PRIVACY POLICY
Respect for the right to the protection of personal data as well as for the right to privacy is one of the fundamental missions of Unita Turism Holding SA, the owner of the hotel chain comprising the following hotels and units:
Hotel Deva and Hotel Sarmis located in Deva;
Hotel Moldova located in Iasi;
Hotel Belvedere located in Cluj-Napoca;
Hotel Traian located in Braila;
Hotel Lacu Sărat, Hotel Flora, Camping Lacu Sărat located in Lacu Sărat;
Hotel Bianca located in Fântânele;
Hotel Traian located in Drobeta Turnu-Severin;
Hotel Egreta located in Tulcea;
Hotel Amiral, Hotel Comandor, Hotel Orfeu located in Mamaia;
Unita Tour Travel Agency.
Thus, we take all necessary steps to process your personal data in accordance with the principles established by the data protection legislation applicable in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Unita Turism Holding SA is a company established and operating in accordance with the laws of Romania, registered with the Trade Register under no. J35/1837/2004, Tax ID Code: 2094737, (“Unita Turism”). The headquarters of the Company are located in Timișoara, Timiș County, Str. Academician Alexandru Borza, Nr. 1.
Unita Turism is a personal data controller within the meaning of the GDPR, namely it establishes the means and purposes of the processing of personal data.
Please find below the main sections included in this policy:
Personal data of minors
Sensitive data
Purpose and basis of your personal data processing
Recipients of personal data
Personal data we collect from third parties
International transfers of personal data
Disclosure of the personal data of another person by you
Data storage period
Your rights
Personal data security
Links to other websites
Questions or complaints
Changes to the policy
_________________________________________________________________________________________
WHAT PERSONAL DATA WE PROCESS
If you are a client or a potential client
We collect personal data from you through most of our interactions with you and through other aspects of our business. The categories of data we process are the following:
your first and last name, e-mail address, ID card series and number, telephone number and address;
bank card details (card type, credit / debit card number, holder’s name, expiration date and security code);
information about the client’s stay, including arrival and departure dates, special requirements, special preferences;
information you provide about your marketing preferences;
personal data you provide to subscribe to the newsletter;
information about the vehicles you may bring to our property;
reviews and opinions about our services;
any other kind of information you choose to disclose.
Also, surveillance cameras and other security measures on our property can capture or record images of guests in public places (such as hotel entrances, restaurants, or lobbies/hallways) as well as your location data (by the images captured by the surveillance cameras).
You can always choose what personal data you want to disclose. However, if you choose not to provide certain personal data, if the basis for our request is compliance with a legal obligation, contractual obligations or obligations to conclude a contract, we will be unable to provide you with certain services, for example: (i) if you do not want to disclose your first and last name, e-mail address or telephone number if you wish to make a reservation, we will not be able to make the reservation, or (ii) given that in the form you are required to fill in on arrival you will need to enter some mandatory statutory personal data, should you chose not to fill in those mandatory fields, we will not be able to accommodate you.
If you are a potential employee
We collect information from your resume and any other information submitted with your resume and / or provided during the interviews.
If you are a visitor
We collect the last and first name, and ID card series and number.
Surveillance cameras can also capture or record images of visitors in public places (such as hotel entrances, restaurants, or lobbies/hallways).
If you are a user of our website (www.unita-turism.ro)
No personal data is required to read the information on the site.
However, for the technical operation of the portal, we collect the time and date when the website was accessed and the IP address from which it was accessed.
Some personal data is required for the use of services (such as online bookings, job vacancies). For details, please refer to the section corresponding to the operation used on the site.
If you are a representative or contact person of our suppliers or business partners
We collect the first and last name, position, as well as any other data provided by you or the company that you represent.
If you are an employee
Please read the Employee Privacy Policy, brought to your attention at the time of employment and available at any time from the Human Resources Department.
_________________________________________________________________________________________
PERSONAL DATA OF MINORS
We protect the confidentiality of data from children under 16. If you are under the age of 16, you must obtain the consent or permission of your parents or guardian for any personal data you provide.
_________________________________________________________________________________________
SENSITIVE DATA
The term “sensitive data” refers to racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership in trade unions, and the processing of genetic, biometric, health or sexual life or sexual orientation data.
Generally, we do not collect sensitive information unless you want to disclose it. We can use the health data you provide to better serve and meet your special needs (e.g., to prepare food without including foods to which you are allergic, to provide access to people with disabilities).
________________________________________________________________________________________
PURPOSE AND BASIS OF YOUR PERSONAL DATA PROCESSING
If you are a client
Hotel, restaurant and / or spa reservations, or in the case of requests for offers submitted by you for certain events organized or to be organized.
Purpose: We process your personal data (i) to make a hotel / restaurant / spa reservation for you, and (ii) to reply to your requests for offers.
Basis: conclusion of a contract
Check-in
Purpose: We process your personal data for your registration / accommodation at our hotel.
Basis: At the time of accommodation, in accordance with the legal provisions in force, you are required to fill in a registration form to be completed on arrival that contains a minimum of data necessary to us to be able accommodate you.
Client service (this service includes, but is not limited to: hotel shuttle service, concierge service, cleaning service, laundry service, etc.)
Purpose: We process your personal data to give you the most enjoyable experience, according to your and the hotel’s standards.
Basis: performance of the hotel service contract.
Profiling
Purpose: In order to provide personalized services, some of your special preferences (e.g., whether you prefer rooms on the upper or lower floors, what type of wine you prefer, etc.) are stored, so that, when you return, we already know what you like
Basis: Consent
Feedback:
Purpose: We process your personal data to make sure you have had a nice experience in our units.
Basis: Our legitimate interest is to constantly improve the services we offer and provide services that are as relevant as possible and compliant with our clients’ standards.
Marketing:
Purpose: We process your personal data for marketing purposes, such as business newsletters and marketing communications on new products and services, or other offers that we think might be of interest to you.
Basis: Our legitimate interest is to promote our services by submitting the offers we consider to be of interest to you (see “Right to oppose” in the “Your rights” section)
If necessary, in accordance with the applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we hereby notify you that you may at any time withdraw your consent to a processing for marketing purposes, in which case you will not receive any marketing communications from us.
We will include an unsubscribe link that you can use if you do not want to receive any further messages from us.
Also, when organizing certain events in our hotels and restaurants, we may take some photos, and some of these could also be distributed in the online environment to show others what our events are like. In any case, because we respect your right to privacy, we will make efforts to avoid focusing on certain people and we will do everything in our power to inform you that photos will be taken (for objections to our photos, see “Right to oppose” in the “Your rights” section).
Other communications: by e-mail, mail, telephone or SMS
Purpose: These communications will be made for specific reasons such as: (i) to reply to your queries, (ii) if you have not completed an online reservation or a request for offers, we may send you an e-mail to remind you to complete the reservation, (iii) to inform you about the manner in which complaints and / or incidents occurred during your stay have been resolved.
Legal basis: Our legitimate interest is to provide services at the desired standards by resolving any claims / complaints and ensure our full availability.
Analysis, improvement and research:
Purpose: In order to constantly ensure the qualitative development of our services, we take care to analyze each complaint / suggestion on your part, so we compile statistical reports to identify the problems and find the best solutions to remedy them.
Basis: We base our legitimate interest on providing services that meet your and the Unita Turism chain’s standards.
If you are a visitor in our location
Purpose: We process your personal data to ensure the protection of property and persons within the hotel.
Basis: Our legitimate interest is to ensure both the protection of the property of clients / hotel / staff and the protection of hotel guests.
If you are a user of our website (www.unita-turism.ro)
Purpose: Traffic monitoring to identify errors and / or any other site malfunctions.
Basis: We base this data processing activity on our legitimate interest, namely to provide you with a fully functional site by fixing any error, and to continually improve the website.
If you are a representative or contact person of our suppliers or business partners
Purpose: to conduct contractual relations with our suppliers or our business partners.
Basis: Performance of a contract.
If you are a potential employee
Purpose: Evaluating your job application.
Basis: conclusion of a contract.
If you are an employee
Please see the Employee Privacy Policy, brought to your attention at the time of employment, and available at any time from the Human Resources department.
For all of the above categories of people, we can also process your data in the context of the following activities:
Restructuring, internal reorganization or sale of assets or shares:
Purpose: We process your data to perform the abovementioned operations.
Basis: The legitimate interest to perform the operations, especially if they would be impossible to carry out without the processing of your data.
However, we ensure that this possible processing will be done in accordance with this policy and by implementing a measure to ensure the confidentiality of your data.
Security:
Purpose: We process personal data for the security of property and the physical integrity of persons.
Basis: We base this on our legitimate interest to secure the protection of your and the hotel’s property as well as the protection of people within our hotel.
Legal grounds:
Purpose: In some cases, we must process the information provided, which may include personal data, to resolve legal disputes or complaints, to investigate and to comply with the applicable legal regulations, to implement an agreement, or to comply with requests from public bodies, to the extent that these requests meet the requirements of the law.
Basis: The reasons for the processing may be legal obligation (if we have a legal obligation to disclose certain personal data to public authorities) or our legitimate interest to settle any disputes and / or complaints.
_________________________________________________________________________________________
RECIPIENTS OF PERSONAL DATA
To provide you with the expected hospitality level and high-quality services, we may transmit your personal information to the members of the Unita Turism chain, our service providers and other third parties, as detailed below:
Providers: In order to provide the requested services, in some cases we will need to pass some of your personal data to the providers, and they have the capacity of processor and process the data in our name and behalf and in accordance with our instructions (e.g., software, IT, accounting services, medical services providers).
Members of the Unita Turism hotel chain: for similar purposes or in connection with which they were collected.
Group events or meetings: If you visit our hotels for a group meeting or conference, the information required for the planning of the meeting and event can be shared with the organizers of these meetings and events and, where appropriate, with the guests organizing or participating in the meeting or event.
Business Partners: In some cases, we associate with other companies to provide you with products, services or offers. For example, we can arrange for you to hire a car or provide optional pastry and kitchen services for products that are not included in our offer.
Public authorities and / or institutions: (i) to comply with legal provisions, (ii) to respond to their requests, (iii) for reasons of public interest (e.g., national security). For example, under the rules set out in “PURPOSE AND BASIS OF YOUR PERSONAL DATA PROCESSING” letter b), any hotel unit is obligated to send the registration form to be completed on arrival of each client daily.
The confidentiality of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the above is done only on the basis of a confidentiality agreement with the recipients to ensure that the data is kept safely and that such information is provided in accordance with applicable laws and applicable policies. In any case, we will always send to the recipients only the information strictly necessary to achieve that purpose.
___________________________________________________________________________________
PERSONAL DATA WE COLLECT FROM THIRD PARTIES
To provide you with the expected level of hospitality and the best level of service, we may collect information about you from members of the Unita Turism chain, our business partners and other third parties, as detailed below:
Members of the Unita Turism hotel chain: for similar purposes or related to those for which they were collected.
Business partners: such as card partners, social networking services that are consistent with your own settings for these services or other third-party sources that are legally authorized to send us your data.
In any case, we ensure that your data collected from third parties will be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary for our purposes. (see Section “PURPOSE AND BASIS OF YOUR PERSONAL DATA PROCESSING”).
In addition, when we first contact you, we will firstly let you know the source from which we obtained your personal data.
____________________________________________________________________________________
INTERNATIONAL TRANSFERS OF PERSONAL DATA (OUTSIDE THE EU/EEA)
We may transfer your data to our service providers and other third parties that may be located in countries other than the one you reside in.
Although data protection laws in these countries may differ from those in your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and in accordance with the applicable law.
________________________________________________________________________________________
DISCLOSURE OF THE PERSONAL DATA OF ANOTHER PERSON BY YOU
If you provide us with the personal data of other persons, please let them know before this disclosure and please inform them how their personal data will be processed as described in this Privacy Policy.
______________________________________________________________________________________
DATA STORAGE PERIOD
Your personal data is retained for the full duration of the purposes detailed in this Policy, if a longer period of retention is not required or permitted by the applicable law.
We constantly review the need to keep your personal data, and to the extent that processing is no longer required and there is no obligation under the law to keep your personal data, we will delete / destroy your personal information as soon as possible and in such a way as to prevent subsequent recovery or reconstitution (e.g., we will delete / destroy all data of persons not hired after having been interviewed, unless there is a serious prospect of future employment).
If personal information is printed on paper, it will be destroyed in a way that eliminates it completely, and if it is stored on electronic media, it will be erased by technical means to ensure that the information can no longer be subsequently recovered or reconstituted.
________________________________________________________________________________________
YOUR RIGHTS
As the data subject, you are entitled to the following rights provided by the GDPR:
Right of access: You may request (i) a confirmation that personal data is processed or not, and, if so, access to such data and information about the data, and (ii) a copy of your personal data we hold (Article 15 of the GDPR);
Right to rectification: You can inform us of any changes to your personal data or you may ask us to correct the personal data we hold about you (Article 16 of the GDPR);
Right to erasure (“right to be forgotten”): In certain circumstances (such as (i) where data has been collected illegally, (ii) the date for data storage has expired, (iii) you have exercised the right to oppose, or (iv) data processing was done on a consent basis and you have withdrawn your consent), you may ask us to delete the personal data we hold about you (Article 17 of the GDPR);
Right to restriction of processing: In certain circumstances (such as when you are contesting the accuracy of such data or the basis of the processing), you may require us to restrict your data processing for a certain period (Article 18 of the GDPR);
Right to data portability: You have the right to ask us to send your personal data to a third party or directly to you (Article 20 of the GDPR);
Right to object: In certain circumstances (such as processing that has legitimate interest as legal basis), you may request that we no longer process your data (Article 21 of the GDPR);
If we use your personal data based on your consent, you may withdraw this consent at any time. In this case, your data will no longer be processed by us, unless a legal provision forces us to keep and archive it. In any case, we will let you know if there is such a legal provision and we will indicate it expressly.
_________________________________________________________________________________________
PERSONAL DATA SECURITY
We take your personal security seriously, which is why we have implemented important security measures necessary to protect against unauthorized access to data or unauthorized modification, disclosure or destruction. This requires an internal review of the data collection, storage and processing practices and of the security measures, as well as physical security measures to protect against unauthorized access to systems where we store personal data.
We also require our service providers and business partners to take all necessary steps to protect against unauthorized access to data or unauthorized modification, disclosure or destruction.
________________________________________________________________________________________
LINKS TO OTHER WEBSITES
Our website contains links to third-party sites. Please note that we do not take responsibility for the collection, use, storage, sharing or disclosure of data or information by such third parties. If you use or provide information on third-party websites, the terms and privacy policy of those websites apply. We encourage you to read the privacy policy of the websites you visit before sending personal data.
The use of the internet services provided by Unita Turism is subject to the terms of use and privacy policy of the Internet providers. You can access these terms and policies by using the links on the service’s login page or by visiting the Internet provider’s website.
_________________________________________________________________________________________
QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the abovementioned rights, you are welcome to contact us using the Contact Form available on our website or by sending us an e-mail at the following address: privacy@unita-turism.ro, and we will reply within 30 days of the receipt of the request.
Also, insofar as you do not have electronic means or do not want to use them, you can submit a written request at our registered office in Timișoara, Timiș County, Str. Academician Alexandru Borza, Nr. 1.
Insofar as you are not satisfied with the manner in which your request has been resolved, you may file a complaint with the National Supervisory Authority for Personal Data Processing.
_________________________________________________________________________________________
CHANGES TO THE POLICY
From time to time, this Privacy Policy may change in accordance with the amendments to the data policy legislation or our services or organization. If we make any material changes to this Policy, we will publish a link to the revised policy on the main page of our website. If we make significant changes that will impact your rights and freedoms (for example, when we begin processing your personal data for purposes other than those specified above), we will contact you before we begin this processing.
To help you track the most important changes, we will include a history of the changes below to help you identify the changes to this Policy.