Politica de confidentialitate - Salt Resort Cojocna

Privacy Policy in the field of data security for compliance with European Regulation 679/27.04.2016 (GDPR)

This Privacy Policy reflects the way in which S.C ZET CORPORATION S.R.L., owner of the Salt Resort & SPA Cojocna guesthouse, collects, uses and manages the personal information of our customers, business partners, other people with whom they come into contact or who visit our locations, employees or people in the hiring process, collaborators, etc. and applies to personal data collected via: e-mail, directly at the reception, various forms, CVs, video recordings, website, social media in accordance with European Regulation 679/27.04.2016

This information is important. We hope you read it carefully.

S.C ZET CORPORATION S.R.L. may collect, process and store certain personal data, legally necessary for the conclusion of a contract or for legitimate interest. These data may be, but are not limited to: name, surname, citizenship, address, telephone, e-mail address, video images, photos, etc.

The purpose of this Privacy Policy is to explain what data we process, why we process it and what we do with it. Being fully aware that personal information belongs to you, we do our best to store it safely and process it carefully. S.C ZET CORPORATION S.R.L. does not provide lists, telephone numbers or e-mail addresses to third parties. We do not provide information to third parties without informing you.

This Privacy Policy does not cover third-party applications and websites that you may access by accessing links on our website. Please review the Privacy Policy on any website and/or application before providing personal data.

In order for your data to be processed securely, we have made every effort to implement reasonable measures to protect your personal information.

1.Definitions:

ANSPDCP = National Supervisory Authority for the Processing of Personal Data;
GDPR (General Data Protection Regulation) = Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Personal data is defined as any information relating to an identified or identifiable natural person (“Data Subject”);

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Operator= "operator" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Processor = "processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Processing = means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage,

adaptation or alteration, retrieval, consultation, use, disclosure by transmission,

dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear statement, signifies agreement to the processing of personal data relating to him or her
third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorised to process personal data.

According to the Regulation, you, the natural person benefiting from our services or the person in any kind of relationship with us, are a "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about data processing and to allow you to easily exercise your rights, we have implemented measures to facilitate communication between us, the controller data and you, the data subject.

The Personal Data Protection Policy describes:

The categories of personal data that we collect and process;
The purposes, the basis for which we collect and the way in which we collect your personal data;
The way in which we process personal data (processing principles)
Your rights and how you can exercise them;
Data security
Data processing by third parties
Updating the Privacy Policy

Personal data that we collect

For our employees, we process the data necessary for the execution of the contract, both general data. as well as special ones, related to health status, data related to the card for salary rights (storage period 50 years)
Data from the Identity Card, e-mail address, telephone number, for the execution of the contract (storage period 5 years)
Bank card data (card number, account) for making payments
Information about the client's stay, including the date of arrival and departure, which complies with the "Arrival and Departure Announcement Form" made available only by the Official Gazette of the Republic of Moldova, according to H.G. no. 237/2001, published in the Official Gazette no. 92/22.02.2001. (storage period 5 years)
Special requests (allergens, specific diets, children) (storage period 10 days after the execution of the services)
Information you provide regarding your marketing preferences or during participation in surveys, contests or promotional offers;
Information about your health status when using massage services or access to the SPA area (not stored)
We have a video monitoring system, installed in order to increase your safety and that of your children, for the prevention and subsequent detection of possible attacks that may endanger the property of the guesthouse, but also your person and personal data, stored on various media. These recordings are available only in the event of a security incident and are shared only by authorized persons or institutions involved in resolving these incidents. ((recordings are overwritten when the disk is full)

Purpose/ground and how we use your personal data

If you are a client or potential client of the Salt Resort & SPA Cojocna Pension, we are obliged to manage the personal data you provide us about you in a safe manner and only for the specified purposes.

In order to provide you with our services, we request your data

in connection with human resources management and employment contract management (employment, REVISAL transmission, salary transfer, etc.) based on a legal obligation;
in connection with the protection of the employer's property (video monitoring) legitimate interest of the pension, as well as the execution of a contract;
In order to accommodate you in our pension; the processing of personal data is done, in this case, based on a legal obligation;
In order to reserve rooms, meals in the restaurant or SPA appointments, to obtain confirmation of the reservation and of other services in our guesthouse, for the execution of a contract
To reserve a location, for the organization of an event, having as a basis for processing the legitimate interest of the guesthouse, as well as the execution of a contract
In order to be able to respond to the requests and observations of the data subjects, having as a basis for processing the legitimate interest of the guesthouse
For the monitoring of certain locations within the perimeter of the guesthouse (explicitly marked) the basis for processing is the legitimate interest of the guesthouse
Credit card data
For processing based on the consent of the data subject, it is necessary that it be given freely, for each purpose in particular. The consent of the data subject is presented in a form that clearly differentiates it from other aspects, in an intelligible and easily accessible form, using clear and plain language.

Whenever S.C ZET CORPORATION S.R.L wishes to use the data provided for a purpose other than that for which the original registration was made, it informs the data subject, possibly requesting prior approval and giving him the possibility to revoke his consent at any time thereafter (if there is no other basis than consent).

Under no circumstances will S.C ZET CORPORATION S.R.L transmit to a third party - except in mandatory situations provided for by law, respectively without the consent of the person in question - the personal data it administers.

The website https://salt-resort.ro/ does not use cookies. The website includes social communication functions on Facebook and Twitter. These functions are subject to the privacy policies of the Facebook and Twitter. The site collects the following personal data in the “Make a reservation” section: name and email address, which are necessary to provide the requested service. These data can be deleted from the site administration page at your request.

Principles of personal data processing

S.C ZET CORPORATION S.R.L. is committed to processing the personal data of the data subjects in accordance with the principles of Art 5 of Regulation 2016/679

Transparency, Fairness, Equality – We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed. There is a balance between the interest of the operator vs. the data subject. We do not process data in any other way than that described in our internal procedures, in accordance with GDPR
Minimization - The personal data that are the subject of the processing are adequate, relevant and not excessive in relation to the purpose for which they are collected.
Data accuracy - The personal data that are the subject of the processing are accurate and, where applicable, updated.
Purpose limitations - Personal data are processed only for specified, explicit and legitimate purposes and only on the basis of contracts concluded between C ZET CORPORATION S.R.L and its clients, and further processing will not be incompatible with these purposes
Storage limitations - Personal data are not stored for a longer period than is necessary to achieve the purposes for which they were collected.
Integrity and confidentiality - The data are processed in a manner that ensures the appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical and organizational measures. We have implemented reasonable security and encryption measures, so as to protect your information as best as possible. However, please note that no website, no application and no internet connection is completely secure.
Responsibilities - C ZET CORPORATION S.R.L is responsible for complying with the principles set out above

For the purpose of carrying out its activities, S.C ZET CORPORATION S.R.L. has implemented and complies with the measures and procedures that ensure compliance with the rights of the respective data subjects according to Art 12-22 of the Regulation.

right to information

The data subject may ask S.C ZET CORPORATION S.R.L what personal data it holds about him, the purposes of the processing, the parties or categories of parties with whom his personal data are shared, the period for which the data are retained, as well as the source

(if not collected directly from the data subject)

access to personal data

The data subject has the right to request and be provided with a copy of the personal information it holds about him.

right to rectification of data

We want to ensure that personal information is accurate and up-to-date.

The data subject may request S.C ZET CORPORATION S.R.L to rectify incorrectly entered data or to remove information considered inaccurate or outdated

If you wish to update your personal data, you can contact us at the email address [email protected]

right to delete data

The data subject may request that the processing of the personal information we hold about him/her be stopped or even deleted.

If the data subject's personal information is necessary for the performance of a contractual obligation of S.C ZET CORPORATION S.R.L. towards him/her, S.C ZET CORPORATION S.R.L. may be unable to fulfill this contractual obligation.

Also, if the data subject's personal information is necessary for S.C ZET CORPORATION S.R.L. to comply with certain legal obligations (e.g. tax legislation), the request cannot be handled.

right to restriction of processing:

If the data subject contests the accuracy of his/her data, objects to the processing carried out on grounds that S.C ZET CORPORATION S.R.L. considers legitimate, or we no longer need the personal data for the purpose of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, he/she has the right to request the restriction of the processing of his/her personal information.

right to objection:

The data subject has the right to object to the processing of personal data for direct marketing purposes or if he/she has a legitimate ground.

right to data portability

The data subject has the right to receive (directly or through another designated operator) the data provided by this person in a structured, commonly used and machine-readable format.

the right not to be subject to automated individual decision-making , if this affects the data subject to a significant extent and is not the subject of a contract or is not based on the consent of the data subject.

The right to contact the ANSPDCP if they notice any violation of their rights regarding their personal data.

Security of personal data

Top of Form In the case of written requests, our company informs those interested on how to manage their personal data.

S.C ZET CORPORATION S.R.L. implements appropriate technical and organizational measures to

ensure an appropriate level of security, in accordance with GDPR.

Only authorized personnel of S.C ZET CORPORATION S.R.L. have access to this personal information. , of authorized third-party companies, who agree and are contractually obligated to keep all information secure. All those involved are required to comply with the Privacy Policy and all employees of third parties who have access to your personal data have signed confidentiality and non-disclosure agreements.

Methods of securing personal data include:

Keeping paper documents in locked and keyed spaces

Saving data on password-protected workstations
Encryption
Password-protected encryption of personal data files

Backup copies of databases, stored in encrypted form.

Activation of the username and password request window upon detection of an inactivity interval
Use of encrypted USB stick transfer media
The data obtained from monitoring are only available in the event of a security incident and are shared only by authorized persons or institutions involved in resolving these incidents.

Data processing by third parties

S.C ZET CORPORATION S.R.L. transmits personal information about the data subject in compliance with Art.28 of GDPR for

Legal reasons: We may use or disclose the information, in whole or in part, to cooperate with or support law enforcement, governmental or regulatory bodies, content protection organizations or legal processes in connection with or to prevent suspected or possible fraud, to the extent that the records have been cited or in connection with ongoing or potential litigation, or to enforce or protect the rights or safety of users of online services.

Legal reasons: To the competent police authorities or structures within the Ministry of Tourism

S.C ZET CORPORATION S.R.L. does not transmit personal information outside Romania and will not transfer personal data to any other country inadequate from the point of view of ensuring the compliance of data processing without the prior written consent of the data subject.

Updating the Privacy Policy

From time to time, we may revise this privacy policy. If we make revisions regarding the way we collect or use personal data, they will be viewable on our website https://salt-resort.ro/ For any questions related to this Privacy Policy, please contact us at the numbers available on the website or at the email address [email protected]

Salt Resort Cojocna Booking

Salt Resort Cojocna