POLICY OF CONFIDENTIALITY
The observance of the right of personal data protection, and of the right to private life is one of the fundamental mission of the company RTH Premium Services SRL (Ramada North Hotel),
Thus, we are taking all steps necessary to process your personal data in conformity to the principles stipulated by the legislation of data protection applicable in Romania, including the (EU) Rule 2016/679 of European Parliament and Council dated 27th April 2016 on protection of natural persons in terms of processing personal data and free circulation of such data and abolishment of the Directive 95/46/CE ("GDPR").
The personal data includes all information related to an identified or identifiable natural person („target person”); an identifiable natural person is a person who may be identified, directly or indirectly, mainly making reference to an identification element, such as name, identification number, location data, online identifier, or one or several specific elements, related to its physical, physiological, genetic, psychic, economic, cultural or social identification.
The personal data is processed by: RTH Premium Services SRL (Ramada North Hotel) with the seat at 44A, Daniel Danielopolu St., 1st district, county Bucharest, registered under no. J40/2792/2006 at Trade Register, tax code 18403537.
The entity RTH Premium Services SRL (Ramada North Hotel) is a personal data operator in terms of GDPR, respectively it determines the means and scopes for processing personal data.
- What kind of persons we are processing?
- Personal data of underage
- Special data
- Which is the scope and reason to process your personal data?
- Who are the persons receiving your personal data?
- Are we collecting personal data from third parties?
- Are we transferring your data outside EU/EEA?
- Supply by you the personal data of other natural persons
- For how long are we storing your personal data?
- Which are your rights?
- Are you data kept safely?
- Links to other webs
- Questions or claims
- Amendments of policy
WHAT KIND OF PERSONAL DATA ARE WE PROCESSING?
If you are client or potential client
We are collecting personal data pursuant to most interactions with you, as well as during other moments of our activity. The categories of data processed by us are the following:
- data necessary for booking (for instance, surname, first name, e-mail, telephone);
- data related to arrival-leaving record, required based on national legislation (for instance, citizenship, address, date of birth);
- bank card data (type of card, number of credit/debit card, name of holder, expiry date and security code);
- information about the stays of client, including the date of arrival and leaving, special requisites, preferences;
- the information supplied by you related to your marketing preferences;
- data supplied by you to register and subscribe for the newsletter;
- information about motor vehicles that you have bring on our property, for instance registration number;
- data collected from the access cards (time of entry and exit);
- information collected by different contractual partners (tourism agencies, event organizers) and submitted to RTH Premium Services SRL (rooming list, list of guests to events);
- data necessary to supply additional services, if any;
- reviews and opinions related to our services;
- any other kind of information that you decide to supply us.
Also, the video cameras and other security measures implemented on our properties may capture or record images of the guests in public spaces (such as the entries in the hotel or in restaurants or halls), as well as your location data (by the images captured by the video cameras).
You may decide anytime what personal data you want to submit us. Despite all these, if you decide not to supply certain personal data, if the reason of our requirement is a legal obligation, contractual obligations or obligations necessary to conclude a contract we will be in the impossibility of providing you particular services, as for instance: (i) if you refuse to communicate us a surname, first name, e-mail or phone number if you want to book, we won’t be able to make the booking, or (ii) considering that you have to fill in the record of arrival and leaving when you are lodging to our hotel, you have to enter particular personal data required by law, and if you refuse to fill in such obligatory fields, we won’t be able to lodge you in the hotel.
If you are potential employee
We are collecting the data from the CV submitted by you as well as any other information submitted with the CV and/or during the interviews attended.
If you are visitor in our location
We are collecting the surname, first name, series and number of identity document.
Also, the video cameras may capture or record images of visitors in public spaces (such as the entries in the hotel or in restaurants or halls).
If you are used of our website www.ramadanorth.ro
In order to read the data on the website, it is not necessary to provide personal data.
However, for technical operation of the portal, Ramada North Hotel is provisionally using the following information which includes personal data and which appear automatically to the website manager:
- internet protocol (IP)
- name of field (URL)
- access data
- access file of client (name of file and URL)
- HTTP code of answer password
- Data of the webpage from which it is accessed
- Quantity of bites consumed for the visit
- date of visit
- data of the pages visited, respectively
- name of browser.
In order to use some services (i.e. on-line booking) certain personal data is necessary. For details, please see the proper section of the operation used on the website.
If you are representative or contact person of our suppliers or business partners
We are collecting the surname, first name, position, as well as any data supplied by you or by the company you are representing.
If you are employee
Please read the confidentiality policy afferent to the employees, provided on the date of hiring and available anytime at the Human Resources Department.
PERSONAL DATA OF UNDERAGE
We are protecting the confidentiality of the data obtained from children under 16 years old. If you are under 16 years old, you have to obtain the consent or authorisation of parents or tutor for any supply of personal data.
The term of „special data“ refers to the race or ethnic origin, political opinions, religious confession or philosophical convictions or membership to trade unions and processing of genetic data, biometric data, health data or data related to sexual life or sexual orientation.
In general, we do not collect special information but if you want to provide us. We collect special data related to health only with your consent and only to customise certain treatments. The access to such data is limited to medical staff.
WHICH IS THE SCOPE AND REASON TO PROCESS YOUR PERSONAL DATA?
If you are client
a. Hotel, restaurant bookings or if you require us offers for certain events organised or to be organised.
Scope: we process your personal data (i) to book you a place at the hotel/restaurant and (ii) to answer to your requirements of offers submitted to us.
Reason: to conclude a contract
Scope: we process your personal data for the registration/lodgement in our hotel.
Reason: on the date of lodgement, according to legal disposals in force, you have the obligation to fill in the record of arrival and leaving with minimum data necessary to lodge.
c. The customer service (this service includes, among others: service of transport to/from the hotel, cleaning service, laundry service, etc)
Scope: we are processing your personal data to offer you an experience as pleasant as possible and in conformity to your standards and to the hotel’s standards.
Reason: execution of hotel service contract.
Scope: with a view to offer customised services, certain special requisites you have (for instance: if you prefer the rooms from higher or lower floors, if you like a particular wine, etc) are stored so as, when you return, we will know what you like
Scope: we are processing your personal data to make sure that you have a pleasant experience within our units.
Reason: our legitimate interest to improve constantly the services we provide and to offer services as appropriate as possible and conform to the standards of our clients.
Scope: we are processing your personal data for marketing, such as commercial newsletters and marketing notices related to new products and services or other offers which we consider you might be interested in.
Reason: we rely on the legitimate interest to promote our services by submitting the offers we consider of interest for you. (see “Right to opposition” in the Section “Your rights”)
If necessary, in conformity to the legislation in force, we shall obtain your consent before processing your personal data for direct marketing. In this case, we inform you that you may withdraw on any moment your consent for processing in marketing scope, when you stop receiving any marketing notice from us.
We shall include an unsubscribe link, which you may use if you no longer want to receive messages from us.
Also, upon the organisation of certain events in our hotels and restaurants, it is possible to take few photos, and some of this may be shared as well online to present our events to third parties. In this case, since we consider your right to private life, we will do our best to inform you about taking pictures (for objections related to our photos, see “Right to opposition” in the Section “Your rights”).
g. Other communications: by e-mail, post, telephone or SMS
Scope: such communications will be submitted for a specific reason such as: (i) to answer your demands, (ii) if you have not completed an online booking or an offer demand, it is possible to send you an e-mail to remind you to complete the booking, (iii) to inform you about the manner of solving the complaints and/or the incidents appeared during your stay.
Legal ground: our legitimate interest is to provide services on the standards wanted by solving the potential petitions/complaints and to assure you of our entire availability.
h. Analysis, improvement and search:
Scope: in order to provide constantly the qualitative evolution of our services, we analyse each and every complaint/suggestion received from you, therefore, we draft statistic reports to identify the problems and encounter the best solutions to solve it.
Reason: we rely on our legitimate interest to supply services in conformity to your standards.
If you are visitor in our location
Scope: we process your personal data to provide for the protection of the goods and individuals in the hotel.
Reason: our legitimate interest is to provide for both the protection of the goods of clients/hotel/staff, and the protection of the persons in the hotel.
If you are user of our website www.ramadanorth.ro
Scope: supervision of traffic with a view to identify the errors and/or any other dysfunction of the website.
Reason: we rely the activity of data processing on our legitimate interest namely making you available a completely functional website in order to repair any errors, as well as by permanent improvement of it.
If you are representative or contact persons of suppliers or our business partners
Scope: development of contractual relations with our suppliers or business partners.
Reason: execution of a contract.
If you are potential employee
Scope: evaluation of your hiring application.
Reason: concluding a contract.
If you are an employee
Please read the policy of confidentiality afferent to employees, brought to knowledge on the date of hiring and anytime available at the department of human resources.
For all above categories of person, we may process as well your personal data in the context of the following activities:
a. Restructuration, internal reorganisations or sales of assets or equity interests/shares:
Scope: we process your personal data for the abovementioned operations.
Reason: legitimate interest to perform the actions, mainly under the conditions of being impossible to achieve in the absence of a processing of personal data.
Despite all these, we assure you that this potential processing will be performed in conformity to this policy and by implementing a measure to provide the confidentiality of your data
Scope: we process the personal data for security of goods and physical integrity of individuals.
Reason: we rely on our legitimate interest to protect your goods and of the hotel as well as the protection of the individuals in the perimeter of our hotel.
c. Legal grounds:
Scope: in certain situations, we have to process the information supplied, which may include personal data, in order to solve the legal disputes or claims, for investigations and observance of legal rules in force, to enforce an agreement or to answer to the demand of public bodies to the extent that such requisites meet the legal conditions.
Reason: the reasons of processing may include the legal obligation (if we have the legal obligation to reveal certain personal data to public authorities) or our legitimate to solve potential disputes and/or claims.
WHO ARE THE PERSONS RECEIVING YOUR PERSONAL DATA?
In order to provide you high quality services, it is possible to submit your personal data to our suppliers of services and to other third parties as detailed below:
- Suppliers: with a view to render the services required, in some cases, we must supply part of your personal data to our suppliers, and the latter are proxies and process the data on behalf, for and in conformity to our indications (such as the suppliers of software, IT, accounting services, medical services, transport services).
- Group events or meetings: if you visit our hotel within a group or on the occasion of any conference, the data required for the planning of the meeting and event may be shared with the organisers of such meeting or events and, if any, with the guests organising or participating to the meeting or event.
- Business partners: in certain cases, we become partners of other companies to supply you products, services or offers. For instance, we may arrange for you the lease of a vehicle or we may intermediate you optional services and adjacent to the services exceeding our offers.
- Authorities and/or public institutions for: (i) observance of legal disposals, (ii) to answer to their demands, (iii) for reasons of public interest (i.e.: national safety). For instance, according to the rules in the section “WHICH IS THE SCOPE AND REASON TO PROCESS YOUR PERSONAL DATA” lett. b) any hotel unit has the obligation to submit daily the records of arrival and leaving of every client.
The confidentiality of your data is important for us, reason for which, if possible, submitting personal data according to the foregoing is performed only based on a commitment of confidentiality of addressees, securing that such data is kept safely and that the supply of such data is governed by the legislation in force and applicable policy. Anyway, we will always submit to the addressees only data strictly necessary for the achievement of such scope.
ARE WE COLLECTING PERSONAL DATA FROM THIRD PARTIES?
In order to provide you the expected level of hospitality and offer you the best services, we may collect information about you from our business partners and other third parties, as detailed below:
- Business partners: such as card partners, services afferent to social networks in conformity to the setting you have made for such services, tourism agencies, organisers of events
Anyway, we assure you that your data collected from third parties will be processed under the same conditions as collected directly from you. Also, we will collect only what is necessary to meet our scopes. (see section “WHICH IS THE SCOPE AND REASON TO PROCESS YOUR PERSONAL DATA?”).
In addition, when we contact you for the first time, we will indicated you first of all the source of obtaining your personal data.
ARE WE TRANSFERRING YOUR DATA OUTSIDE EU/EEA?
We may transfer your personal data to some suppliers with the seat in other countries than where you are and, in some cases, in countries outside EU/EEA.
Although the laws of personal data may be different in this countries than those in your country, we shall take the measures necessary to make sure that your personal data is processed according to this policy and to the legislation in force.
SUPPLY BY YOU PERSONAL DATA OF OTHER NATURAL PERSONS
If you supply us the personal data of other natural persons, please inform them in advance about such reveal and the means of processing it, as stipulated in this confidentiality policy.
FOR HOW LONG ARE WE STORING YOUR PERSONAL DATA?
Your personal data is kept during the entire term of achieving the scopes detailed in this policy, if no longer period is necessary or stipulated by the law in force.
We are constantly reviewing the need to store your personal data, and it the storage is no longer necessary and the law does not compel us to store your personal data, we shall delete/destroy your personal data as soon as possible and without the possibility of recovering or reconstituting it (for instance, we shall delete/destroy all personal data obtained during interviews, if there is no serious perspective of hiring in the future).
If the personal data are printed on paper, it will be destroyed completely, and if saved on electronic means, it will be deleted using technical means t assure the impossibility of recovering or reconstituting it in the future.
WHICH ARE YOUR RIGHTS?
As target person, you have the following rights stipulated by GDPR:
- Right of access: you may require us (i) a confirmation of processing or not personal data and if the answer is positive, access to such data and information related to it, as well as (ii) a copy of your personal data we are holding (art. 15 of GDPR);
- Right to amend: you may notify us any amendment of your personal data or you may ask us to amend your personal data held by us (art. 16 of GDPR);
- Right to delete („right to ignore”): in certain situations (as for instance (i) when the data has been collected illegally, (ii) the deadline to store the data has expired, (iii) you have exercised the opposition right (iv) data processing needs consent and you have withdrawn your consent), you may ask us to delete you personal data held by us (art. 17 of GDPR);
- Right to restrict the processing: in certain situations (as for instance when you challenge the accuracy of such data or legality of processing), you may ask us to restrict the processing of your data for a certain period (art. 18 of GDPR);
- Right to data portability: to ask us to submit your personal data to a third party or directly to you. (art. 20 din GDPR);
- Right to opposition: in certain situations (as for instance the processing having as legal ground a legitimate interest), you may ask us to stop processing your data (art. 21 din GDPR).
If we use your personal data based on your consent, you are entitled to withdraw this consent on any moment. In this situation, we shall no longer process your data, except for the case when a legal disposal compels us to store and archive it. Anyway, we shall inform you if such legal disposal exists and we shall indicated it to you expressly.
ARE YOU DATA KEPT SAFELY?
We are dealing with your personal data seriously, taking important security measures, necessary for protection against unauthorised access to data or amendments, reveal or unauthorised access. This entails internal reviews of collecting, storing and processing data and security measures, also, physical measures of security for protection against unauthorised access to the systems where we store the personal data.
We are asking our service suppliers and business partners to take all measures necessary for protection against unauthorised access to data or amendments, reveal or unauthorised destruction of data.
LINKS TO OTHER WEBSITES
Our website includes links to third websites. Please remember that we do not undertake responsibility for collecting, using, keeping, sharing or reveal of data and information by such third parties. If you use or supply data on third websites, the terms and confidentiality policy of such websites are applied. We recommend you to read the confidentiality policy of the websites you are using before submitting personal data.
QUESTIONS AND CLAIMS
If you have questions or preoccupations related to processing your personal data or if you want to exercise any of the above rights, you are welcome to contact us by sending us an e-mail to the following address: firstname.lastname@example.org and we shall answer you within maximum 30 days as of receiving the petition.
If you do not hold electronic means or you do not want to use it, you may draft a written petition and submit it to the reception desk of the hotel at the address Str. Daniel Danielopolu nr. 44A, Sector 1, County Bucharest.
If you are dissatisfied with the manner of solving the petition, you may submit a complaint to the National Authority of Supervision of Personal Data.
AMENDMENTS OF POLICY
This policy of confidentiality is amended in conformity to the changes of legislation related to data policy or based on the modifications of our services or periodical means of organisation. If we amend it materially, we shall publish a link to the policy reviewed on the homepage of our website. If we perform significant amendments with impact on your rights and liberties (for instance, when we start to process your personal data in other scopes than mentioned above), we shall contact you in advance.
In order to follow the most important amendments, we shall include below a history of the amendments to reflect the changes of this policy.
Last updating: 12 July 2018