Privacy policy (“Policy”)
Contents of this page:
Data collection and purpose
What information we collect about you
Why we process your data)
Your rights under GDPR
Processing personal data
Data transfer to third parties
Data security
Children's privacy
Cookies and social media features
Data retention period
Final clauses
Effective Date: May 24, 2018
Thank you for visiting the website casachiticbalcescu.ro (hereinafter referred to as the "Website" or the "Company").
In Romania, personal data is protected in accordance with Regulation No. 679 of April 27, 2016, concerning the protection of individuals regarding the processing of personal data and the free movement of such data (hereinafter referred to as the "GDPR" or the "Regulation").
Before collecting your personal data, we will identify ourselves and inform you about the purpose of such data collection if needed.
DECLARATION – DATA COLLECTION AND PURPOSE
We may collect and process your personal data in order to fulfill contractual obligations towards you, manage and administer your accounts (if applicable), recruit and develop personnel, or ensure compliance with applicable legal regulations. If you have agreed to such use, we may also use your information to provide you with products and/or services that we believe may be of interest to you.
*Casa Chitic Balcescu, located at *Strada Nicolae Bălcescu, no. 13, postal code 500019, Brașov, Romania (hereinafter referred to as the "Company"), as a data controller, provides this Privacy Policy to explain how we process and protect personal data.
The Website, through its adopted policies, including internal regulations, emphasizes the importance of protecting personal data and ensures compliance with GDPR requirements. We are committed to processing your data with the highest level of security and legal compliance.
This Policy aims to adequately inform you about the processing of your data when using the Website’s services.
If you are under 16 years of age, please do not provide us with personal data.
CATEGORIES OF PERSONAL DATA PROCESSED (What Information We Collect About You)
We collect and process your data when you interact with the Company through the Website, specifically through the contact or reservation forms available on the Website.
- The personal data collected through the contact form while clicking on email include:
- [Email address]
We hereby declare that except the data coming via email, we do not operate any other data everything is done through our Channel Manager & PMS Cloudbeds . For more informations please consult the following links: Cloudbeds DPA Cloudbeds Privacy Policy Cloudbeds Data Security
PURPOSE OF PROCESSING (Why We Process Your Data)
By accepting this Policy, you consent to the inclusion of your personal data in the Company’s database.
The Company cannot be held responsible for any inaccuracy in the data you provide, failure to update them, or negligence regarding the security of your data, emails, mail correspondence, or SMS messages. The Company is also not responsible in cases where third parties gain access to your data.
In compliance with GDPR requirements, we store all collected information for contractual or pre-contractual purposes and to maintain a record of transactions via our Channel Manager and PMS the cloud based solution Cloudbeds. This ensures compliance with legal requirements for document management, record-keeping, and security measures.
YOUR RIGHTS UNDER GDPR
Under the Regulation, you have the following rights regarding your personal data processing:
- Right of access: You have the right to access your personal data processed by the Company and receive a copy upon request.
- Right to rectification: You can request the correction of inaccurate or incomplete data at no cost.
- Right to erasure (“right to be forgotten”): You can request the deletion of your personal data if any of the conditions under GDPR apply.
- Right to restriction of processing: You have the right to restrict how we process your data under certain circumstances.
- Right to data portability: You can request to receive your data in a structured format or transfer it to another data controller where technically feasible.
To exercise your rights, you can send a written, signed, and dated request by:
- Email to the Company at office@casachiticbalcescu.ro
- Mail to the Company’s address mentioned at the beginning of this document
The Company reserves the right to deny unjustified or excessive requests and to charge a reasonable fee if necessary.
If you believe your data is being processed unlawfully, you can file a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) – www.dataprotection.ro or take legal action.
PROCESSING OF PERSONAL DATA
Your data will be processed based on your *consent, which you may withdraw at any time by emailing office@casachiticbalcescu.ro or using the unsubscribe option in our newsletters. However, the withdrawal of consent will not affect the legality of processing carried out before the withdrawal.
Data processing will occur within Romania and/or the European Union in compliance with GDPR requirements.
DATA TRANSFER TO THIRD PARTIES
Your data will not be sold to third parties. However, data may be shared with the Company’s authorized partners for processing as per our instructions, such as:
- IT support service providers
- IT security service providers
- Booking service providers
- Analytics and search engine providers that help optimize our Website
Data may also be disclosed to government authorities or law enforcement if required by applicable laws or for the protection of our legal interests.
The Company ensures that third-party service providers adhere to strict security and confidentiality measures when processing personal data.
DATA SECURITY
Your data is stored on our secure third-party hosting providers (including cloud-based services via Cloudbeds).
We implement technical and organizational security measures to protect your data from unauthorized access. However, data transmission over the Internet is *not completely secure, and we *cannot guarantee absolute protection. Any transmission is at your own risk, and the Company is not liable for unauthorized access or data interception.
Once we receive your data, we implement strict security procedures to prevent unauthorized access.
CHILDREN’S PRIVACY
We do not knowingly collect personal data from individuals under *16 years of age. If a parent or guardian discovers that their child has provided personal data, they must notify us immediately. If we become aware of such a case, we will *delete the child’s personal data unless parental consent is provided.
DATA RETENTION PERIOD
We will process and store your data only for as long as necessary to fulfill the purposes for which it was collected.
If you withdraw your consent, the Company will stop processing your data unless required by law or necessary to protect our legitimate interests.
FINAL CLAUSES
We may update this Policy periodically to reflect changes in legislation, technological advancements, or modifications to our services. In such cases, we will notify you by posting the updated Policy on our Website.
For any questions or concerns about your data processing or to *exercise your rights, please contact our *Data Protection Officer at:
- Email: office@casachiticbalcescu.ro
- Mail: Address mentioned at the beginning of this Policy
Please do not disclose sensitive personal data (e.g., racial/ethnic origin, political opinions, religious beliefs, health information, trade union membership, or criminal records) when contacting us.