CONFIDENTIALITY POLICY
Observance of one‘s right to the protection of his or her personal data, as well as of his/her right to privacy is one of the main missions of the Company Europa Group SRL (Hotel Europa Royale Bucharest).
Therefore, we take all the measures required in order to process your personal data in accordance with the principles set under the laws on personal data protection applicable in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (“GDPR”).
Personal data shall refer to any information on an identified or identifiable natural person (“the person concerned”); an identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identification element such as name, personal ID, localization data, online identifier, or one or several specific elements peculiar to his or her own physical, physiological, genetic, psychic, economic, cultural or social identity.
Processing one‘s personal data shall be carried out by: Company Europa Group SRL (Hotel Europa Royale Bucharest), having the registered office in 60 Franceză Street, Sector 3, Bucharest, registered with the Trade Register Office under No. J40/1135/2005, Sole Registration Code 17147104.
The entity Europa Group SRL is a personal data operator to the meaning specified in GDPR, respectively we set our own means and scopes for processing personal data.
WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
If you are our client or potential client
We collect your personal data mostly as a result of our interactions, and also in the course of other aspects concerning our activity.
The categories of data that we process are the following:
Data necessary to make reservations (for instance, name, surname, e-mail, phone);
Data corresponding to the arrival-departure information sheet, requested based on the national laws (for instance, citizenship, address, date of birth);
bank card data (type of card, number of credit/debit card, name of holder, expiry date and safety code);
information about the client’s stay, including arrival and departure dates, special requirements, preferences;
information that you provide about your marketing preferences;
personal data provided by you to get registered and to subscribe to a newsletter;
information about the motor cars that you might bring to our property, like their registration number;
data collected from your access cards (time of entry and time of exit);
information collected by various contract partners (travel agencies, event organizers) and communicated to Europa Group SRL (rooming list, list of event guests);
data required in order to provide you with additional services, according to the case;
reviews and opinions regarding our services;
any other type of information that you choose to provide to us.
At the same time, our surveillance cameras and other means of security set on our property could also capture or register images of our guests in public places (such as hotel doors, restaurants or lobbies), as well as your localization data (through the images captured by the video surveillance cameras).
You can at any time opt for the type of personal data that you want to provide. Nevertheless, if you choose not to provide certain personal data, in case the ground for our request is to answer a specific legal liability, contract obligation or obligation necessary in order to conclude an agreement, we might be in the impossibility to provide certain services to you, for instance: (i) if you do not give us a name, surname, e-mail address, or phone number in case you want to make a reservation, we will not be able to make reservation for you, or (ii) considering that on your arrival and departure information sheet to be filled in by you once you check in at our hotel, you will be required to introduce certain personal data that is mandatorily requested under the law, if you do not fill in those mandatory fields, we will not be able to check you in in our hotel.
If you are potential employee
We collect information from your resumé, as well as any other information communicated by you together with your resumé and/or during the interviews to which you presented.
If you are a visitor to our location
We collect name, surname, series and number of your identity card.
Our video surveillance cameras could also capture or register images of our visitors in public places (such as hotel doors, or in restaurants or lobbies).
If you are a user of our internet site www.europaroyalebucharest.ro§
To read the information on our site, there is no need to provide your personal data to us.
Nevertheless, to the better operation of the portal, Hotel Europa Royale Bucharest will temporarily use the following information that does not contain personal data and which appear automatically to the sight of the site administrator:
protocol internet address (IP),
name of domain (URL),
accession data,
client’s accession file (name of file and URL),
HTTP code of the answering password,
data of the web page where accession is made,
amount of the bites consumed on occasion of the visit ,
visit date,
data on the pages scrolled, and
browser name, respectively.
For the use of these services (ex. on-line reservations) certain personal data will be necessary. For any details, please consult the corresponding section of this operation on our site.
If you are a representative or contact person of our providers or business partners
We collect the name, surname, position and any other data provided by you or the company you represent.
If you are an employee
Please read the Confidentiality Policy relating to our employees, of which they are informed upon employment and which is at any time available at our Department of Human Resources.
PERSONAL DATA OF MINORS
We protect the confidentality of the data obtained from children under 16. If you are under 16, you have to get consent or authorization of your parents or tutor for any provisions of personal data.
SPECIAL DATA
The term ”special data“ shall refer to racial or ethnic origin, political opinions, religion or philosophical convictions, or affiliation to trade unions and the processing of genetic data, biometrical data, data regarding health or data regarding sexual life or sexual orientation.
In general, we do not collect special information unless you choose to disclose it to us. We collect special data regarding health only based on your consent and only on purpose to particularize certain treatment for you. Access to such data will be limited to the medical personnel.
TO WHAT PURPOSE AND ON WHAT GROUNDS CAN WE PROCESS YOUR PERSONAL DATA?
If you are our client
Reservations at the hotel, restaurant or for offer requests coming from you when in search of certain events that are organized or could be organized by us.
Scope: we process your personal data (i) in order to reserve a place for you in our hotel/restaurant, and (ii) to answer your offer requests as you communicate them to us.
Ground: conclusion of a contract.
Check-in
Scope: we process your personal data for your registration/accommodation in our hotel.
Ground: upon check-on, according to the applicable legal provisions, you are bound to fill in an information sheet on your arrival and departure dates, which also contains a minimum set of data required in order to check in in our hotel.
Customer Service (this service refers to: service of transport to/from the hotel, cleaning service, laundry service, etc)
Scope: we process your personal data in order to offer you an experience as pleasant as possible and according to your standards and the hotel standards.
Ground: fulfill the services agreement having as object hotel services.
Profiling
Scope: in order to provide personalized services, certain special preferences of you (for instance: if you prefer high-floor or low-floor rooms, if you prefer a certain type of wine, etc) will be stored so that, when you may visit us again, we would already know what you like.
Ground: on consent.
Feedback:
Scope: we process your personal data in order to ensure that you had a pleasant experience in our units.
Ground: our legitimate interest to constantly improve our services and to provide services as suitable and compliant to the standards or our clients.
Marketing:
Scope: we process your personal data on marketing purposes, such as commercial newsletters and marketing communications regarding new products and services or other offers which we believe that it would be of interest to you.
Ground: we base our legitimate interest to promote our services on the transmission of offers which we believe to be of interest to you (see “Right of opposition” of the Section “Your rights”)
If necessary, in accordance with the applicable law, we shall obtain your consent before processing your personal data on direct marketing purposes. In such case, we inform you that you will at any time be allowed to withdraw consent for the processing of your data on marketing purposes, in which case you will not receive any more marketing communication from us.
We shall include a deregistration link which you will be able to use if you do not want to receive any more messages from us.
At the same time, on occasion of any event organization in our hotels and restaurants, it is possible to make some photos, and some of them could be distributed on the online medium as well, in order to show other people what our events are like. Anyway, because we respect your right to privacy, we shall lay our best efforts so that you should be informed that some photos are taken of you (for any objections regarding our photos, see “Right of opposition” of Section “Your rights”).
Other communication: by e-mail, post, phone or SMS
Scope: these communications will be made for a specific reason such as: (i) to answer your requests, (ii) if you have not completed an online reservation or an offer request, it is possible to receive an e-mail from us to remind you to complete your reservation, (iii) to inform you of how your complaints and/or the incidents arising during your stay were settled.
Legal ground: our legitimate interest to provide services at the desired standards through settling possible requests/complaints, and to ensure you of our entire availability.
Analysis, improvement and research:
Scope: in order to constantly ensure you of the qualitative evolution of our services, we take care to analyze each complaint/suggestion coming from you, so as to draw up statistical reports in order to identify the problems and find the best solutions to remedy them.
Ground: we base on our legitimate interest to provide services compliant to your standards.
If you are a visitor to our location
Scope: we process your personal data in order to ensure protection of the goods and persons in our hotel.
Ground: our legitimate interest to provide protection both for the goods of the clients/hotel/personnel, and the protection of the persons in our hotel.
If you are a user of our internet site www.europaroyalebucharest.ro
Scope: monitor the traffic in order to identify errors and/or any other disfunctionality of the site.
Ground: we base our activity of data processing on our legitimate interest to make available for you a complete functional site in order to repair any errors, and continuously improve it.
If you are a representative or contact person of our providers or business partners
Scope: continuance of our contract relations with our providers and business partners.
Ground: conclusion of a contract.
If you are a potential employee
Scope: assess your application for a job.
Ground: conclusion of a contract.
If you are our employee
Please see Confidentiality Policy regarding our Employees, of which we inform our employees upn employment and which is at any time available at the Department of Human Resources.
For all categories of the aforesaid persons, we could also process your data in the context of the following activities:
Restructuring, internal reorganization or sales of assets or shares:
Scope: we process your personal data in order to carry out the aforesaid operations.
Ground: our legitimate interest to carry out the operations, especially in the conditions these would have been impossible to fulfill if your personal data were not processed
Nevertheless, we ensure you that this possible processing will be carried out in accordance with this policy and to the implementation of some measures that would ensure the confidentiality of your data.
Security:
Scope: we process your personal data in order to secure the goods and physical integrity of persons.
Ground: we base on our legitimate interest to protect your goods and the hotel goods, and the protection of the persons within the precincts of our hotel.
Legal grounds:
Scope: in certain cases, we must process the information received, which may include personal data, in order to settle some legal disputes or complaints, in investigations and with the observance of the legal regulations applicable, in order to implement an agreement or answer the requests of public authorities, insofar as such requests meet the conditions imposed under the law.
Ground: the processing reasons can be given by the legal obligation (in case we have the legal obligation to disclose certain personal data to public authorities) or our legitimate interest to settle possible disputes and/or complaints.
WHOM DO WE COMMUNICATE YOUR PERSONAL DATA?
In order to provide high-quality services, it is possible to disclose your personal data to our service providers and to other third parties, as presented in detail below:
Providers: in order to provide the requested services, in specific circumstances we may be bound to disclose some of your personal data to our providers (such as providers of software, IT, accounting services, medical services, transport services), which are empowered representatives and process data in the name, on behalf and in accordance with our indications.
Group events or meetings: if you visit our hotels in a group or for a conference, the requested information in order to plan your meeting and event will be shared with the organizers of these meetings and events and, if applicable, with the guests that may organize or participate in the meeting or event.
Business partners: in certain cases, we associate with other companies in order to provide products, services or offers to you. For instance, we could arrange car rental or intermediate optional services or services adjacent to those that exceed our offer.
Authorities and/or public institutions for: (i) compliance with the legal provisions, (ii) answering their requests, (iii) causes of public interest (ex: national safety). For instance, according to the regulation exposed at Section “TO WHAT PURPOSE AND ON WHAT GROUNDS CAN WE PROCESS YOUR PERSONAL DATA?” letter b), any hotel unit shall daily communicate the arrival and departure information sheets concerning each client.
The confidentiality of your data is important to us, which is why, whenever possible, the communication of your personal data in accordance with the foregoing shall be achieved only subject to a confidentiality agreement undertaken by the receivers/addressees, by which the latter shall warrant that such data will be safely kept and the provision of information will be performed according to the applicable laws and policies. In any case, each time we shall communicate to the addressees only the information that is strictly required in order to fulfill the respective scope.
DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
In order to provide the expected level of hospitality and give you the highest level of our services, it is possible to collect information about you from our business partners and third parties, as presented in detail below:
Business partners: such as card partners, services from social networks compatible with your settings for such services, travel agencies, event organizers.
In any case, we ensure you that your personal data collected from third parties will be processed in the same conditions as if collected by us directly from you. At the same time, we shall not collect anything but data that is strictly required in order to fulfill our goals. (see Section “TO WHAT PURPOSE AND ON WHAT GROUNDS CAN WE PROCESS YOUR PERSONAL DATA”).
Besides, at the time when we contact you for the first time, we shall first of all inform you of the source which provided your personal data to us.
DO WE TRANSFER YOUR DATA OUTSIDE THE EU/ EEA?
We could transfer your personal data to some of our providers that have their registered office in other countries than the one where you are located at the moment and, in certain cases, even to countries outside the EU / EEA.
Although the laws regarding the protection of data in these countries can difer from those in your country, we shall take all the measures required in order to ensure that your personal data will be processed according to this Policy and in accordance with the aplicable laws.
PROVISION BY YOURSELF OF OTHER NATURAL PERSONS’ PERSONAL DATA
If you give us the personal data of other natural persons, please inform them before such disclosure how we should process their data, as described in this Confidentiality Policy.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data will be kept throughout the entire period of achievement of the scopes detailed in this Policy, unless a longer interval of time proves mandatory or permitted under the applicable laws.
We constantly revise the need to keep your personal data, and insofar as such data processing is no more necessary and there is not mandatory any more under the law to keep your personal data, we shall erase/destroy your personal information as soon as possible and in such way as not to be able to get it recovered or restored (for instance, we shall erase /destroy all the data of the persons who were not employed by us after interviews, if there are no serious prospects of their employment in the future).
If personal information is printed on paper, it shall be destroyed in such way as to ensure its entire removal, and if such information is saved in electronic format, it shall be erased through technical means in order to ensure that the information cannot subsequently be recovered or restored.
WHAT ARE YOUR RIGHTS?
In your capacity of person concerned, you will enjoy the following rights, as pecified in GDPR:
Right of access: you can request to us (i) a confirmation of the fact that personal data is processed or not and, if so, access to the respective data and information regarding it, and (ii) a copy of your personal data in our possession (art. 15 of GDPR);
Right to rectification: you can inform us of any change of your personal data or you can request to us to correct it and/or complete your personal data in our possession (art. 16 of GDPR);
Right to erasure („right to be forgotten”): in certain cases (as, for example, (i) in case the data was collected illegally, (ii) the deadline for the storage of the data expired, (iii) you exercised your right of opposition, or iv) the data processing is achieved based on consent and you withdraw your consent), you could request that we delete your personal data in our possession (art. 17 of GDPR);
Right to restrict processing: in certain cases (as, for example, in case you contest the accuracy of the data or the legality of processing), you could restrict our processing of your personal data for a certain period of time (art. 18 of GDPR);
Right to data portability: to request to us to send your personal data to third parties or directly to you (art. 20 of GDPR);
Right of opposition: in certain cases (as, for example, in case the legal ground of the processing is the legitimate interest), you could request to us to stop processing your personal data. (art. 21 of GDPR).
In case we use your personal data based on your consent, you will at any time be entitled to withdraw your consent. In such case, your data will not be processed by us any longer, unless a legal provision binds us to keep it and archive it. In any case, we shall inform you whether such a legal provision exists and we shall expressly indicate it.
WILL YOUR DATA BE SAFE WITH US?
We treat your personal security with seriosity, we take important safety measures, necessary to protect you against any unauthorized access to data or information. This commitment involves internal revisions of the collecting, keeping and safety practices regarding data and safety measures, and also physical safety measures for protection against unauthorised access to the systems where we archive your personal data.
We request to our service providers and business partners to take all the measures required in order to offer protection against unauthorised access to data or against unauthorised change, disclosure or destruction of data.
LINKS TO OTHER WEB SITES
Our site contains links to third parties. Please remember that we do not take any liability for the collection, use, preservation, sharing or disclosure of the data or information in the possession of third parties. In case you use or provide information on sites of third parties, the terms and confidentiality policy of the respective sites shall apply. We advise you to read the confidentiality policy of the sites you visit before giving them any personal data.
The use of the internet services provided by Hotel Europa Royale Bucharest shall lie with the terms of use and confidentiality policy of the internet providers. You can access the respective terms and policies by using the links on the authentication page of the respective site or by visiting the website of the internet provider.
QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise any of your aforementioned rights, you are welcome to contact us by sending an e-mail to the following address: manager.bucharest@europaroyale.com, and we shall answer you within maximum 30 days from the receipt of your request.
If you do not have the necessary electronic means or do not wish to use them, you can submit a written request that you should send or file at the reception desk of the hotel, located at 60 Franceză Street, Sector 3, Bucharest.
Insofar as you are not satisifed with how your request was settled, you can submit a complaint at the Romanian National Supervisory Authority for Personal Data Processing.
AMENDMENTS TO OUR POLICY
This Confidentiality Policy can be amended in accordance with the changes of the laws on the policy of data, or based on amendments to our services, or on how we occasionally organize them. If we proceed to material changes like the aforesaid, we shall edit a link sending to the revised policy on the first page of our site. If we make significant changes that would have an impact upon your rights and liberties (for instance, when we may start the processing of your personal data to other purposes than as specified above), we shall first contact you before proceeding to such processing.
In order to help you pursue the most important amendments, we shall include a history of the amendments in order to permit a recognition of the amendments brought to this Policy.