Respecting the right to the protection of personal data, as well as the right to privacy, is one of the fundamental missions of Plaiul Cailor.

Therefore, we undertake all necessary steps to process your personal data in accordance with the principles established by the legislation on data protection applicable in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to his physical, physiological, genetic, mental, economic, cultural, or social identity.

WHAT KIND OF PERSONAL DATA DO WE PROCESS?

If you are a customer or potential customer

We collect personal data following most interactions with you, as well as within the other aspects of our activity. The categories of data we process are as follows:

  • Data necessary for making reservations (e.g., name, surname, email, phone);
  • Credit card data (card type, credit/debit card number, cardholder name, expiration date, and security code);
  • Information about the customer’s stay, including arrival and departure dates, special requirements, preferences;
  • The information you provide regarding your marketing preferences;
  • Personal data provided by you for registration and newsletter subscriptions;
  • Information about the vehicles you may bring onto our property, such as license plate numbers;
  • Data collected from access cards (entry and exit times);
  • Information collected by various contractual partners (travel agencies, event organizers) and transmitted to Plaiul Cailor;
  • Data necessary for the provision of additional services, as applicable;
  • Reviews and opinions regarding our services;
  • Any other types of information you choose to provide to us.

Additionally, security cameras and other security measures on our properties may capture or record images of guests.

You may choose at any time which personal data you wish to provide to us. However, if you choose not to provide certain personal data, in cases where the basis for our request is compliance with a legal obligation, contractual obligation, or requirements necessary for entering into a contract, we may be unable to provide certain services. For example, if you do not wish to provide your name, surname, email address, or phone number when making a reservation, we will not be able to make the reservation.

If you are a visitor at our location

We collect your name, surname, and ID card serial and number.

Additionally, security cameras may capture or record images of visitors.

If you are a user of our website

Reading the information on the website does not require the provision of personal data.

However, for the use of certain services (e.g., online reservations), specific personal data may be required.

If you are a representative or contact person of our business suppliers or partners

We collect your name, surname, job title, as well as any other data provided by you or the company you represent.

PERSONAL DATA OF MINORS

We protect the confidentiality of data obtained from children under the age of 16. If you are under the age of 16, you must obtain the consent or authorization of your parents or legal guardian for any provision of personal data.

SPECIAL CATEGORIES OF DATA

The term “special categories of personal data” refers to data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.

In general, we do not collect such information unless you choose to provide it.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

If you are a customer

a) Reservations.

Purpose: We process your personal data to reserve a place for you within the mansion or to respond to your requests.

Legal basis: Contract performance.

b) Check-in

Purpose: We process your personal data for check-in/accommodation within our mansion.

Legal basis: At check-in, in accordance with the applicable legal provisions, you are required to complete an arrival and departure notice form containing a minimum of data necessary for your accommodation.

c) Customer service (this service refers, among other things, to transportation services to the mansion, cleaning services, etc.)

Purpose: We process your personal data to provide you with a pleasant experience and in accordance with your and the mansion’s standards.

Legal basis: Contract execution.

d) Profiling

Purpose: In order to provide personalized services, certain special preferences of yours (e.g., if you prefer certain accommodation units) are stored so that when you return, we will already know what you like.

Legal basis: Consent.

e) Feedback

Purpose: We process your personal data to ensure that you have had a pleasant experience in our units.

Legal basis: Our legitimate interest in continuously improving the services we offer and providing services that are as suitable and compliant with our customers’ standards as possible.

f) Marketing

Purpose: We process your personal data for marketing purposes, such as commercial newsletters and marketing communications regarding new products and services or other offers that we believe may be of interest to you.

Legal basis: We rely on our legitimate interest in promoting our services by transmitting offers that we consider to be of interest to you (see “Right to Object” in the “Your Rights” section).

If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we will inform you that you will be able to withdraw your consent for marketing processing at any time, in which case you will no longer receive any marketing communications from us.

We will include an unsubscribe link that you can use if you do not wish to receive messages from us anymore.

g) Other communications: by email, mail, phone, or SMS

Purpose: These communications will be made for specific reasons such as (a) responding to your requests, (b) if you have not completed an online reservation or a quotation request, we may send you an email to remind you to complete the reservation, (c) to inform you about how complaints and/or incidents that occurred during your stay were resolved.

Legal basis: Our legitimate interest in providing services to the desired standards by resolving any requests/complaints and ensuring our full availability.

h) Analysis, improvement, and research

Purpose: To ensure the constant qualitative evolution of our services, we take care to analyze every complaint/suggestion from you, so we compile statistical reports to identify issues and find the best solutions for their remediation.

Legal basis: We rely on our legitimate interest in providing services that are compliant with your standards.

If you are a visitor at our location

Purpose: We process your personal data for the purpose of accessing the mansion.

Legal basis: Compliance with a legal obligation.

If you are a user of our website

Purpose: We process your personal data to ensure the operation of the website.

Legal basis: Contract performance (the operation of the website is necessary to offer the website to you as a user).

If you are a representative or contact person of our business suppliers or partners

Purpose: We process your personal data to maintain and manage the contractual relationship with the company you represent or with you directly, as well as for communications that fall within this relationship.

Legal basis: Contract execution.

TO WHOM DO WE TRANSMIT YOUR PERSONAL DATA?

In order to provide you with the expected level of hospitality and high-quality services, your data may be transmitted to our service providers and other third parties, as detailed below:

  • Providers: To provide the requested services, in some cases, we may need to transmit some of your personal data to providers, and they act as data processors and process the data on our behalf and in accordance with our instructions (such as software providers, IT services, accounting services, medical services).
  • Business partners: In certain cases, we partner with other companies to provide you with products, services, or offers. For example, we may arrange a car rental or intermediate optional services for products beyond our offerings.
  • Authorities and/or public institutions for: (a) compliance with legal provisions, (b) responding to their requests, (c) reasons of public interest (e.g., national security).

The confidentiality of your data is important to us. Therefore, where possible, the transmission of personal data in accordance with the above is carried out only on the basis of a confidentiality commitment from the recipients, ensuring that this data is kept safe and provided in accordance with applicable laws and policies. In any case, we will transmit to recipients only the information strictly necessary to achieve that specific purpose.

DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?

To provide you with the expected level of hospitality and the best level of services, we may collect information about you from our business partners and other third parties, as detailed below:

  • Business partners: Such as card partners, services related to social networks that are in line with your settings for these services, travel agencies, event organizers, etc.

In any case, we assure you that your data collected from third parties will be processed under the same conditions as if it had been collected directly from you. We will also collect only what is necessary to fulfill our purposes.

Furthermore, when we first contact you, we will inform you, in the first place, about the source from which we obtained your personal data.

DO WE TRANSFER YOUR DATA OUTSIDE THE EU/EEA?

We may transfer your data to some providers who are based in countries other than the one in which you are located and, in some cases, to countries outside the EU/EEA.

While data protection laws in these countries may differ from those in your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and in compliance with applicable laws.

PROVIDING YOUR PERSONAL DATA OF OTHER INDIVIDUALS

If you provide us with the personal data of other individuals, please inform them in advance and describe how this data will be processed, as described in this privacy policy.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Your personal data is kept for the entire period of achieving the purposes detailed in this policy, unless a longer retention period is required or permitted by applicable law.

We constantly review the need to retain your personal data, and to the extent that processing is no longer necessary and there is no legal obligation to retain your personal data, we will delete/destroy your personal data as soon as possible and in a manner that prevents them from being recovered or reconstituted.

If personal information is printed on paper, it will be destroyed in a manner that ensures complete elimination, and if it is stored on electronic media, it will be deleted using technical means to ensure that the information cannot be recovered or reconstituted later.

WHAT ARE YOUR RIGHTS?

As a data subject, you have the following rights under the GDPR:

  1. Right of access: You can request (a) confirmation of whether or not personal data is being processed and, if so, access to that data and information about it, as well as (b) a copy of your personal data that we hold (Art. 15 of the GDPR).
  2. Right to rectification: You can inform us of any changes to your personal data or request us to correct the personal data we hold about you (Art. 16 of the GDPR).
  3. Right to erasure (“right to be forgotten”): In certain situations (such as (a) where data was collected unlawfully, (b) the data retention deadline has expired, (c) you have exercised your right to object, or (d) data processing is based on consent and you have withdrawn your consent), you can ask us to delete your personal data (Art. 17 of the GDPR).
  4. Right to restrict processing: In certain situations (such as when accuracy of the data is contested or processing is unlawful), you can ask us to restrict the processing of your data for a certain period (Art. 18 of the GDPR).
  5. Right to data portability: You can request us to send your personal data to a third party or directly to you (Art. 20 of the GDPR).
  6. Right to object: In certain situations (such as when processing is based on legitimate interest), you can ask us not to process your data (Art. 21 of the GDPR).

If we use your personal data based on your consent, you have the right to withdraw this consent at any time. In this case, your data will no longer be processed by us, except where a legal provision requires us to keep and archive it. In any case, we will inform you if there is such a legal provision and expressly state it.

ARE YOUR DATA SECURE?

We take the security of your personal data seriously, so we take important security measures necessary to protect against unauthorized access to data or unauthorized data modification, disclosure, or destruction. This involves internal reviews of data collection, storage, and processing practices, as well as physical security measures to protect against unauthorized access to systems where personal data is stored.

We also require our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized data modification, disclosure, or destruction.

LINKS TO OTHER WEBSITES

Our website contains links to third-party websites. Please note that we do not assume responsibility for the collection, use, storage, sharing, or disclosure of data or information by such third parties. If you use or provide information on third-party websites, the terms and privacy policy of those websites apply. We advise you to read the privacy policy of the websites you visit before submitting personal data.

The use of internet services offered by Plaiul Cailor is subject to the terms of use and privacy policy of internet providers. You can access the respective terms and policies using the links on the respective service login page or by visiting the internet provider’s website.

QUESTIONS OR COMPLAINTS

If you have questions or concerns about the processing of your personal data or if you wish to exercise any of the rights mentioned above, you are welcome to contact us by sending an email to the following address: contact@plaiulcailor.ro, and we will respond within 30 days of receiving the request.

If you are not satisfied with the way your request has been handled, you can lodge a complaint with the National Supervisory Authority for Personal Data Processing.

CHANGES TO THE POLICY

This privacy policy may change in accordance with changes in data policy legislation or based on changes in our services or organization from time to time. If we make material changes to it, we will post a link to the revised policy on the homepage of our website. If we make significant changes that will impact your rights and freedoms (e.g., when we start processing your personal data for purposes other than those specified above), we will contact you before starting such processing.

To help you keep track of the most important changes, we will include a change history below to recognize changes to this policy.

Last Updated: February 19, 2024