Respecting the right to the protection of personal data, as well as the right to privacy is one of the fundamental missions of S.C. TOMIS PLUS SRL (Tomis Garden Bucharest)
Thus, we take all necessary steps to process your personal data in accordance with the principles established by the data protection legislation applicable in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with as regards the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (“GDPR”).
Personal data means any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
The processing of personal data is done by: Tomis Plus SRL. with its registered office in Str. Verona, Nr. 2, Mezzanine, office 9, Bl. B, Sc. 4- 5 Constanta, registered under no. J13 / 2292/2012 to the Trade Register, having CUI RO 30809446.
TOMIS PLUS company. is the operator of personal data in the sense provided by the GDPR, respectively establishes the means and purposes of processing personal data.
WHAT KIND OF PERSONAL DATA DO WE PROCESS?
If you are a customer or potential customer
We collect personal data as a result of most interactions with you, as well as in other aspects of our business. The categories of data we process are the following:
a) data necessary for making reservations (for example, name, surname, e-mail, telephone);
b) the data related to the arrival-departure form, requested on the basis of national legislation (for example, citizenship, address, date of birth);
c) bank card details (card type, credit / debit card number, cardholder’s name, expiry date and security code);
d) information about the client’s stay, including arrival and departure date, special requirements, preferences;
e) information about the vehicles you may bring to our property, for example registration number;
f) information collected by various contractual partners (travel agencies, event organizers) and transmitted to TOMIS PLUS SRL (rooming list, event guest list);
g) data necessary for the provision of additional services, as the case may be;
h) reviews and opinions regarding our services;
i) any other types of information you choose to provide us.
Also, the surveillance cameras and other security measures on our properties can capture or record images of guests in public places (such as hotel entrances, restaurants or lobbies), as well as your location data (through images captured by surveillance cameras).
You can choose at any time what personal data you want to provide us. However, if you choose not to provide certain personal data, if the basis of our request is compliance with a legal obligation, contractual obligation or obligations required to conclude a contract we will be unable to provide you with certain services, for example: ( i) if you do not wish to give us your name, surname, e-mail address or telephone number if you wish to make a reservation, we will not be able to make the reservation, or (ii) given that in the notice of arrival and departure that you will fill in when you stay at our hotel you will have to enter certain personal data required by law, and if you do not want to fill in those required fields, we will not be able to to accommodate you in the hotel.
If you are a potential employee
We collect information from your resume as well as any other information submitted with your resume and / or in the interviews you have presented.
If you are a visitor to our location
We collect the name, surname, series and number of the identity card.
Surveillance cameras can also capture or record images of visitors in public places (such as hotel entrances or restaurants or lobbies).
If you are a user of our website http://www.tomisgarden.ro
It is not necessary to provide personal data to read the existing information on the site.
However, for the purpose of technical operation of the portal, we collect the time and date of accessing the website and the IP address from which our website was accessed.
Certain personal data are required to use services (eg online bookings, job vacancy applications). For details, please see the section corresponding to the operation used on the site.
If you are a representative or contact of our suppliers or business partners
We collect your name, first name, position, and any other data provided by you or the company you represent.
If you are employed
Please read the employee privacy policy, made known at the time of employment and available at any time to the Human Resources Department.
____________________________________________________________________________________________________________
PERSONAL DATA OF MINORS
We protect the confidentiality of data obtained from children under 16 years of age. If you are under the age of 16, you must obtain the consent or authorization of the parents or guardian for any provision of personal data.
____________________________________________________________________________________________________________
SPECIAL DATES
The term “special data” refers to racial or ethnic origin, political opinions, religious denominations or philosophical beliefs or trade union membership and the processing of genetic data, biometric data, health data or data on sexual life or sexual orientation.
In general, we do not collect special information unless you wish to provide it to us.
____________________________________________________________________________________________________________
FOR WHAT PURPOSE AND WHAT DO WE PROCESS YOUR PERSONAL DATA?
If you’re a customer
a) Reservations for hotel, restaurant and / or treatment base or in case of requests for offers sent by you for certain events organized or that can be organized.
Purpose: we process your personal data (i) to reserve a place for you in the hotel / restaurant / treatment base and (ii) to respond to requests for offers submitted by you.
Rationale: concluding a contract
b) Check-in
Purpose: we process your personal data for registration / accommodation in our hotel.
Rationale: at the time of accommodation, according to the legal provisions in force, you are obliged to fill in the arrival and departure announcement form which contains a minimum of data necessary to be able to stay.
c) Customer service (this service refers, among others, to: hotel transport service, concierge service, cleaning service, laundry service, etc.)
Purpose: we process your personal data in order to offer you the most pleasant experience possible and in accordance with your and the hotel’s standards.
Rationale: execution of the hotel services contract.
d) Profiling
Purpose: In order to provide personalized services, certain special preferences of yours (for example: if you prefer rooms on the upper or lower floors, if you like a certain type of wine, etc.) are stored so that when you return, we will already know what you like
Rationale: consent
e) Feedback:
Purpose: we process your personal data to ensure that you have had a pleasant experience in our units.
Rationale: our legitimate interest in constantly improving the services we offer and in providing services that are as appropriate and in line with our customers’ standards as possible.
f) Marketing:
Purpose: We process your personal data for marketing purposes, such as business newsletters and marketing communications about new products and services or other offers that we believe may be of interest to you.
Rationale: we rely on the legitimate interest in promoting our services by submitting offers that we consider to be of interest to you (see “Right to Opposition” in the “Your Rights” Section)
If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we inform you that you will be able to withdraw your consent for processing for marketing purposes at any time, in which case you will not receive any marketing communication from us.
We’ll include a unsubscribe link, which you can use if you don’t want us to send you any more messages.
Also, when organizing certain events in our hotel and restaurant, it is possible to take some photos, and some of them could be distributed online to show others how our events are. In any case, because we take into account your right to privacy, we will do our best to inform you that photos will be taken (for objections to our photos, see “Right to Opposition” in Section “Your Rights”).
g) Other communications: by e-mail, post, telephone or SMS
Purpose: these communications will be made for a specific reason such as: (i) to respond to your requests, (ii) if you have not completed an online booking or a request for an offer, we may send you an email to remind you to complete the reservation, (iii) to inform you of how the complaints and / or incidents that occurred during your stay have been resolved.
Legal basis: our legitimate interest in providing services to the desired standards by resolving any requests / complaints and to ensure our full availability.
h) Analysis, improvement and research:
Purpose: to constantly ensure the quality evolution of our services, we take care to analyze every complaint / suggestion from you, so we prepare statistical reports to identify problems and find the best solutions to remedy them.
Rationale: we rely on our legitimate interest to provide services that meet your standards and those of Tomis Garden Bucharest.
If you are a visitor to our location
Purpose: we process your personal data to ensure the protection of property and people within the hotel.
Rationale: our legitimate interest in ensuring both the protection of customer / hotel / staff property and the protection of persons within the hotel.
If you are a user of our website (http://www.tomisgarden.ro)
Purpose: traffic monitoring in order to identify errors and / or any other malfunction of the site.
Rationale: we base this data processing activity on our legitimate interest, namely to provide you with a fully functional site by repairing any errors, as well as by continuously improving it.
If you are a representative or contact of our suppliers or business partners
Purpose: to develop contractual relations with our suppliers or business partners.
Theme: execution of a contract.
If you are a potential employee
Purpose: to evaluate your employment application.
Rationale: concluding a contract.
If you are employed
Please see the employee privacy policy, made known at the time of employment and available at any time to the human resources department.
For all of the above categories , we may also process your data in the context of the following activities:
a) Restructuring, internal reorganization or sale of assets or shares / shares:
Purpose: we process your data to perform the operations mentioned above.
Rationale: the legitimate interest in carrying out the operations, especially in the conditions in which they would be impossible to carry out without the processing of your data.
However, we assure you that any such processing will be carried out in accordance with this policy and by implementing a measure to ensure the confidentiality of your data.
b) Security:
Purpose: we process personal data for the security of property and the physical integrity of persons.
Rationale: we rely on our legitimate interest to ensure the protection of your property and the hotel, as well as the protection of persons within the perimeter of our hotel.
c) Legal reasons:
Purpose: in certain cases, we must process the information provided, which may include personal data, to resolve legal disputes or complaints, to investigate and comply with applicable legal regulations, to implement an agreement or to comply with requests from the part of the public bodies insofar as these requests meet the conditions imposed by law.
Reason: the reasons for processing may be the legal obligation (if we have a legal obligation to disclose certain personal data to public authorities) or
of our legitimate interest in resolving any disputes and / or complaints.
______________________________________________________________________________________________________________
TO WHOM PERSONS DO WE TRANSMIT YOUR DATA STAFF?
In order to provide you with the expected level of hospitality and to provide you with high quality services, your data can be transmitted to the company’s headquarters. We also provide your data to our service providers and other third parties, as detailed below:
a) Suppliers: in order to provide the requested services, in some cases, we will have to transmit some of your personal data to the suppliers, and they have the power of attorney and process the data on behalf of, on behalf of and in accordance with our instructions (such as software providers, IT, accounting services, medical services).
b) Group events or meetings: if you visit our hotels in a group or conference, the information required to plan the meeting and event may be shared with the organizers of these meetings and events and, where appropriate, with the guests who organize or participate. at a meeting or event.
c) Business partners: in some cases, we partner with other companies to provide you with products, services or offers. For example, we can arrange for you to rent a car or mediate optional pastry and kitchen services for products that exceed our offer.
d) Public authorities and / or institutions for: (i) compliance with legal provisions, (ii) responding to their requests, (iii) for reasons of public interest (eg national security). For example, according to the regulations set out in the Section “FOR WHAT PURPOSE AND FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA” letter b) any hotel unit is obliged to send daily the arrival and departure announcement forms of each client.
The confidentiality of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the above is done only on the basis of a confidentiality commitment from the recipients, which guarantees that this data is kept and that the provision of this information is in accordance with applicable law and applicable policies. In any case, each time we will send to the recipients only the information strictly necessary to achieve that goal.
____________________________________________________________________________________________________________
DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
In order to provide you with the expected level of hospitality and provide you with the best level of service, we may collect information about you from our business partners and other third parties, as detailed below:
a) Business partners: such as card partners, social networking services that are in line with your settings for these services, travel agencies, event organizers
In any case, we assure you that your data collected from third parties will be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary to fulfill our purposes. (see Section “FOR WHAT PURPOSE AND FOR WHAT IS YOUR PERSONAL DATA PROCESSED?”).
In addition, when we contact you for the first time, we will inform you, first of all, of the source from which we obtained your personal data.
____________________________________________________________________________________________________________
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU / EEA?
We may transfer your data to some providers who will be based in countries other than your own and, in some cases, in countries outside the EU / EEA.
Although the data protection laws in these countries may be different from those in your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and in accordance with applicable law.
____________________________________________________________________________________________________________
SUPPLY BY YOU OF THE PERSONAL DATA OF OTHER INDIVIDUALS
If you provide us with the personal data of other individuals, please disclose them prior to this disclosure and how they are to be processed, as described in this privacy policy.
____________________________________________________________________________________________________________
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data is retained for the purpose of achieving the purposes detailed in this policy, unless a longer retention period is required or permitted by applicable law.
We constantly review the need to retain your personal data, and to the extent that processing is no longer necessary and there is no legal obligation to retain your personal data, we will delete / destroy your personal information as soon as possible and in a timely manner. in such a way that they can no longer be recovered or reconstituted (for example, we will delete / destroy all data of people who were not hired after the interviews, if there is no serious prospect of employment in the future).
If personal information is printed on paper, it will be destroyed in a way that ensures its complete disposal, and if it is saved on electronic media, it will be deleted by technical means to ensure that the information can no longer be deleted. be recovered or reconstituted later.
____________________________________________________________________________________________________________
WHAT ARE YOUR RIGHTS?
As a data subject, you have the following rights under the GDPR:
- a) Right of access: you can ask us (i) for confirmation of whether or not personal data are processed and, if so, access to and information about those data, and (ii) a copy of your personal data that we hold (art. 15 of the GDPR);
b) The right to rectification: you can inform us about any change in your personal data or you can ask us to correct the personal data we hold about you (art. 16 of the GDPR);
c) Right of deletion (“right to be forgotten”): in certain situations (such as (i) where the data were collected illegally, (ii) the deadline for storing the data has expired, (iii) v- you have exercised your right to object or (iv) the processing of data is done on the basis of consent and you have withdrawn your consent), you can ask us to delete the personal data we hold about you (art. 17 of the GDPR);
d) The right to restrict the processing: in certain situations (such as the case where the accuracy of this data or the legality of the processing is contested), you may ask us to restrict the processing of your data for a certain period (art. 18 of the GDPR);
e) The right to data portability: to ask us to send your personal data to a third party or directly to you (art. 20 of the GDPR);
f) The right to object: in certain situations (such as processing that has a legitimate interest as a legal basis), you can ask us not to process your data (art. 21 of the GDPR).
g) If we use your personal data on the basis of your consent, you have the right to withdraw this consent.
If we use your personal data on the basis of your consent, you have the right to withdraw this consent at any time. In this case, your data will no longer be processed by us, unless a legal provision requires us to keep and archive them. In any case, we will inform you if there is such a legal provision and we will expressly indicate it.
____________________________________________________________________________________________________________
THIS IS YOUR DATA. IN SAFETY?
We take your personal security seriously, therefore, we take important security measures, necessary to protect against unauthorized access to data or modification, disclosure or destruction of unauthorized data. This involves internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to protect against unauthorized access to the systems where we store personal data.
We also ask our service providers as well as business partners to take all necessary measures to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data.
____________________________________________________________________________________________________________
LINKS TO OTHER WEBSITES
Our site contains links to third party sites. Please note that we do not assume any responsibility for the collection, use, storage, sharing or disclosure of data or information by such third parties. If you use or provide information on third party sites, the terms and privacy policy of those sites apply. We encourage you to read the privacy policy of the sites you visit before submitting personal data.
The use of the internet services offered by Tomis Garden Bucharest falls under the terms of use and the privacy policy of the internet providers. You can access those terms and policies by using the links on that service’s login page or by visiting your ISP’s website.
____________________________________________________________________________________________________________
QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the rights mentioned above, you are welcome to contact us using by sending an e-mail to the following address: bucharest@tomisgarden.ro and we We will reply you within 30 days of receiving your request.
Also, to the extent that you do not have electronic means or do not want to use them, you can make a written request that you submit to the address of the working point located in Str. Tepes Voda 154-156, Sector 2, Bucharest,
To the extent that you are not satisfied with the way in which your request has been resolved, you can file a complaint with the National Authority for the Supervision of Personal Data Processing.
____________________________________________________________________________________________________________
POLICY CHANGES
This privacy policy is subject to change in accordance with changes in data policy legislation or changes to our services or the way we organize from time to time. If we make material changes to this, we will post a link to the revised policy on the home page of our site. If we make significant changes that will affect your rights and freedoms (for example, when we begin processing your personal data for purposes other than those specified above), we will contact you before we begin such processing.
To help you keep track of the most important changes, we’ll include a change history below to acknowledge changes to this policy.
Last updated: October 22, 2021