The company GERALDS HOTELMANAGEMENT SRL, having its headquarter at no. 3 Piata Unirii, Radauti, Romania, registered at Trade Register under no. J33/902/2006, VAT no. RO 18836638, is concerned to guarantee the confidentiality and full protection of your personal data, in accordance with the rules, principles and regulations in force in the European Union in this field, including Regulation no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. (“GDPR”)
Personal data means any information about an identified or identifiable individual, and an identifiable person is that identifiable person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, localization, an online identifier, or one or more specific elements that are physically, physiologically, genetically, psychologically, economically, culturally or socially identifiable.
This Policy refers to the personal data of our customers, business partners, and other people who come in contact with us or visit our locations, employees or people in the process of engagement, collaborators, etc. and applies to personal data collected by: e-mail, directly at the hotel receptions, various forms, video recordings, web-sites, and social media. For the purpose of carrying out the activity, GERALDS HOTELMANAGEMENT SRL may collect, process and store certain legally required personal data, for the conclusion of a contract or for a legitimate interest. These data may be, but are not limited to, name, surname, nationality, address, telephone, e-mail address, moving images, etc.
- The purpose for which we collect and how we use your personal information;
- How we collect personal data;
- The basis of processing for the above purpose;
- The categories of personal data that we collect and process;
- The storage period for processing;
- Your rights and how you can exercise them;
- To whom can we pass this data.
GERALDS HOTELMANAGEMENT informs you hereby on what we are doing to ensure the security of your personal data and how you can contact us about privacy and protection of your personal data.
GERALDS HOTELMANAGEMENT collects data in the following cases:
1. If you are a client or potential customer of the Hotel:
We have an obligation to manage safely and for the specified purposes only the personal data you provide us.
1.1. To provide you with our services
We request data to provide you with our services:
- To book rooms and other services in our hotel; the basis for data processing is in this case the execution of a contract;
- You can stay in our hotel; the processing of personal data is done in this case on the basis of a legal obligation;
1.2. To communicate with you
It is important for us to be able to communicate, to address your various referrals, questions etc.
1.3. Legal obligation
In some situations, we may require some personal data under a legal obligation imposed by the applicable law.
1.4. Sending information (newsletter)
We request data to send you commercial information / newsletters in electronic format. For this we ask for your consent and we request your e-mail address expressly; we have a legitimate interest in our processing.
You can withdraw your consent at any time, expressing your option not to receive our newsletter in the future by clicking "unsubscribe" when you receive the e-mail.
The categories of data processed in the context of our relationship with you are your name, telephone, fax, address / home, e-mail address (optional) and other personal data you can provide directly to us.
2. If you are an employee of GERALDS HOTELMANAGEMENT:
2.1. In order to enter into contractual relations with us (Individual Work Contract, etc.)
We request data required by law to enter into employment contracts with us on the basis of a statutory obligation: name, first name, domicile, date and place of birth, identity card details, study papers, criminal record (where applicable).
2.2. To communicate with you
In order to communicate with you in a timely manner, we may request your phone number, e-mail address and social media accounts.
3. If you want to work for GERALDS HOTELMANAGEMENT:
We use the personal data contained in the CVs we receive to assess the qualifications of applicants for a position within GERALDS HOTELMANAGEMENT. We base our processing on the interest in the potential conclusion and performance of a contract of employment.
The categories of data processed in the context of our relationship with you are the name, e-mail address, telephone, fax, address, personal details included in the CV, details of education and training, professional qualifications, and other personal data you can supply directly.
4. If you are a business partner / supplier:
4.1. To keep in touch with you
We use your personal data to maintain direct contact and maintain the contractual relationship with you. We collect these data on the basis of the legitimate interest of managing and executing the contractual relationship.
4.2. Communicating with you
We use your contact information to communicate with you about any relevant issues related to our contractual relationship.
4.3. Legal obligation
In some situations, we may require some personal data under a legal obligation imposed by the applicable law.
5. If you are a visitor to GERALDS Hotel:
We use your personal data to ensure our security, for goods and staff. In this case, we base our data processing on the legitimate interest of GERALDS HOTELMANAGEMENT, namely the protection of these premises, active and personal.
The categories of data processed in this context are your name as well as other personal data that you can provide us directly upon our request as well as your recorded images using the video surveillance system.
6. If you are a user of our internet site - http://www.geraldshotel.com:
We use personal data that we collect when you visit our website to monitor traffic and improve site content. We rely on this data processing activity for our legitimate interest in ensuring the proper functioning of our websites and improving them. The data categories processed in this context are the time and date of access to an Internet site and the IP address from which the site was accessed.
The basis for the processing of personal data may be: a legal obligation (if GERALDS HOTELMANAGEMENT is legally obliged to disclose certain personal data to public authorities), the execution of a contract concluded by GERALDS HOTELMANAGEMENT in the context of a particular transaction or legitimate interest of GERALDS HOTELMANAGEMENT to make a transaction in the most efficient way.
7. Transmitting personal data to third parties:
For reaching the purposes described above, the Company uses the services of various contractors, which activate in the hotel management services industry. Some of them have the status of persons empowered by the controller, and they can be provided with your personal data to be used within the limits of their obligations to the Company. The personal data we disclose to the persons empowered by us are limited to the minimum personal information that is required to provide such services and we ask them not to use personal data for any other purpose. We make efforts to ensure that all the entities we work with store your personal data safely and securely.
The above-mentioned personal data may be made available or transmitted to third parties in the following situations: (i) public authorities or auditors competent to carry out inspections and controls on the Company's activity and assets, requesting the Company to provide information , by virtue of its legal obligations; (ii) companies which offer hotel management services; (iii) to comply with a legal requirement or to protect the rights and assets of our Company or other entities or individuals; (iv) acquirers, to the extent that the Company's activity would be transferred (in whole or in part) and the data of the data subject would be part of the assets that are the subject of such a transaction.
In the context of the operations described in the present document, your personal data may be transferred abroad both to states in the European Union (“EU”) or European Economic Area (the “EEA”).
We hereby inform you that any transfer performed by the Company in a EU or EEA member state will observe the legal requirements laid down by the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (the “GDPR”).
8. Processing Time
We intend to keep your personal data for as short of a time as possible, as long as the minimum necessary for the proper conduct of our business - usually 3 years. However, there are situations where the legislation in force requires that certain sets of data be retained for longer periods of time.
9. Data subject’s rights in what concerns the data processing
GERALDS HOTELMANAGEMENT has a strong understanding and consideration of your rights therefore we provide you the following information as regards the rights you have in this respect:
- right of access (right to require and receive from GERALDS HOTELMANAGEMENT access to/a copy of your personal data that had been processed and several information on this regard);
- right to rectification or erasure (right to require to be erased and corrected your faulty or inaccurate data in order to reflect reality; the right to obtain from GERALDS HOTELMANAGEMENT the erasure of your personal data if the processing is no longer justified);
- right to restrict processing (right to obtain the restriction of processing your personal data; your data may only be stored by GERALDS HOTELMANAGEMENT and may only be used for restricted purposes);
- right to data portability (right to receive a copy of your data, to obtain transfer of your data to another controller and/or to obtain erasure of your data);
- right to object to processing (right to object to your data being processed in some specific cases);
- right to not be evaluated based on automated processing (right not to be subject to a decision based solely on automated processing, without human intervention);
- right to lodge a complaint with the authority.
GERALDS HOTELMANAGEMENT ensures that you exercise these rights. You may exercise the aforementioned rights and learn more about such rights by submitting to us, in our capacity of data controller, a written request to GERALDS HOTELMANAGEMENT SRL, no. 3 Piata Unirii, Radauti, Romania, or by e-mail to firstname.lastname@example.org.
You also have the right to file a complaint with the National Supervisory Authority for Personal Data Processing, in its capacity as an autonomous central public authority with general competence in the field of personal data protection. We are committed to always addressing your requests with the utmost care and to address any questions you may have to answer as soon as possible.
10. Automated decision making and profiling
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.