Societatea Companiilor Hoteliere Grand SRL undertakes to protect your privacy. Contact us at office@grandhotel.ro if you have any questions or problems concerning the use of your personal data and we will be glad to assist you.
By using this website and / or our services, you agree with the processing of your personal data as described in this confidentiality policy.

DEFINITIONS
Personal data – any information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to the physical, physiological, genetic, economic, cultural or social identity of that natural person;
Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.
Data subject – natural persons whose personal data are undergoing processing.
Child – a natural person under 18 years old.

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
We undertake to observe the following personal data protection and processing principles:

  • the processing is lawful, correct, fair and transparent. Our processing activities meet all legal requirements. Equally, we will always consider your rights before processing your personal data and we will provide you with information on the processing.
  • the processing is performed in compliance with the purposes of personal data collection.
  • the processing is performed by fully observing the minimization principle, meaning that only the minimum necessary personal data will undergo processing.
  • the personal data storage is limited to a 5 year period. We will not store personal data for a longer period of time unless this is necessary, being required by the incidental legal circumstances or our legitimate interest.
  • we will make all possible efforts to assure the data accuracy, whereby every natural person whose personal data might be processed benefits in this context from the right to update/rectify the data.
  • we will make all possible efforts to assure the data integrity and confidentiality, taking all organizational and technological necessary and adequate measures to this end.

THE RIGHTS OF DATA SUBJECTS
The persons whose personal data might undergo processing have the following rights:

  • the right to information – comprises the information to be provided, according to the legal applicable provisions, to the persons whose personal data might undergo processing;
  • the right to access – comprises the possibility of you requesting access to the data collected from/on you, including the possibility to request a copy of the personal data which might be processed;
  • the right to update/rectification – implies the possibility to request the rectification or erasure of personal data which are inaccurate or incomplete;
  • the right to erasure (“the right to be forgotten”) – implies the right to request, under certain circumstances, that your personal data which might be processed to be erased from our records;
  • the right to restriction of processing – implies the possibility, under certain circumstances, to restrict the processing of your personal data;
  • the right to object to processing – implies your right, under certain circumstances, to object to your personal data being processed (e.g. direct marketing);
  • the right to object to automated processing – implies your right to object to any automated processing of your personal data, including profiling, as well as the possibility to object to decision-making based exclusively on the automated processing of data, right which may be exercised whenever there is a result of profiling that produces legal effects affecting or which might affect significantly the persons whose personal data might undergo processing;
  • the right to data portability – implies the right to obtain your personal data in an adequate format or, when possible, the right to direct transfer of data to another controller;
  • the right to file a claim – implies the right to file a claim, before a supervisory authority, requesting the support thereof, as well as the right to other administrative or judicial remedies;
  • the right to withdraw your consent – implies the right to withdraw, at any moment and as easy as possible, any consent expressed in relation to the processing of your personal data.

PERSONAL DATA THAT WE COLLECT
Directly supplied information
This may include your e-mail address, name, invoicing address, domicile address, online identifiers, etc. – all these personal data generally falling under the information necessary to deliver a product/service or to improve the relationship between us and our clients. The personal data collected directly are stored to make it possible for you to perform other activities on our website.
Automatically collected information on you
This comprises personal data such as online identifiers, which is stored automatically by cookies and other session tools. For example, the information on your shopping cart, your address, IP, shopping history (if any), etc., is included in this category of personal data. These personal data may also be used to improve the relationship between us and our clients.  Therefore, when you visit any of our websites or you interact in any way with any of our social pages, your personal data may be processed by the above mentioned methods. Also, if on one of our social pages you post a comment under one of our posts, you press the Like button for any of these posts, you share a post, or when you send us a message on any of these pages, we will process the data we receive directly and/or indirectly from you (e.g. user name, profile picture, IP address).
At the same time, to be able to reply to you as promptly as possible  and to remember your preferences expressed during the previous browsing sessions on any of our pages and also to make our websites more intuitive and adapted to the device you use during browsing, to prevent and solve the problems you might encounter during browsing, we may process your personal data such as: (i) IP address, (ii) cookies identifiers (iii) other online identifiers, (iv) UIDD (unique universal ID), (v) browsing history, (vi) searches performed during browsing, (vii) browsing dates and times, (viii) the device you use for browsing, (ix) the type of Internet browser you use for browsing, (x) information on the events on your device (for example, browsing errors); (xi) information on the hardware settings of the device you use to navigate, (xii) information on the location where the navigation takes place from.

PUBLIC INFORMATION
It is possible that we collect public information on you.

HOW DO WE USE YOUR PERSONAL DATA
Your personal data may be used:

  • to provide our services. This includes, for example, the account registration; the provisions of other products and services that you requested; promotional elements that will be transmitted to you following your request to this end, the communication with you regarding such products and services, as well as to notify you on changes made to any services.
  • to improve the relationship of our clients with us;
  • to fulfil an obligation in compliance with applicable legal or contractual provisions;
  • for statistical purposes

Based on the conclusion of a contract or in order to fulfil the contractual obligations, we will process your personal data for the following purposes:

  • to identify you;
  • to provide a service to you or to send you/offer you a product;
  • to communicate with you for sales or invoicing purposes;
  • in the company’s internal reports and statistics

Based on a legitimate interest, we process the personal data for the following purposes:

  • the management and analysis of our clients database (purchase/navigation behaviour and history) to improve the quality, variety and availability of the products/services we offer/provide;

As long as you didn’t inform us otherwise, we will offer you products/services similar or identical to the products and/or services which you prior chose, as found in your shopping/browsing history, considering, until being notified otherwise, that it is our legitimate interest to proceed in this manner and that our interest does not affect any of your rights.
Based on your prior requested and freely, express and conscious granted consent, we will also process your personal data for the following purposes:

  • to send you information bulletins and/or offers during various marketing campaigns;
  • for other purposes than those for which we requested your consent initially;

Your personal data may be processed to fulfil the obligations resulting according to the law and/or to use your personal data for the options provided by the law. In compliance with the applicable legal provisions, we will proceed to personal data anonymization, in view of using such data. We will use the data beyond the scope of this Policy only if they are anonymized. Your invoicing data, as well as other collected information on you, will be stored as long as it is necessary for accounting purposes or for other obligations resulting from legal terms, but not more than 5 years.
Also, in compliance with the legal provisions, we might process your personal data for other purposes than those mentioned herein, whereby such purposes are fully compatible with the original purposes they were collected initially, and we will inform you on any data processing for subsequent purposes. In order for us to make this, we will make sure that:

  • the connection between the purposes, the context and the nature of the personal data is adequate for subsequent processing;
  • the subsequent processing will not affect your interests

 

WHO ELSE HAS ACCESS TO THE PERSONAL DATA?
We don’t use your personal data within the relationship with third party companies, partners or other persons outside the company.
We will not disclose your personal data to third parties or public institutions unless we are obliged legally to do so. We may disclose your personal data to third parties if you agreed to this or if there are other legal grounds to this end.

PERSONAL DATA SECURITY
We take all necessary measures to keep your data safe. To this end, we use safe data communication and transfer protocols (such as HTTPS), we use anonymization and pseudonymization, monitoring our systems for possible vulnerabilities and attacks.
Even if we do our best, we cannot guarantee information security. We undertake to notify the competent authorities on prospective data protection breaches, and we will notify you immediately if there is a threat to your rights or interests. We will take all reasonable precautions to prevent security breaches and to assist the authorities in case of breaches.
If you have an account with us, please keep in mind that you must keep the confidentiality of your user name and password.

POLICY CONCERNING MINORS
We do not intend to deliberately collect information from minors. We do not target minors as potential beneficiaries of our services.

COOKIES AND OTHER TECHNOLOGIES WE USE
We use cookies and/or similar technologies to analyse the behaviour of clients, to manage our websites, to monitor the behaviour of users on the website and to collect information on users. This is made to customize and improve your relationship with us.
A cookie is a text file stored on your computer. Cookies store the information used to help websites operate better. Only we can access the cookies created by our website. You can control cookies at browser level. If you choose to deactivate the cookies, you may block the availability of certain functions.
We use the following cookies, for the following purposes:

  • Necessary cookies – these cookies are necessary to use some important functions on our website, such as connection. These cookies do not collect personal information.
  • Functionality cookies – these cookies assure the functionality, making the use of our service more convenient and, at the same time, the features more customized. For example, they may remember the name and the e-mail address in the comment forms, so that you don’t have to enter this information the next time when you make a comment in the blog section of the website.
  • Analysis cookies – these cookies are used to track the use and the performance of the website and of our services.

Social Media.
Our sites include links to social media sites such as Facebook, LinkedIn, Twitter And YouTube. These social sites are hosted by a third party, and your interactions. These functions are governed by the privacy policy of the companies that provide them.
Links to other sites and services.
Services may contain links to and from third-party sites, for example, our business partners, advertisers and social media sites, and our users can post links to third-party sites. If you follow a link to any of these websites, be aware that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We recommend that you read the privacy policies and terms and conditions of use to understand how they collect, use, and share information with strongly. We are not responsible for privacy practices or content on third-party websites.
You can remove the cookies stored on your computer from the browser settings. Alternatively, you can control certain third-party cookies using a confidentiality improvement platform, such as optout.aboutads.info or youronlinechoices.com. For more information on cookies, please visit allaboutcookies.org.
We use Google Analytics to measure the traffic on our website. Google has its own confidentiality policy, which you may consult here.
If you wish to stop the monitoring via Google Analytics, please visit Google Analytics opt-out page.

CONTACT DATA:
Supervisory Authority
Website: www.grandhotel.ro
E-mail: office@grandhotel.ro
Telephone: +4021 4034030

AMENDMENTS TO THE CONFIDENTIALITY POLICY
We reserve the right to amend this confidentiality policy. The last amendment was made on November 8th, 2018.