fbpx

PRIVACY POLICY

Respecting the right to the protection of personal data, as well as the right to privacy is one of the fundamental missions of TINT SRL (Teleferic Grand Hotel).

Thus, we take all necessary steps to process your personal data in accordance with the principles established by the data protection laws applicable in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Personal data means any information about an identified or identifiable natural person (« data subject »); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, identification number, location data, an online identifier, or to one or more many specific elements, specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.

The personal data is processed by TINT SRL with its headquarters in Str. Poiana Soarelui Nr. 243, Poiana Brașov, Brașov City, Brașov County, registered with the Trade Register under no. J08 / 1892/2013, having the Sole Registration Number RO13694214.

  • What kind of personal data do we process?
  • Personal data of minor children
  • Special categories of personal data
  • What purpose and what grounds do we process your personal data for?
  • Who do we transmit your personal data to?
  • Do we collect personal data from third parties?
  • Do we transfer your data outside the EU / EEA?
  • You providing the personal data of other natural persons
  • How long do we keep your personal data?
  • What are your rights?
  • Is your data secure?
  • Links to other websites
  • Questions or complaints
  • Policy changes

____________________________________________________________________________________________________________

WHAT KIND OF PERSONAL DATA DO WE PROCESS?

If you are a customer or a potential customer

We collect personal data as a result of most interactions with you, as well as in other aspects of our activity. The categories of data we process are the following:

  1. data required to make reservations (for example, name, first name, e-mail, telephone);
  2. the data on the registration form, requested based on the national law (for example, citizenship, address, date of birth);
  3. bank card details (card type, credit / debit card number, cardholder name, expiration date and security code);
  4. information on the client’s stay, including the date of arrival and departure, special requirements, preferences;
  5. the information you provide regarding your marketing preferences;
  6. personal data provided by you for the purpose of registering and subscribing to the newsletter;
  7. information about the vehicles that you may bring to our property, for example license plate;
  8. data collected from the access passes (time of entry and exit);
  9. information collected by various contractual partners (travel agents, event organizers) and transmitted to the Teleferic Grand Hotel (rooming list, event guest list);
  10. data necessary to provide additional services, as the case may be;
  11. reviews and opinions regarding our services;
  12. any other type of information you choose to provide to us.

Also, the surveillance cameras and other security measures on our properties can capture or record images of guests in public areas (such as hotel entrances and hotel halls), as well as your location data (through pictures captured by surveillance cameras).

You can choose at any time what personal data you want to provide to us. However, if you choose not to provide certain personal data, if the basis of our request is the compliance with a legal obligation, contractual obligations or obligations necessary to conclude a contract we will be unable to provide you with certain services, for example:

  • if you do not want to give us a name, first name, email address or telephone number if you wish to make a reservation, we will not be able to make the reservation, or (ii) given that in the registration form you will fill in when you check-in into our hotel you will have to insert certain personal data required by law, and if you do not want to fill in those required fields, we will not be able to check you in the hotel.

If you are a potential employee

We collect the information from the CV sent by you as well as any other information transmitted along with the CV and / or during the interviews you came to.

If you are a visitor to our location

We collect the name, first name, series and number of the ID card.

Surveillance cameras can also capture or record images of visitors in public areas (such as hotel or restaurant entrances or reception).

If you are a user of our website www.telefericgrandhotel.ro

In order to read the information existing on the site, it is not necessary to provide personal data.

However, for the technical exploitation of the portal, we collect the time and date of accessing the website and the IP address from which our website was accessed.

Certain personal data are required to use some services (eg online reservations, job applications). For details, please refer to the section corresponding to the operation used on the site.

If you are a representative or contact person of our suppliers or business partners

We collect the name, first name, position, and any other data provided by you or the company you represent.

If you are an employee

Please read the confidentiality policy for employees, which you have been informed about at the time of employment and available at any time in the Human Resources Department.

____________________________________________________________________________________________________________

PERSONAL DATA OF MINOR CHILDREN

We protect the confidentiality of data obtained from children under 16. If you are under the age of 16 and we process your personal data based on your freely expressed consent, we are under the obligation to ask the consent of the parents / legal guardian as well.

____________________________________________________________________________________________________________

SPECIAL CATEGORIES OF PERSONAL DATA

The phrase « special categories of personal data » refers to data concerning racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership of unions and the processing of genetic data, biometric data, health data or data regarding sexual life or sexual orientation.

In general, we do not collect such information unless you wish to provide it to us.

____________________________________________________________________________________________________________

WHAT PURPOSE AND WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA FOR?

If you are a customer

  1. Reservations for the hotel and restaurant or in the case of requests for offers sent by you for certain organized events or that can be organized.

Purpose: We process your personal data (i) to reserve a place within the hotel / restaurant (ii) to respond to requests for offers sent by you.

Grounds: conclusion of a contract

  1. Check-in

Purpose: we process your personal data for registration / accommodation within our hotel and to fulfill the applicable legal obligations

Grounds: At the moment of your check-in, according to the legal provisions in force, you are required to fill in the registration form containing a minimum of data necessary for your check-in.

  1. Customer service (this service refers, among others, to: hotel transfer service, the cleaning service, the laundry service, etc.)

Purpose: We process your personal data to give you the most enjoyable experience and in accordance with your standards and hotel standards.

Grounds: performance of the hotel services agreement

  1. Provision of additional services (ex. ski rental/bike rental)

Purpose: We process your personal data to offer you the most enjoyable experience and in accordance with your standards and hotel standards.

Grounds: performance of the agreement we concluded with you

  1. Profiling

Purpose: To provide personalized services, some of your special preferences (for example, if you prefer rooms on the upper or lower floors, if you like a certain type of bedding, etc.) are stored so that when you return, we will be able to offer you what you like faster and easier

Grounds: your consent 

  1. Feedback

Purpose: We process your personal data to ensure that you have had a pleasant experience within our units.

Grounds: our legitimate interest to constantly improve the services we offer and to provide services that are as appropriate and in line with the standards of our customers.

  1. Marketing

Purpose: we process your personal data for marketing purposes, such as business newsletters and marketing communications regarding new products and services or other offers that we believe may be of interest to you.

Grounds: our legitimate interest in promoting our services by submitting offers that we consider being of interest to you (see “Right to Object” in “Your Rights” section).

If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we inform you that you will be able to withdraw your consent for processing for marketing purposes at any time, in which case you will no longer receive any marketing communication from us.

We’ll include an unsubscribe link, which you can use if you don’t want us to send you any more messages.

Also, when organizing certain events in our hotel and restaurants, it is possible to take some photographs, and some of these could be shared in the online environment to show others how our events are. In any case, because we take into account your right to privacy, we will do our best to inform you that photographs will be taken (for objections to our photos see “Right to Object” in “Your Rights” section).

  1. Images captured by surveillance cameras

Purpose: We process images captured by the surveillance camera system installed within our location in order to enhance the protection of persons and property in the location, as well as to effectively investigate events that may adversely impact the security of the area, property and people.

Grounds: legitimate interest in ensuring the protection of goods and people in our location. 

  1. Other communications: by email, mail, telephone or SMS

Purpose: These communications will be made for a specific reason such as: (i) to respond to your requests, (ii) if you have not completed an online reservation or a request for an offer, we may send you an email to remind you to complete the reservation, (iii) to inform you about how the complaints and / or incidents occured during your stay have been solved.

Legal grounds: our legitimate interest in providing services to the desired standards by resolving any requests / complaints and to offer you our full availability.

  1. Analysis, improvement and research:

Purpose: To constantly ensure the qualitative evolution of our services, we make sure we analyze each complaint / suggestion from you, so that we compile statistical reports to identify problems and find the best solutions to solve them.

Grounds: we rely on our legitimate interest in providing services that meet your standards.

If you are a visitor to our location

Purpose: We process your personal data to ensure the protection of goods and persons within the hotel.

Grounds: our legitimate interest in ensuring the protection of the goods of the clients / hotel / staff, as well as the protection of the people inside the hotel.

If you are a user of our website www.telefericgrandhotel.ro

Purpose: to monitor traffic in order to identify errors and / or any other website malfunction, as well as to prevent fraud

Grounds: this data processing activity is based on our legitimate interest, namely to make available to you a fully functional site by repairing any error, as well as by its continuous improvement, as well as on our legitimate interest to avoid potential losses generated by fraudulent actions

If you are a representative or contact person of our suppliers or business partners

Purpose: to develop contractual relations with our suppliers or business partners.

Grounds: performance of a contract

If you are a potential employee

Purpose: To evaluate your employment application.

Grounds: concluding a contract

If you are an employee

Please read the confidentiality policy for employees, which you have been informed about at the time of employment and available at any time in the Human Resources Department.

For all the above categories, we can process your data in the context of the following activities:

  1. Restructuring, internal reorganization or sale of assets or shares:

Purpose: We process your data for the above-mentioned operations.

Grounds: legitimate interest in performing the operations, especially when they would be impossible to carry out without processing your data.

However, we assure you that any such processing will be carried out in accordance with this policy and by implementing a measure that ensures the confidentiality of your data.

  1. Security:

Purpose: we process personal data for the security of the goods and the physical integrity of the persons.

Grounds: We rely on our legitimate interest in ensuring the protection of your belongings and the ones of the hotel, as well as the protection of persons in our location.

  1. Legal reasons:

Purpose: In certain cases, we must process the provided information, which may include personal data, to resolve legal disputes or complaints, to investigate and comply with applicable legal regulations, to implement an agreement or to comply with the requirements of the part of the public authorities insofar as these requests fulfill the conditions required by law.

Grounds: the reasons for the processing may be represented by the legal obligation (if we have the legal obligation to disclose certain personal data to the public authorities) or

by our legitimate interest in resolving any disputes and / or complaints.

____________________________________________________________________________________________________________

WHO DO WE TRANSMIT YOUR PERSONAL DATA TO?

In order to provide you with the expected level of hospitality and to provide you with high quality services, your data may be transmitted to our service providers and other third parties, as detailed below:

  1. Suppliers: In order to provide the requested services, in some cases, we will have to pass on some of your personal data to the suppliers, and they have the power of attorney and process the data on our behalf, and in accordance with our instructions (such as software providers, IT, accounting services, medical services).
  2. Organizers of group events or meetings: if you visit our hotel in a group or conference, the information requested to plan the meeting and event can be shared with the organizers of these meetings and events and, if necessary, with the guests who organize or attend the meeting or event.
  3. Business partners: in certain cases, we partner with other companies to provide you with products, services or offers. For example, we can arrange the rental of a car or intermediate optional services for products that are not included in our offer.
  4. Public authorities and / or institutions for: (i) complying with the legal provisions, (ii) responding to their requests, (iii) for reasons of public interest (eg national security). For instance, according to the regulations set out in the section « WHAT PURPOSE AND WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA FOR? » paragraph b) any hotel unit is obliged to send periodically the registration forms of each client.

The confidentiality of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the foregoing is done solely on the basis of a confidentiality commitment from the recipients, which guarantees that this data is kept safe and that the provision of this information is made in accordance with the laws in force and the applicable policies. In any case, each time we will send to the recipients only the information strictly necessary to achieve such purpose.

____________________________________________________________________________________________________________

DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?

In order to provide you with the expected level of hospitality and to provide you with the best level of services, we may collect information about you from our business partners and other third parties, as detailed below:

  1. Business partners: the organizers of the events within our Hotel will send us your details in advance in order to be able to make reservations and to make the check-in process more efficient. We may also receive your data from the organizers.
  2. Social networks: in some cases we may receive your data through the social networks through which you interact with us, in accordance with your privacy settings
  3. Travel agencies: your data can also be transmitted to us by the travel agencies through which you make your reservation in our Hotel. Online booking platforms such as booking.com are also included in this category.

In any case, we assure you that your data collected from third parties will be processed under the same conditions as if it were collected directly from you. We will also only collect what is necessary for our purposes. (See the section « WHAT PURPOSE AND WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA FOR? »).

In addition, when we contact you for the first time, we will inform you, first of all, the source we obtained your personal data from.

____________________________________________________________________________________________________________

DO WE TRANSFER YOUR DATA OUTSIDE THE EU / EEA?

We may transfer your data to some providers based in countries other than your own and, in some cases, in countries outside the EU / EEA.

Although data protection laws in these countries may differ from those in your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and in accordance with the applicable law.

____________________________________________________________________________________________________________

YOU PROVIDING THE PERSONAL DATA OF OTHER NATURAL PERSONS

If you provide us with the personal data of other individuals, please let us know prior to this disclosure and how will they be processed, as described in this privacy policy.

____________________________________________________________________________________________________________

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Your personal data is kept for the while the purposes detailed in this policy are achieved, if a longer period of storage time is not required or permitted by applicable law.

We constantly review the need to keep your personal data, and to the extent that processing is no longer required and there is no legal obligation to keep your personal data, we will delete / destroy your personal information as soon as possible and in a way that they can no longer be recovered or reconstituted (for example, we will delete / destroy all the data of the persons who were not hired after the interviews, if there is no serious prospect of employment in the future).

If the personal information is printed on paper, it will be destroyed in a way that ensures it is completely erased, and if it is saved on electronic media, it will be deleted by technical means to ensure that the information can no longer be removed, be recovered or restored later.

____________________________________________________________________________________________________________

WHAT ARE YOUR RIGHTS?

As the data subject you benefit from the following rights provided by the GDPR:

  1. The right of access: you can request (i) a confirmation of whether or not personal data are processed and, if so, access to that data and information on them, and (ii) a copy of your personal data we hold (art. 15 of the GDPR);
  2. The right to rectification: you can inform us of any modification of your personal data or you can ask us to correct the personal data we hold about you (art. 16 of the GDPR);
  3. The right to erasure (« the right to be forgotten »): in certain situations (such as (i) if the data were collected illegally, (ii) the deadline for storing the data has expired, (iii) you have exercised the right to object or (iv) the processing of the data is done based on consent and you have withdrawn your consent), you can ask us to delete the personal data we hold about you (art. 17 of the GDPR);
  4. The right to restrict the processing: in certain situations (such as if the accuracy of these data is questioned or the legality of the processing), you may ask us to restrict the processing of your data for a certain period of time (art. 18 of the GDPR);
  5. The right to data portability: ask us to send your personal data to a third party or directly to you (art. 20 of the GDPR);
  6. The right to object: in certain situations (such as processing that has legitimate interest as the legal grounds), you can request that we no longer process your data (art. 21 of the GDPR).
  7. If we use your personal data based on your consent, you have the right to withdraw this consent

If we use your personal data based on your consent, you have the right to withdraw this consent at any time. In this situation, your data will no longer be processed by us, unless a legal provision obliges us to keep and archive them. In any case, we will inform you if there is such a legal provision and we will expressly indicate it.

____________________________________________________________________________________________________________

IS YOUR DATA SECURE?

We take your personal security seriously, which is why we take important security measures necessary to protect against unauthorized access to data or unauthorized alteration, disclosure or destruction of data. This implies internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to protect against unauthorized access to systems where we store personal data.

We also ask our service providers as well as business partners to take all necessary measures to protect against unauthorized access to data or to modify, disclose or otherwise destroy unauthorized data.

____________________________________________________________________________________________________________

LINKS TO OTHER WEBSITES

Our website contains links to third party sites. Please note that we do not take responsibility for the collection, use, storage, sharing or disclosure of data or information by such third parties. If you use or provide information on third party websites, the terms and privacy policy of those websites shall apply. We advise you to read the privacy policy of the websites you visit before submitting personal data.

The use of the Internet services offered by Teleferic Grand Hotel is subject to the terms of use and the privacy policy of the Internet providers. You can access these terms and policies by using the links on the authentication page of that service or by visiting the website of the internet provider.

____________________________________________________________________________________________________________

QUESTIONS OR COMPLAINTS

If you have any questions or concerns regarding the processing of your personal data or if you would like to exercise any of the rights mentioned above, you are welcome to contact us using the following email: dpo@telefericgrandhotel.ro and we will respond within 30 days of receiving your request.

We inform you of the data of our Data Protection Officer:

Name: ANDI GRADINARU

E-mail: dpo@telefericgrandhotel.ro

Also, to the extent that you do not have electronic means or do not want to use them, you can submit a written request that you send to (i) the address of the registered office of Str. Poiana Soarelui Nr. 243, Poiana Brașov, Brașov city, Brașov County or (ii) the hotel reception.

If you are not satisfied with the way your request was solved, you can file a complaint with the National Supervisory Authority for Personal Data Processing.

____________________________________________________________________________________________________________

POLICY CHANGES

This privacy policy may be modified in accordance with changes to the law on data policy or based on changes in our services or organizational arrangements from time to time. If we make material changes to it, we will publish a link to the revised policy on the home page of our website. If we make significant changes that will have an impact on your rights and freedoms (for example, when we begin processing your personal data for purposes other than those specified above), we will contact you before starting such processing.

To help you track the most important changes, we will include a history of changes below to recognize the changes made to this policy.

Briefing note by using the “TWITTER” platform

Briefing note in marketing activities using the “TRIPADVISOR”

Briefing note in filling in the process of hotel reservation through the booking.com or other OTE

Briefing note in filling in the process of hotel reservation through the Teleferic Grand Hotel website

Briefing note in filling in the process of hotel reservation by phone or email

Briefing note regarding the security of TINT SRL premises

Briefing note in events such as « fairs » and « exhibitions »

Briefing note in the process of renting sports equipment

Briefing note while using the fitness, relaxation, massage services and the other non-medical procedures offered by Teleferic Spa Center

Briefing note in relation with lawyers, IT specialists and other certified natural persons who provide
our company with specialized services

Briefing note in relation with natural persons or with natural persons representing some
legal entity who purchase services offered by Tint Srl

Briefing note while using the INTERNAL PLAYGROUND within the hotel

Briefing note in marketing activities using the LinkedIn

Briefing note while using the cosmetic services offered by Teleferic Spa Center

Briefing note by using the “INSTAGRAM” platform

Briefing note in marketing activities using the Google

Briefing note in the check-in process

Briefing note in marketing activities using the FACEBOOK platform

Briefing note in filling in the disclaimer for products brought from outside the hotel

Last updated: 21st of October 2019