Thank you for visiting this website. We hope you’ll be delighted to find out more about Vega Hotel and our products.
The observance of the right to protection of personal data and of the right to privacy is one of the basic tasks of the Vega Turism SA Company (Hotel Vega Mamaia).
Thus, we are making every endeavour to process your personal data in accordance with the principles established by the data protection laws applicable in Romania, including THE Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The processing of personal data is carried out by: the Vega Turism SA Company (Hotel Vega Mamaia), with registered office in Constanta “Hotel Vega”, Mamaia, registered in the Trade Register under no. J13/1155/1995, VAT number: RO 7252420.
The Vega Turism SA entity is a controller within the meaning specified by GDPR, namely determines the purposes and means of the processing of personal data.
- What type of personal data do we process?
- Minors’ personal data
- Special data
- For what purpose and on what legal basis do we process your personal data?
- To whom do we transfer your personal data?
- Do we collect personal data from third parties?
- Do we transfer your data outside the EU/EEA?
- Provision by you of personal data of other natural persons
- How long do we store your personal data?
- What are your rights?
- Are your data safe?
- Links to other websites
- Questions or complaints
- Changes in this policy
WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
If you are a customer or a potential customer
We collect personal data from most interactions that we have with you, as well as from the other aspects of our activity. We process the following categories of data:
- data necessary for making reservations (e.g. surname(s), forename(s), e-mail, telephone);
- data for the Hotel Registration Form, as required by Romanian law (e.g. citizenship, address, date of birth);
- bank card data (type of card, debit/credit card number, cardholder’s name, expiry date, and card security code);
- information about the customer’s stay, including the date of arrival and that of departure, special requirements, preferences;
- information that you supply with regard to your marketing preferences;
- personal data that you supply for registering and subscribing to our newsletter;
- information about the vehicles that you might bring on our property, e.g. licence plate;
- data collected from key cards (entry and exit times);
- information collected by various contract partners (travel agencies, event planners) and transferred to Vega Turism SA (rooming list, list of invitees to events);
- data necessary for providing additional services, as applicable;
- reviews and opinions relating to our services;
- any other types of information that you may choose to provide us with.
Moreover, the surveillance cameras and other security measures installed on our properties may capture or record images of guests in public areas (such as hotel entrances, restaurants or hallways), as well as your location data (through the images captured by our surveillance cameras).
You may, at any time, choose what personal data you want to provide us with. However, if you choose not to supply certain personal data, and if the basis of our request is compliance with a legal obligation, a contractual obligation or any obligation required to enter into a contract, we shall not be able to provide you with certain services, for example: (i) if you do not wish to give us your surname(s), forename(s), e-mail address or telephone number when you want to make a reservation, we shall be unable to make such reservation, or (ii) considering the fact that, when you check into our hotel, you will have to fill in the Hotel Registration Form with certain personal data, as required by the law, if you do not wish to fill in those mandatory fields, we shall be unable to check you into our hotel.
If you are a potential employee
We collect information from the CV that you supplied to us, as well as any other piece of information provided together with your CV and/or in the interviews you attended.
If you are a visitor on our premises
We collect your surname(s), forename(s), and series and number of your ID.
Moreover, the surveillance cameras may capture or record images of guests in public areas (such as hotel entrances, restaurants or hallways).
If you are a user of our website www.hotelvega.ro
In order to be able to read the information posted on the website, you are not required to give your personal data.
However, for the technical operation of the portal, Hotel Vega Mamaia temporarily uses the following information which does not contain personal data and appears automatically to the site administrator:
- Internet Protocol (IP) address
- domain name (URL)
- access data
- client access file (file name and URL)
- HTTP status code for the response password
- access web page data
- number of bytes used for every visit
- date of visit
- data of pages visited
- browser name.
In order to be able to use certain services (e.g. online reservations), you are required to provide certain personal data. For more details, please refer to the appropriate chapter describing the operation you are using on our website.
If you are a representative or a contact person of our service providers or business partners
We collect your surname(s), forename(s), position, as well as any other data supplied by you or by the company that you represent.
If you are an employee
MINORS’ PERSONAL DATA
We protect the confidentiality of data collected from children under 16 years of age. If you are under 16, you must have consent or permission from your parents or your legal guardian for any personal data supplied.
The term “special data” refers to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
As a general rule, we do not collect special information unless you wish to give it to us. We only collect special data concerning health on the basis of your consent and for the purpose of customising certain treatments. Access to such data is limited to the medical staff.
FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
If you are a customer
- Hotel or restaurant reservations, or your inquiries about certain events which are or can be organised.
Purpose: we process your personal data (i) to reserve you a room at our hotel or a seat at our restaurant, and (ii) to reply to your inquiries.
Legal basis: entering into a contract
Purpose: we process your personal data for your registration/check-in at our hotel.
Legal basis: upon check-in, pursuant to the legal provisions in force, you are obliged to fill in the Hotel Registration Form containing a minimum amount of data necessary for your check-in.
- Customer service (this service refers, among other things, to: the transfer service to/from the hotel, the cleaning service, the laundry service, etc.)
Purpose: we process your personal data to make your experience as enjoyable as possible, in accordance your standards and those of our hotel.
Legal basis: performance of the Hotel Services Agreement.
Purpose: in order to provide customised services, certain special preferences that you might have (e.g. if you prefer rooms on upper or lower floors, if you like a particular wine, etc.) are stored so that, when you return, we shall already know what you like
Legal basis: consent
Purpose: we process your personal data to make sure that you have had an enjoyable experience when staying at our hotels.
Legal basis: our legitimate interest to consistently improve our services and to provide services that are as suitable and compliant with our customers’ standards as possible.
Purpose: we process your personal data for marketing purposes, such as commercial newsletters and marketing communications regarding new products and services, or other offers that we believe would be of interest to you.
Legal basis: we base this on our legitimate interest to promote our services by sending you offers that we believe would be of interest to you (see “Right to object” in “Your rights” Chapter)
If necessary, in accordance with the applicable laws, we shall seek your consent prior to processing personal data for direct marketing purposes. In this case, we let you know that you may, at any time, withdraw your consent for the processing of your data for marketing purposes, in which case you will no longer receive any marketing communication from us.
We shall insert an unsubscribe link that you may use if you do not want to receive any more messages from us.
Moreover, during certain events held in our hotels and restaurants, we might take a few pictures, and some of them might also be posted online in order to show the others how we organise our events. In any case, because we care about your right to privacy, we shall make every endeavour to inform you about the fact that pictures are going to be taken (for any objections to our pictures, see “Right to object” in “Your rights” Chapter).
- Other communications: via e-mail, regular mail, telephone or text message
Purpose: such communications will be made for a specific reason, such as: (i) to reply to your requests, (ii) if you did not complete an online reservation or inquiry, we may send you an e-mail to remind you to complete your reservation, (iii) to let you know how your complaints and/or any incidents occurring during your stay have been resolved.
Legal basis: our legitimate interest to provide services at desired standards by resolving any potential complaints, and to assure you of our complete availability.
- Review, improvement and research:
Purpose: in order to consistently improve our service quality, we carefully review every complaint/suggestion that you may have, so that we prepare statistical reports that would help us identify any problems and find the best solutions for their remedy.
Legal basis: we base this on our legitimate interest to provide services according to your standards
If you are a visitor on our premises
Purpose: we process your personal data to ensure the protection of personal property and people inside the hotel.
Legal basis: our legitimate interest to ensure the protection of customer/hotel/staff property, as well as the protection of the people inside the hotel.
If you are a user of our website www.hotelvega.ro
Purpose: monitoring traffic to identify any errors and/or any other website malfunction.
Legal basis: we base this data processing activity on our legitimate interest, namely providing you with a fully functional site by repairing any error and by consistently improving the website.
If you are a representative or a contact person of our service providers or business partners
Purpose: to carry out contractual relationships with our service providers or business partners.
Legal basis: performance of a contract.
If you are a potential employee
Purpose: evaluation of your employment application.
Legal basis: entering into a contract.
If you are an employee
For all categories of persons aforementioned, we may also process your data in the context of the following activities:
- Restructuring, internal reorganisation or sales of assets or shares/stock:
Purpose: we process your data to carry out the operations mentioned above.
Legal basis: our legitimate interest to carry out such operations, especially when they would not be possible in the absence of the processing of your data.
Nevertheless, we assure you that such potential processing will be carried out in compliance with this Policy and by implementing measures that would ensure the confidentiality of your data.
Purpose: we process personal data for the security of personal property and the physical integrity of people.
Legal basis: we base this on our legitimate interest to ensure the protection of your personal property and that of the hotel, as well as the protection of the people who are on the premises of our hotel at any time.
- Legal grounds:
Purpose: in some cases, we have to process your information, which might include personal data, in order to settle any legal disputes or resolve any complaints, to investigate and to comply with the applicable legal regulations, to implement an agreement or to comply with any requests from public bodies provided that such requests meet the requirements established by law.
Legal basis: the basis for processing can be a legal obligation (when we are legally obliged to disclose certain personal data to any public authorities) or our legitimate interest to settle any potential disputes and/or resolve any complaints.
TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?
In order to be able to provide you with high quality services, we may transfer your personal information to our service providers and other third parties, as detailed below:
- Service providers: in order for us to be able to provide the requested services, in some cases, we may have to transfer some of your personal data to service providers, and they will act as processors, processing data in our name, on our behalf and according to our instructions (e.g. companies providing software, IT, accounting, medical or transport services).
- Group events or meetings: if you are visiting our hotels as part of a group or to attend a conference, any information requested for planning the meeting or event can be shared with the planners of such meeting or event and, if applicable, with the guests planning or attending such meeting or event.
- Business partners: in some cases, we enter into partnership with other companies in order to provide you with products, services or deals. For example, we may arrange the rental of a car or broker optional and related services that are not included in our offer.
- Public authorities and/or institutions: (i) to comply with legal provisions, (ii) to reply to their requests, (iii) for public interest purposes (e.g. national security). For example, according to the regulation specified at point (b) of Chapter “FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?”, all hotels must transfer the Hotel Registration Form for each customer every day.
The confidentiality of your data is important to us and, therefore, wherever possible, the transfer of personal data as per the above is only carried out on the basis of a confidentiality commitment of the recipients guaranteeing that such data are stored safely and that such information is supplied in compliance with the applicable laws and policies. In any case, we shall always transfer information to recipients on a need-to-know basis for fulfilling their respective purpose.
DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
In order to provide you with the expected level of hospitality and the best level of service, we may collect information about you from our business partners and other third parties, as detailed below:
- Business partners: g. card-related partners, social media services that are in accordance with your settings for these services, travel agencies, event planners
In any case, we assure you that your data collected from third parties will be processed in the same conditions as they would be if collected directly from you. Also, we shall only collect information that is necessary for us to fulfil our purposes. (see Chapter “FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?”).
In addition, when we contact you for the first time, we shall, first of all, inform you of the source from which we have obtained your personal data.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EEA?
We may transfer your data to some service providers from other countries than that in which you are and, in some cases, from countries outside the EU/EEA.
Although the data protection laws in these countries may differ from those of your country, we shall take all necessary measures to ensure that your personal data are processed in accordance with this Policy and the applicable law.
PROVISION BY YOU OF PERSONAL DATA OF OTHER NATURAL PERSONS
HOW LONG DO WE STORE YOUR PERSONAL DATA?
Your personal data are stored for the whole period necessary to fulfil the purposes detailed in this Policy, unless a longer period of storage is required or permitted by the applicable law.
We constantly review the need for storing your personal data and, if their processing is no longer necessary and if we are not under a statutory obligation to store your personal data, we shall erase/destroy your personal information as soon as possible and in a way in which it could no longer be recovered or restored (for example, we shall erase/destroy all data of the persons who are not hired following their interviews, if there is no serious prospect for future employment here).
If the personal information is in hard copy, it will be destroyed in a way that guarantees its total destruction, and if it is stored on electronic storage media, it will be deleted by any technical means capable of ensuring that the information can no longer be recovered or restored later on.
WHAT ARE YOUR RIGHTS?
As data subject, you have the following rights set out in GDPR:
- Right of access: you may request (i) confirmation as to whether or not your personal data are being processed, and, where that is the case, access to those data and information about them, as well as (ii) a copy of your personal data stored by us (Article 15 of GDPR);
- Right to rectification: you may notify us about any change in your personal data or you may ask us to rectify any personal data that we might have about you (Article 16 of GDPR);
- Right to erasure (“right to be forgotten”): in some cases (e.g. (i) when the data have been unlawfully collected, (ii) the deadline for data storage has expired, (iii) you have exercised the right to object, or (iv) the processing of data was based on consent and you have withdrawn such consent), you may ask us to erase any personal data that we might have about you (Article 17 of GDPR);
- Right to restriction of processing: in some cases (g. when you contest the accuracy of these data or the lawfulness of processing), you may ask us to restrict the processing of your data for a certain period of time (Article 18 of GDPR);
- Right to data portability: you may request to have your personal data transmitted to any third party or directly to you (Article 20 of GDPR);
- Right to object: in some cases (g. when the processing is based on a legitimate interest), you may ask us to no longer process your data (Article 21 of GDPR).
If we use your personal data based on consent, you have the right to withdraw your consent at any time. In this case, your data will no longer be processed by us, unless there is a statutory provision requiring us to store and archive them. In any case, if such a statutory provision exists, we shall inform you about it and specify it expressly.
ARE YOUR DATA SAFE?
We take your personal safety very seriously and, for this reason, we take important security measures necessary for protection against unauthorised access to data or unauthorised alteration, disclosure or destruction of data. This activity implies internal reviews of data collection, storage and processing practices and of security measures, as well as physical security measures for protection against unauthorised access to our personal data storage systems.
We also request both our service providers, and our business partners to take all measures necessary for protection against unauthorised access to data or unauthorised alteration, disclosure or destruction of data.
LINKS TO OTHER WEBSITES
Information collected by HotelVega.ro
In order to create advertising campaigns which are closer to your interests, by means of third parties, in particular Google advertising network, we collect your IP address, the web pages that you visited, the date and time when they were viewed, as well as your interaction with the content of this website, i.e. HotelVega.ro. The technologies used in order to collect such data are the cookies.
What are cookies?
An “Internet Cookie” (also known as a “browser cookie”, “HTTP cookie”, or simply a “cookie”) is a small file, consisting of letters and numbers, which will be stored on the computer, mobile terminal, or other equipment by which a user connects to the Internet. The cookie is installed upon request sent by a web server to a browser (e.g. Internet Explorer, Chrome) and is completely “passive” (it does not contain software, viruses, or spyware and cannot access the information on the user’s hard drive). A cookie consists of 2 parts: the name and the content or the value of the cookie. Moreover, the lifetime of a cookie is limited. Technically, only the web server that sent the cookie can access it again when the user returns to the website associated with that web server. Due to the cookies, the website “remembers” your actions and preferences for a while (login, language, font size and other display preferences). Therefore, you do not need to re-enter them each time you return to the website or when you navigate from a page to another.
How can I disable cookies?
Users can set up their browsers to reject cookie files. Disabling and rejecting cookies may render certain sections or pages of the website inaccessible or difficult to visit and use. You can find more information about cookies on the website www.allaboutcookies.org or http://www.youronlinechoices.com/ro.
What types of cookies are used?
In the following table you can find the classification and description of the cookies used on the website www.hotelvega.ro:
|Cookie name||Cookie type||Description / Purpose||Provider||Lifetime|
|_utma||Analytics (Third parties)||Google. Inc.||Two years from set or update|
|Functional||This cookie module (which is part of Google Analytics) records how many times a user has visited the website, when was the first visit and when was the last visit. Expires after two years.|
|_utmb||Analytics (Third parties)||Google. Inc.||30 minutes from set or update|
|Functional||Used to record the time from the moment a visitor enters the website. This cookie module is part of Google Analytics together with the _utmc cookie. It expires after 30 minutes.|
|_utmc||Analytics (Third parties)||Google. Inc.||At the end of the navigation session|
|Functional||Used to record the exact time a visitor leaves the website. This cookie module is part of Google Analytics together with the _utmb cookie. This cookie is deleted when the browser is closed.|
|_utmz||Analytics (Third parties)||Google Inc.||Six months from set or update|
|Functional||_utmz keeps track of the traffic from the locations where visitors come from, what search engine the visitors used, what links they clicked on, what keywords they used, as well as where they were when they accessed the website. This cookie module is part of Google Analytics. It expires in 180 days.|
|PHPSESSID||Necessary||Temporarily records a variable related to the identity of the user.||Vega Hotel||At the end of the navigation session|
|_icl_current_language||Functional||Records a variable used to store the linguistic option chosen by the user.||Hotel Vega||24 hours from the end of the session|
|_gat||Functional||It is used by Google Universal Analytics in order to limit the data collection on busy websites.||Hotel Vega||10 minutes from the end of the session|
|_ga||Functional||It is used by Google Universal Analytics in order to identify the users, associating them with automatically generated unique numbers.||Hotel Vega||760 minutes from the end of the session|
|_unam||Functional||It is used by the ShareThis widget in order to count the number of shares and clicks of a page in the social networks.||Vega Hotel||275 days from the end of the session|
|cookie_notice_accepted||Functional||Records whether or not the user accepted cookies at the first website visit.||Vega Hotel||30 days from the end of the session|
|__stid, __uset, __stdstillery, na_tc||Traffic info / Advertising||Part of the ShareThis widget. It allocates an ID to each device in order to analyse the traffic to ShareThis. The ShareThis pop-up shows a “Do not track” link, which allows the user to delete these cookies and to avoid storing them in the current session.||ShareThis||1 year from the end of the session|
|GAPS, GoogleAccountsLocale_session, GALX, LSID||Traffic info / Advertising||Used by Google+ service in order to allow users to click on Google +1 button.||Google Inc.||1 year from the end of the session|
|YSC, B, ACTIVITY, GEUF, PREF, VISITOR_INFO1_LIVE||Flash||Used by YouTube. They are set when a user clicks the Play button of a video.||YouTube||At the end of the navigation session|
|SID, SAPISID, APISID, SSID, HSID, NID, PREF||Traffic info / Advertising||Used by the Google Maps service in order to identify users’ activity and to store user preferences.||Google Inc.||At the end of the navigation session|
|UID, UIDR||Traffic info / Advertising||Used by ScorecardResearch, which collects data through web tagging. No personally identifiable information is transmitted by web tagging.||Scorecard research||At the end of the navigation session|
|id, _drt_||Traffic info / Advertising||Used by Doubleclick, a Google service, which provides online advertising and targeting services.||Google Inc.||At the end of the navigation session|
|datr, x-src, fr, lu, locale||Traffic info / Advertising||Used by Facebook to track user activity.||At the end of the navigation session|
|auth_token, twll, secure_session, guest_id, remember_checked, remember_checked_on||Traffic info / Advertising||Used by Twitter to identify users and track their activity.||At the end of the navigation session|
We also use the above described information to better customize the type of advertising that a user may see on other websites. Moreover, we collect anonymous data from cookies, in order to identify as many public segments as possible, which enables Google advertising network to select an online audience as relevant as possible.
QUESTIONS OR COMPLAINTS
If you have any questions or concerns with regard to the processing of your personal data or if you want to exercise any of the rights mentioned above, you are welcome to contact us, at any time, via e-mail at: firstname.lastname@example.org, and we shall reply within 30 days from receiving your request.
Furthermore, if you have no electronic means available or you do not want to use such means, you may send or submit a written request to the front desk of our hotel, which address is “Hotel Vega” Mamaia, Constanța.
If you are not satisfied with how your request was resolved, you may lodge a complaint with the Romanian Supervisory Authority for Personal Data Processing.
CHANGES IN THIS POLICY
In order to help you follow the most important modifications, we include below a history of changes for you to recognise the changes made to this Policy.
Latest update: 12 July 2018