and make changes to this notice at any time. For this reason, we encourage you to constantly return to this note. This document is current as of the date that appears at the top of the document. We will treat your personal data in a manner consistent with the privacy notice under which it was collected, unless we have your consent to treat it differently.
Social Network Buttons
Buttons display individual social network logos. However, the buttons are not standard social plugins, i.e. plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate action (click). As long as you do not click on the buttons, no data will be transferred to the social networks. By clicking on the buttons, you accept the communication with the servers of the social network, thereby activating the buttons and establishing the link.
Once clicked, the button works as a shared plugin. The social network obtains information about the site you have visited, which you can share with your friends and contacts. You must be logged in to share information. If you are not logged in, you will be redirected to the login page of the social network you clicked on, thus leaving the grandhotelorient.ro pages. If you are logged in, the “similar” message or recommendation of the item in question will be sent.
When you activate the button, the social networks will also receive the information that you accessed that page of our website and when you did so. In addition, information such as your IP address, details of the browser you used and your language settings may be transmitted. If you click on the button, your click will be transferred to the social network and used in accordance with the data policy.
When you click the button we have no control over the data collected and the data processing operations. We are not responsible for this data processing, nor are we the “controller” as defined in the GDPR. Nor are we aware of the full extent of data collection, legal basis, purposes and storage periods. With this in mind, the information provided here is not necessarily complete.
As far as we know, these providers store this data in user profiles that they use for advertising, market research and / or demand-oriented design. This type of analysis is performed (also for users who are not logged in) to present demand-oriented advertising and to inform other users of the social network of activities on our website. You have the right to object to the creation of these user profiles. To exercise your right to appeal, please contact the respective provider.
See the information provided by the following social media sites for details about the purpose and purpose of data collection and the further processing and use of data by that social network and your rights and settings. of confidentiality.
• Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
• Google+, Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America
• Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
Acest site folosește fișiere cookie pentru a vă oferi o experiență de navigare de calitate. Continuarea navigării pe acest site implică acordul dumneavoastră tacit privind termenii și condițiile enunțate.