GDPR – Privacy Policy

GDPR – Privacy Policy

We undertake to process your personal data in a responsible, transparent, secure manner, for legitimate purposes, to be mentioned in the content of this information and to comply with the legislation regarding the protection of personal data in force.
The content of the privacy policy has been made in accordance with the legislation in force, has an informative role and does not affect your rights. Through this document we want to give you a clear image of how we process your personal data, and clear image of your rights.
To make our privacy policy easier to understand, you find below the most relevant terms, definitions according to EU Regulation 679/2016:

“Personal data” means any information about an identified or identifiable person (“data subject”);
An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, identification number, location data, an online identifier, or any other identification element specific to its physical, physiological, genetic, psychological, economic, cultural or social identity;
“Special categories of personal data” (sensitive data) are those data that reveal racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership in unions and the processing of genetic data, barometric data for the unique identification of a person physical data, health data or data on the sexual life or sexual orientation of a person;

“Processing” means any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
“Consent” of the data subject means any manifestation of free, specific, informed and unambiguous will of the data subject by which it accepts, by a unequivocal statement or action, that his personal data should be processed;
“The supervisor institute for the processing of personal data” is an independent public authority which, according to the law, has duties regarding to the supervision of compliance with the legislation of the protection of personal data. In Romania, this supervisory authority for the processing of personal data is the National Supervisory Authority for the Processing of Personal Data (ANSPDCP).

The personal data we process through our website www.arthotel.ro, are those obtained through the contact form: Name, telephone number, e-mail address, and the message transmitted to us. Messages received from our guests will be stored for approximately 5-10 years, after which they will be deleted.

Personal data security: The processing of your personal data in a responsible and safe manner is our priority. For this reason, we have implemented technical and organizational measures to ensure the security of personal data, including: Limited access to our employees and staff for accessing personal data, implementing dedicated technical policies and measures, back-ups and audits, periodic security scans, encryption and anonymization. Although we take all reasonable steps to ensure the security of the personal data, we cannot guarantee the absence of any security breach or the impossibility of penetrating the security systems.
If an unfortunate event happens, we will follow the legal procedures for limiting the effects and informing our clients within maximum 48 hours from the moment of the incident, if any eventual breach can harm them.
As regards the processing of the personal data of the children, they must be at least 16 years old in order to give their consent, in the case of children under 16 years, the consent of the holder of the parental responsibility is required.
You have no obligation to provide us your personal data that we have mentioned in this document. However, if you do not give us the mentioned data, or you give us incorrect data, then it will be impossible for us to respond to your messages.