22 °CPoiana Brașov
Live images

1 – Introduction ……………….. 5

2 – Purposes, grounds of processing and categories of personal data processed ……………….. 6

2.1 – Provision of hotel services, accommodation, restaurant, SPA & pool, corporate and personal events ……………….. 6

2.1.1 – Furnizarea serviciilor hoteliere, de cazare, restaurant, SPA & pool, evenimente corporate si personale ……………….. 6

2.1.2 – Communication with you ……………….. 6

2.1.3 – Data processing as an obligation imposed by law, in general, and by our obligations as a provider of tourism services, in particular ……………….. 6

2.1.4 – Sending offers and promotional packages, news about the services and products of Hotel Alpin ……………….. 6

2.2 – If you are a client of Vitarium SPA within Hotel Alpin ……………….. 7

2.3 – If you are the representative or contact person, employee or other collaborator of a client or potential client of Hotel Alpin or of a business partner of Hotel Alpin ……………….. 7

2.3.1 – Provision of hotel services, accommodation, restaurant, SPA & pool, corporate and personal events ……………….. 7

2.3.2 – Communication with you ……………….. 7

2.3.3 – Data processing as an obligation imposed by law, in general, and regarding our obligations as a provider of tourism services, in particular ……………….. 8

2.3.4 – Sending offers and promotional packages, news about the services and products of Hotel Alpin ……………….. 8

2.4 – If you are an applicant for a job/internship ……………….. 8

2.5 – If you are a visitor to our premises ……………….. 9

2.6 – If you are a user of our website ……………….. 9

2.7 – Information we collect automatically. Cookies ……………….. 9

2.8 – Information we collect from third parties ……………….. 9

2.9 – Processing for other purposes ……………….. 9

2.10 – Information about children ……………….. 9

3 – Do we disclose your personal data to third parties? ……………….. 10

4 – How long do we keep your personal data? ……………….. 11

5 – How do we ensure the security of your personal data? Are these safe? ……………….. 11

6 – Do we transfer your personal data outside the EU or EEA? ……………….. 12

7 – How can you control your personal data? What are your rights? ……………….. 12

8 – Who is responsible for processing personal data? Contact ……………….. 13

1. Introduction

The confidentiality and protection of your personal data is one of our commitments at SC Alpin 2003 SRL, hereinafter referred to as Hotel Alpin.

Therefore, we strive to process your personal data in accordance with the principles defined in the data protection legislation applicable in Romania, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of these data, as well as the repeal of Directive 95/46/EC (“GDPR”).

Personal data is any information related to an identified or identifiable natural person. An identifiable person is that person who can be identified directly or indirectly, especially by reference to an identification number or to one or more specific physical, psychological, mental, economic, cultural or social identity factors.

This privacy and personal data protection policy concerns the data of our clients, business partners, other people who contact and visit us, as well as their representatives, potential employees, collaborators, etc. and it applies both to the data collected through our website www.hotelalpin.ro, as well as to all other personal data collected by e-mail or through other off-line contacts. The privacy and personal data protection policy describes:

the purposes for which we collect and use your personal data;

the reasons for processing the data for these purposes;

the categories of personal data that we collect and process;

the duration of the processing of these data;

your rights as data subjects and how you can exercise them;

to whom we may disclose personal data, information that we hope to transmit to you in a transparent and easy-to-read manner, in order to understand what we want to communicate to you.

You will also find out how you can contact us if you have questions about your personal data, questions to which we will be happy to answer. Please also read our cookie policy, where you will find out how www.hotelalpin.ro uses cookies and other similar technologies.

2. The purposes, grounds of processing and categories of processed personal data

In the context of the interaction with Hotel Alpin, we can subject you – as a natural person – to the data processing activities that we carry out. We therefore use your personal data in the following cases:

2.1 If you are a customer or potential customer of Hotel Alpin.

2.1.1 Provision of hotel services, accommodation, restaurant, SPA & pool, corporate and personal events

We use your relevant personal data to prepare and provide the services requested from us. For example, in order to book and/or manage your accommodation or event reservations, we may need personal data relevant to your situation. In this case, we rely on the execution of the contract as the basis for processing personal data.

2.1.2 Communication with you

We use the contact data to communicate with you, regarding the requests you have, as well as any other relevant aspects related to the commercial relationship. Also, in this case, we rely on the execution of the contract as the basis for the processing of personal data.

2.1.3 Data processing as an obligation imposed by law, in general, and by our obligations as a travel service provider, in particular

We may process some of your personal data in the context of the provision of services based on the legal obligations arising from the legislation that regulates the activity of tourism service providers (e.g., the data we must collect in the case of accommodation services). In this situation, the reasons for processing this data are related to the legal obligation we have (H.G. no. 237 of 2001 for the approval of the Norms regarding the access, record and protection of tourists in tourist reception structures).

2.1.4 Sending promotional offers and packages, news about Alpin Hotel services and products

We can also use your contact data to provide you, in the form of your choice (electronic via e-mail, SMS, on paper), our offers and other information or seasonal news regarding services and products, promotions to Hotel Alpin, only if you have subscribed to such a service and, therefore, have previously expressed your explicit consent for such processing of your data. You can withdraw your consent at any time, expressing your option not to receive such information in the following ways: unsubscribe from the newsletter, sending an e-mail to the address dataprotection@hotelalpin.ro, letter to the address Poiana Brasov, Str. Poiana Doamnei no. 9, Alpin Hotel, Brasov County.

The categories of data processed in the context of our relationship with you are your name, e-mail address, telephone, fax, billing data, bank data, data entered in your identity card or passport, as well as other personal data of you or your companions that you could provide us directly.

2.2 If you are a client of the Vitarium SPA within the Alpin Hotel

In addition to the information mentioned in 1.1. above, in the case of certain procedures or SPA packages offered by Hotel Alpin, we may need certain medical data from you. The medical information thus collected is necessary for us to maintain, adhere to and comply with the practices, obligations and the standards in the specific SPA industry.

The medical information thus collected will be used both to ensure that Hotel Alpin – Vitarium SPA can allow access/use of our facilities, as well as to protect your medical condition, safety and health when you use our services.

In this case, we rely on your explicit consent regarding the processing of your medical data. You are not obliged to provide us with this medical information, but it is possible that, without it, we will be unable to provide certain services or SPA packages from those we offer.

Regarding the processing of this type of data and information, you can withdraw your consent at any time.

2.3 If you are the representative or contact person, employee or other collaborator of a client or potential client of Hotel Alpin or of a business partner of Hotel Alpin

2.3.1 Provision of hotel services, accommodation, restaurant, SPA & pool, corporate and personal events

We use your relevant personal data to prepare and provide the services requested from us. For example, we may use the personal data to manage the relationship with the client you represent or we may use the personal data provided in order to book and/or manage your accommodation reservations or to prepare an event for you. In this case, we rely on the legitimate interest in providing the services in our field of activity and in managing the relationship with our customers as the basis of the processing of personal data.

2.3.2 Communication with you

We use the contact data to communicate with you, regarding your requests and any other relevant aspects related to the commercial relationship. Also, in this case, we rely on the legitimate interest to provide our services in our field of activity and in managing the relationship with our clients as the basis of personal data processing.

2.3.3 Data processing as an obligation imposed by law, in general, and regarding our obligations as a provider of tourism services, in particular

We may process some of your personal data in the context of providing services based on the legal obligations that govern the activity of tourism service providers (e.g., the data we must collect in the case of accommodation services). In this situation, the reasons for processing relate to the legal obligation we have (H.G. no. 237 of 2001 for the approval of the Norms regarding the access, record and protection of tourists in tourist reception structures).

2.3.4 Sending promotional offers and packages, news about Alpin Hotel services and products

We can also use your contact data to provide you in the form of your choice (electronic via e-mail, SMS, on paper) – our offers and other information or seasonal news regarding services and products, promotions to. Hotel Alpin, but only if you have subscribed to such a service and, therefore, have expressed your explicit consent beforehand for such processing of your data. You can withdraw your consent at any time, expressing your option to stop receiving such information through the following methods: unsubscribe from the newsletter, sending an e-mail to the address dataprotection@hotelalpin.ro, letter to the address Poiana Brasov, Str. Poiana Doamnei no. 9, Alpin Hotel, Brasov County.

In all cases, the data is provided either directly by you or by the client/partner. The categories of data processed in the context of our relationship with you are name, e-mail address, telephone, fax, position within the company, billing data, bank data, as well as other personal data provided to Hotel Alpin, usually, by you, as necessary to fulfill the above purposes.

2.4 If you are an applicant for a job/internship

We use the personal data contained in the CVs we receive to evaluate the qualifications of applicants for a position within Hotel Alpin, including for a position within our internship or internship programs. We base the processing of personal data on your consent expressed once with the transmission of the CV and, subsequently, on the basis of the conclusion and execution of the contract.

The categories of data processed in the context of our relationship with you are name, e-mail address, telephone, fax, address, personal data included in CVs, details about education and training, professional qualifications, as well as other personal data that you could provide them directly to us.

2.5 If you are a visitor to our premises:

We use your personal data to ensure the security of the spaces, goods, our staff and other visitors, occupants of Hotel Alpin. In this case, the processing of our data is based on the legitimate interest of Hotel Alpin, namely the protection of these spaces, assets and staff.

The categories of data processed in this context are your name, as well as other personal data that you could provide us directly. Also, in this context, we mention that Hotel Alpin records through the internal video surveillance systems (CCTV) images from the spaces and public areas of Hotel Alpin.

2.6 If you are a user of our website:

We use the personal data we collect from you when you visit our website, www.hotelalpin.ro, to monitor traffic and improve the site’s content. This data processing activity is based on our legitimate interest to ensure the correct functioning and improvement of our website.

The categories of data processed in this context can be found at https://www.hotelalpin.ro/politica-de-confidentialitate/

2.7 Information we collect automatically. Cookies

Even if visiting the website www.hotelalpin.ro does not result in making a reservation, sending a message or the like, it is possible for us to automatically collect certain information through cookies. Please read the Cookies Policy https://www.hotelalpin.ro/politica-de-confidentialitate/

2.8. Information we collect from third parties

It is possible to receive your personal data through other sources, even if you do not provide them directly, from third parties who have the right to share your data with us. These include business partners (travel agencies), reservation services integrated into the website (Booking.com), card payment methods. When you use some of these services, it is possible to provide details to our business partners, who direct your details to us.

2.9. Processing for other purposes

We do not process your personal data for secondary purposes other than those for which they were initially collected, without prior consent, without a legitimate interest or without a legal basis.

2.10. Information about children

In general, Hotel Alpin does not collect personal data of children. In the case of children, the services offered by Hotel Alpin can only be used with the consent of a parent or legal guardian. In limited cases, as part of a reservation, for example, or the purchase of tourist packages for families, Hotel Alpin can collect and use children’s information only with the consent of parents/guardians.

Also, in the case of groups organized with children as beneficiaries (such as, for example, sports events, camps and the like), the organizer of such groups or events must ensure that he has received the consent of the parents/legal guardians for the processing of the personal data of children, if it is necessary to process their data for the provision of Hotel Alpin services. Otherwise, Hotel Alpin reserves the right to refuse the provision of services.

3. Do we disclose your personal data to third parties?

In certain circumstances, we will share personal data with third parties:

Third party service providers – we may use service providers to process your personal data on our behalf. This can cover services such as: computer program support services, web development, hosting services, professional photography services, the transmission of marketing materials, services specific to events, conferences, etc. We assure you that we have signed personal data processing agreements and confidentiality clauses with all third-party service providers in order to protect them and we do not allow them to use them for other purposes.

Competent authorities – in the case of requests based on legal provisions, we provide your data to the competent authorities, when this is strictly necessary for the detection of fraud, criminal acts and, in general, when the legal provisions require us to comply with such a requirement.

When you expressly request this from us or expressly authorize us to disclose your data.

In case of urgent situations or cases of force majeure.

If the disclosure is necessary to resolve disputes, to ascertain or exercise a right in court.

We assure you that we do not sell your personal data to any other entity, natural or legal person.

4. How long do we keep your personal data?

We limit the storage period of your personal data to what is necessary for the processing purposes that have been brought to your attention.

We are reviewing the need to keep your personal data. We analyze the data collected and processed, in order to filter, sort and maintain the processing only for the data in which the purpose of the processing is current.

We delete your personal data immediately, as a result of a request sent by you, with the exception of data whose processing/supply is required by a legal provision, in which case the retention period will be that stipulated in the applicable mandatory legislation.

It is possible to keep your personal data in the case of establishing, exercising or defending a right in court.

If the retention of your personal data is necessary for purposes specified by law, we may continue to retain this data.

5. How do we ensure the security of your personal data? Are these safe?

We want to keep your personal data safe, by implementing appropriate technical measures and appropriate organizational measures.

In accordance with the applicable legislation, we have defined and use internal procedures to prevent unauthorized access and inappropriate use of personal data.

We use appropriate systems and procedures to protect and secure personal data, specifically aimed at preventing unauthorized/illegal processing, accidental or illegal loss, accidental or illegal destruction.

We have implemented measures for the prevention and/or discovery of security breaches, for the documentation of security incidents, of the data affected by such incidents, for the remediation of security incidents, the recovery of personal data.

We have also implemented measures and procedures to comply with our obligations under applicable legislation in the event of a security incident, including our obligations for notifying the competent supervisory authority and notifying and informing you, as the case may be.

The traffic to the website www.hotelalpin.ro is SSL encrypted, thus ensuring the confidentiality of the information you provide.

Regarding our employees, contractors, suppliers and collaborators of Hotel Alpin, we limit and restrict their access to the personal data we process, to what is strictly necessary, on the one hand, and on the other, imposing strict confidentiality obligations.

We have also implemented and are running a continuous training policy for our staff in relation to the processing of personal data.

Annually, we conduct an audit of the management system in order to improve the protection and safety of the personal data we process.

6. Do we transfer your personal data outside the EU or EEA?

We do not transfer your personal data to countries outside the European Economic Area or to international organizations.

We need to update: By collaborating with a company specialized in database management, which is headquartered outside the European Union, we predict that we will transfer your data (email address) outside the European Union and the European Economic Area.

7. How can you control your personal data? What are your rights?

As a data subject, the GDPR offers you a number of rights, including:

the right of access – allows you to obtain confirmation if your personal data is processed by us and, if so, the relevant details of these processing activities;

the right to rectification – allows you to rectify your personal data, if they are incorrect;

the right to delete – allows you to obtain the deletion of your personal data in certain cases (for example, if the data are no longer necessary in relation to the purposes for which they were collected);

the right to restrictions – allows you to obtain the restriction of the processing of your personal data in certain cases (for example, when you dispute the accuracy of your personal data, for a period that allows us to verify such accuracy);

the right to object – allows you to oppose the further processing of your personal data under the conditions and limits established by law;

the right to data portability – allows you to receive the personal data about you that you have provided us, in a structured format, commonly used, and that can be read by common computers or to transmit this data to another data operator data.

We are happy to ensure the exercise of these rights.

You can exercise these previously mentioned rights and find out more about them by submitting a written request to us, as a data operator, to the address: Poiana Brasov, Str. Poiana Doamnei, no. 9, Alpin Hotel, Brasov County or email to: dataprotection@hotelalpin.ro

You also have the right to file a complaint with the National Supervisory Authority for Personal Data Protection (ANSPDCP) [http://dataprotection.ro/].

We are committed to always treat your requests with the utmost attention and to answer the questions you have in the shortest possible time, but no later than 30 days from the date of receipt of valid requests.

Do not provide your personal data to Hotel Alpin through other communication channels, with the exception of those mentioned in this policy: reservation@hotelalpin.ro, contact@hotelalpin.ro, dataprotection@hotelalpin.ro, regardless of the person or company that would request on our behalf, including employees or former employees of Hotel Alpin whom you met during previous visits. Personal data transmitted through any other communication channels, with the exception of those mentioned in the policy, to any kind of third party, for any kind of purpose (additional discounts, etc.), do not fall under the responsibility of Hotel Alpin, the latter being unable to ensure their security. In this sense, we recommend that you carefully study the privacy policies of such third parties.

8. Who is responsible for processing personal data? Contact.

The company ALPIN 2003 SRL, Romanian legal entity, with headquarters in Poiana Brasov, Str. Poiana Doamnei, no. 9, Alpin Hotel, Brasov County, registered at ONRC Brasov under number J08/2469/2016, controls the processing of your personal data, being the Data Operator of the information collected from you to us.

Hotel Alpin has appointed a Data Protection Officer who can be contacted at dataprotection@hotelalpin.ro or at the postal address: Poiana Brasov City, Brasov Municipality, Str. Lady’s clearing no. 9, Alpin Hotel, Brasov County – to the attention of the Data Protection Officer in relation to any kind of questions or ambiguities in relation to this policy or in relation to the processing of personal data.

This personal data processing policy is in force from 25.05.2018, it may undergo subsequent changes. Any kind of updates come into force on the date of their publication on the website of Hotel Alpin www.hotelalpin.ro.

Through any subsequent modifications and updates of this policy, we undertake not to affect in any way your rights mentioned in this version. In the event that such changes could have a major direct or indirect impact on your rights in relation to your personal data, we undertake to explicitly inform you of this and request your consent in accordance with the legal provisions applicable.

In any case, all subsequent changes will be presented on this page, and if they are significant, we will highlight them. Also, all versions of this privacy policy are kept in the Hot archive.