Policy regarding the Processing of Personal Data

We, the „Mansion Boutique Hotel” (the „Hotel”), appreciate your decision to become our client/visitor and recognize that your personal data are important both to you and to us. In this regard, we want you to know what personal data we collect, how, in what occasions and for which purposes we collect and use these data, as well as to whom we may disclose them.

These are the reasons for which we have decided to inform you through this Policy regarding personal data processing („Privacy Policy” sau „Policy”) with respect to the following matters:

 

  • Who we are?
  • To whom are our services addressed?
  • What are personal data and processing thereof?
  • What data we process relating you?
  • In what way we collect and further process your personal data?
  • How much time we store your personal data?
  • Whether we use automated decision-making, including automated profiling
  • Who has access to your personal data?
  • Transfers of your personal data outside the EU and EEA
  • What technical and security measures do we employ to ensure the protection of your personal data?
  • What are your rights and obligations in relationship with Us with respect to your personal data that we process?

 

This Policy describes the occasions, purposes and ways in which we process certain cathegories of your personal data through:

  • The Internet Website www.themansionhotel.ro/ operated by us, from which you may access this Policy (the „Website”);
  • Our pages/accounts on social networks  through which you may access this Policy (the „Social Pages”);
  • The HTML-formatted email messages that we send you, thant include a link to this Policy and through your various communications with us; and
  • When you make/modify/cancel a reservation for accommodation at the Hotel, stay at the Hotel as our client, visit the Hotel, or beneffit from our rental services regarding the Hotel’s conference room or from our reservation services regarding the touristic tours operated by our business partners.

Therefore, we hereby kindly ask you to allocate the necessary time to read carefullt and understand the content of this Policy. We hereby ask you to consider that, if you intend to submit to us personal data regarding another natural person (e.g., on the occasion of a reservation for another individual, etc.), you are entitled to submit to us such data only after and to the extent that you have obtained that person’s consent for this purpose and only after informing that person regarding the processing of their personal data for this purpose and for the other purposes mentioned in this Policy (we asume that you have proceeded in this manner and do not undertake liability in adverse cases),

Who are we?

 

The company SEG HORECA S.R.L., a Romanian legal person with headquarters in Bucharest municiple, 3rd District, 11 Franceza Street, Romania, registered with the Bucharest Trade Registry under No. J40/9481/2015, having EUID Code ROONRCJ40/9481/2015 and Sole Registration Code/Fiscal Code RO 34841440, that operates the hotel „The Mansion Boutique Hotel” (the „Hotel”) at its headquarters address (the „Mansion Boutique Hotel”, or „Data Controller”, „Us”), act as data controller with respect to your personal data subject to processing in connection with the provision of Hotel reservation and accomodation services, Hotel conference room rental services and turistic tours’ reservation services (the „Services”) (directly, including through the Website, or through our business partners), adjusted to your necesities and expectations.

You may contact Us any time at:

Our Hotel and headquarters’ address: Bucharest, 3rd District, 11 Franceză Street, Romania

Tel.: +40 / 771 66 61 11

Tel. / Fax: +40 / 314 05 81 11

Email: welcome@themansionhotel.ro

 

In addition, as we intend to ensure an enchanced protection of your personal data, we have decided to appoint a personal data protection officer. For any questions or comments in connection with this Policy, with the way we process your personal data, or with your rights and obligations in relation with Us regarding these data, you may contact Us by sending a specific, dated and signed request either at the mail address of the Hotel or of our headquarters located in Bucharest, 3rd District, 11 Franceză Street, Romania, or via email at: dpo@themansionhotel.ro, to the attention of our Data Protecton Officer.

To whom are addressed our services?

 

The Services provided by Us are NOT directly addressed to individuals younger than 18 years of age, and we do not request/collect personal data in relation to individuals such age.

 

In case that we discover/are informed that we have collected personal data relating to individuals of such age without the consent of their parental responsibility holders, we shall without delay verify the case and, when the law requires that, we either (i) obtain the explicit consent of their parental responsibility holders with respect to the processing of their personal data, and, in case of impossibility to obtain such consent, we (ii) shall, without delay, erase their personal data from our records and ensure that such data are erased also from the records of our personal data processors/joint personal data controllers.

 

What are personal data and the processing thereof?

 

Personal Data” are data that identify a natural person or relate to an identifiable natural person. Certain information are less evident (such as the IP of a natural person’s computer, the MAC address of a natural person’s computer or mobile phone, etc.), but, shuld they are associated to a natural person, make possibile to Us to identify that natural person, and are thus subject matter of the concept of ”Personal Data”.

 

Processing” means any operation or set of operations with respect to personal data or sets of personal data, with or without the use of automated means, such as the collection, recording, registration, organisation, structuring, storage, adjusting or amending, extracting, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or correlation, restricion, erasure or distruction.

 

What personal data we process in relation to you?

 

Our policy is to collect only those personal data relating to you as a natural person that are strictly necessary to Us in order to offer you the best experience regarding our Hotel’s services. Generally, we collect, in accordance with the relevant laws in force, the following personal data relating to you:

 

  • Name and surname
  • Domicile address
  • Email address
  • Telephone number
  • Date and place of birth
  • Citizenship
  • Series and number of your identity document
  • Information regardin your credit or debit card, or other information necessary for the payment of our services
  • Geo-location of the devices/terminal equipment through which you access our Website (with the anonymisation of your device/terminal equipment’s IP)
  • Your employer’s billing information (as the case may be)
  • Details regarding your stay at the Hotel (arrival and departure dates, purpose of your stay) and the touristic tours reserved at the Hotel
  • Reservation code of your Hotel accomodation
  • Online identifiers, including cokie type online identifiers (when you visit our Website)
  • Your employment position, your employer’s name and your testimonial regarding our services
  • Your special prefferences/requests regarding our Services (including certain data related to your health, as the case may be), provided that you disclose to Us voluntarily, without our request;
  • Your photo/video image, your name, surname, employer’s name, employment position and testimonial, for the purpose of promoting our Services at the Hotel (based on your consent);
  • Your Email address, for the purpose of reviewing our clients’ satisfaction regarding our Services;
  • In limited cases, your image registered by our video surveillance cameras located in public areas at the Hotel, for safeguard and security purposes (e.g., Hotel’s entry-exit area, lobby, at the entrance in the Hotel’s interior halls, etc.)
  • Your signature.

 

For what purposes and by which means do we process your personal data?

 

We process your personal data strictly for the purposes of: (i) offering and improving our Services and (ii) protecting as our Hotel’s clients/visitors, as we shall further detail below.

 

In certain cases, we will ask you to provide Us directly your personal data, in other cases we will have access to such data indirectly. In all cases, if you do not agree with their processing, the is the risk to not be able to provide you certain our Services requested by you because in this way it will be impossibile for us to perform our own legal and/or contractual obligations.

 

If you oppose to the processing of your personal data based on your previously given consent (in the cases mentioned in the table below), the contractual relationship between you and Us shall not be affected in any way.

In addition, except for the cases when we communicate to you other instructions, we shall not request from you, and we advise you to not communicate/disclose to Us without being requested to, neither on the occasion and/or un connection with the performance of our Services, sensitive personal data (e.g., without limitation, the number of your health/social security card, personal numeric code, data relating to the ethnic or racial origin, political opinions, religious confession/philosophical beliefs, trade union membership, genetic data, biometrical data for the unique identification of a natural person, data concerning health and/or sexual life or orientation, information regarding administrative or criminal sanctions or pending criminal investigations, that concern you and/or other natural persons). If this happens (eventually by accident), we will immediately take measures to erase/destry the above-mentioned personal data from our records.

 

No.For what purpose we process your personal data?What personal data we process, in what cases and for what purposes?What is the legal ground of the processing of your personal data?

 

 

Personal data that we obtain directly from the data subjects

A.Online reservations on our Website-ul, or reservatins on the phone or directly at our Hotel/other channels – for accomodation at the Hotel

 

 

 

We collect your personal data when you perform a reservation at our Hotel. Thus, we may process a reservation only if you provide Us the following personal data:

ü  Name and surname

ü  E-mail address

 

ü  Details about your trip (arrival and departure dates)

 

Provision of these personal data is necessary in order to be able to register the reservation in our reservations system and to communicate to you the processing of the reservation so that you may beneffit the best experience in relation to our Services.

Performance of the contract concluded with you  (registration and processing of their reservation requests)

 

 

B.Cancellation of a reservation for Hotel accomodationIf you want to cancel a reservation, we collect the following personal data of you:

 

ü  Email address

ü  Name and surname

ü  Reservation code

 

The provision of these personal data is necessary in order that Us be able to communicate to you the proof of the cancellation of a reservation.

 

In addition, in case of cancellation of a reservation, your personal data will be used for the management, processing and payment of any amounts owed by you for the said cancellation (as the case may be). In this case, we will also process the following personal data:

 

ü  The details of your credit/debit card/other payment instrument.

 

Performance of the contract concluded with you  (registration and processing of your request for cancellation of a previous reservation)

 

C.Your accomodation at the Hotel
  1. We colect you personal data in order to fill-in the accomodation registration form at the moment when you accomodate at our Hotel. Thus, for this purpose we collect the following personal data:

 

ü   Name and surname

ü   Domicile address

ü   Citizenship

ü   Series and number of the identity document

ü   Date and year of birth

ü   Signature

ü   Details regarding the stay (arrival and depature dates and scope of the trip)

 

  1. To the extent you provide to Us voluntarily, we also collect the following personal data of you on the moment we fill-in the registration form at our Hotel:

 

ü  Telephone number

ü  E-mail address

 

 

 

 

 

 

 

 

  1. 1.  Compliance with legal obligations (for compliying with the obligations imposed by the applicable legal regulations regarding the services of accommodation in touristic structures)

 

 

 

 

 

 

 

 

 

 

 

  1. 2.  Legitimate interest (in order to facilitate the performance of eventual investigations by competent authorities in connection with perpetration of fraud/other criminal acts, and to be able to maintain connection with you during your stay at our Hotel.)
D.Reservation of our Hotel’s conference roomWe collect personal data of you when you perform a reservation in view of renting the conference room of our Hotel, either on the telephone, or at the email address of our Hotel. In this view, we collect the following such data:

ü  Name and surname

ü  Telephone

ü  E-mail address

 

The performance of the contract concluded between Us and the organiser of the event to take place in the Hotel’s conference room subject to reservation (performance of obligations according to the contract)
E.To guarantee the reservation of a stay at our Hotel / the rental of the Hotel’s conference room with a card

 

Payment of our Services

 

We will process the following of your personal data in view of preparing the invoives for the payment of our Services:

 

ü Name and surname and domicile address or the billing details of client’s employer (if relevant, e.g., when our Services are paid by the client’s employer)

 

Note: The details of the card indicated  by the natural person payer of our Services in view to guarantee and/or pay for the reservation/accomodation (type, number and expiry date, owner’s name and surname and Card Secure Code or Card Verification Code) will not be accessible to Us and will not be stored by Us, but to and by the transaction authorization antity / other entity authorized to provide card identification data storage services of which identify you will be informed of prior to providing the details of the card that you indicate for the online payment.

 

Compliance with the legal obligations imposed by the applicable legal requirements in the financial-accounting field.

 

Performance of a contract (to ensure the necessary support for the processing by our business partners who are authorized to intermediate the payment of our Services ordered by you).

F.Reservation of turistic tours offerred by our business partners  and promoted to our clients through UsYour personal data that we process in vies of offering these services are:

ü  Name and surname

ü  Details regarding the touristic tour (departure and arrival dates, hours, places, touristic route)

 

Performance of a contract (performance of our obligations according to the contracts concluded with our business partners with respect to turistic tours services offered to our clients)
G.Your special prefferences / requests regarding your accomodation at the Hotel (including regarding your health)Upon the accomodation at the Hotel, or the reservation of an accomodation directly or through  one of our business partners, we collect client’s personal data consisting in their special prefferences/requests (including regarding their health) provided by the client voluntarily, without our request. These data will be stored by Us in our hotel management system in view of offering particularized accomodation services to our clients.Legitimate interest (to improve our Hotel accomodation services so that our clients may beneffit from personalized offers with the occasion of their future stay at the Hotel)

 

Your explicit, specific, informed consent for requests/prefferences regarding your health (to improve our Servicesof accomodation at the Hotel, so that our clients beneffit from personalized offers on the occasion of future stays at the Hotel)

H.Analisys of our clients’ satisfaction regarding our Services

 

Considering our intent to continuously improve our Services, we may send our clients questionnaires regarding the quality of our Services and our clients’ level of satisfaction in connection thereof, through our supplier of online client satisfaction review forms, TripAdvisor LLC (https://www.tripadvisor.com/), and in such cases we will process the following personal data:

ü  The Email address provided by the client on the occasion of the reservation/accomodation at the Hotel.

Your explicit, specific and informed consent (to improve our Services)
I.Security of goods/values and persons through video surveillance (CCTV)We colect and further process the personal data consisting in the image of the natural person clients and visitors of the Hotel in view of ensuring the security of goods/values and persons through our video surveillance system (CCTV) legally implemented at the Hotel in public areas and signed through graphic designs and informaton notices.

 

Note: If a natural person that we suspect is not a Hotel’s client withes access to the Hotel (e.g., a  participant at an event organised at the Hotel, or a visitor who wishes to go to a Hotel’s room without staying in over the night, etc.), we may condition their access in the Hotel upon the verification of their personal data from a valid identity document, however without collecting, storing or performing any other processing operation of the personal data thus provided.

Compliance with legal obligations (to comply with the obligations imposed by the applicable legal provisions in the field of  safeguard and security of goods, values and persons in order to ensure the confort and safety of the Hotel’s clients and visitors and of their goods and values throughout their accomodation / visit at the Hotel)

 

J.Addressing requests, inquiries and/or complaints regarding of natural personsWhen we receive requets, inquiries or complaints from natural persons we process the following personal data relating them:

ü  Name and surname

ü  Email address

ü  Telephone number

 

Note: Processing of these personal data is necessary in order to keep a record of such requests, inquiries, complaints, to be able to proove them, to keep the plaintiffs updated regarding the status of their resolution and to send our answers to them.

Legitimate interest (for the purpose of improving our Services so that upon a new visit at the Hotel our clients may beneffit of our best offers)
K.Maintaining and securing the Hotel’s Website

 

In order to maintain and secure the Hotel’s Website we may process the personal data of the natural person visitors of the Hotel’s Website consisting in the following online identifiers:

 

  • IP address;
  • MAC address;
  • The Internet browser used for visiting the Website;
  • The version of the operating system of the device used by the visitor of the Website in order to connect to the Internet upon visiting the Website;
  • IT protocol data (e.g.,  HHTP/HTTPS, etc.);
  • Location of the device used by the visitor of the Website in order to connect to the Internet upon visiting the Website (provided that a geo-location application is activated).

 

Precisely, we process the above-mentioned personal data

for:

  • ensuring the proper functioning of the Website;
  • apropriate displaying of the content of the Website;
  • improving the Website;
  • parametering the device through which a visitor connects to the Website;
  • ensuring the security of the Website and protecting the visitors againts fraud/IT security breaches in connection with visiting the Website;
  •  identifying and remedying potential flaws impeding the Website’s utilisation.
Legitimate Interest (to implement and maintain the necessary security measures for the Hotel’s Website)

 

L.Cookie type online identifiers (when navigating on the Hotel’s Website)When you navigate on our Hotel’s Website (www.themansionhotel.ro) we use tehnologies that automatically collect personal data of you for:

 

(i)      the proper functioning of our  Website; and

 

 

 

 

 

(ii)    obtaining certain statistics information regarding your actions on our Website (www.themansionhotel.ro) in order to improve our Website (e.g., without limitation, by estimating the Website audience and use).

 

Note: For additional detalis regarding the automated collection of personal data through the cookies used by our Website, you may review our Cookie Policy published on our Website.

 

 

 

 

 

 

 

(i)    Legitimate Interest (in order to ensure the proper functioning of our Website);

 

(ii)  Your explicit, specific and informed prior consent  (for the purpose of improving our Services)

M.Reporting

 

We process your personal data for the preparation and submission of financial-accounting and fiscal statements and docuemntation  required by the applicable laws in force.Compliance with legal obligations (for compliance with the obligations imposed by the applicable fiscal and financial-accounting legal provisions in force)
N.Exercise or defence of legal claims

 

In order to protect our legal rights and legitimate interests, we may process your personal data necessary for the exercise or defence of legal claims (including preparation of related documentation and fulfillment of related formalities/procedures) before courts of law/authorities/institutions/other third parties.

 

Legitimate interest (to ensure the observance of our legal rights and legitimate interests)
O.Provision of information and documents within  procedures/investigations before  competent authorities/institutions/other third party entities according to lawIn case of: (i) explicit requests of competent authorities/institutions/other third party entities according to law within  formal/official procedures/investigations; or (ii) necesity to comply with our information/reporting obligations towards competent authorities/institutions/other third party entities according to law – we will disclose according to law only your personal data explicitly requestes by, or that must be discolsed to, these authorities/institutions/entities, according to law, and we will document this processing in order to demonstrate it.Compliance with legal obligations (to comply with specific obligatons imposed by legal provisions regarding to, without limitation, prevention and protection against fraud, money laundering, terrorism acts, etc.)
PPromoting our Services at the Hotel through publication of photo images and video recordings of natural persons
  1. 1.         (i) We may publish on our accounts open on various online social networks and on our Website (http://themansionhotel.ro/) your photo images/video recordings in connection with public events organised in view to promote the Hotel in these online environments.

 

(ii) In any other cases and if it is necessary according to law, we will request your specific and informed consent prior to the publication of photo images/video recordings on the Website (http://themansionhotel.ro/) and/or on various online social networks. You may withraw your consent at any time, in the same manner in which you have initially provided it to Us. However, the withdrawal of your consent shall not affect the lawfulness of the personal data processings based on your consent before its withdrawal.

 

  1. 2.         In addition, we may publish on our accounts opened on various online social networks and on the Website (http://themansionhotel.ro/) testimonials of our clients regarding our Services at the Hotel, by processing for this purpose the following personal data of our clients: name, surname, employer’s name, employment position and  testimonial. If it is necessary according to law, we will request the data subjects’ specific, informed consent prior to the processing of their above-mentioned personal data. The data subjects may withdraw their consent at any time, in the same manner in which they have initially provided it to Us. However, the withdrawal of their consent shall not affect the lawfulness of the personal data processings based on their consent before its withdrawal.
1 (i) Legitimate interests (for the purpose of promoting our Services at the Hotel in certain online environments, on the occasion of public events organized by us)

 

 

 

1 (ii) Data subjects’ consent

(for promoting our Services at the Hotel in certain online environments, in other cases than at public events)

 

 

 

 

 

 

 

 

2. Data subjects’ prior explicit, specific and informed consent (for promoting our Services at the Hotel in certain online environments)

Q.Mentioning on the Website of tags of certain online social  networks where we have opened pages/accounts and of the online website of our supplier of customer satisfaction review services

 

 

 

Our Website mentions tags of the online social networks Facebook, Twitter și Instagram, as well as of the online website of our services supplier Trip Advisor Limited, for the purposes to promote our name and and Services and  to be in permanent contact with our clients, in these online environments (thus giving our clients the possibility to directly access these online environments from our Website), in our legitimate business interest.

 

Please retain that it is the obligation of the providers of such online networks/websites to pentru enure the observance of the applicable legal regulations for the protection of privacy and personal data in respect of the use of their online environments.

 

Thus, in capacity as operator of the Website, we are not aware of the personal data which shall be processed in these online environments. We are not informed when you have clicked on the above-mentioned tags, in our Website. Further information regarding the manner in which these online social networks/websites actually process your personal data, please consult the personal data protection policies made available by the operators of these online social networks/websites.

 

Personal data that we obtain from other sources

R.Hotel accomodation reservations made through our business partners (online reservation engines, turistic agencies, our hotel channel manager) 

 

 

 

When you perform a Hotel accomodation reservation through our business partners, we collect and further process the following personal data of you:

 

ü  Name and surname

 

ü  Email address

 

ü  Telephone number

 

ü  Details regarding your stay at the Hotel (arrival date, departure date)

 

Performance of the contract concluded with you  (registration and processing of their reservation requests)

 

S.Navigation on social networksThe Hotel is present on the Facebook, Instagram and Twitter online social networks in view of sharing the content of the Website and to give our current and potential clients the possibility to be informed regarding  our Services at the Hotel.

 

If you click on the buttons that allow you to follow the Hotel’s pages/accounts on the online social networks Facebook, Instagram and/or Twitter, we may use this personal data of you for the purpose of communicating and sharing information with you regarding our Services at the Hotel (e.g., for sending personalized offers  to your accounts on these networks by using these networks’ personalized audience services based on client lists).

For additional information regarding the ways in which these are online social networks processing your personal data, please consult the relevant privacy sections on the websites available on these online social networks.

Data subjects’ consent 

 

If we decide to process personal data of you in other manners and for other purposes than those above-mentioned in this policy, we will inform you separately in this respect, in order to allow you to exercise your related legal rights.

 

How much do we store your personal data?

We store your above-mentioned personal data strictly for the periods of time necessary for the achievement of each of the above-mentioned purposes, according to our internal personal data retention policy and the applicable laws (including the special and general applicable laws in force regarding data/document archiving).

In order to determine the adequate storage time period for your personal data that we process, we take into account the amount, nature and sensitivity of these data, the prejudice risk potential derriving from their unauthorized processing and disclosure, the purposes for which we process these data and whether we can achieve such purposes through other less intrusive means, the applicable legal requirements which impose their storage for certain periods of time, the good practices agreed in their processing field regarding, as well as the ways in which we can assure that the processed personal data are accurate and updated.

In case that you have given your consent regarding the processing of your personal data mentioned in the table above, we shall process such data until the achievement of the above-mentioned purposes or until you withdraw your consent, whichever earlier, except for the cases when we have the legal obligation to process these data for longer periods of time.

At the end of the applicable storage periods, when we do not have anymore legal grounds for processing, , these data will be eliminated from our records according to our internal related policies and the applicable laws (by means iwhich may include data archiving/anonimisation and/or distruction, as the case may be).

Automated decision-making, including automated profiling

 

The personal data to which this Policy refers to are not subject to automated decision-making, including automated profiling.

Who has access to your personal data?

 

Our purpose is to ensure you the best experience when you beneffit of our Services and, to achieve this, we may give (full/partial) access to your personal data to some of our employees who have assumed confidentiality obligations towards Us with respect to the personal data they might have access within the performance of their employment duties, as well as to business partners that we have responsibly selected, and only to the extent necessary that they  be able to observe their obligations undertaken in the agreements they have concluded with Us.

 

When we outsource certain activities/services/obligations which entail the processing of your personal data by our business partners we employ all the reasonable efforts in order to verify in advance whether they ensure the protection of your personal data through strict technical and security measures and we conclude with each one of these contractual instruments (separate agreements/addenda to existing agreements) with respect to the processing of your personal data. Thus, you personal data that we disclose to our business partners are limited to the minimal personal information  which is necessary in order that they observe their obligations towards Us and we forbid them to use it for any other purpose without the information and the aprovals required by law.

 

Some of these business partners are third parties that are no supposed to process personal data of you, but may have access to such data within the performance of their duties/activities/obligations, or in their interactions with Us (e.g., companies that provide technical maintenance services, accounting-financial auditors, legal consultants, etc.).

More specifically, we disclose some of your personal data to certain third parties for the performance of certain functions and services necessary for the provision of our Services at the Hotel as follows:

 

  • our supplier of data storage services (in the cloud);
  • payment processors authorized by Us to intermediate payments in SSL protected system and according to PCI DSS rules;
  • the supplier offering to our clients turistic tours services;
  • our suppliers through which you can make online reservations at our Hotel on our Website, through touristic agencies and through online reservation engines;
  • our supplier of customer satisfaction review services, i.e., the company  TripAdvisor LLC;
  • the supplier that ensures the hosting of our Website.

 

Disclosure of your personal data to authorities/public institutions or judicial bodies

 

We may disclose certain personal data of you to authorities/competent public institutions/juridial bodies when this is imposed by law (e.g., for the investigation of fraud, prevention and combating money laundery, submission of financial-accounting statements/accounts to financial/fiscal authorities, indication of potential criminal acts or threats to public safety (if we suspect that you have been involved in or affected by, an incident implying a (potential) criminal conduct, if we suspect that a fraud or a cyber-crime has been perpetrated, or if we receive threats or malicious communication addressed to Us or to third parties, etc), or to judicial bodies, when we exercise/defend our legal rights/legitimate interests in court.

 

Corporate changes

 

We may disclose personal data of you to third parties in case we undertake procedures of reorganisation, merger, transfer of shares with respect to the company that operates the Hotel, or partherships or transfer of business activities in whole/in part with respect to such company. For these purposes, we shall ensure that any potential buyer shall take and implement the adequate technical and security measures for the protection of your personal data, and that the parties of the above-mentioned transactions shall concude in advance a personal data processing agreement for the purposes of the intended transaction/s.

 

Transfers of your personal data outside the EU and EEA

 

As a general rule, your personal data shall not be transferred (including through storage) to a country outside the European Union and European Economic Area („SEE”).

 

However, some of your personal data may be transferred  to our partners that helps Us to provide you the best Services and are established outside the European Union and EEA. In this respect, with respect to each of these partners we have employed reasonable efforts to ensure that they implement adequate measures for the protection of your personal data. More specifically, these partners are:

 

  1. 1.              Our services supplier WebHotelier that ensures our online reservations platform for accomodation at the Hotel. This supplier uses for the provision of its services the Amazon Web Services infrastructure located on the US territory, however all Amazon servers and IT infrastructure hold PrivacyShield certification (EU-US Confidentiality Shield) for the section non-HR, thus ensuring an adequate security level for personal data recognized by the European Commission;

 

  1. 2.              Our services supplier PynBooking that ensures our hotel management platform for the Hotel. This supplier uses for the provision of its services the Amazon Web Services infrastructure located on the US territory, however all Amazon servers and IT infrastructure hold PrivacyShield certification (EU-US Confidentiality Shield) for the section non-HR, thus ensuring an adequate security level for personal data recognized by the European Commission;

 

  1. 3.              Our supplier of analysis services Google Analytics, established in the US,that holds Privacy Shield certification (EU-US Confidentiality Shield) for the section non-HR, thus ensuring an adequate security level for personal data recognized by the European Commission.

 

  1. 4.              Our supplier of customer satisfaction review services TripAdvisor LLC, established in the US, that provides online customer satisfaction review forms with respect to our Services at the Hotel.

 

If we are to transfer your personal data to other third parties located in countries that do not ensure an adequat level of protection according to the applicable laws, we undertake the obligation to employ all the reasonable efforts to ensure that such third parties comply with the  terms and conditions of this Policy. Thus, we will ensure that such transfers comply with  the provisions of the applicable personal data protection laws.

 

What are the technical and organisational measures implemented by Us for the protection of your personal data?

 

We have implemented the necessary technical and organisational measures in order to ensure an adequate level of security for the safe collection, otherwise processing and storage of your personal data, including against unauthorized access to them or use of them, as well as against their destruction, loss or alteration. These measures include, without limitation, use of encryption techniques, restricted access rights to our physical and IT systems, imposition of confidentiality obligations.

 

In addition, we employ all the reasonable efforts in order to ensure (includind by means of agreements concluded in this respect) that our business partners that might have access to your personal data within the context of the services provided to Us implement adequate technical and organisational measures for the security of the processings performed by them with respect to your personal data.

 

Also, we use the SSL encryption technology for the protection of the personal data processed in case of online reservations of accomodation at the Hotel on our Website. Any  information provided by data subjects through this channel is automtically encrypted and protected during its transmission through the network. Once the information arrives on our server it is decripted by using an unique private key. SSL allows your browser to connect to a web page and select transparently and in agreement with a secured communication channel. SSL is the most used and popular secured transactions system.

 

In case that there will be a security breach that involves your personal data we will perform all the notifications and will adopt all the necessary measures required by the applicable legal provisions in force.

 

Sending new information to Us via electronic means

Communication through the Internet/other electronic means is not entirely safe, thus, when you send Us personal information/data this way (e.g., via Email, our Website, or through other electronic), you undertake risks.

We cannot assume liability for any type of expenses, loss of proffit, damage to reputation, material damage, debts or any other form of loss or damage incurred by you as result of your decision to send Us information/data (including personal) via electronic means, except for our mandatory legal obligations (including in the field of personal data) and the obligations undertaken by Us through the agreements concluded with you in connection thereof.

 

What are your rights with respect to the processing by Us of your personal data?

 

Within the context of the processing of your personal data by Us, you have the following rights:

a)             The right to access to your personal data subject to processing: you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to such personal data and to information regarding their processing by Us by sending a request in this respect to Us in capacity as data controller;

b)             The right to request the rectification and/or erasure of your personal data subject to processing (the right to be forgotten): you can request Us, by sending a specific request to Us in capacity as data controller, the rectification of your data which are inaccurate, the amendment of your data which are incomplete, or the erasure of   your data in case that (i) such data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (and there is no other intended compatible processing purpose),(ii) the legal grounds of the processing is the data subject’s consent, and the data subject withdraws their consent and there are no other legal grounds for the processing, (iii) the data subject exercises their right to object to the processing, and there are no overriding legitimate grounds for the processing, (iv) your data has been unlawfully processed, (v) the data erasure is necessary for for compliance with a legal obligation in Union or Member State law to which the controller is subject, or (vi) the data has been collected in relation to the offer of information society services  directly to children (as the case may be), when specific consent requirements are applicable. However, this is not an absolute rightWe shall be entitled to reject your requestfor data erasure if: (i) we have legal data retention obligationsor(ii) the data is necessary to Us for the establishment, exercise or defence of our legal claims;

c)              The right to request the restriction of the processing: You have the right to obtain the the restriction of the processing in cases when: (i) you contest the accuracy of the personal data subject to processing, for a period enabling Us to verify the accuracy of the personal data; (ii) the processing is unlawful but you do not want Us to erase your personal data and request only the restriction of their use instead; (iii) we, as data controller, no longer need your personal data for the processing purposes mentioned above in this Policy, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you have objected to the processing of your personal data as mentioned above, for the period of time necessary for the verification whether our legitimate grounds for the processing override yours;

d)             The right to withdraw your consent with respect to the processing, when the processing is based on your consent, however without being affected the lawfullness of the processing on consent before its withdrawal;

e)              The right to object to the processing of your personal data, on grounds relating to your particular situation, when the processing is based on our legitimate interest, as well as the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling that is related to such direct marketing;

f)              The right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you;

g)             The right to personal data portability, meaning the right to receive the personal data concerning you, which you have provided to Us, in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another data controller, when the processing is based on your consent or is necessary for the performance of a contract and is made through automated means;

h)             The right to lodge a complaintwith thecompetent Romanian supervisory authority (ANSPDCP) located at 28-30 G-ral. Gheorghe Magheru Blvd. 1st District, Postal Code 010336, Bucharest, Romania, tel. +40.318.059.211 / +40.318.059.212, Email anspdcp@dataprotection.ro, and the right to address your complaints to the competent courts.

The above-mentioned rights can be exercised at any time. In this view, you may send Us specific requests dated and signed, either at the address of our Hotel and headquarters from Bucharest Municiple, 3rd District, 11 Franceza Street, or via Email at the dedicated address: dpo@themansionhotel.ro, to the attention of our Data Protection Officer.

 

We shall respond to each of your above requests within 1 (one) month of receiving it, except for the case when we need to extend this time period by two further months as of receiving the initial request, where necessary, taking into account the complexity and number of the requests. We shall inform you of such extension within one month of receipt of you initial request, together with the reasons for the delay.

We also hereby mention that the exercise of your above-mentioned rights as data subject is free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request.

 

In case you request additional copies of your personal data undergoing processing by Us, we may charge you a reasonable fee based on administrative costs.

If you are not satisfied by our response, you may lodge a complaint to the ANSPDCP. More information regarding the procedure related to the complaints lodged with this authority is available on the website-ul of ANSPDCP at the following link: http://dataprotection.ro/?page=procedura_de_solutionare_a_plangerilor.

 

 

 

 

Inquiries and requests regarding the protection of you personal data

 

For any comments, clarification or other details regarding this Policy you may contact our Data Protection Officer, by sending specific dated and signed requests either at our Hotel and headquarters address (mentioned above), or at the Email address: dpo@themansionhotel.ro.

 

Updates to this Policy

 

This Policy is subject to future updates (e.g., due to changes of laws and practice in the field, or or our business operations, etc.), the last version of it being published on our Website. To the extent you want to be communicated an older version of this Policy, you may send a specific dated and signed request either at our headquarters’ address, or at the following dedicated Email address: dpo@themansionhotel.ro.

 

In case we bring minor changes to this Policy (which do not relate to changes to the cathegories of personal data subject to processing, types of processing, processing purposes and/or means), we will update this Policy and mention the date of the update on it. The processing of your personal data shall be governed by the provisions of the updated version of this Policy effective as of the date of the update.

In case we bring major changes to this Policy (which relate to changes to the cathegories of personal data subject to processing, types of processing, processing purposes and/or means), we will inform you prior to such changes being implemented either via Email (if possible), or by  related publication on our Website.

At any time this is requested by to law, we shall obtain your specific and informed consent prior to processing your personal data for other purposes and in other modalities than those for which we have already obtained your consent.

This Policy is completed with other specific policies regarding the processing of your personal data that are available on our Website and at the Hotel, as follows: (a) the Cookies Policy for the Website, and (b) the Policy regarding the processing of your personal data through our video surveillance CCTV system at the Hotel.