PRIVACY POLICY

Respecting the right to protection of personal data as well as the right to privacy is one of the fundamental missions of Marshal Turism SRL and Marshal Turism SRL Bucharest – Dorobanti Branch (Hotel Marshal Garden).

Thereby, we take all necessary steps to process your personal data in accordance with the principles established by the applicable data protection legislation in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data concerning the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (“GDPR”).

Personal data means any information about an identified or identifiable individual (“the data subject”); an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, of his physical, physiological, genetic, psychic, economic, cultural or social identity.

The processing of personal data is made by: Marshal Turism SRL headquartered in Bucharest, 50B Calea Dorobantilor, groundfloor, office 3, 1st District,, registered with the Bucharest Trade Register under no. J40/7161/1994, SRC: 5511863 and Marshal Turism SRL Bucharest – Dorobanti Branch (Marshal Garden Hotel), headquartered in 50B Calea Dorobantilor, 1st District, Bucharest, registered at the Bucharest Trade Register under no. J40/10987/2011, SRC: 29096705.

The entities of Marshal Turism SRL and Marshal Turism SRL Bucharest – Dorobanti Branch are personal data operators as provided by GDPR, respectively establish the means and purposes of processing personal data.

Click on one of the links below to go to a specific section:

What kind of personal data do we process?
Personal data of minors
Special Data
For what purpose and on what ground do we process your personal data?
To what people do we transmit your personal data?
Do we collect personal data from third parties?
Do we transfer your data outside the EU/EEA?
Providing personal data to other individuals
How long do we keep your personal data?
What are your rights?
Are your data safe?
Links to other websites
Questions or complaints
Changes in policy

____________________________________________________________________________________________________________
WHAT KIND OF PERSONAL DATA DO WE PROCESS?

If you are a client or a potential client.

We collect personal data from most interactions with you, as well as other aspects of our work. The categories of data we process are the following:
a) data required to make reservations (eg name, surname, e-mail, telephone);
b) arrival-departure data required under national law (eg citizenship, address, date of birth);
c) bank card details (card type, credit/debit card number, holder’s name, expiration date and security code);
d) information about the client’s stay, including date of arrival and departure, special requirements, preferences;
e) the information you provide about your marketing preferences;
f) personal information provided by you for registration and subscribing to the newsletter;
g) information about the vehicles you may bring to our property, such as registration number;
h) data collected from access cards (entry and exit time);
i) information collected by various contractual partners (travel agencies, event organizers) and forwarded to Marshal Turism SRL (rooming list, list of events invited);
j) data necessary for the provision of additional services, as the case may be;
k) reviews and opinions about our services;
l) any other information you choose to provide us with.

Also, surveillance cameras and other security measures on our property can capture or record photos of the guests in public places (such as hotel, restaurant, or lobby entries) as well as your location data (by images captured by surveillance cameras).

You can always choose which personal data you want us to provide. However, if you choose not to provide certain personal data, if the basis of our request is compliance with a legal obligation, contractual obligations or obligations to conclude a contract we will be unable to provide you with certain services, for example: i) if you do not want to give us your name, surname, e-mail address or phone number if you wish to make a reservation, we will not be able to make the reservation, or (ii) arrival and departure announcement you will fill in when you arrive at our hotel you will need to enter some legal mandatory personal data and if you do not want to fill out those mandatory fields, we will not be able to house you in the hotel.

If you are potential employee
We collect information from your CV and any other information submitted with your CV and/or the interviews you have submitted.

If you are a visitor to our location
We collect the name, surname, serial number and ID number.
Surveillance cameras can also capture or record images of the visitors in public places (such as hotel entrances or restaurants or halls).

If you are a user of our website www.hotelmarshalgarden.ro
No personal data is required to read the information on the site.

However, for the purpose of the technical exploitation of the site, Hotel Marshal Garden uses the following information that does not contain personal data and which automatically appears to the site administrator:
a) adresa de internet de protocol (IP)
b) a) Internet Protocol address (IP)
b) domain name (URL)
c) access data
d) client access file (file name and URL)
e) the HTTP password of the response password
f) the data of the web page from which access is made
g) the quantity of bits consumed during the visit
h) date of visit
i) the data of the pages, respectively
j) browser name.

Some personal data is required to use certain services (eg on-line reservations). For details, please refer to the section corresponding to the operation used on the site.

If you are a representative or contact person of our providers or business partners
We collect the name, surname, function, as well as any other data provided by you or the company that you represent.

If you are employee
Please read the Employee Privacy Policy, brought to your attention at the time of employment and available at any time to the Human Resources Department.
____________________________________________________________________________________________________________
PERSONAL DATA OF MINORS
We protect the confidentiality of data from children under 16. If you are under the age of 16, you must obtain the consent or permission of your parents or guardian for any personal data you provide.
____________________________________________________________________________________________________________
SPECIAL DATA
The term “special data” refers to racial or ethnic origin, political opinions, religious confession or philosophical beliefs, or membership of trade unions and the processing of genetic data, biometric data, data on health or data on sexual life or sexual orientation.

Generally, we do not collect special information only if you wish to give them to us. We collect special health data only on the basis of your consent and only for the purpose of customizing certain treatments. Access to this data is limited to healthcare professionals.
____________________________________________________________________________________________________________
WHAT IS THE PURPOSE AND THE LEGAL GROUND WE PROCESS YOUR PERSONAL DATA?

If you are a client
a) Booking a hotel, restaurant, or in the case of requests for offers submitted by you for certain events organized or to be organized.
Purpose: We process your personal data (s) to book a place in the hotel/restaurant and (ii) to answer your requests for offers.
Ground: conclusion of a contract
b) Check-in

Purpose: We process your personal data for registration/accommodation at our hotel.
Ground: At the time of your stay, in accordance with the legal provisions in force, you are required to fill in the arrival and departure notice that contains a minimum of data necessary to accommodate you.
c) Customer service (this service includes, inter alia, transport from/to the hotel, cleaning service, laundry service, etc.)
Purpose: We process your personal data to give you the most enjoyable experience and according to your standards and hotel standards.
Ground: execution of the hotel service contract.
d) Profiling
Purpose: In order to provide personalized services, some of your special preferences (for example: if you prefer rooms on the upper or lower floors, if you like a certain type of wine, etc.) are stored so that when you return, we will already know what you like.
Ground: Consent
e) Feedback
Purpose: We process your personal data to make sure you have had a nice experience at our facilities.
Ground: Our legal interest in constantly improving the services we offer and providing services that are as appropriate and conform to our clients standards.
f) Marketing:
Purpose: We process your personal data for marketing purposes, such as business newsletters and marketing communications on new products and services, or other offers that we think might be of interest to you.
Ground:
We rely on the legal interest in promoting our services by submitting the offers we consider to be in your interest (see “Right to oppose” in the “Your Rights” section)
If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we hereby notify you that you may at any time withdraw your consent to marketing, in which case you will not receive any marketing communications from us.
We will include a unsubscribe link that you can use if you do not want to send us any further messages.
Therefore, when organizing certain events in our hotels and restaurants, it is possible to take some photos, and some of these could also be distributed in the online environment to show others what our events are like. In any case, taking into account your right to privacy, we will do our best to keep you informed that photographs will be taken (for objections to our photographs see “Right to oppose” in “Your Rights” section).
g) Other communications: by e-mail, mail, telephone or SMS
Purpose: These communications will be made for a specific reason such as: (i) to respond to your requests, (ii) if you have not completed an online booking or a call for offers, we may send you an email to your remind you to complete the reservation, (iii) to inform you about the manner in which complaints and / or incidents occurred during your stay have been resolved.
Ground: Our legal interest in providing services at the desired standards by resolving any claims/complaints and ensuring our full availability.
h) Analysis, improvement and research:
Purpose: In order to constantly ensure the quality development of our services, we take care to analyse each complaint/suggestion on your part, so we compile statistical reports to identify the problems and find the best solutions to remedy them.
Ground: We rely on our legal interest in providing services that meet your standards.

If you are a visitor to our location
Purpose: We process your personal data to ensure the protection of property and persons within the hotel.
Ground: Our legal interest in ensuring both the protection of hotel staff/personnel and the protection of hotel guests.

If you are a user of our website www.hotelmarshalgarden.ro
Purpose: Monitoring the traffic errors and/or any other site malfunctions.
Ground: We rely on this data processing activity on our legal interest, namely providing you with a fully functional site by repairing any error and continuously improving it.

If you are a representative or contact person of our providers or business partners
Purpose: to conduct contractual relations with our providers or our business partners.
Ground: Execution of a contract.

If you are potentially employee
Purpose: Evaluating your employment application.
Ground: conclusion of a contract.

If you are employee
Please see the Employee Privacy Policy, brought to your attention at the time of employment and available at any time to the Human Resources department.

For all of the above categories of people, we can also process your data in the context of the following activities:
a) Restructuring, internal reorganization or sale of assets or shares:
Purpose: We process your data to perform the above mentioned operations.
Ground: The legal interest in performing the operations, especially if they would be impossible to do without the processing of your data.
However, we assure you that this eventual processing will be performed in accordance with this policy and by implementing a measure to ensure the confidentiality of your data.
b) Security:
Purpose: We process personal data for the security of goods and the physical integrity of individuals.
Ground: We rely on our legal interest in securing the protection of your property and the hotel, as well as the protection of people within our hotel.
c) Legal reasons:
Purpose: In some cases, we must process the information provided, which may include personal data, to resolve legal disputes or complaints, investigations and compliance with applicable legal regulations, to implement an agreement, or to comply with requests from the public authorities so that these requests meet the requirements of the law.
Ground: The reasons for the processing may be legal obligation (if we have a legal obligation to disclose certain personal data to public authorities) or of our legal interest in resolving any disputes and/or complaints.

____________________________________________________________________________________________________________
TO WHOM DO WE TRANSMIT YOUR PERSONAL DATA?
In order to provide you with high-quality services, we may transfer your personal information to our service providers and other third parties, as detailed below:

a) Providers: In order to provide the requested services, in some cases we will need to transfer some of your personal data to the providers, and they are empowered to process the data in the name, in our behalf and in accordance with our guidelines software providers, IT, accounting services, medical services, transport services).
b) Group Events or Meetings: If you visit our hotels in a group or conference, the information required for meeting and event planning can be shared with the organizers of these meetings and events and, where appropriate, with the guests organizing or participating meeting or event.
c) Business Partners: In some cases, we associate with other companies to provide you with products, services or offers. For example, we can arrange for you to rent a car or to provide optional and additional services that exceed our offer.
d) Public authorities and/or institutions: (i) to comply with legal provisions, (ii) respond to their requests, (iii) for reasons of public interest (eg national security). For example, under the provisions set out in the section “FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS YOUR PERSONAL DATA” lit. lit. b) any hotel unit is obliged to send every day the arrival and departure notification sheets of each customer.
The confidentiality of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the above is done only on the basis of a confidentiality commitment on the part of the recipients to ensure that the data is kept and that such information is provided in accordance with applicable law and applicable policies. In any case, we will always send to the recipients only the information strictly necessary to achieve that purpose.
____________________________________________________________________________________________________________
DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
To provide you with the expected level of hospitality and the best level of service, we may collect information about you from our business partners and other third parties, as detailed below:
a) Business partners: such as card partners, social networking services that are consistent with your settings for these services, travel agencies, event organizers.
In any case, we ensure that your data collected from third parties will be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary for our purposes. (see Section “FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS YOUR PERSONAL DATA” ).
Therefore, when we first contact you, we will let you know, first of all, the source from which we obtained your personal data.
____________________________________________________________________________________________________________
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF UE/SEE?
We may transfer your data to some providers in countries other than the one you are located and in some cases in countries outside the EU/EEA.
Although data protection laws in these countries may differ from your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and according with applicable law.
____________________________________________________________________________________________________________
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
If you provide us with the personal data of other individuals, please tell them before this and how they are to be processed as described in this privacy policy.
____________________________________________________________________________________________________________
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data is retained for the full duration of the purposes detailed in this policy if a longer period of retention is not required or permitted by applicable law.

We constantly review the need for your personal data to be retained, and to the extent that processing is no longer required and there is no obligation under law to keep your personal data, we will delete/destroy your personal information as soon as possible and in a (for example, we will delete/destroy all data for people who have not been interviewed unless there is a serious prospect of future employment).

If personal information is printed on paper, it will be destroyed in a way that ensures its removal altogether, and if it is saved on electronic media, it will be erased by technical means to ensure that information can no longer be subsequently recovered or reconstituted.
____________________________________________________________________________________________________________
WHAT ARE YOUR RIGHTS?
As a person you are entitled to the following rights provided by GDPR:

a) Right of access: you may ask us to confirm that personal data are processed or not and, if so, access to the data and information (Article 15 of GDPR);
b) Right to rectification: you can inform us of any changes to your personal data or you may ask us to correct the personal data we hold about you (Article 16 of GDPR);
c) Right of waiver (“the right to be forgotten”): in certain circumstances (such as (i) the data being collected illegally, (ii) the date for data storage has expired, (iii) you have exercised the right to

se, or (iv) data processing was done on a consent basis and you have withdrawn your consent), you may ask us to delete the personal data we hold about you (Article 17 of GDPR);
d) Right to Restrict Processing: in certain circumstances (such as when you dispute the accuracy of such data or the lawfulness of the processing), you may require us to restrict your data processing for a certain period (GDPR Article 18);
e) Right to data portability: you may request us to send your personal data to a third party or directly to you (GDPR Article 20);
f) Right to oppose: in certain circumstances (such as processing that has the legal ground for legitimate interest), you may request that we no longer process your data (Article 21 of GDPR);

If we use your personal data based on your consent, you have the right to withdraw this consent anytime.

In this case, your data will no longer be processed by us, unless a legal provision forces us to keep and archive it. In any case, we will let you know if there is such a legal provision and we will indicate it expressly.
____________________________________________________________________________________________________________
ARE YOUR DATA SAFE?
We take your personal security seriously, so we take important security measures necessary to protect against unauthorized access to data or unauthorized modification, disclosure or destruction. This requires internal review of data collection, storage and processing practices, and security measures, as well as physical security measures to protect against unauthorized access to systems where we store personal data.
We also require our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized modification, disclosure or destruction.
____________________________________________________________________________________________________________
LINKS TO OTHER WEBSITES
Our site contains links to third-party sites. Please note that we do not take responsibility for the collection, use, storage, sharing or disclosure of such data or information by such third parties. If you use or provide information on third-party sites, the terms and privacy policy of those sites apply. We encourage you to read the privacy policy of the sites you visit before sending personal data.The use of the internet services provided by Hotel Marshal Garden is subject to the terms of use and privacy of Internet providers. You can access these terms and policies by using the links on the service’s authentication page or by visiting the Internet provider’s website.
____________________________________________________________________________________________________________
QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the above-mentioned rights, you are welcome to contact us by sending an email to the following address: data-protection@marshal.ro we will respond to you within 30 days of receipt of the request.
Therefore, if you do not have electronic means or do not want to use them, you can make a written request to send or lodge at the hotel reception located at 50 B Calea Dorobantilor street, 1st District, Bucharest.
If you are not satisfied with the manner in which your application has been resolved, you may file a complaint with the National Supervisory Authority for Personal Data Processing.
____________________________________________________________________________________________________________
POLICY CHANGES
This privacy policy may change in accordance with changes to data policy legislation or changes to our services or organizational arrangements from time to time. If we make any material changes to this, we will publish a link to the revised policy on the main page of our site. If we make significant changes that will impact your rights and freedoms (for example, when we begin processing your personal data for purposes other than those specified above), we will contact you before you begin this processing.
To help you track the most important changes, we will include a change history below to recognize the changes made to this policy.

Last updated: July 04, 2018