Briefing concerning Processing of personal character data
(i) The European Parliament and Council have adopted at April 27, 2016 the EU Regulation 2016/679 concerning the protection of natural persons regarding the personal character data processing and the free circulation of such data, as well as the abrogation of Directive 95/46/EC (The General Regulation on data protection - GDPR). The EU Regulation 2016/679 was published in the Official Journal of the Union, L119 of May 4, 2016 and its provisions will be directly applicable in all member states of the European Union, starting with the date of May 25, 2018. The EU Regulation 2016/679 imposes a unique set of rules in the matter of personal character data protection, superseding Directive 95/46/EC and, implicitly, the provisions of Law no. 677 / 2001.
(ii) The EU Regulation 2016/679 places accent on transparency as to the person in question and holding responsible the data operator for the way they process the personal character data. The EU Regulation 2016/679 establishes a set of specific guarantees to protect as efficiently as possible the private life of the under aged, especially in the on-line media. The EU Regulation 2016/679 consolidates the granted rights of the persons in question and introduces new rights: the right to be forgotten about, the right to data portability and the right to restriction of processing. The EU Regulation 2016/679 presents severe sanctions, up to 10 – 20 million Euros or between 2% and 4% of the turnover at international level for the private sector operators.
(iii) Beginning with May 25, 2018 the Regulation 679/27.04.2016 concerning protection of natural persons regarding processing of personal character data and the free circulation of such data and the abrogation of the Directive 95/46/EC (General Regulation concerning data protection) (hereinafter called "GDPR") is being applied in all European Union states.
THE FOREGOING INFORMATIVE NOTE WAS DRAWN UP CONCERNING THE PROCESSING OF PERSONAL CHARACTER DATA VIA VIDEO MEANS
The foregoing briefing on the processing of personal character data aims at informing about the manner in which we understand to regulate and integrate in the hotel units the GDPR policy and it is an integrating part of the Hotel Regulation.
Personal character data Your data processed by us are personal character data obtained directly form you or from third parties having the permission to exchange information with us. We hereby inform you that the personal character data we process may be the following: identification and contact data: surname and first name, address, place and date of birth, personal identification number, identification data from the identity card, passport or other identity documents, citizenship, e-mail address, phone/fax numbers, bank account, invoice address, type of bank card / credit card, name of credit card /bank card holder, date of expiry of bank card/credit card, the CVC/CVV code of the bank card, the IP in case of accessing RIN Hotels sites, opinions and visions (may include sensitive data), such as: any opinions and visions you pass on to us or any opinions and visions you post publicly about us on social networks (social media) or you place them on other public channels. In their majority, these data represent a legal or contractual obligation, needed both for concluding and for the development of the contract for hotel services provision, and denial to submit them being able to affect the provision of the contracted services or observance of our legal obligations, including those related to reporting and evidencing.
The company will make use of data on bankcards, credit cards, bank accounts registered on booking the room, the hall, organizing events, only to the degree and for the period necessary for the exercising of its rights and fulfilling its obligations. The data are managed by the bank partners and contractual partners of the Company. Personal character data are such information referring to an identified or identifiable natural person. An identifiable natural person is the person that can be identified, directly or indirectly, particularly by reference to an identification number or to one or more factors specific to their physical, physiological, psychological, economic, cultural or social identity.
We are collecting your personal character data obtained with your consent when, for example:
(i) You request and/or use our hotel specific services (including organizing of events);
(ii) You subscribe to informative bulletins, alerts or other services provided by us;
(iii) You contact us through different channels or you request information about a certain service;
(iv) You visit or browse our websites;
(v) You allowed other companies, like our trading partners or associates, as well as in the situation when we submit such data to other suppliers or contracting parties, as long as we have legal grounds, for example: banking-financing institutions, accounting services providers, public authorities or institutions, notaries, attorneys, etc.;
(vi) When your personal character data are public knowledge;
The www.rinhotels.ro site, the related sub-sites or the Facebook pages of RIN Hotels, RIN Grand Hotel / RIN Airport Hotel / RIN Central Hotel
On the rinhotels.ro site or the Facebook pages of RIN Hotels, RIN Grand Hotel / RIN Airport Hotel / RIN Central Hotel, the clients may perform bookings or request offers. By clicking the “Like” button on the Facebook page managed by RIN Hotels, the data subject agrees with the publication of news and offers of the Company on the Facebook page. If you need additional information about the way Facebook manages personal data please visit sections “Confidentiality” and “Terms and policies”, bearing in mind that RIN Hotels do not manage the socializing platform but the profile page. Should the data subject not want to convey the information to the social networks or receive information/offers, then they should prevent that by clicking the button “Dislike”.
The website www.rinhotels.ro, the related sub-sites or the Facebook page of RIN Hotels, RIN Grand Hotel / RIN Airport Hotel / RIN Central Hotel may contain links that are not managed by the Company. The Company has no influence on the content or security of the web pages maintained by partner firms, or the publicity made by other companies, thus it cannot undertake any liability for visiting such web pages. Before disclosing your personal character data, we urge you to review the policies or confidentiality information published on the respective web page.
The company uses analytic instruments to monitor its web pages. In this process, a set of data is created and it is monitored the way in which visitors interact with the web pages. When visiting the page the system creates a cookie to capture the information about the visit (pages visited, time spent on these pages, navigation data, location). This instrument is helpful for the improvement of the ergonomic aspect of our portal, the building of a friendly web page, knowing the interested persons and improving the on-line experience of visitors. The majority of web browsers accept cookies on an automatic basis but visitors have the option to erase them and reject them automatically. Because each browser is different, visitors may set the cookies preferences individually, using the browser’s toolbar. It is possible that some function will not be accessible on our web page if you choose to reject cookies. A HTTP cookie or a cookie module is a special text, often coded, sent by a server to a web navigator and then returned unchanged by the navigator, every time when it accesses that server. On our site, www.rinhotels.ro cookies are used to follow the conduct of users. For more details, please access: http://ro.wikipedia.org/wiki/Cookie. These modules enable rapid and efficient navigation between pages, memorizing your choices, options and preferences, as well as optimizing the use of the website. The cookies modules are stored in the browser’s memory and contain information like the name of the server from which the cookie module was sent, the time of storing the cookie module, a value – usually a unique digit randomly generated. The cookie files do not allow your personal identification.
Our website www.rinhotels.ro uses cookie modules to maintain valid authentication for longer periods in order to remember the navigation and use preferences of the site.
In case you agreed to the inclusion of the cookie modules in your browser through the banner of the start page of the website, please consider the fact that your consent may be withdrawn at any time.
Current browsers (web navigators) offer you the possibility to set /deactivate cookies. To do this, in general, you have to access the function Options or Preferences.
The company may be contacted by e-mail, messages are managed by the Company until solving the respective request/question, and after settlement, they are stored according to the legal provisions in force.
The persons submitting their CV via e-mail, at the company’s seat, reception or through and employee or collaborator (natural or legal person), for example Bestjobs or Ejobs, have agreed to the management of their personal character data by the Company. The aim of managing such data is the selection of the appropriate candidates for the available working positions. Should that person exercise the right to erase the data, the company will follow the necessary procedure but in the situation when the company does not receive such demand in an express manner, the data will be erased after five years from the date of reception.
The company uses SSL encoding technology for data protection. Any information shared by the data subject is automatically encoded and protected during its transmission through the network. Once the information reaches our server it is decoded using a unique private key. SSL allows the browser to connect to a web page and select it transparently and in agreement with the secured communication server. SSL is the most used and most popular system of secure transactions.
As the Company processes personal character data both for a contractual scope and for keeping you informed with our activities (newsletter), we wish to assure you hereby that our organisation has taken proper technical and organizational measures to protect your data. Data subjects have the right to retract any time the consent declaration issued by the confirmation procedure for mail subscription. Pursuant the retraction, these personal data will be erased by the operator. The company will automatically consider retraction since the reception of the newsletter as a revocation of the consent. The newsletter is submitted through a newsletter submission platform operated by the Mailchimps platform. The e-mail addresses of the newsletters’ assignees are stored on this platform without being forwarded to other entities. In case you no longer want to be informed about the events and services offered by RIN Hotels, please send a request for UNSUBSCRIBE from the e-mail addresses:
email@example.com/, firstname.lastname@example.org/ email@example.com or follow the e-mail instructions, from the footnote, clicking Unsubscribe.
1. Personal character data processing means any operation or set of operations performed on the personal character data, through automatic or non automatic means, like collection, registration, organization, storage, adaptation or modification, extraction, consultation, use, disclosure to third parties by conveyance, dissemination, or otherwise, addition or combination, blocking, erasing or destruction, storage or recording on any kind of support of the collected personal character data.
2. Scope of processing and data subjects: Your personal character data will be collected in determined scopes, explicit and legitimate, being processed on the principle of integrity and confidentiality, in a way that assures proper security of the personal character data, including protection against unauthorized or illegal processing, loss, destruction or accidental damage, by taking the appropriate technical and organizational measures.
Processing your personal character data as data subject is done without limitation in the following scopes:
• to furnish hotel services and organization of events services
• in order to be contacted and to get answers about the used services or the services you intent to use from the RIN Hotels units;
• for accounting purposes, or financial purposes concerning invoicing;
• marketing communications (if you gave your consent);
• managing our communication and IT systems;
• for reports to the National Institute of Statistics, judicial enforcement, banking units, etc.;
• to recuperate owed receivables, the data will be communicated to elected defenders or judicial courts in order to file court representation actions;
• for other scopes determined by contract or law, as legal obligation.
The personal character data may address the following data subjects:
(i) Existent or potential clients, agents, distributors, subcontractors, business partners (natural persons);
(ii) Employees or contact persons of the potential clients, of customers, agents, distributors, sub-processors or proxies, business partners and salesmen (natural persons);
(iii) Employees, agents, counsellors, and independent persons of the Client (natural persons) and / or
(iv) RIN Hotels employees
In case we have to process personal character data obtained from third parties, legal persons, (Tourism agencies, Employer, Events Planner), the latter are obliged to present you with the information necessary for using the transmitted personal character data and obtain your consent.
3. Processing principles: We process personal character data in conditions of legality, equity and transparency.
4. Legal basis of processing: The legal basis for collecting and processing personal character data (anonymous and aggregated character data are not considered of personal character) for each of the scopes mentioned in the present Briefing is any of the below:
• the consent of the data subject – such consent will be given when filling in the registration sheet of arrival/ signing the hotel services provision contract/ signing the Annex to the job description/ signing the consent or other documents explicitly mentioning this thing. Signing any of such documents constitutes the granting of the data subject’s consent regarding the processing of their personal data.
The consent for using the personal character data must be given by an unequivocal action, which should be a freely expressed manifestation, specific, in clear awareness of the consent of the data subject for processing their personal character data. The consent should refer to all processing activities performed for the same scope or scopes. If the data processing is done for more purposes, the consent should be given for all processing scopes. In case the consent of the data subject must be granted pursuant to request submitted electronically, such request must be clear and concise and not disturb unnecessarily the use of the service for which the consent was given.
• scope of processing compatible with the initial scope of processing the personal character data
• development of the contract to which the data subject is part or their request submitted before the conclusion of a contract, in order to sign the contract and fulfil it;
• legal obligation: conformation with the legal requirements imperative to apply;
• legitimate and legal interest to assure the own services provision for processing in scopes of marketing, publicity, direct marketing, polls and communication by e-mail or other channels, in order to prevent and control frauds.
The legislation governing, in principle, the activities developed by RIN Hotels are the following:
• Regulation 2016/679/EU, Directive 2016/680/EC, Directive 2002/58/EC
• Law no. 190/2018, Law no. 506/2004
• Civil procedure code
• Norms concerning the access, evidence and protection of tourists in the touristic structures from 08.02.2001
5. Obligations of RIN Hotels concerning processing of personal character data:
• RIN Hotels will process Personal Character Data only in the legal scope of providing own services, of fulfilling written instructions received from the client or their legal representative mentioned in the Contract or in conformity with the applicable legal provisions.
• RIN Hotels will apply the proper technical and organizational measures to assure a security level adapted to the risks presented by the processing of personal character data, especially concerning protection against destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data.
• RIN Hotels will take reasonable measures to assure that only authorized personnel will have access to such personal character data and that any person authorized to have access to personal character data is obliged to observe the confidentiality of the processed data;
• RIN Hotels, without unjustified delay, after being informed of such thing, will notify the Client about any security breach leading accidentally or illegally to the destruction, loss, modification or unauthorized disclosure of the personal character data conveyed, stored or processed in another manner or to the unauthorized access to such data by RIN Hotels, its empowered persons or any third party identified or unidentified ("Breaching security of the personal character data");
• RIN Hotels will grant the Client reasonable assistance related to any breach of the security of the personal character data in the possession of RIN Hotels, to the degree, it affects the Client.
6. Terms for preserving data: The limit terms estimated for the keeping and erasing of different categories of data will be those established by the legislation in force, especially concerning archiving, until the realization of the scope for which they were collected, during the entire period necessary for the use of such data as established by the legislation in force (including the fiscal one) or by the competent authorities.
7. Subcontractors: For the provision of services, RIN Hotels may hire mandated persons, part operators, services suppliers as subcontractors. In such situations, RIN Hotels will see to it that any subcontractor they hire will sign a contract with standard contractual clauses offering sufficient guarantees for applying the appropriate technical and organizing measures, so that the processing would observe the requirements established by the GDPR and secure the protection of rights. RIN Hotels will also represent that the subcontractors will process the data based on documented instructions and that they will respect the confidentiality of the processed personal character data or that they have an appropriate statutory obligation of confidentiality.
8. Rights of the data subjects:
• Right of information and access to the personal character data. The data subject has the right to request a copy of the personal character data retained by RIN Hotels. The request will be submitted in writing to the hotel units or on the e-mail address firstname.lastname@example.org, as the model displayed on the website.
• Right to rectify the personal character data. The data subject has the right to rectify the data if they are not correct. The updating of allegedly incorrect data will be done based on a written request sent to the hotel units or on the e-mail address email@example.com as per the model displayed on the website.
• Right to erase. RIN Hotels will process and keep the data only so long as they are needed. Upon expiry of term mentioned for storage of data, they will be erased and made anonymous. Under certain circumstances, the data subject has, nevertheless, the right to request erasure of their personal data.
• Right to restrict the usage of the personal character data
• Right to oppose the usage of personal character data
• Right to data portability
• Right to retract the consent at any time. Retraction of consent may be done at any time and it will produce effect only for the future, the processing done previous to the retraction will still be valid.
When the processing is based on article 6, paragraph (1) letter (a) ”the data subject has given their consent for the processing of their personal character data for one or more specific scopes” or on article 9, paragraph (2), letter (a) ”the data subject has given their explicit consent for the processing of these personal character data for one or more specific scopes, except for the case when the Union law or the internal law provides that the interdiction established under paragraph (1) to be lifted only through the consent of the data subject” from the GDPR, you have the right to withdraw your consent at any moment, without affecting the legality of processing done based on the consent given prior to its withdrawal. Thus, you may modify or eliminate the consent at any time and we shall act accordingly, except for the case when there is a legal reason or legitimate interest not to.
Requests. Complaints. Any request concerning any of your rights or complaint related to the way RIN Hotels processes your personal character data will be submitted in writing, dated and signed (see the model presented under section Requests concerning exercising of rights) to RIN HOSPITALITY COMPANY SRL, Şos. Vitan Bârzeşti no. 7D-7E, district 4, Bucharest or to the e-mail address: firstname.lastname@example.org . In case you are not satisfied with the solution received, you may contact the National Authority for the Surveillance of the Personal Character Data Processing – with headquarters in: Bld. G-ral Gheorghe Magheru no. 28-30, District 1, Bucharest, zip code 0103336, e-mail: email@example.com or you may address the court (art. 79). We underline the fact that the exercising of rights is free for a single request during one year.
We reserve the right to alter, when considered appropriate, the practices of data protection and update and modify the present note of information at any time. Due to this reason we encourage you review periodically the present note of information.