fbpx

Confidentiality Policy

1. Acceptance

This agreement determines your use of the website located at www.telefericgrandhotel.ro (hereinafter referred as “the site”) and that you agree to the provision of personal data and understand that hotel and travel services cannot be provided without providing the requested personal data. Please read carefully the terms and conditions of use listed below before using or obtaining any material, products or services through the www.telefericgrandhotel.ro website.

SC Tint SRL uses personal information to better understand your needs to help you complete transactions or orders, communicate, provide you with services and support, keep you up to date with the services provided and special and season offers. Occasionally, we use the information provided to contact you for research into the services we provide in order to optimize the service offered and to meet your requirements. We respect the privacy and security of the information provided when using this site, including private data, the purpose for which we apply this policy. If you voluntarily make any personal data available to SC Tint SRL, you hereby agree that SC Tint SRL, for the purpose and for the duration of the transaction, records and manages those data.

Personal data means any information about an identified or identifiable individual, and an identifiable person is that identifiable person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, localization data, an online identifier, or one or more elements specific for physical, physiological, genetic, psychological, economic, cultural or social identity of that person.

This Policy refers to the personal data of our customers, business partners, and other people who come in contact with us or who visit our location, employees or people in the process of hiring, collaborators, etc. and applies to personal data collected by: e-mail, directly at the reception, various forms, CVs, video recordings, web-sites, social media. For the purpose of carrying out its business, Teleferic Grand Hotel (S.C Tint S.R.L.) may collect, process and store certain legally required personal data for the purpose of entering into a contract or of a legitimate interest. These data may be, but are not limited to, surname, first name, nationality, address, telephone, e-mail address, moving images, etc.

2. Data recording

SC TINT SRL processes the data provided by you in order to:

  • provide hotel and tourism services;
  • make reservations through online or offline reservation systems used by the Company;
  • fill in the accommodation form and to make payment formalities;
  • send /receive advertising and marketing offers;
  • a legitimate interest of the company or third party to whom the data are disclosed;

for which you have given your consent when accessing the service.

Privacy Policy describes:

  • The purpose for which we collect and how we use your personal information;
  • How we collect personal data;
  • The grounds of processing for the above purpose;
  • The categories of personal data that we collect and process;
  • The storage period for processing;
  • Your rights and how you can exercise them;
  • To whom can we pass this data?

We also want to let you know what we are doing to ensure the security of your personal data and how you can contact us about privacy and protection of your personal data.

3. The purpose for which we collect and how we use your personal data

Our company collects data in the following cases:

3.1. If you are a guest or a potential guest of the Teleferic Grand Hotel:

We have an obligation to manage safely and only for the specified purposes the personal data you provide to us about you.

3.1.1. To provide you with our services

We request data to provide you with our services:

– booking rooms and other services in our hotel; the grounds for data processing is in this case the execution of a contract;

– so you can stay in our hotel; the processing of personal data is done in this case on the grounds of a legal obligation;

– enroll in the loyalty program (optional), based on the legitimate interest of the hotel;

3.1.2.  To communicate with you

It is important for us to be able to communicate with you for various purposes, such as to find out what your views on our services are, to address your various complaints or to provide customized, timely services, in electronic format.

3.1.3.  Legal obligation

In certain circumstances, we may require some personal data under a legal obligation imposed by applicable law.

3.1.4.  Sending information (newsletter)

We request data to electronically send you commercial information / newsletters. For this we ask for your consent / approval and we request your e-mail address expressly; the grounds for processing is our legitimate interest.

You can withdraw your consent at any time, thus expressing your option not to receive our newsletter in the future by clicking “unsubscribe” when you receive the e-mail.

The categories of data processed in the context of our relationship with you are your surname, telephone, fax, address / home, e-mail address (optional) and other personal data you can provide directly to us.

3.2. If you are an employee or another type of collaborator
3.2.1. In order to enter into contractual relations with us (Individual Employment Agreement, etc.)

We request data required by law to enter into employment contracts with us on the basis of a statutory obligation: surname, first name, domicile, date and place of birth, identity card details, study papers, criminal record (where applicable).

3.2.2. To communicate with you

In order to communicate with you in a timely manner, we can request your phone number and e-mail address.

3.3. If you want to get hired at Teleferic Grand Hotel

We use the personal data contained in the CVs we receive to assess the qualifications of applicants for a position within the Teleferic Grand Hotel, including our “internship” programs. We base our processing on the interest in the potential conclusion and performance of an employment agreement.

The categories of data processed in the context of our relationship with you are surname, e-mail address, telephone, fax, address, personal details included in the CV, details of education and training, professional qualifications, and other personal data you can provide directly.

3.4. If you are a business partner / supplier
3.4.1. To keep in touch with you

We use your personal data to maintain direct contact and maintain the contractual relationship with you. We collect these data in order to conclude commercial contracts.

3.4.2.  To communicate with you

We use your contact information to communicate with you about any relevant issues related to our contractual relationship.

3.4.3.  Legal obligation

In certain circumstances, we may require some personal data under a legal obligation imposed by the applicable law.

3.5. If you are a visitor to the Teleferic Grand Hotel

We use your personal data to ensure our security, belongings and staff. In this case, we base our data processing on the legitimate interest of Teleferic Grand Hotel (S.C. Tint S.R.L.), namely the protection of these premises, assets and staff.

The categories of data processed in this context are your name as well as other personal data that you can provide us directly upon our request as well as your recorded images using the video surveillance system.

3.6. If you are a user of our website – www.telefericgrandhotel.ro

We use personal data that we collect from you when you visit our website to monitor traffic and improve the content of the site. In this data processing activity we rely on our legitimate interest to ensure the proper functioning of our website and to improve it. The data categories processed in this context are the time and date of accessing an Internet site and the IP address from which the site was accessed.

The grounds for personal data processing may be: a legal obligation (if S.C. Tint S.R.L. is legally obliged to disclose certain personal data to public authorities), the performance of a contract concluded by S.C. Tint S.R.L. in the context of a particular transaction or legitimate interest of S.C. Tint S.R.L. to make a transaction in the most efficient way.

The online booking service is provided through its own website; when you access this service, the terms and conditions that apply are those listed on that website. We advise you to consult them.

3.7. Providing personal data

When personal data is requested directly from you, Teleferic Grand Hotel (S.C. Tint S.R.L.) requires you to provide all data categories we request for the above-mentioned purposes, otherwise we will not be able to perform our specific activity.

If you provide personal data of other individuals to Teleferic Grand Hotel (SC Tint SRL), please inform them before such data is provided that Teleferic Grand Hotel (SC Tint SRL) intends to process their personal data as described in this confidentiality policy.

3.8. Transmission of personal data to third parties

Although, as a general rule, we do not disclose your personal data to third parties, it is possible:

– to disclose contact details to our marketing service providers (only with your consent);

– to disclose contact details to our satisfaction survey service providers (only with your consent);

– if there is a legal obligation to transmit relevant personal data to public authorities in the context of providing us with the services you request;

3.9. Processing time

We intend to keep your personal data for shortest possible time, for the minimum necessary for the proper conduct of our business – usually 24 months. However, there are situations where the laws in force require that certain data sets to be retained for longer periods of time.

3.10. Your rights

As a personal data holder, RGPD gives you a number of rights, including:

  • the right to access– allows you to obtain confirmation that your personal data is being processed by us and, if so, what are the relevant details of these processing activities;
  • the right to rectification– allows you to rectify your personal data if it is incorrect;
  • the right to delete– allows you to obtain the deletion of your personal data in certain cases, such as:
    • if the data is no longer needed in connection with the purposes for which they were collected;
    • whether the processing was based on your consent and whether you have withdrawn your consent, or has expired, or where there is no longer a legal basis for processing your personal data;
    • a court or regulatory authority has decided that your personal data in question must be deleted;
    • if it is proven that your personal data has been processed unlawfully;
  • the right to restriction– allows you to obtain the restriction of processing your personal data in certain cases, for example when you contest the accuracy of your personal data, for a period that allows us to verify this accuracy;
  • the right to object– allows you to object to the further processing of your personal data under the conditions and within the limits set by law;
  • the right to data portability– allows you to receive the personal data you have provided to us in a structured, commonly used and legible format, or to transmit these data to another data operator.

We are happy to ensure that you exercise these rights, unless this proves impossible or involves a disproportionate effort.

You can exercise the above-mentioned rights and learn more about such rights by submitting to us, as a data controller, a written request to Teleferic Grand Hotel (S. Tint S.R.L.), located in Str. Poiana Soarelui 243, Poiana Brasov, Brasov, or by e-mail at office@telefericgrandhotel.ro.

You also have the right to file a complaint with the National Supervisory Authority for Personal Data Processing, in its capacity as an autonomous central public authority with general competence in the field of personal data protection.

We are committed to always addressing your requests with the utmost care and to address any questions you may have to answer as soon as possible.

4. Data security

The data collected through our site is automatically stored in the internal computer system and can only be accessed by our employees based on username and password. The computer system offers advanced tools for sensitive data protection and is compliant with the PCI-DSS ((Payment Card Industry (PCI) Data Security Standard) standard.

5. Information

You are under no obligation to provide us with your data for the purposes mentioned in Article 1 above. For the data you provide through this site, we ensure their safe management and we guarantee the rights provided by Law 677/2001 and 679/2016 of the EU Regulation on the Protection of Individuals with regard to the Processing of Personal Data and their Free Movement of such Data, and Law 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector (right of access, intervention, not to be subjected to an individual decision, to address the courts, to oppose to data processing in the future and to request their deletion. In order to exercise these rights you can write us at the following address: Braşov, Poiana Braşov, 247 Poiana Soarelui street, Post code 500001 or you can contact us by phone / email using our contact page.

6. Laws

We comply with the requirements of Law no. 677/2001 on the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of such Data, amended and supplemented by Law no. 506/2004 and 679/2016 of the EU Regulation on the processing of personal data and the protection of privacy in the electronic communications sector. This confidentiality policy is subject to Romanian laws in force. In the event of litigation, an amicable settlement will first be attempted within 30 working days of filing the complaint at our premises. In case no agreement can be reached within the above mentioned deadline, the jurisdiction of the Brasov court will be considered.

Data collection

Order number 2634/2015 of the Ministry of Public Finance requires us to request and keep for 10 years the following data from our clients:

  • Surname and first name
  • Personal Identification Number
  • Series and number of the ID card
  • Full address

The above data may only be updated as long as it is within the legal term of 10 years

Based on Law 333/2004 and Government Decision no. 301/2012 amended by Government Decision no. 1002/2015, we are obliged to video record with the help of the CCTV network and to store the records for at least 20 days for the protection of the premises and resolve the disputes that have arisen.

Other collected data that may be subject to all rights offered by GDPR are as follows :

  • Date and place of birth
  • Nationality
  • Sex
  • Email address
  • Phone number

Data that has been additionally collected is kept for 20 years.

Many clients ask why we scan the ID card at the reception and we want to provide an explanation. We do not scan ID cards at the reception. We use “Optical Character Recognition” or “OCR” to extract information and enter them automatically into the hotel management software. All information extracted by the device is refreshed on the next use. We do not keep the picture with the document anywhere.

The database that Teleferic Grand Hotel uses to send promotional materials and news has the following data about each subscribed person.

  • Surname and first name
  • Email address

We have always included in the transmitted message an easy and readily accessible method for anyone wishing to delete their data from this database.

Order number 2634/2015 of the Ministry of Public Finance requires us to ask and store for 10 years the following data from our clients:

  • Surname and first name
  • Personal Identification Number
  • Series and number of the ID card
  • Full address

The above data may only be updated as long as it is within the legal term of 10 years

Based on Law 333/2004 and Government Decision number 301/2012 amended by Government Decision number 1002/2015, we are obliged to video record with the help of the CCTV network and to store the records for at least 20 days for the protection of the premises and resolve the disputes that have arisen.

Other collected data that may be subject to all rights granted by GDPR as long as it is not imposed by contract are as follows :

  • Email address
  • Phone number

Data that has been additionally collected is stored for 20 years.

Order number 2634/2015 of the Ministry of Public Finance requires us to ask and store for 10 years the following data from our clients:

  • Surname and first name
  • Personal Identification number
  • Series and number of the ID card
  • Full address
  • Position
  • Education
  • Profession
  • Bank account
  • Medical data

The above data may only be updated as long as it is within the legal term of 10 years.

Based on Law 333/2004 and Government Decision number 301/2012 modified by Government Decision number 1002/2015, we are obliged to video record with the help of the CCTV network and to store the records for at least 20 days for the protection of the premises and resolve the disputes that have arisen.

Other collected data that may be subject to all rights offered by GDPR are as follows:

  • Previous jobs
  • References
  • Qualifications
  • Children
  • Social status
  • Passport
  • Residence permit

The data that has been collected additionally is stored for 20 years and come mostly from CVs.